PAL.C.T MINI SHELL
#
# This is a generated file! Instead of modifying this file, the
# corenetwork.if.in or corenetwork.if.m4 file should be modified.
#
## <summary>Policy controlling access to network objects</summary>
## <required val="true">
## Contains the initial SIDs for network objects.
## </required>
#######################################
## <summary>
## Define type to be a network packet type
## </summary>
## <desc>
## <p>
## Define type to be a network packet type
## </p>
## <p>
## This is for supporting third party modules and its
## use is not allowed in upstream reference policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Type to be used for a network packet.
## </summary>
## </param>
#
interface(`corenet_packet',`
gen_require(`
attribute packet_type;
')
typeattribute $1 packet_type;
')
########################################
## <summary>
## Define type to be a network port type
## </summary>
## <desc>
## <p>
## Define type to be a network port type
## </p>
## <p>
## This is for supporting third party modules and its
## use is not allowed in upstream reference policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Type to be used for network ports.
## </summary>
## </param>
#
interface(`corenet_port',`
gen_require(`
attribute port_type;
')
typeattribute $1 port_type;
')
########################################
## <summary>
## Define network type to be a reserved port (lt 1024)
## </summary>
## <desc>
## <p>
## Define network type to be a reserved port (lt 1024)
## </p>
## <p>
## This is for supporting third party modules and its
## use is not allowed in upstream reference policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Type to be used for network ports.
## </summary>
## </param>
#
interface(`corenet_reserved_port',`
gen_require(`
attribute reserved_port_type;
')
typeattribute $1 reserved_port_type;
')
########################################
## <summary>
## Define network type to be a rpc port ( 512 lt PORT lt 1024)
## </summary>
## <desc>
## <p>
## Define network type to be a rpc port ( 512 lt PORT lt 1024)
## </p>
## <p>
## This is for supporting third party modules and its
## use is not allowed in upstream reference policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Type to be used for network ports.
## </summary>
## </param>
#
interface(`corenet_rpc_port',`
gen_require(`
attribute rpc_port_type;
')
typeattribute $1 rpc_port_type;
')
########################################
## <summary>
## Define type to be a network client packet type
## </summary>
## <desc>
## <p>
## Define type to be a network client packet type
## </p>
## <p>
## This is for supporting third party modules and its
## use is not allowed in upstream reference policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Type to be used for a network client packet.
## </summary>
## </param>
#
interface(`corenet_client_packet',`
gen_require(`
attribute packet_type, client_packet_type;
')
typeattribute $1 client_packet_type, packet_type;
')
########################################
## <summary>
## Define type to be a network server packet type
## </summary>
## <desc>
## <p>
## Define type to be a network server packet type
## </p>
## <p>
## This is for supporting third party modules and its
## use is not allowed in upstream reference policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Type to be used for a network server packet.
## </summary>
## </param>
#
interface(`corenet_server_packet',`
gen_require(`
attribute packet_type, server_packet_type;
')
typeattribute $1 server_packet_type, packet_type;
')
########################################
## <summary>
## Send and receive TCP network traffic on generic interfaces.
## </summary>
## <desc>
## <p>
## Allow the specified domain to send and receive TCP network
## traffic on generic network interfaces.
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_tcp_sendrecv_generic_node()</li>
## <li>corenet_tcp_sendrecv_all_ports()</li>
## <li>corenet_tcp_connect_all_ports()</li>
## </ul>
## <p>
## Example client being able to connect to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:tcp_socket create_stream_socket_perms;
## corenet_tcp_sendrecv_generic_if(myclient_t)
## corenet_tcp_sendrecv_generic_node(myclient_t)
## corenet_tcp_sendrecv_all_ports(myclient_t)
## corenet_tcp_connect_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_generic_if',`
gen_require(`
type netif_t;
')
allow $1 netif_t:netif { tcp_send tcp_recv egress ingress };
')
#######################################
## <summary>
## Send and receive TCP network traffic on loopback interface.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_tcp_sendrecv_loopback_if',`
ifdef(`enable_mls',`
gen_require(`
type lo_netif_t;
')
allow $1 lo_netif_t:netif { tcp_send tcp_recv egress ingress };
')
')
########################################
## <summary>
## Send UDP network traffic on generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_send_generic_if',`
gen_require(`
type netif_t;
')
allow $1 netif_t:netif { udp_send egress };
')
########################################
## <summary>
## Dontaudit attempts to send UDP network traffic
## on generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_send_generic_if',`
gen_require(`
type netif_t;
')
dontaudit $1 netif_t:netif { udp_send egress };
')
########################################
## <summary>
## Receive UDP network traffic on generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_receive_generic_if',`
gen_require(`
type netif_t;
')
allow $1 netif_t:netif { udp_recv ingress };
')
########################################
## <summary>
## Do not audit attempts to receive UDP network
## traffic on generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_receive_generic_if',`
gen_require(`
type netif_t;
')
dontaudit $1 netif_t:netif { udp_recv ingress };
')
########################################
## <summary>
## Send and receive UDP network traffic on generic interfaces.
## </summary>
## <desc>
## <p>
## Allow the specified domain to send and receive UDP network
## traffic on generic network interfaces.
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_udp_sendrecv_generic_node()</li>
## <li>corenet_udp_sendrecv_all_ports()</li>
## </ul>
## <p>
## Example client being able to send to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:udp_socket create_socket_perms;
## corenet_udp_sendrecv_generic_if(myclient_t)
## corenet_udp_sendrecv_generic_node(myclient_t)
## corenet_udp_sendrecv_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_generic_if',`
corenet_udp_send_generic_if($1)
corenet_udp_receive_generic_if($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive UDP network
## traffic on generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_sendrecv_generic_if',`
corenet_dontaudit_udp_send_generic_if($1)
corenet_dontaudit_udp_receive_generic_if($1)
')
########################################
## <summary>
## Send raw IP packets on generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_raw_send_generic_if',`
gen_require(`
type netif_t;
')
allow $1 netif_t:netif { rawip_send egress };
')
########################################
## <summary>
## Receive raw IP packets on generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_raw_receive_generic_if',`
gen_require(`
type netif_t;
')
allow $1 netif_t:netif { rawip_recv ingress };
')
########################################
## <summary>
## Send and receive raw IP packets on generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_raw_sendrecv_generic_if',`
corenet_raw_send_generic_if($1)
corenet_raw_receive_generic_if($1)
')
########################################
## <summary>
## Allow outgoing network traffic on the generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## The peer label of the outgoing network traffic.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_out_generic_if',`
gen_require(`
type netif_t;
')
allow $1 netif_t:netif egress;
')
########################################
## <summary>
## Allow incoming traffic on the generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## The peer label of the incoming network traffic.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_in_generic_if',`
gen_require(`
type netif_t;
')
allow $1 netif_t:netif ingress;
')
########################################
## <summary>
## Allow incoming and outgoing network traffic on the generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## The peer label of the network traffic.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_inout_generic_if',`
corenet_in_generic_if($1)
corenet_out_generic_if($1)
')
########################################
## <summary>
## Send and receive TCP network traffic on all interfaces.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_tcp_sendrecv_all_if',`
gen_require(`
attribute netif_type;
')
allow $1 netif_type:netif { tcp_send tcp_recv egress ingress };
')
########################################
## <summary>
## Send UDP network traffic on all interfaces.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_send_all_if',`
gen_require(`
attribute netif_type;
')
allow $1 netif_type:netif { udp_send egress };
')
########################################
## <summary>
## Receive UDP network traffic on all interfaces.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_receive_all_if',`
gen_require(`
attribute netif_type;
')
allow $1 netif_type:netif { udp_recv ingress };
')
########################################
## <summary>
## Send and receive UDP network traffic on all interfaces.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_sendrecv_all_if',`
corenet_udp_send_all_if($1)
corenet_udp_receive_all_if($1)
')
########################################
## <summary>
## Send raw IP packets on all interfaces.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_raw_send_all_if',`
gen_require(`
attribute netif_type;
')
allow $1 netif_type:netif { rawip_send egress };
')
########################################
## <summary>
## Receive raw IP packets on all interfaces.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_raw_receive_all_if',`
gen_require(`
attribute netif_type;
')
allow $1 netif_type:netif { rawip_recv ingress };
')
########################################
## <summary>
## Send and receive raw IP packets on all interfaces.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_raw_sendrecv_all_if',`
corenet_raw_send_all_if($1)
corenet_raw_receive_all_if($1)
')
########################################
## <summary>
## Send and receive TCP network traffic on generic nodes.
## </summary>
## <desc>
## <p>
## Allow the specified domain to send and receive TCP network
## traffic to/from generic network nodes (hostnames/networks).
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_tcp_sendrecv_generic_if()</li>
## <li>corenet_tcp_sendrecv_all_ports()</li>
## <li>corenet_tcp_connect_all_ports()</li>
## </ul>
## <p>
## Example client being able to connect to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:tcp_socket create_stream_socket_perms;
## corenet_tcp_sendrecv_generic_if(myclient_t)
## corenet_tcp_sendrecv_generic_node(myclient_t)
## corenet_tcp_sendrecv_all_ports(myclient_t)
## corenet_tcp_connect_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:node { tcp_send tcp_recv sendto recvfrom };
')
########################################
## <summary>
## Send UDP network traffic on generic nodes.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_send_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:node { udp_send sendto };
')
########################################
## <summary>
## Receive UDP network traffic on generic nodes.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_receive_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:node { udp_recv recvfrom };
')
########################################
## <summary>
## Send and receive UDP network traffic on generic nodes.
## </summary>
## <desc>
## <p>
## Allow the specified domain to send and receive UDP network
## traffic to/from generic network nodes (hostnames/networks).
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_udp_sendrecv_generic_if()</li>
## <li>corenet_udp_sendrecv_all_ports()</li>
## </ul>
## <p>
## Example client being able to send to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:udp_socket create_socket_perms;
## corenet_udp_sendrecv_generic_if(myclient_t)
## corenet_udp_sendrecv_generic_node(myclient_t)
## corenet_udp_sendrecv_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_generic_node',`
corenet_udp_send_generic_node($1)
corenet_udp_receive_generic_node($1)
')
########################################
## <summary>
## Send raw IP packets on generic nodes.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_raw_send_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:node { rawip_send sendto };
')
########################################
## <summary>
## Receive raw IP packets on generic nodes.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_raw_receive_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:node { rawip_recv recvfrom };
')
########################################
## <summary>
## Send and receive raw IP packets on generic nodes.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_raw_sendrecv_generic_node',`
corenet_raw_send_generic_node($1)
corenet_raw_receive_generic_node($1)
')
########################################
## <summary>
## Bind TCP sockets to generic nodes.
## </summary>
## <desc>
## <p>
## Bind TCP sockets to generic nodes. This is
## necessary for binding a socket so it
## can be used for servers to listen
## for incoming connections.
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>corenet_udp_bind_generic_node()</li>
## </ul>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="1"/>
#
interface(`corenet_tcp_bind_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:tcp_socket node_bind;
')
########################################
## <summary>
## Bind UDP sockets to generic nodes.
## </summary>
## <desc>
## <p>
## Bind UDP sockets to generic nodes. This is
## necessary for binding a socket so it
## can be used for servers to listen
## for incoming connections.
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>corenet_tcp_bind_generic_node()</li>
## </ul>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="1"/>
#
interface(`corenet_udp_bind_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:udp_socket node_bind;
')
########################################
## <summary>
## Bind raw sockets to genric nodes.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
# rawip_socket node_bind does not make much sense.
# cjp: vmware hits this too
interface(`corenet_raw_bind_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:rawip_socket node_bind;
')
########################################
## <summary>
## Allow outgoing network traffic to generic nodes.
## </summary>
## <param name="domain">
## <summary>
## The peer label of the outgoing network traffic.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_out_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:node sendto;
')
########################################
## <summary>
## Allow incoming network traffic from generic nodes.
## </summary>
## <param name="domain">
## <summary>
## The peer label of the incoming network traffic.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_in_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:node recvfrom;
')
########################################
## <summary>
## Allow incoming and outgoing network traffic with generic nodes.
## </summary>
## <param name="domain">
## <summary>
## The peer label of the network traffic.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_inout_generic_node',`
corenet_in_generic_node($1)
corenet_out_generic_node($1)
')
########################################
## <summary>
## Send and receive TCP network traffic on all nodes.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_tcp_sendrecv_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:node { tcp_send tcp_recv sendto recvfrom };
')
########################################
## <summary>
## Send UDP network traffic on all nodes.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_send_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:node { udp_send sendto };
')
########################################
## <summary>
## Do not audit attempts to send UDP network
## traffic on any nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_send_all_nodes',`
gen_require(`
attribute node_type;
')
dontaudit $1 node_type:node { udp_send sendto };
')
########################################
## <summary>
## Receive UDP network traffic on all nodes.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_receive_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:node { udp_recv recvfrom };
')
########################################
## <summary>
## Do not audit attempts to receive UDP
## network traffic on all nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_receive_all_nodes',`
gen_require(`
attribute node_type;
')
dontaudit $1 node_type:node { udp_recv recvfrom };
')
########################################
## <summary>
## Send and receive UDP network traffic on all nodes.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_sendrecv_all_nodes',`
corenet_udp_send_all_nodes($1)
corenet_udp_receive_all_nodes($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive UDP
## network traffic on any nodes nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_sendrecv_all_nodes',`
corenet_dontaudit_udp_send_all_nodes($1)
corenet_dontaudit_udp_receive_all_nodes($1)
')
########################################
## <summary>
## Send raw IP packets on all nodes.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_raw_send_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:node { rawip_send sendto };
')
########################################
## <summary>
## Receive raw IP packets on all nodes.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_raw_receive_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:node { rawip_recv recvfrom };
')
########################################
## <summary>
## Send and receive raw IP packets on all nodes.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_raw_sendrecv_all_nodes',`
corenet_raw_send_all_nodes($1)
corenet_raw_receive_all_nodes($1)
')
########################################
## <summary>
## Bind TCP sockets to all nodes.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_tcp_bind_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:tcp_socket node_bind;
')
########################################
## <summary>
## Bind UDP sockets to all nodes.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_bind_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:udp_socket node_bind;
')
########################################
## <summary>
## Bind raw sockets to all nodes.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
# rawip_socket node_bind does not make much sense.
# cjp: vmware hits this too
interface(`corenet_raw_bind_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:rawip_socket node_bind;
')
########################################
## <summary>
## Send and receive TCP network traffic on generic ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_tcp_sendrecv_generic_port',`
gen_require(`
type port_t;
')
allow $1 port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Do not audit send and receive TCP network traffic on generic ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_sendrecv_generic_port',`
gen_require(`
type port_t;
')
dontaudit $1 port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP network traffic on generic ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_send_generic_port',`
gen_require(`
type port_t;
')
allow $1 port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP network traffic on generic ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_receive_generic_port',`
gen_require(`
type port_t;
')
allow $1 port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP network traffic on generic ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_sendrecv_generic_port',`
corenet_udp_send_generic_port($1)
corenet_udp_receive_generic_port($1)
')
########################################
## <summary>
## Bind TCP sockets to generic ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_tcp_bind_generic_port',`
gen_require(`
type port_t;
attribute port_type;
')
allow $1 port_t:tcp_socket name_bind;
dontaudit $1 { port_type -port_t }:tcp_socket name_bind;
')
########################################
## <summary>
## Do not audit bind TCP sockets to generic ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_bind_generic_port',`
gen_require(`
type port_t;
')
dontaudit $1 port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to generic ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_bind_generic_port',`
gen_require(`
type port_t;
attribute port_type;
')
allow $1 port_t:udp_socket name_bind;
dontaudit $1 { port_type -port_t }:udp_socket name_bind;
')
########################################
## <summary>
## Connect TCP sockets to generic ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_generic_port',`
gen_require(`
type port_t;
')
allow $1 port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send and receive TCP network traffic on all ports.
## </summary>
## <desc>
## <p>
## Send and receive TCP network traffic on all ports.
## Related interfaces:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_tcp_sendrecv_generic_if()</li>
## <li>corenet_tcp_sendrecv_generic_node()</li>
## <li>corenet_tcp_connect_all_ports()</li>
## <li>corenet_tcp_bind_all_ports()</li>
## </ul>
## <p>
## Example client being able to connect to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:tcp_socket create_stream_socket_perms;
## corenet_tcp_sendrecv_generic_if(myclient_t)
## corenet_tcp_sendrecv_generic_node(myclient_t)
## corenet_tcp_sendrecv_all_ports(myclient_t)
## corenet_tcp_connect_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_all_ports',`
gen_require(`
attribute port_type;
')
allow $1 port_type:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP network traffic on all ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_send_all_ports',`
gen_require(`
attribute port_type;
')
allow $1 port_type:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP network traffic on all ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_receive_all_ports',`
gen_require(`
attribute port_type;
')
allow $1 port_type:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP network traffic on all ports.
## </summary>
## <desc>
## <p>
## Send and receive UDP network traffic on all ports.
## Related interfaces:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_udp_sendrecv_generic_if()</li>
## <li>corenet_udp_sendrecv_generic_node()</li>
## <li>corenet_udp_bind_all_ports()</li>
## </ul>
## <p>
## Example client being able to send to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:udp_socket create_socket_perms;
## corenet_udp_sendrecv_generic_if(myclient_t)
## corenet_udp_sendrecv_generic_node(myclient_t)
## corenet_udp_sendrecv_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_all_ports',`
corenet_udp_send_all_ports($1)
corenet_udp_receive_all_ports($1)
')
########################################
## <summary>
## Bind TCP sockets to all ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_tcp_bind_all_ports',`
gen_require(`
attribute port_type;
')
allow $1 port_type:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attepts to bind TCP sockets to any ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_bind_all_ports',`
gen_require(`
attribute port_type;
')
dontaudit $1 port_type:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to all ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_bind_all_ports',`
gen_require(`
attribute port_type;
')
allow $1 port_type:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attepts to bind UDP sockets to any ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_bind_all_ports',`
gen_require(`
attribute port_type;
')
dontaudit $1 port_type:udp_socket name_bind;
')
########################################
## <summary>
## Connect TCP sockets to all ports.
## </summary>
## <desc>
## <p>
## Connect TCP sockets to all ports
## </p>
## <p>
## Related interfaces:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_tcp_sendrecv_generic_if()</li>
## <li>corenet_tcp_sendrecv_generic_node()</li>
## <li>corenet_tcp_sendrecv_all_ports()</li>
## <li>corenet_tcp_bind_all_ports()</li>
## </ul>
## <p>
## Example client being able to connect to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:tcp_socket create_stream_socket_perms;
## corenet_tcp_sendrecv_generic_if(myclient_t)
## corenet_tcp_sendrecv_generic_node(myclient_t)
## corenet_tcp_sendrecv_all_ports(myclient_t)
## corenet_tcp_connect_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="1"/>
#
interface(`corenet_tcp_connect_all_ports',`
gen_require(`
attribute port_type;
')
allow $1 port_type:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to connect TCP sockets
## to all ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_all_ports',`
gen_require(`
attribute port_type;
')
dontaudit $1 port_type:tcp_socket name_connect;
')
########################################
## <summary>
## Send and receive TCP network traffic on generic reserved ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_tcp_sendrecv_reserved_port',`
gen_require(`
type reserved_port_t;
')
allow $1 reserved_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP network traffic on generic reserved ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_send_reserved_port',`
gen_require(`
type reserved_port_t;
')
allow $1 reserved_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP network traffic on generic reserved ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_receive_reserved_port',`
gen_require(`
type reserved_port_t;
')
allow $1 reserved_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP network traffic on generic reserved ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_sendrecv_reserved_port',`
corenet_udp_send_reserved_port($1)
corenet_udp_receive_reserved_port($1)
')
########################################
## <summary>
## Bind TCP sockets to generic reserved ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_tcp_bind_reserved_port',`
gen_require(`
type reserved_port_t;
')
allow $1 reserved_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to generic reserved ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_bind_reserved_port',`
gen_require(`
type reserved_port_t;
')
allow $1 reserved_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Connect TCP sockets to generic reserved ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_reserved_port',`
gen_require(`
type reserved_port_t;
')
allow $1 reserved_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send and receive TCP network traffic on all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_tcp_sendrecv_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
allow $1 reserved_port_type:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP network traffic on all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_send_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
allow $1 reserved_port_type:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP network traffic on all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_receive_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
allow $1 reserved_port_type:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP network traffic on all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_sendrecv_all_reserved_ports',`
corenet_udp_send_all_reserved_ports($1)
corenet_udp_receive_all_reserved_ports($1)
')
########################################
## <summary>
## Bind TCP sockets to all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_tcp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
allow $1 reserved_port_type:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to bind TCP sockets to all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
dontaudit $1 reserved_port_type:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
allow $1 reserved_port_type:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to bind UDP sockets to all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
dontaudit $1 reserved_port_type:udp_socket name_bind;
')
########################################
## <summary>
## Bind TCP sockets to all ports > 1024.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_tcp_bind_all_unreserved_ports',`
gen_require(`
attribute port_type, reserved_port_type;
')
allow $1 { port_type -reserved_port_type }:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to all ports > 1024.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_bind_all_unreserved_ports',`
gen_require(`
attribute port_type, reserved_port_type;
')
allow $1 { port_type -reserved_port_type }:udp_socket name_bind;
')
########################################
## <summary>
## Connect TCP sockets to reserved ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
allow $1 reserved_port_type:tcp_socket name_connect;
')
########################################
## <summary>
## Connect TCP sockets to all ports > 1024.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_all_unreserved_ports',`
gen_require(`
attribute port_type, reserved_port_type;
')
allow $1 { port_type -reserved_port_type }:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to connect TCP sockets
## all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
dontaudit $1 reserved_port_type:tcp_socket name_connect;
')
########################################
## <summary>
## Connect TCP sockets to rpc ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_all_rpc_ports',`
gen_require(`
attribute rpc_port_type;
')
allow $1 rpc_port_type:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to connect TCP sockets
## all rpc ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_all_rpc_ports',`
gen_require(`
attribute rpc_port_type;
')
dontaudit $1 rpc_port_type:tcp_socket name_connect;
')
########################################
## <summary>
## Read and write the TUN/TAP virtual network device.
## </summary>
## <param name="domain">
## <summary>
## The domain allowed access.
## </summary>
## </param>
#
interface(`corenet_rw_tun_tap_dev',`
gen_require(`
type tun_tap_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 tun_tap_device_t:chr_file rw_chr_file_perms;
')
########################################
## <summary>
## Do not audit attempts to read or write the TUN/TAP
## virtual network device.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_rw_tun_tap_dev',`
gen_require(`
type tun_tap_device_t;
')
dontaudit $1 tun_tap_device_t:chr_file { read write };
')
########################################
## <summary>
## Getattr the point-to-point device.
## </summary>
## <param name="domain">
## <summary>
## The domain allowed access.
## </summary>
## </param>
#
interface(`corenet_getattr_ppp_dev',`
gen_require(`
type ppp_device_t;
')
allow $1 ppp_device_t:chr_file getattr;
')
########################################
## <summary>
## Read and write the point-to-point device.
## </summary>
## <param name="domain">
## <summary>
## The domain allowed access.
## </summary>
## </param>
#
interface(`corenet_rw_ppp_dev',`
gen_require(`
type ppp_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 ppp_device_t:chr_file rw_chr_file_perms;
')
########################################
## <summary>
## Bind TCP sockets to all RPC ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_tcp_bind_all_rpc_ports',`
gen_require(`
attribute rpc_port_type;
')
allow $1 rpc_port_type:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to bind TCP sockets to all RPC ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_bind_all_rpc_ports',`
gen_require(`
attribute rpc_port_type;
')
dontaudit $1 rpc_port_type:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to all RPC ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`corenet_udp_bind_all_rpc_ports',`
gen_require(`
attribute rpc_port_type;
')
allow $1 rpc_port_type:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to bind UDP sockets to all RPC ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_bind_all_rpc_ports',`
gen_require(`
attribute rpc_port_type;
')
dontaudit $1 rpc_port_type:udp_socket name_bind;
')
########################################
## <summary>
## Send and receive messages on a
## non-encrypted (no IPSEC) network
## session.
## </summary>
## <desc>
## <p>
## Send and receive messages on a
## non-encrypted (no IPSEC) network
## session. (Deprecated)
## </p>
## <p>
## The corenet_all_recvfrom_unlabeled() interface should be used instead
## of this one.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_non_ipsec_sendrecv',`
refpolicywarn(`$0($*) has been deprecated, use corenet_all_recvfrom_unlabeled() instead.')
corenet_all_recvfrom_unlabeled($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## messages on a non-encrypted (no IPSEC) network
## session.
## </summary>
## <desc>
## <p>
## Do not audit attempts to send and receive
## messages on a non-encrypted (no IPSEC) network
## session.
## </p>
## <p>
## The corenet_dontaudit_all_recvfrom_unlabeled() interface should be
## used instead of this one.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_non_ipsec_sendrecv',`
refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_all_recvfrom_unlabeled() instead.')
corenet_dontaudit_all_recvfrom_unlabeled($1)
')
########################################
## <summary>
## Receive TCP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_recv_netlabel',`
refpolicywarn(`$0($*) has been deprecated, use corenet_tcp_recvfrom_netlabel() instead.')
corenet_tcp_recvfrom_netlabel($1)
')
########################################
## <summary>
## Receive TCP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_recvfrom_netlabel',`
gen_require(`
type netlabel_peer_t;
')
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:tcp_socket recvfrom;
')
########################################
## <summary>
## Receive TCP packets from an unlabled connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_recvfrom_unlabeled',`
gen_require(`
attribute corenet_unlabeled_type;
')
kernel_tcp_recvfrom_unlabeled($1)
kernel_recvfrom_unlabeled_peer($1)
typeattribute $1 corenet_unlabeled_type;
# XXX - at some point the oubound/send access check will be removed
# but for right now we need to keep this in place so as not to break
# older systems
kernel_sendrecv_unlabeled_association($1)
')
########################################
## <summary>
## Do not audit attempts to receive TCP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_recv_netlabel',`
refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_tcp_recvfrom_netlabel() instead.')
corenet_dontaudit_tcp_recvfrom_netlabel($1)
')
########################################
## <summary>
## Do not audit attempts to receive TCP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_recvfrom_netlabel',`
gen_require(`
type netlabel_peer_t;
')
dontaudit $1 netlabel_peer_t:peer recv;
dontaudit $1 netlabel_peer_t:tcp_socket recvfrom;
')
########################################
## <summary>
## Do not audit attempts to receive TCP packets from an unlabeled
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_recvfrom_unlabeled',`
kernel_dontaudit_tcp_recvfrom_unlabeled($1)
kernel_dontaudit_recvfrom_unlabeled_peer($1)
# XXX - at some point the oubound/send access check will be removed
# but for right now we need to keep this in place so as not to break
# older systems
kernel_dontaudit_sendrecv_unlabeled_association($1)
')
########################################
## <summary>
## Receive UDP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_recv_netlabel',`
refpolicywarn(`$0($*) has been deprecated, use corenet_udp_recvfrom_netlabel() instead.')
corenet_udp_recvfrom_netlabel($1)
')
########################################
## <summary>
## Receive UDP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_recvfrom_netlabel',`
gen_require(`
type netlabel_peer_t;
')
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:udp_socket recvfrom;
')
########################################
## <summary>
## Receive UDP packets from an unlabeled connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_recvfrom_unlabeled',`
kernel_udp_recvfrom_unlabeled($1)
kernel_recvfrom_unlabeled_peer($1)
# XXX - at some point the oubound/send access check will be removed
# but for right now we need to keep this in place so as not to break
# older systems
kernel_sendrecv_unlabeled_association($1)
')
########################################
## <summary>
## Do not audit attempts to receive UDP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_recv_netlabel',`
refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_udp_recvfrom_netlabel($1) instead.')
corenet_dontaudit_udp_recvfrom_netlabel($1)
')
########################################
## <summary>
## Do not audit attempts to receive UDP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_recvfrom_netlabel',`
gen_require(`
type netlabel_peer_t;
')
dontaudit $1 netlabel_peer_t:peer recv;
dontaudit $1 netlabel_peer_t:udp_socket recvfrom;
')
########################################
## <summary>
## Do not audit attempts to receive UDP packets from an unlabeled
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_recvfrom_unlabeled',`
kernel_dontaudit_udp_recvfrom_unlabeled($1)
kernel_dontaudit_recvfrom_unlabeled_peer($1)
# XXX - at some point the oubound/send access check will be removed
# but for right now we need to keep this in place so as not to break
# older systems
kernel_dontaudit_sendrecv_unlabeled_association($1)
')
########################################
## <summary>
## Receive Raw IP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_raw_recv_netlabel',`
refpolicywarn(`$0($*) has been deprecated, use corenet_raw_recvfrom_netlabel() instead.')
corenet_raw_recvfrom_netlabel($1)
')
########################################
## <summary>
## Receive Raw IP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_raw_recvfrom_netlabel',`
gen_require(`
type netlabel_peer_t;
')
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:rawip_socket recvfrom;
')
########################################
## <summary>
## Receive Raw IP packets from an unlabeled connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_raw_recvfrom_unlabeled',`
kernel_raw_recvfrom_unlabeled($1)
kernel_recvfrom_unlabeled_peer($1)
# XXX - at some point the oubound/send access check will be removed
# but for right now we need to keep this in place so as not to break
# older systems
kernel_sendrecv_unlabeled_association($1)
')
########################################
## <summary>
## Do not audit attempts to receive Raw IP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_raw_recv_netlabel',`
refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_raw_recvfrom_netlabel() instead.')
corenet_dontaudit_raw_recvfrom_netlabel($1)
')
########################################
## <summary>
## Do not audit attempts to receive Raw IP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_raw_recvfrom_netlabel',`
gen_require(`
type netlabel_peer_t;
')
dontaudit $1 netlabel_peer_t:peer recv;
dontaudit $1 netlabel_peer_t:rawip_socket recvfrom;
')
########################################
## <summary>
## Do not audit attempts to receive Raw IP packets from an unlabeled
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_raw_recvfrom_unlabeled',`
kernel_dontaudit_raw_recvfrom_unlabeled($1)
kernel_dontaudit_recvfrom_unlabeled_peer($1)
# XXX - at some point the oubound/send access check will be removed
# but for right now we need to keep this in place so as not to break
# older systems
kernel_dontaudit_sendrecv_unlabeled_association($1)
')
########################################
## <summary>
## Receive packets from an unlabeled connection.
## </summary>
## <desc>
## <p>
## Allow the specified domain to receive packets from an
## unlabeled connection. On machines that do not utilize
## labeled networking, this will be required on all
## networking domains. On machines tha do utilize
## labeled networking, this will be required for any
## networking domain that is allowed to receive
## network traffic that does not have a label.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_all_recvfrom_unlabeled',`
kernel_tcp_recvfrom_unlabeled($1)
kernel_udp_recvfrom_unlabeled($1)
kernel_raw_recvfrom_unlabeled($1)
kernel_recvfrom_unlabeled_peer($1)
# XXX - at some point the oubound/send access check will be removed
# but for right now we need to keep this in place so as not to break
# older systems
kernel_sendrecv_unlabeled_association($1)
')
########################################
## <summary>
## Receive packets from a NetLabel connection.
## </summary>
## <desc>
## <p>
## Allow the specified domain to receive NetLabel
## network traffic, which utilizes the Commercial IP
## Security Option (CIPSO) to set the MLS level
## of the network packets. This is required for
## all networking domains that receive NetLabel
## network traffic.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_all_recvfrom_netlabel',`
gen_require(`
type netlabel_peer_t;
')
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
')
#######################################
## <summary>
## Enable unlabeled net packets
## </summary>
## <desc>
## <p>
## Allow unlabeled_packet_t to be used by all domains that use the network
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_enable_unlabeled_packets',`
gen_require(`
attribute corenet_unlabeled_type;
')
kernel_sendrecv_unlabeled_association(corenet_unlabeled_type)
')
########################################
## <summary>
## Do not audit attempts to receive packets from an unlabeled connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_all_recvfrom_unlabeled',`
kernel_dontaudit_tcp_recvfrom_unlabeled($1)
kernel_dontaudit_udp_recvfrom_unlabeled($1)
kernel_dontaudit_raw_recvfrom_unlabeled($1)
kernel_dontaudit_recvfrom_unlabeled_peer($1)
# XXX - at some point the oubound/send access check will be removed
# but for right now we need to keep this in place so as not to break
# older systems
kernel_dontaudit_sendrecv_unlabeled_association($1)
')
########################################
## <summary>
## Do not audit attempts to receive packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_all_recvfrom_netlabel',`
gen_require(`
type netlabel_peer_t;
')
dontaudit $1 netlabel_peer_t:peer recv;
dontaudit $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
')
########################################
## <summary>
## Rules for receiving labeled TCP packets.
## </summary>
## <desc>
## <p>
## Rules for receiving labeled TCP packets.
## </p>
## <p>
## Due to the nature of TCP, this is bidirectional.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="peer_domain">
## <summary>
## Peer domain.
## </summary>
## </param>
#
interface(`corenet_tcp_recvfrom_labeled',`
allow { $1 $2 } self:association sendto;
allow $1 $2:{ association tcp_socket } recvfrom;
allow $2 $1:{ association tcp_socket } recvfrom;
allow $1 $2:peer recv;
allow $2 $1:peer recv;
# allow receiving packets from MLS-only peers using NetLabel
corenet_tcp_recvfrom_netlabel($1)
corenet_tcp_recvfrom_netlabel($2)
')
########################################
## <summary>
## Rules for receiving labeled UDP packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="peer_domain">
## <summary>
## Peer domain.
## </summary>
## </param>
#
interface(`corenet_udp_recvfrom_labeled',`
allow $2 self:association sendto;
allow $1 $2:{ association udp_socket } recvfrom;
allow $1 $2:peer recv;
# allow receiving packets from MLS-only peers using NetLabel
corenet_udp_recvfrom_netlabel($1)
')
########################################
## <summary>
## Rules for receiving labeled raw IP packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="peer_domain">
## <summary>
## Peer domain.
## </summary>
## </param>
#
interface(`corenet_raw_recvfrom_labeled',`
allow $2 self:association sendto;
allow $1 $2:{ association rawip_socket } recvfrom;
allow $1 $2:peer recv;
# allow receiving packets from MLS-only peers using NetLabel
corenet_raw_recvfrom_netlabel($1)
')
########################################
## <summary>
## Rules for receiving labeled packets via TCP, UDP and raw IP.
## </summary>
## <desc>
## <p>
## Rules for receiving labeled packets via TCP, UDP and raw IP.
## </p>
## <p>
## Due to the nature of TCP, the rules (for TCP
## networking only) are bidirectional.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="peer_domain">
## <summary>
## Peer domain.
## </summary>
## </param>
#
interface(`corenet_all_recvfrom_labeled',`
corenet_tcp_recvfrom_labeled($1,$2)
corenet_udp_recvfrom_labeled($1,$2)
corenet_raw_recvfrom_labeled($1,$2)
')
########################################
## <summary>
## Send generic client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_send_generic_client_packets',`
gen_require(`
type client_packet_t;
')
allow $1 client_packet_t:packet send;
')
########################################
## <summary>
## Receive generic client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_receive_generic_client_packets',`
gen_require(`
type client_packet_t;
')
allow $1 client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive generic client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sendrecv_generic_client_packets',`
corenet_send_generic_client_packets($1)
corenet_receive_generic_client_packets($1)
')
########################################
## <summary>
## Relabel packets to the generic client packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_generic_client_packets',`
gen_require(`
type client_packet_t;
')
allow $1 client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send generic server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_send_generic_server_packets',`
gen_require(`
type server_packet_t;
')
allow $1 server_packet_t:packet send;
')
########################################
## <summary>
## Receive generic server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_receive_generic_server_packets',`
gen_require(`
type server_packet_t;
')
allow $1 server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive generic server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sendrecv_generic_server_packets',`
corenet_send_generic_server_packets($1)
corenet_receive_generic_server_packets($1)
')
########################################
## <summary>
## Relabel packets to the generic server packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_generic_server_packets',`
gen_require(`
type server_packet_t;
')
allow $1 server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive unlabeled packets.
## </summary>
## <desc>
## <p>
## Send and receive unlabeled packets.
## These packets do not match any netfilter
## SECMARK rules.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sendrecv_unlabeled_packets',`
kernel_sendrecv_unlabeled_packets($1)
')
########################################
## <summary>
## Send all client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_send_all_client_packets',`
gen_require(`
attribute client_packet_type;
')
allow $1 client_packet_type:packet send;
')
########################################
## <summary>
## Receive all client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_receive_all_client_packets',`
gen_require(`
attribute client_packet_type;
')
allow $1 client_packet_type:packet recv;
')
########################################
## <summary>
## Send and receive all client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sendrecv_all_client_packets',`
corenet_send_all_client_packets($1)
corenet_receive_all_client_packets($1)
')
########################################
## <summary>
## Relabel packets to any client packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_all_client_packets',`
gen_require(`
attribute client_packet_type;
')
allow $1 client_packet_type:packet relabelto;
')
########################################
## <summary>
## Send all server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_send_all_server_packets',`
gen_require(`
attribute server_packet_type;
')
allow $1 server_packet_type:packet send;
')
########################################
## <summary>
## Receive all server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_receive_all_server_packets',`
gen_require(`
attribute server_packet_type;
')
allow $1 server_packet_type:packet recv;
')
########################################
## <summary>
## Send and receive all server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sendrecv_all_server_packets',`
corenet_send_all_server_packets($1)
corenet_receive_all_server_packets($1)
')
########################################
## <summary>
## Relabel packets to any server packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_all_server_packets',`
gen_require(`
attribute server_packet_type;
')
allow $1 server_packet_type:packet relabelto;
')
########################################
## <summary>
## Send all packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_send_all_packets',`
gen_require(`
attribute packet_type;
')
allow $1 packet_type:packet send;
')
########################################
## <summary>
## Receive all packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_receive_all_packets',`
gen_require(`
attribute packet_type;
')
allow $1 packet_type:packet recv;
')
########################################
## <summary>
## Send and receive all packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sendrecv_all_packets',`
corenet_send_all_packets($1)
corenet_receive_all_packets($1)
')
########################################
## <summary>
## Relabel packets to any packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_all_packets',`
gen_require(`
attribute packet_type;
')
allow $1 packet_type:packet relabelto;
')
########################################
## <summary>
## Unconfined access to network objects.
## </summary>
## <param name="domain">
## <summary>
## The domain allowed access.
## </summary>
## </param>
#
interface(`corenet_unconfined',`
gen_require(`
attribute corenet_unconfined_type;
')
typeattribute $1 corenet_unconfined_type;
')
#
# shiftn(num,list...)
#
# shift the list num times
#
########################################
#
# Network Interface generated macros
#
########################################
# create confined network interfaces controlled by the network_enabled boolean
# do not call this macro for loop back
########################################
#
# Network node generated macros
#
########################################
########################################
#
# Network port generated macros
#
########################################
#
# create_netif_*_interfaces(linux_interfacename)
#
#
# network_interface(linux_interfacename,mls_sensitivity)
#
#
# create_node_*_interfaces(node_name)
#
#
# network_node(node_name,mls_sensitivity,address,netmask)
#
# These next three macros have formatting, and should not me indented
#
# create_port_*_interfaces(port_name, protocol,portnum,mls_sensitivity [,protocol portnum mls_sensitivity[,...]])
# (these wrap create_port_interfaces to handle attributes and types)
#
# network_port(port_name,protocol portnum mls_sensitivity [,protocol,portnum,mls_sensitivity[,...]])
#
#
# network_packet(packet_name)
#
########################################
## <summary>
## Send and receive TCP traffic on the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_afs_bos_port',`
gen_require(`
type afs_bos_port_t;
')
allow $1 afs_bos_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_afs_bos_port',`
gen_require(`
type afs_bos_port_t;
')
allow $1 afs_bos_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_afs_bos_port',`
gen_require(`
type afs_bos_port_t;
')
dontaudit $1 afs_bos_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_afs_bos_port',`
gen_require(`
type afs_bos_port_t;
')
allow $1 afs_bos_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_afs_bos_port',`
gen_require(`
type afs_bos_port_t;
')
dontaudit $1 afs_bos_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_afs_bos_port',`
corenet_udp_send_afs_bos_port($1)
corenet_udp_receive_afs_bos_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_afs_bos_port',`
corenet_dontaudit_udp_send_afs_bos_port($1)
corenet_dontaudit_udp_receive_afs_bos_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_afs_bos_port',`
gen_require(`
type afs_bos_port_t;
')
allow $1 afs_bos_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_afs_bos_port',`
gen_require(`
type afs_bos_port_t;
')
allow $1 afs_bos_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_afs_bos_port',`
gen_require(`
type afs_bos_port_t;
')
allow $1 afs_bos_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send afs_bos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_bos_client_packets',`
gen_require(`
type afs_bos_client_packet_t;
')
allow $1 afs_bos_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_bos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_bos_client_packets',`
gen_require(`
type afs_bos_client_packet_t;
')
dontaudit $1 afs_bos_client_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_bos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_bos_client_packets',`
gen_require(`
type afs_bos_client_packet_t;
')
allow $1 afs_bos_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_bos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_bos_client_packets',`
gen_require(`
type afs_bos_client_packet_t;
')
dontaudit $1 afs_bos_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_bos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_bos_client_packets',`
corenet_send_afs_bos_client_packets($1)
corenet_receive_afs_bos_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_bos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_bos_client_packets',`
corenet_dontaudit_send_afs_bos_client_packets($1)
corenet_dontaudit_receive_afs_bos_client_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_bos_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_bos_client_packets',`
gen_require(`
type afs_bos_client_packet_t;
')
allow $1 afs_bos_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send afs_bos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_bos_server_packets',`
gen_require(`
type afs_bos_server_packet_t;
')
allow $1 afs_bos_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_bos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_bos_server_packets',`
gen_require(`
type afs_bos_server_packet_t;
')
dontaudit $1 afs_bos_server_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_bos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_bos_server_packets',`
gen_require(`
type afs_bos_server_packet_t;
')
allow $1 afs_bos_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_bos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_bos_server_packets',`
gen_require(`
type afs_bos_server_packet_t;
')
dontaudit $1 afs_bos_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_bos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_bos_server_packets',`
corenet_send_afs_bos_server_packets($1)
corenet_receive_afs_bos_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_bos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_bos_server_packets',`
corenet_dontaudit_send_afs_bos_server_packets($1)
corenet_dontaudit_receive_afs_bos_server_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_bos_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_bos_server_packets',`
gen_require(`
type afs_bos_server_packet_t;
')
allow $1 afs_bos_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the afs_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_afs_client_port',`
gen_require(`
type afs_client_port_t;
')
allow $1 afs_client_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the afs_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_afs_client_port',`
gen_require(`
type afs_client_port_t;
')
allow $1 afs_client_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the afs_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_afs_client_port',`
gen_require(`
type afs_client_port_t;
')
dontaudit $1 afs_client_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the afs_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_afs_client_port',`
gen_require(`
type afs_client_port_t;
')
allow $1 afs_client_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the afs_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_afs_client_port',`
gen_require(`
type afs_client_port_t;
')
dontaudit $1 afs_client_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the afs_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_afs_client_port',`
corenet_udp_send_afs_client_port($1)
corenet_udp_receive_afs_client_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the afs_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_afs_client_port',`
corenet_dontaudit_udp_send_afs_client_port($1)
corenet_dontaudit_udp_receive_afs_client_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the afs_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_afs_client_port',`
gen_require(`
type afs_client_port_t;
')
allow $1 afs_client_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the afs_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_afs_client_port',`
gen_require(`
type afs_client_port_t;
')
allow $1 afs_client_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the afs_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_afs_client_port',`
gen_require(`
type afs_client_port_t;
')
allow $1 afs_client_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send afs_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_client_client_packets',`
gen_require(`
type afs_client_client_packet_t;
')
allow $1 afs_client_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_client_client_packets',`
gen_require(`
type afs_client_client_packet_t;
')
dontaudit $1 afs_client_client_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_client_client_packets',`
gen_require(`
type afs_client_client_packet_t;
')
allow $1 afs_client_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_client_client_packets',`
gen_require(`
type afs_client_client_packet_t;
')
dontaudit $1 afs_client_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_client_client_packets',`
corenet_send_afs_client_client_packets($1)
corenet_receive_afs_client_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_client_client_packets',`
corenet_dontaudit_send_afs_client_client_packets($1)
corenet_dontaudit_receive_afs_client_client_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_client_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_client_client_packets',`
gen_require(`
type afs_client_client_packet_t;
')
allow $1 afs_client_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send afs_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_client_server_packets',`
gen_require(`
type afs_client_server_packet_t;
')
allow $1 afs_client_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_client_server_packets',`
gen_require(`
type afs_client_server_packet_t;
')
dontaudit $1 afs_client_server_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_client_server_packets',`
gen_require(`
type afs_client_server_packet_t;
')
allow $1 afs_client_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_client_server_packets',`
gen_require(`
type afs_client_server_packet_t;
')
dontaudit $1 afs_client_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_client_server_packets',`
corenet_send_afs_client_server_packets($1)
corenet_receive_afs_client_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_client_server_packets',`
corenet_dontaudit_send_afs_client_server_packets($1)
corenet_dontaudit_receive_afs_client_server_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_client_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_client_server_packets',`
gen_require(`
type afs_client_server_packet_t;
')
allow $1 afs_client_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_afs_fs_port',`
gen_require(`
type afs_fs_port_t;
')
allow $1 afs_fs_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_afs_fs_port',`
gen_require(`
type afs_fs_port_t;
')
allow $1 afs_fs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_afs_fs_port',`
gen_require(`
type afs_fs_port_t;
')
dontaudit $1 afs_fs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_afs_fs_port',`
gen_require(`
type afs_fs_port_t;
')
allow $1 afs_fs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_afs_fs_port',`
gen_require(`
type afs_fs_port_t;
')
dontaudit $1 afs_fs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_afs_fs_port',`
corenet_udp_send_afs_fs_port($1)
corenet_udp_receive_afs_fs_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_afs_fs_port',`
corenet_dontaudit_udp_send_afs_fs_port($1)
corenet_dontaudit_udp_receive_afs_fs_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_afs_fs_port',`
gen_require(`
type afs_fs_port_t;
')
allow $1 afs_fs_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_afs_fs_port',`
gen_require(`
type afs_fs_port_t;
')
allow $1 afs_fs_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_afs_fs_port',`
gen_require(`
type afs_fs_port_t;
')
allow $1 afs_fs_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send afs_fs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_fs_client_packets',`
gen_require(`
type afs_fs_client_packet_t;
')
allow $1 afs_fs_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_fs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_fs_client_packets',`
gen_require(`
type afs_fs_client_packet_t;
')
dontaudit $1 afs_fs_client_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_fs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_fs_client_packets',`
gen_require(`
type afs_fs_client_packet_t;
')
allow $1 afs_fs_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_fs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_fs_client_packets',`
gen_require(`
type afs_fs_client_packet_t;
')
dontaudit $1 afs_fs_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_fs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_fs_client_packets',`
corenet_send_afs_fs_client_packets($1)
corenet_receive_afs_fs_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_fs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_fs_client_packets',`
corenet_dontaudit_send_afs_fs_client_packets($1)
corenet_dontaudit_receive_afs_fs_client_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_fs_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_fs_client_packets',`
gen_require(`
type afs_fs_client_packet_t;
')
allow $1 afs_fs_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send afs_fs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_fs_server_packets',`
gen_require(`
type afs_fs_server_packet_t;
')
allow $1 afs_fs_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_fs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_fs_server_packets',`
gen_require(`
type afs_fs_server_packet_t;
')
dontaudit $1 afs_fs_server_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_fs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_fs_server_packets',`
gen_require(`
type afs_fs_server_packet_t;
')
allow $1 afs_fs_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_fs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_fs_server_packets',`
gen_require(`
type afs_fs_server_packet_t;
')
dontaudit $1 afs_fs_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_fs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_fs_server_packets',`
corenet_send_afs_fs_server_packets($1)
corenet_receive_afs_fs_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_fs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_fs_server_packets',`
corenet_dontaudit_send_afs_fs_server_packets($1)
corenet_dontaudit_receive_afs_fs_server_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_fs_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_fs_server_packets',`
gen_require(`
type afs_fs_server_packet_t;
')
allow $1 afs_fs_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_afs_ka_port',`
gen_require(`
type afs_ka_port_t;
')
allow $1 afs_ka_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_afs_ka_port',`
gen_require(`
type afs_ka_port_t;
')
allow $1 afs_ka_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_afs_ka_port',`
gen_require(`
type afs_ka_port_t;
')
dontaudit $1 afs_ka_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_afs_ka_port',`
gen_require(`
type afs_ka_port_t;
')
allow $1 afs_ka_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_afs_ka_port',`
gen_require(`
type afs_ka_port_t;
')
dontaudit $1 afs_ka_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_afs_ka_port',`
corenet_udp_send_afs_ka_port($1)
corenet_udp_receive_afs_ka_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_afs_ka_port',`
corenet_dontaudit_udp_send_afs_ka_port($1)
corenet_dontaudit_udp_receive_afs_ka_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_afs_ka_port',`
gen_require(`
type afs_ka_port_t;
')
allow $1 afs_ka_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_afs_ka_port',`
gen_require(`
type afs_ka_port_t;
')
allow $1 afs_ka_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_afs_ka_port',`
gen_require(`
type afs_ka_port_t;
')
allow $1 afs_ka_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send afs_ka_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_ka_client_packets',`
gen_require(`
type afs_ka_client_packet_t;
')
allow $1 afs_ka_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_ka_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_ka_client_packets',`
gen_require(`
type afs_ka_client_packet_t;
')
dontaudit $1 afs_ka_client_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_ka_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_ka_client_packets',`
gen_require(`
type afs_ka_client_packet_t;
')
allow $1 afs_ka_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_ka_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_ka_client_packets',`
gen_require(`
type afs_ka_client_packet_t;
')
dontaudit $1 afs_ka_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_ka_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_ka_client_packets',`
corenet_send_afs_ka_client_packets($1)
corenet_receive_afs_ka_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_ka_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_ka_client_packets',`
corenet_dontaudit_send_afs_ka_client_packets($1)
corenet_dontaudit_receive_afs_ka_client_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_ka_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_ka_client_packets',`
gen_require(`
type afs_ka_client_packet_t;
')
allow $1 afs_ka_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send afs_ka_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_ka_server_packets',`
gen_require(`
type afs_ka_server_packet_t;
')
allow $1 afs_ka_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_ka_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_ka_server_packets',`
gen_require(`
type afs_ka_server_packet_t;
')
dontaudit $1 afs_ka_server_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_ka_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_ka_server_packets',`
gen_require(`
type afs_ka_server_packet_t;
')
allow $1 afs_ka_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_ka_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_ka_server_packets',`
gen_require(`
type afs_ka_server_packet_t;
')
dontaudit $1 afs_ka_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_ka_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_ka_server_packets',`
corenet_send_afs_ka_server_packets($1)
corenet_receive_afs_ka_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_ka_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_ka_server_packets',`
corenet_dontaudit_send_afs_ka_server_packets($1)
corenet_dontaudit_receive_afs_ka_server_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_ka_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_ka_server_packets',`
gen_require(`
type afs_ka_server_packet_t;
')
allow $1 afs_ka_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_afs_pt_port',`
gen_require(`
type afs_pt_port_t;
')
allow $1 afs_pt_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_afs_pt_port',`
gen_require(`
type afs_pt_port_t;
')
allow $1 afs_pt_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_afs_pt_port',`
gen_require(`
type afs_pt_port_t;
')
dontaudit $1 afs_pt_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_afs_pt_port',`
gen_require(`
type afs_pt_port_t;
')
allow $1 afs_pt_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_afs_pt_port',`
gen_require(`
type afs_pt_port_t;
')
dontaudit $1 afs_pt_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_afs_pt_port',`
corenet_udp_send_afs_pt_port($1)
corenet_udp_receive_afs_pt_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_afs_pt_port',`
corenet_dontaudit_udp_send_afs_pt_port($1)
corenet_dontaudit_udp_receive_afs_pt_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_afs_pt_port',`
gen_require(`
type afs_pt_port_t;
')
allow $1 afs_pt_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_afs_pt_port',`
gen_require(`
type afs_pt_port_t;
')
allow $1 afs_pt_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_afs_pt_port',`
gen_require(`
type afs_pt_port_t;
')
allow $1 afs_pt_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send afs_pt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_pt_client_packets',`
gen_require(`
type afs_pt_client_packet_t;
')
allow $1 afs_pt_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_pt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_pt_client_packets',`
gen_require(`
type afs_pt_client_packet_t;
')
dontaudit $1 afs_pt_client_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_pt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_pt_client_packets',`
gen_require(`
type afs_pt_client_packet_t;
')
allow $1 afs_pt_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_pt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_pt_client_packets',`
gen_require(`
type afs_pt_client_packet_t;
')
dontaudit $1 afs_pt_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_pt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_pt_client_packets',`
corenet_send_afs_pt_client_packets($1)
corenet_receive_afs_pt_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_pt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_pt_client_packets',`
corenet_dontaudit_send_afs_pt_client_packets($1)
corenet_dontaudit_receive_afs_pt_client_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_pt_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_pt_client_packets',`
gen_require(`
type afs_pt_client_packet_t;
')
allow $1 afs_pt_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send afs_pt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_pt_server_packets',`
gen_require(`
type afs_pt_server_packet_t;
')
allow $1 afs_pt_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_pt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_pt_server_packets',`
gen_require(`
type afs_pt_server_packet_t;
')
dontaudit $1 afs_pt_server_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_pt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_pt_server_packets',`
gen_require(`
type afs_pt_server_packet_t;
')
allow $1 afs_pt_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_pt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_pt_server_packets',`
gen_require(`
type afs_pt_server_packet_t;
')
dontaudit $1 afs_pt_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_pt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_pt_server_packets',`
corenet_send_afs_pt_server_packets($1)
corenet_receive_afs_pt_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_pt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_pt_server_packets',`
corenet_dontaudit_send_afs_pt_server_packets($1)
corenet_dontaudit_receive_afs_pt_server_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_pt_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_pt_server_packets',`
gen_require(`
type afs_pt_server_packet_t;
')
allow $1 afs_pt_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_afs_vl_port',`
gen_require(`
type afs_vl_port_t;
')
allow $1 afs_vl_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_afs_vl_port',`
gen_require(`
type afs_vl_port_t;
')
allow $1 afs_vl_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_afs_vl_port',`
gen_require(`
type afs_vl_port_t;
')
dontaudit $1 afs_vl_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_afs_vl_port',`
gen_require(`
type afs_vl_port_t;
')
allow $1 afs_vl_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_afs_vl_port',`
gen_require(`
type afs_vl_port_t;
')
dontaudit $1 afs_vl_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_afs_vl_port',`
corenet_udp_send_afs_vl_port($1)
corenet_udp_receive_afs_vl_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_afs_vl_port',`
corenet_dontaudit_udp_send_afs_vl_port($1)
corenet_dontaudit_udp_receive_afs_vl_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_afs_vl_port',`
gen_require(`
type afs_vl_port_t;
')
allow $1 afs_vl_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_afs_vl_port',`
gen_require(`
type afs_vl_port_t;
')
allow $1 afs_vl_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_afs_vl_port',`
gen_require(`
type afs_vl_port_t;
')
allow $1 afs_vl_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send afs_vl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_vl_client_packets',`
gen_require(`
type afs_vl_client_packet_t;
')
allow $1 afs_vl_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_vl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_vl_client_packets',`
gen_require(`
type afs_vl_client_packet_t;
')
dontaudit $1 afs_vl_client_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_vl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_vl_client_packets',`
gen_require(`
type afs_vl_client_packet_t;
')
allow $1 afs_vl_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_vl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_vl_client_packets',`
gen_require(`
type afs_vl_client_packet_t;
')
dontaudit $1 afs_vl_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_vl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_vl_client_packets',`
corenet_send_afs_vl_client_packets($1)
corenet_receive_afs_vl_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_vl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_vl_client_packets',`
corenet_dontaudit_send_afs_vl_client_packets($1)
corenet_dontaudit_receive_afs_vl_client_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_vl_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_vl_client_packets',`
gen_require(`
type afs_vl_client_packet_t;
')
allow $1 afs_vl_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send afs_vl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_vl_server_packets',`
gen_require(`
type afs_vl_server_packet_t;
')
allow $1 afs_vl_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_vl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_vl_server_packets',`
gen_require(`
type afs_vl_server_packet_t;
')
dontaudit $1 afs_vl_server_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_vl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_vl_server_packets',`
gen_require(`
type afs_vl_server_packet_t;
')
allow $1 afs_vl_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_vl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_vl_server_packets',`
gen_require(`
type afs_vl_server_packet_t;
')
dontaudit $1 afs_vl_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_vl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_vl_server_packets',`
corenet_send_afs_vl_server_packets($1)
corenet_receive_afs_vl_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_vl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_vl_server_packets',`
corenet_dontaudit_send_afs_vl_server_packets($1)
corenet_dontaudit_receive_afs_vl_server_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_vl_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_vl_server_packets',`
gen_require(`
type afs_vl_server_packet_t;
')
allow $1 afs_vl_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_agentx_port',`
gen_require(`
type agentx_port_t;
')
allow $1 agentx_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_agentx_port',`
gen_require(`
type agentx_port_t;
')
allow $1 agentx_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_agentx_port',`
gen_require(`
type agentx_port_t;
')
dontaudit $1 agentx_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_agentx_port',`
gen_require(`
type agentx_port_t;
')
allow $1 agentx_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_agentx_port',`
gen_require(`
type agentx_port_t;
')
dontaudit $1 agentx_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_agentx_port',`
corenet_udp_send_agentx_port($1)
corenet_udp_receive_agentx_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_agentx_port',`
corenet_dontaudit_udp_send_agentx_port($1)
corenet_dontaudit_udp_receive_agentx_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_agentx_port',`
gen_require(`
type agentx_port_t;
')
allow $1 agentx_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_agentx_port',`
gen_require(`
type agentx_port_t;
')
allow $1 agentx_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_agentx_port',`
gen_require(`
type agentx_port_t;
')
allow $1 agentx_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send agentx_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_agentx_client_packets',`
gen_require(`
type agentx_client_packet_t;
')
allow $1 agentx_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send agentx_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_agentx_client_packets',`
gen_require(`
type agentx_client_packet_t;
')
dontaudit $1 agentx_client_packet_t:packet send;
')
########################################
## <summary>
## Receive agentx_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_agentx_client_packets',`
gen_require(`
type agentx_client_packet_t;
')
allow $1 agentx_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive agentx_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_agentx_client_packets',`
gen_require(`
type agentx_client_packet_t;
')
dontaudit $1 agentx_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive agentx_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_agentx_client_packets',`
corenet_send_agentx_client_packets($1)
corenet_receive_agentx_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive agentx_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_agentx_client_packets',`
corenet_dontaudit_send_agentx_client_packets($1)
corenet_dontaudit_receive_agentx_client_packets($1)
')
########################################
## <summary>
## Relabel packets to agentx_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_agentx_client_packets',`
gen_require(`
type agentx_client_packet_t;
')
allow $1 agentx_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send agentx_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_agentx_server_packets',`
gen_require(`
type agentx_server_packet_t;
')
allow $1 agentx_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send agentx_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_agentx_server_packets',`
gen_require(`
type agentx_server_packet_t;
')
dontaudit $1 agentx_server_packet_t:packet send;
')
########################################
## <summary>
## Receive agentx_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_agentx_server_packets',`
gen_require(`
type agentx_server_packet_t;
')
allow $1 agentx_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive agentx_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_agentx_server_packets',`
gen_require(`
type agentx_server_packet_t;
')
dontaudit $1 agentx_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive agentx_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_agentx_server_packets',`
corenet_send_agentx_server_packets($1)
corenet_receive_agentx_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive agentx_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_agentx_server_packets',`
corenet_dontaudit_send_agentx_server_packets($1)
corenet_dontaudit_receive_agentx_server_packets($1)
')
########################################
## <summary>
## Relabel packets to agentx_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_agentx_server_packets',`
gen_require(`
type agentx_server_packet_t;
')
allow $1 agentx_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_amanda_port',`
gen_require(`
type amanda_port_t;
')
allow $1 amanda_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_amanda_port',`
gen_require(`
type amanda_port_t;
')
allow $1 amanda_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_amanda_port',`
gen_require(`
type amanda_port_t;
')
dontaudit $1 amanda_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_amanda_port',`
gen_require(`
type amanda_port_t;
')
allow $1 amanda_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_amanda_port',`
gen_require(`
type amanda_port_t;
')
dontaudit $1 amanda_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_amanda_port',`
corenet_udp_send_amanda_port($1)
corenet_udp_receive_amanda_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_amanda_port',`
corenet_dontaudit_udp_send_amanda_port($1)
corenet_dontaudit_udp_receive_amanda_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_amanda_port',`
gen_require(`
type amanda_port_t;
')
allow $1 amanda_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_amanda_port',`
gen_require(`
type amanda_port_t;
')
allow $1 amanda_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_amanda_port',`
gen_require(`
type amanda_port_t;
')
allow $1 amanda_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send amanda_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_amanda_client_packets',`
gen_require(`
type amanda_client_packet_t;
')
allow $1 amanda_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send amanda_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_amanda_client_packets',`
gen_require(`
type amanda_client_packet_t;
')
dontaudit $1 amanda_client_packet_t:packet send;
')
########################################
## <summary>
## Receive amanda_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_amanda_client_packets',`
gen_require(`
type amanda_client_packet_t;
')
allow $1 amanda_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive amanda_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_amanda_client_packets',`
gen_require(`
type amanda_client_packet_t;
')
dontaudit $1 amanda_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive amanda_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_amanda_client_packets',`
corenet_send_amanda_client_packets($1)
corenet_receive_amanda_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive amanda_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_amanda_client_packets',`
corenet_dontaudit_send_amanda_client_packets($1)
corenet_dontaudit_receive_amanda_client_packets($1)
')
########################################
## <summary>
## Relabel packets to amanda_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_amanda_client_packets',`
gen_require(`
type amanda_client_packet_t;
')
allow $1 amanda_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send amanda_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_amanda_server_packets',`
gen_require(`
type amanda_server_packet_t;
')
allow $1 amanda_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send amanda_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_amanda_server_packets',`
gen_require(`
type amanda_server_packet_t;
')
dontaudit $1 amanda_server_packet_t:packet send;
')
########################################
## <summary>
## Receive amanda_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_amanda_server_packets',`
gen_require(`
type amanda_server_packet_t;
')
allow $1 amanda_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive amanda_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_amanda_server_packets',`
gen_require(`
type amanda_server_packet_t;
')
dontaudit $1 amanda_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive amanda_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_amanda_server_packets',`
corenet_send_amanda_server_packets($1)
corenet_receive_amanda_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive amanda_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_amanda_server_packets',`
corenet_dontaudit_send_amanda_server_packets($1)
corenet_dontaudit_receive_amanda_server_packets($1)
')
########################################
## <summary>
## Relabel packets to amanda_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_amanda_server_packets',`
gen_require(`
type amanda_server_packet_t;
')
allow $1 amanda_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_amavisd_recv_port',`
gen_require(`
type amavisd_recv_port_t;
')
allow $1 amavisd_recv_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_amavisd_recv_port',`
gen_require(`
type amavisd_recv_port_t;
')
allow $1 amavisd_recv_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_amavisd_recv_port',`
gen_require(`
type amavisd_recv_port_t;
')
dontaudit $1 amavisd_recv_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_amavisd_recv_port',`
gen_require(`
type amavisd_recv_port_t;
')
allow $1 amavisd_recv_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_amavisd_recv_port',`
gen_require(`
type amavisd_recv_port_t;
')
dontaudit $1 amavisd_recv_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_amavisd_recv_port',`
corenet_udp_send_amavisd_recv_port($1)
corenet_udp_receive_amavisd_recv_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_amavisd_recv_port',`
corenet_dontaudit_udp_send_amavisd_recv_port($1)
corenet_dontaudit_udp_receive_amavisd_recv_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_amavisd_recv_port',`
gen_require(`
type amavisd_recv_port_t;
')
allow $1 amavisd_recv_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_amavisd_recv_port',`
gen_require(`
type amavisd_recv_port_t;
')
allow $1 amavisd_recv_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_amavisd_recv_port',`
gen_require(`
type amavisd_recv_port_t;
')
allow $1 amavisd_recv_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send amavisd_recv_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_amavisd_recv_client_packets',`
gen_require(`
type amavisd_recv_client_packet_t;
')
allow $1 amavisd_recv_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send amavisd_recv_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_amavisd_recv_client_packets',`
gen_require(`
type amavisd_recv_client_packet_t;
')
dontaudit $1 amavisd_recv_client_packet_t:packet send;
')
########################################
## <summary>
## Receive amavisd_recv_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_amavisd_recv_client_packets',`
gen_require(`
type amavisd_recv_client_packet_t;
')
allow $1 amavisd_recv_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive amavisd_recv_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_amavisd_recv_client_packets',`
gen_require(`
type amavisd_recv_client_packet_t;
')
dontaudit $1 amavisd_recv_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive amavisd_recv_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_amavisd_recv_client_packets',`
corenet_send_amavisd_recv_client_packets($1)
corenet_receive_amavisd_recv_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive amavisd_recv_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_amavisd_recv_client_packets',`
corenet_dontaudit_send_amavisd_recv_client_packets($1)
corenet_dontaudit_receive_amavisd_recv_client_packets($1)
')
########################################
## <summary>
## Relabel packets to amavisd_recv_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_amavisd_recv_client_packets',`
gen_require(`
type amavisd_recv_client_packet_t;
')
allow $1 amavisd_recv_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send amavisd_recv_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_amavisd_recv_server_packets',`
gen_require(`
type amavisd_recv_server_packet_t;
')
allow $1 amavisd_recv_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send amavisd_recv_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_amavisd_recv_server_packets',`
gen_require(`
type amavisd_recv_server_packet_t;
')
dontaudit $1 amavisd_recv_server_packet_t:packet send;
')
########################################
## <summary>
## Receive amavisd_recv_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_amavisd_recv_server_packets',`
gen_require(`
type amavisd_recv_server_packet_t;
')
allow $1 amavisd_recv_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive amavisd_recv_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_amavisd_recv_server_packets',`
gen_require(`
type amavisd_recv_server_packet_t;
')
dontaudit $1 amavisd_recv_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive amavisd_recv_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_amavisd_recv_server_packets',`
corenet_send_amavisd_recv_server_packets($1)
corenet_receive_amavisd_recv_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive amavisd_recv_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_amavisd_recv_server_packets',`
corenet_dontaudit_send_amavisd_recv_server_packets($1)
corenet_dontaudit_receive_amavisd_recv_server_packets($1)
')
########################################
## <summary>
## Relabel packets to amavisd_recv_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_amavisd_recv_server_packets',`
gen_require(`
type amavisd_recv_server_packet_t;
')
allow $1 amavisd_recv_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_amavisd_send_port',`
gen_require(`
type amavisd_send_port_t;
')
allow $1 amavisd_send_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_amavisd_send_port',`
gen_require(`
type amavisd_send_port_t;
')
allow $1 amavisd_send_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_amavisd_send_port',`
gen_require(`
type amavisd_send_port_t;
')
dontaudit $1 amavisd_send_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_amavisd_send_port',`
gen_require(`
type amavisd_send_port_t;
')
allow $1 amavisd_send_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_amavisd_send_port',`
gen_require(`
type amavisd_send_port_t;
')
dontaudit $1 amavisd_send_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_amavisd_send_port',`
corenet_udp_send_amavisd_send_port($1)
corenet_udp_receive_amavisd_send_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_amavisd_send_port',`
corenet_dontaudit_udp_send_amavisd_send_port($1)
corenet_dontaudit_udp_receive_amavisd_send_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_amavisd_send_port',`
gen_require(`
type amavisd_send_port_t;
')
allow $1 amavisd_send_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_amavisd_send_port',`
gen_require(`
type amavisd_send_port_t;
')
allow $1 amavisd_send_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_amavisd_send_port',`
gen_require(`
type amavisd_send_port_t;
')
allow $1 amavisd_send_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send amavisd_send_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_amavisd_send_client_packets',`
gen_require(`
type amavisd_send_client_packet_t;
')
allow $1 amavisd_send_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send amavisd_send_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_amavisd_send_client_packets',`
gen_require(`
type amavisd_send_client_packet_t;
')
dontaudit $1 amavisd_send_client_packet_t:packet send;
')
########################################
## <summary>
## Receive amavisd_send_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_amavisd_send_client_packets',`
gen_require(`
type amavisd_send_client_packet_t;
')
allow $1 amavisd_send_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive amavisd_send_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_amavisd_send_client_packets',`
gen_require(`
type amavisd_send_client_packet_t;
')
dontaudit $1 amavisd_send_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive amavisd_send_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_amavisd_send_client_packets',`
corenet_send_amavisd_send_client_packets($1)
corenet_receive_amavisd_send_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive amavisd_send_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_amavisd_send_client_packets',`
corenet_dontaudit_send_amavisd_send_client_packets($1)
corenet_dontaudit_receive_amavisd_send_client_packets($1)
')
########################################
## <summary>
## Relabel packets to amavisd_send_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_amavisd_send_client_packets',`
gen_require(`
type amavisd_send_client_packet_t;
')
allow $1 amavisd_send_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send amavisd_send_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_amavisd_send_server_packets',`
gen_require(`
type amavisd_send_server_packet_t;
')
allow $1 amavisd_send_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send amavisd_send_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_amavisd_send_server_packets',`
gen_require(`
type amavisd_send_server_packet_t;
')
dontaudit $1 amavisd_send_server_packet_t:packet send;
')
########################################
## <summary>
## Receive amavisd_send_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_amavisd_send_server_packets',`
gen_require(`
type amavisd_send_server_packet_t;
')
allow $1 amavisd_send_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive amavisd_send_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_amavisd_send_server_packets',`
gen_require(`
type amavisd_send_server_packet_t;
')
dontaudit $1 amavisd_send_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive amavisd_send_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_amavisd_send_server_packets',`
corenet_send_amavisd_send_server_packets($1)
corenet_receive_amavisd_send_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive amavisd_send_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_amavisd_send_server_packets',`
corenet_dontaudit_send_amavisd_send_server_packets($1)
corenet_dontaudit_receive_amavisd_send_server_packets($1)
')
########################################
## <summary>
## Relabel packets to amavisd_send_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_amavisd_send_server_packets',`
gen_require(`
type amavisd_send_server_packet_t;
')
allow $1 amavisd_send_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_amqp_port',`
gen_require(`
type amqp_port_t;
')
allow $1 amqp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_amqp_port',`
gen_require(`
type amqp_port_t;
')
allow $1 amqp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_amqp_port',`
gen_require(`
type amqp_port_t;
')
dontaudit $1 amqp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_amqp_port',`
gen_require(`
type amqp_port_t;
')
allow $1 amqp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_amqp_port',`
gen_require(`
type amqp_port_t;
')
dontaudit $1 amqp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_amqp_port',`
corenet_udp_send_amqp_port($1)
corenet_udp_receive_amqp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_amqp_port',`
corenet_dontaudit_udp_send_amqp_port($1)
corenet_dontaudit_udp_receive_amqp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_amqp_port',`
gen_require(`
type amqp_port_t;
')
allow $1 amqp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_amqp_port',`
gen_require(`
type amqp_port_t;
')
allow $1 amqp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_amqp_port',`
gen_require(`
type amqp_port_t;
')
allow $1 amqp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send amqp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_amqp_client_packets',`
gen_require(`
type amqp_client_packet_t;
')
allow $1 amqp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send amqp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_amqp_client_packets',`
gen_require(`
type amqp_client_packet_t;
')
dontaudit $1 amqp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive amqp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_amqp_client_packets',`
gen_require(`
type amqp_client_packet_t;
')
allow $1 amqp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive amqp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_amqp_client_packets',`
gen_require(`
type amqp_client_packet_t;
')
dontaudit $1 amqp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive amqp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_amqp_client_packets',`
corenet_send_amqp_client_packets($1)
corenet_receive_amqp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive amqp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_amqp_client_packets',`
corenet_dontaudit_send_amqp_client_packets($1)
corenet_dontaudit_receive_amqp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to amqp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_amqp_client_packets',`
gen_require(`
type amqp_client_packet_t;
')
allow $1 amqp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send amqp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_amqp_server_packets',`
gen_require(`
type amqp_server_packet_t;
')
allow $1 amqp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send amqp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_amqp_server_packets',`
gen_require(`
type amqp_server_packet_t;
')
dontaudit $1 amqp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive amqp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_amqp_server_packets',`
gen_require(`
type amqp_server_packet_t;
')
allow $1 amqp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive amqp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_amqp_server_packets',`
gen_require(`
type amqp_server_packet_t;
')
dontaudit $1 amqp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive amqp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_amqp_server_packets',`
corenet_send_amqp_server_packets($1)
corenet_receive_amqp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive amqp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_amqp_server_packets',`
corenet_dontaudit_send_amqp_server_packets($1)
corenet_dontaudit_receive_amqp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to amqp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_amqp_server_packets',`
gen_require(`
type amqp_server_packet_t;
')
allow $1 amqp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_aol_port',`
gen_require(`
type aol_port_t;
')
allow $1 aol_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_aol_port',`
gen_require(`
type aol_port_t;
')
allow $1 aol_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_aol_port',`
gen_require(`
type aol_port_t;
')
dontaudit $1 aol_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_aol_port',`
gen_require(`
type aol_port_t;
')
allow $1 aol_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_aol_port',`
gen_require(`
type aol_port_t;
')
dontaudit $1 aol_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_aol_port',`
corenet_udp_send_aol_port($1)
corenet_udp_receive_aol_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_aol_port',`
corenet_dontaudit_udp_send_aol_port($1)
corenet_dontaudit_udp_receive_aol_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_aol_port',`
gen_require(`
type aol_port_t;
')
allow $1 aol_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_aol_port',`
gen_require(`
type aol_port_t;
')
allow $1 aol_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_aol_port',`
gen_require(`
type aol_port_t;
')
allow $1 aol_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send aol_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_aol_client_packets',`
gen_require(`
type aol_client_packet_t;
')
allow $1 aol_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send aol_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_aol_client_packets',`
gen_require(`
type aol_client_packet_t;
')
dontaudit $1 aol_client_packet_t:packet send;
')
########################################
## <summary>
## Receive aol_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_aol_client_packets',`
gen_require(`
type aol_client_packet_t;
')
allow $1 aol_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive aol_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_aol_client_packets',`
gen_require(`
type aol_client_packet_t;
')
dontaudit $1 aol_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive aol_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_aol_client_packets',`
corenet_send_aol_client_packets($1)
corenet_receive_aol_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive aol_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_aol_client_packets',`
corenet_dontaudit_send_aol_client_packets($1)
corenet_dontaudit_receive_aol_client_packets($1)
')
########################################
## <summary>
## Relabel packets to aol_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_aol_client_packets',`
gen_require(`
type aol_client_packet_t;
')
allow $1 aol_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send aol_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_aol_server_packets',`
gen_require(`
type aol_server_packet_t;
')
allow $1 aol_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send aol_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_aol_server_packets',`
gen_require(`
type aol_server_packet_t;
')
dontaudit $1 aol_server_packet_t:packet send;
')
########################################
## <summary>
## Receive aol_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_aol_server_packets',`
gen_require(`
type aol_server_packet_t;
')
allow $1 aol_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive aol_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_aol_server_packets',`
gen_require(`
type aol_server_packet_t;
')
dontaudit $1 aol_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive aol_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_aol_server_packets',`
corenet_send_aol_server_packets($1)
corenet_receive_aol_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive aol_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_aol_server_packets',`
corenet_dontaudit_send_aol_server_packets($1)
corenet_dontaudit_receive_aol_server_packets($1)
')
########################################
## <summary>
## Relabel packets to aol_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_aol_server_packets',`
gen_require(`
type aol_server_packet_t;
')
allow $1 aol_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_apc_port',`
gen_require(`
type apc_port_t;
')
allow $1 apc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_apc_port',`
gen_require(`
type apc_port_t;
')
allow $1 apc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_apc_port',`
gen_require(`
type apc_port_t;
')
dontaudit $1 apc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_apc_port',`
gen_require(`
type apc_port_t;
')
allow $1 apc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_apc_port',`
gen_require(`
type apc_port_t;
')
dontaudit $1 apc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_apc_port',`
corenet_udp_send_apc_port($1)
corenet_udp_receive_apc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_apc_port',`
corenet_dontaudit_udp_send_apc_port($1)
corenet_dontaudit_udp_receive_apc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_apc_port',`
gen_require(`
type apc_port_t;
')
allow $1 apc_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_apc_port',`
gen_require(`
type apc_port_t;
')
allow $1 apc_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_apc_port',`
gen_require(`
type apc_port_t;
')
allow $1 apc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send apc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_apc_client_packets',`
gen_require(`
type apc_client_packet_t;
')
allow $1 apc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send apc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_apc_client_packets',`
gen_require(`
type apc_client_packet_t;
')
dontaudit $1 apc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive apc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_apc_client_packets',`
gen_require(`
type apc_client_packet_t;
')
allow $1 apc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive apc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_apc_client_packets',`
gen_require(`
type apc_client_packet_t;
')
dontaudit $1 apc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive apc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_apc_client_packets',`
corenet_send_apc_client_packets($1)
corenet_receive_apc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive apc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_apc_client_packets',`
corenet_dontaudit_send_apc_client_packets($1)
corenet_dontaudit_receive_apc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to apc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_apc_client_packets',`
gen_require(`
type apc_client_packet_t;
')
allow $1 apc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send apc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_apc_server_packets',`
gen_require(`
type apc_server_packet_t;
')
allow $1 apc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send apc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_apc_server_packets',`
gen_require(`
type apc_server_packet_t;
')
dontaudit $1 apc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive apc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_apc_server_packets',`
gen_require(`
type apc_server_packet_t;
')
allow $1 apc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive apc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_apc_server_packets',`
gen_require(`
type apc_server_packet_t;
')
dontaudit $1 apc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive apc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_apc_server_packets',`
corenet_send_apc_server_packets($1)
corenet_receive_apc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive apc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_apc_server_packets',`
corenet_dontaudit_send_apc_server_packets($1)
corenet_dontaudit_receive_apc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to apc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_apc_server_packets',`
gen_require(`
type apc_server_packet_t;
')
allow $1 apc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_apcupsd_port',`
gen_require(`
type apcupsd_port_t;
')
allow $1 apcupsd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_apcupsd_port',`
gen_require(`
type apcupsd_port_t;
')
allow $1 apcupsd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_apcupsd_port',`
gen_require(`
type apcupsd_port_t;
')
dontaudit $1 apcupsd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_apcupsd_port',`
gen_require(`
type apcupsd_port_t;
')
allow $1 apcupsd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_apcupsd_port',`
gen_require(`
type apcupsd_port_t;
')
dontaudit $1 apcupsd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_apcupsd_port',`
corenet_udp_send_apcupsd_port($1)
corenet_udp_receive_apcupsd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_apcupsd_port',`
corenet_dontaudit_udp_send_apcupsd_port($1)
corenet_dontaudit_udp_receive_apcupsd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_apcupsd_port',`
gen_require(`
type apcupsd_port_t;
')
allow $1 apcupsd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_apcupsd_port',`
gen_require(`
type apcupsd_port_t;
')
allow $1 apcupsd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_apcupsd_port',`
gen_require(`
type apcupsd_port_t;
')
allow $1 apcupsd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send apcupsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_apcupsd_client_packets',`
gen_require(`
type apcupsd_client_packet_t;
')
allow $1 apcupsd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send apcupsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_apcupsd_client_packets',`
gen_require(`
type apcupsd_client_packet_t;
')
dontaudit $1 apcupsd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive apcupsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_apcupsd_client_packets',`
gen_require(`
type apcupsd_client_packet_t;
')
allow $1 apcupsd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive apcupsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_apcupsd_client_packets',`
gen_require(`
type apcupsd_client_packet_t;
')
dontaudit $1 apcupsd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive apcupsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_apcupsd_client_packets',`
corenet_send_apcupsd_client_packets($1)
corenet_receive_apcupsd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive apcupsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_apcupsd_client_packets',`
corenet_dontaudit_send_apcupsd_client_packets($1)
corenet_dontaudit_receive_apcupsd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to apcupsd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_apcupsd_client_packets',`
gen_require(`
type apcupsd_client_packet_t;
')
allow $1 apcupsd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send apcupsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_apcupsd_server_packets',`
gen_require(`
type apcupsd_server_packet_t;
')
allow $1 apcupsd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send apcupsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_apcupsd_server_packets',`
gen_require(`
type apcupsd_server_packet_t;
')
dontaudit $1 apcupsd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive apcupsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_apcupsd_server_packets',`
gen_require(`
type apcupsd_server_packet_t;
')
allow $1 apcupsd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive apcupsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_apcupsd_server_packets',`
gen_require(`
type apcupsd_server_packet_t;
')
dontaudit $1 apcupsd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive apcupsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_apcupsd_server_packets',`
corenet_send_apcupsd_server_packets($1)
corenet_receive_apcupsd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive apcupsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_apcupsd_server_packets',`
corenet_dontaudit_send_apcupsd_server_packets($1)
corenet_dontaudit_receive_apcupsd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to apcupsd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_apcupsd_server_packets',`
gen_require(`
type apcupsd_server_packet_t;
')
allow $1 apcupsd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_apertus_ldp_port',`
gen_require(`
type apertus_ldp_port_t;
')
allow $1 apertus_ldp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_apertus_ldp_port',`
gen_require(`
type apertus_ldp_port_t;
')
allow $1 apertus_ldp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_apertus_ldp_port',`
gen_require(`
type apertus_ldp_port_t;
')
dontaudit $1 apertus_ldp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_apertus_ldp_port',`
gen_require(`
type apertus_ldp_port_t;
')
allow $1 apertus_ldp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_apertus_ldp_port',`
gen_require(`
type apertus_ldp_port_t;
')
dontaudit $1 apertus_ldp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_apertus_ldp_port',`
corenet_udp_send_apertus_ldp_port($1)
corenet_udp_receive_apertus_ldp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_apertus_ldp_port',`
corenet_dontaudit_udp_send_apertus_ldp_port($1)
corenet_dontaudit_udp_receive_apertus_ldp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_apertus_ldp_port',`
gen_require(`
type apertus_ldp_port_t;
')
allow $1 apertus_ldp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_apertus_ldp_port',`
gen_require(`
type apertus_ldp_port_t;
')
allow $1 apertus_ldp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_apertus_ldp_port',`
gen_require(`
type apertus_ldp_port_t;
')
allow $1 apertus_ldp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send apertus_ldp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_apertus_ldp_client_packets',`
gen_require(`
type apertus_ldp_client_packet_t;
')
allow $1 apertus_ldp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send apertus_ldp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_apertus_ldp_client_packets',`
gen_require(`
type apertus_ldp_client_packet_t;
')
dontaudit $1 apertus_ldp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive apertus_ldp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_apertus_ldp_client_packets',`
gen_require(`
type apertus_ldp_client_packet_t;
')
allow $1 apertus_ldp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive apertus_ldp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_apertus_ldp_client_packets',`
gen_require(`
type apertus_ldp_client_packet_t;
')
dontaudit $1 apertus_ldp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive apertus_ldp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_apertus_ldp_client_packets',`
corenet_send_apertus_ldp_client_packets($1)
corenet_receive_apertus_ldp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive apertus_ldp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_apertus_ldp_client_packets',`
corenet_dontaudit_send_apertus_ldp_client_packets($1)
corenet_dontaudit_receive_apertus_ldp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to apertus_ldp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_apertus_ldp_client_packets',`
gen_require(`
type apertus_ldp_client_packet_t;
')
allow $1 apertus_ldp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send apertus_ldp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_apertus_ldp_server_packets',`
gen_require(`
type apertus_ldp_server_packet_t;
')
allow $1 apertus_ldp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send apertus_ldp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_apertus_ldp_server_packets',`
gen_require(`
type apertus_ldp_server_packet_t;
')
dontaudit $1 apertus_ldp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive apertus_ldp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_apertus_ldp_server_packets',`
gen_require(`
type apertus_ldp_server_packet_t;
')
allow $1 apertus_ldp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive apertus_ldp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_apertus_ldp_server_packets',`
gen_require(`
type apertus_ldp_server_packet_t;
')
dontaudit $1 apertus_ldp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive apertus_ldp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_apertus_ldp_server_packets',`
corenet_send_apertus_ldp_server_packets($1)
corenet_receive_apertus_ldp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive apertus_ldp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_apertus_ldp_server_packets',`
corenet_dontaudit_send_apertus_ldp_server_packets($1)
corenet_dontaudit_receive_apertus_ldp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to apertus_ldp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_apertus_ldp_server_packets',`
gen_require(`
type apertus_ldp_server_packet_t;
')
allow $1 apertus_ldp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_asterisk_port',`
gen_require(`
type asterisk_port_t;
')
allow $1 asterisk_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_asterisk_port',`
gen_require(`
type asterisk_port_t;
')
allow $1 asterisk_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_asterisk_port',`
gen_require(`
type asterisk_port_t;
')
dontaudit $1 asterisk_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_asterisk_port',`
gen_require(`
type asterisk_port_t;
')
allow $1 asterisk_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_asterisk_port',`
gen_require(`
type asterisk_port_t;
')
dontaudit $1 asterisk_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_asterisk_port',`
corenet_udp_send_asterisk_port($1)
corenet_udp_receive_asterisk_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_asterisk_port',`
corenet_dontaudit_udp_send_asterisk_port($1)
corenet_dontaudit_udp_receive_asterisk_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_asterisk_port',`
gen_require(`
type asterisk_port_t;
')
allow $1 asterisk_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_asterisk_port',`
gen_require(`
type asterisk_port_t;
')
allow $1 asterisk_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_asterisk_port',`
gen_require(`
type asterisk_port_t;
')
allow $1 asterisk_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send asterisk_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_asterisk_client_packets',`
gen_require(`
type asterisk_client_packet_t;
')
allow $1 asterisk_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send asterisk_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_asterisk_client_packets',`
gen_require(`
type asterisk_client_packet_t;
')
dontaudit $1 asterisk_client_packet_t:packet send;
')
########################################
## <summary>
## Receive asterisk_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_asterisk_client_packets',`
gen_require(`
type asterisk_client_packet_t;
')
allow $1 asterisk_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive asterisk_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_asterisk_client_packets',`
gen_require(`
type asterisk_client_packet_t;
')
dontaudit $1 asterisk_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive asterisk_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_asterisk_client_packets',`
corenet_send_asterisk_client_packets($1)
corenet_receive_asterisk_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive asterisk_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_asterisk_client_packets',`
corenet_dontaudit_send_asterisk_client_packets($1)
corenet_dontaudit_receive_asterisk_client_packets($1)
')
########################################
## <summary>
## Relabel packets to asterisk_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_asterisk_client_packets',`
gen_require(`
type asterisk_client_packet_t;
')
allow $1 asterisk_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send asterisk_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_asterisk_server_packets',`
gen_require(`
type asterisk_server_packet_t;
')
allow $1 asterisk_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send asterisk_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_asterisk_server_packets',`
gen_require(`
type asterisk_server_packet_t;
')
dontaudit $1 asterisk_server_packet_t:packet send;
')
########################################
## <summary>
## Receive asterisk_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_asterisk_server_packets',`
gen_require(`
type asterisk_server_packet_t;
')
allow $1 asterisk_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive asterisk_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_asterisk_server_packets',`
gen_require(`
type asterisk_server_packet_t;
')
dontaudit $1 asterisk_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive asterisk_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_asterisk_server_packets',`
corenet_send_asterisk_server_packets($1)
corenet_receive_asterisk_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive asterisk_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_asterisk_server_packets',`
corenet_dontaudit_send_asterisk_server_packets($1)
corenet_dontaudit_receive_asterisk_server_packets($1)
')
########################################
## <summary>
## Relabel packets to asterisk_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_asterisk_server_packets',`
gen_require(`
type asterisk_server_packet_t;
')
allow $1 asterisk_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_audit_port',`
gen_require(`
type audit_port_t;
')
allow $1 audit_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_audit_port',`
gen_require(`
type audit_port_t;
')
allow $1 audit_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_audit_port',`
gen_require(`
type audit_port_t;
')
dontaudit $1 audit_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_audit_port',`
gen_require(`
type audit_port_t;
')
allow $1 audit_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_audit_port',`
gen_require(`
type audit_port_t;
')
dontaudit $1 audit_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_audit_port',`
corenet_udp_send_audit_port($1)
corenet_udp_receive_audit_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_audit_port',`
corenet_dontaudit_udp_send_audit_port($1)
corenet_dontaudit_udp_receive_audit_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_audit_port',`
gen_require(`
type audit_port_t;
')
allow $1 audit_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_audit_port',`
gen_require(`
type audit_port_t;
')
allow $1 audit_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_audit_port',`
gen_require(`
type audit_port_t;
')
allow $1 audit_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send audit_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_audit_client_packets',`
gen_require(`
type audit_client_packet_t;
')
allow $1 audit_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send audit_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_audit_client_packets',`
gen_require(`
type audit_client_packet_t;
')
dontaudit $1 audit_client_packet_t:packet send;
')
########################################
## <summary>
## Receive audit_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_audit_client_packets',`
gen_require(`
type audit_client_packet_t;
')
allow $1 audit_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive audit_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_audit_client_packets',`
gen_require(`
type audit_client_packet_t;
')
dontaudit $1 audit_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive audit_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_audit_client_packets',`
corenet_send_audit_client_packets($1)
corenet_receive_audit_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive audit_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_audit_client_packets',`
corenet_dontaudit_send_audit_client_packets($1)
corenet_dontaudit_receive_audit_client_packets($1)
')
########################################
## <summary>
## Relabel packets to audit_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_audit_client_packets',`
gen_require(`
type audit_client_packet_t;
')
allow $1 audit_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send audit_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_audit_server_packets',`
gen_require(`
type audit_server_packet_t;
')
allow $1 audit_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send audit_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_audit_server_packets',`
gen_require(`
type audit_server_packet_t;
')
dontaudit $1 audit_server_packet_t:packet send;
')
########################################
## <summary>
## Receive audit_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_audit_server_packets',`
gen_require(`
type audit_server_packet_t;
')
allow $1 audit_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive audit_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_audit_server_packets',`
gen_require(`
type audit_server_packet_t;
')
dontaudit $1 audit_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive audit_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_audit_server_packets',`
corenet_send_audit_server_packets($1)
corenet_receive_audit_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive audit_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_audit_server_packets',`
corenet_dontaudit_send_audit_server_packets($1)
corenet_dontaudit_receive_audit_server_packets($1)
')
########################################
## <summary>
## Relabel packets to audit_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_audit_server_packets',`
gen_require(`
type audit_server_packet_t;
')
allow $1 audit_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_auth_port',`
gen_require(`
type auth_port_t;
')
allow $1 auth_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_auth_port',`
gen_require(`
type auth_port_t;
')
allow $1 auth_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_auth_port',`
gen_require(`
type auth_port_t;
')
dontaudit $1 auth_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_auth_port',`
gen_require(`
type auth_port_t;
')
allow $1 auth_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_auth_port',`
gen_require(`
type auth_port_t;
')
dontaudit $1 auth_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_auth_port',`
corenet_udp_send_auth_port($1)
corenet_udp_receive_auth_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_auth_port',`
corenet_dontaudit_udp_send_auth_port($1)
corenet_dontaudit_udp_receive_auth_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_auth_port',`
gen_require(`
type auth_port_t;
')
allow $1 auth_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_auth_port',`
gen_require(`
type auth_port_t;
')
allow $1 auth_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_auth_port',`
gen_require(`
type auth_port_t;
')
allow $1 auth_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send auth_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_auth_client_packets',`
gen_require(`
type auth_client_packet_t;
')
allow $1 auth_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send auth_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_auth_client_packets',`
gen_require(`
type auth_client_packet_t;
')
dontaudit $1 auth_client_packet_t:packet send;
')
########################################
## <summary>
## Receive auth_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_auth_client_packets',`
gen_require(`
type auth_client_packet_t;
')
allow $1 auth_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive auth_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_auth_client_packets',`
gen_require(`
type auth_client_packet_t;
')
dontaudit $1 auth_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive auth_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_auth_client_packets',`
corenet_send_auth_client_packets($1)
corenet_receive_auth_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive auth_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_auth_client_packets',`
corenet_dontaudit_send_auth_client_packets($1)
corenet_dontaudit_receive_auth_client_packets($1)
')
########################################
## <summary>
## Relabel packets to auth_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_auth_client_packets',`
gen_require(`
type auth_client_packet_t;
')
allow $1 auth_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send auth_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_auth_server_packets',`
gen_require(`
type auth_server_packet_t;
')
allow $1 auth_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send auth_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_auth_server_packets',`
gen_require(`
type auth_server_packet_t;
')
dontaudit $1 auth_server_packet_t:packet send;
')
########################################
## <summary>
## Receive auth_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_auth_server_packets',`
gen_require(`
type auth_server_packet_t;
')
allow $1 auth_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive auth_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_auth_server_packets',`
gen_require(`
type auth_server_packet_t;
')
dontaudit $1 auth_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive auth_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_auth_server_packets',`
corenet_send_auth_server_packets($1)
corenet_receive_auth_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive auth_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_auth_server_packets',`
corenet_dontaudit_send_auth_server_packets($1)
corenet_dontaudit_receive_auth_server_packets($1)
')
########################################
## <summary>
## Relabel packets to auth_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_auth_server_packets',`
gen_require(`
type auth_server_packet_t;
')
allow $1 auth_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_bacula_port',`
gen_require(`
type bacula_port_t;
')
allow $1 bacula_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_bacula_port',`
gen_require(`
type bacula_port_t;
')
allow $1 bacula_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_bacula_port',`
gen_require(`
type bacula_port_t;
')
dontaudit $1 bacula_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_bacula_port',`
gen_require(`
type bacula_port_t;
')
allow $1 bacula_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_bacula_port',`
gen_require(`
type bacula_port_t;
')
dontaudit $1 bacula_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_bacula_port',`
corenet_udp_send_bacula_port($1)
corenet_udp_receive_bacula_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_bacula_port',`
corenet_dontaudit_udp_send_bacula_port($1)
corenet_dontaudit_udp_receive_bacula_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_bacula_port',`
gen_require(`
type bacula_port_t;
')
allow $1 bacula_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_bacula_port',`
gen_require(`
type bacula_port_t;
')
allow $1 bacula_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_bacula_port',`
gen_require(`
type bacula_port_t;
')
allow $1 bacula_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send bacula_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_bacula_client_packets',`
gen_require(`
type bacula_client_packet_t;
')
allow $1 bacula_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send bacula_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_bacula_client_packets',`
gen_require(`
type bacula_client_packet_t;
')
dontaudit $1 bacula_client_packet_t:packet send;
')
########################################
## <summary>
## Receive bacula_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_bacula_client_packets',`
gen_require(`
type bacula_client_packet_t;
')
allow $1 bacula_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive bacula_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_bacula_client_packets',`
gen_require(`
type bacula_client_packet_t;
')
dontaudit $1 bacula_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive bacula_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_bacula_client_packets',`
corenet_send_bacula_client_packets($1)
corenet_receive_bacula_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive bacula_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_bacula_client_packets',`
corenet_dontaudit_send_bacula_client_packets($1)
corenet_dontaudit_receive_bacula_client_packets($1)
')
########################################
## <summary>
## Relabel packets to bacula_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_bacula_client_packets',`
gen_require(`
type bacula_client_packet_t;
')
allow $1 bacula_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send bacula_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_bacula_server_packets',`
gen_require(`
type bacula_server_packet_t;
')
allow $1 bacula_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send bacula_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_bacula_server_packets',`
gen_require(`
type bacula_server_packet_t;
')
dontaudit $1 bacula_server_packet_t:packet send;
')
########################################
## <summary>
## Receive bacula_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_bacula_server_packets',`
gen_require(`
type bacula_server_packet_t;
')
allow $1 bacula_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive bacula_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_bacula_server_packets',`
gen_require(`
type bacula_server_packet_t;
')
dontaudit $1 bacula_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive bacula_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_bacula_server_packets',`
corenet_send_bacula_server_packets($1)
corenet_receive_bacula_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive bacula_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_bacula_server_packets',`
corenet_dontaudit_send_bacula_server_packets($1)
corenet_dontaudit_receive_bacula_server_packets($1)
')
########################################
## <summary>
## Relabel packets to bacula_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_bacula_server_packets',`
gen_require(`
type bacula_server_packet_t;
')
allow $1 bacula_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_bgp_port',`
gen_require(`
type bgp_port_t;
')
allow $1 bgp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_bgp_port',`
gen_require(`
type bgp_port_t;
')
allow $1 bgp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_bgp_port',`
gen_require(`
type bgp_port_t;
')
dontaudit $1 bgp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_bgp_port',`
gen_require(`
type bgp_port_t;
')
allow $1 bgp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_bgp_port',`
gen_require(`
type bgp_port_t;
')
dontaudit $1 bgp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_bgp_port',`
corenet_udp_send_bgp_port($1)
corenet_udp_receive_bgp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_bgp_port',`
corenet_dontaudit_udp_send_bgp_port($1)
corenet_dontaudit_udp_receive_bgp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_bgp_port',`
gen_require(`
type bgp_port_t;
')
allow $1 bgp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_bgp_port',`
gen_require(`
type bgp_port_t;
')
allow $1 bgp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_bgp_port',`
gen_require(`
type bgp_port_t;
')
allow $1 bgp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send bgp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_bgp_client_packets',`
gen_require(`
type bgp_client_packet_t;
')
allow $1 bgp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send bgp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_bgp_client_packets',`
gen_require(`
type bgp_client_packet_t;
')
dontaudit $1 bgp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive bgp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_bgp_client_packets',`
gen_require(`
type bgp_client_packet_t;
')
allow $1 bgp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive bgp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_bgp_client_packets',`
gen_require(`
type bgp_client_packet_t;
')
dontaudit $1 bgp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive bgp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_bgp_client_packets',`
corenet_send_bgp_client_packets($1)
corenet_receive_bgp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive bgp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_bgp_client_packets',`
corenet_dontaudit_send_bgp_client_packets($1)
corenet_dontaudit_receive_bgp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to bgp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_bgp_client_packets',`
gen_require(`
type bgp_client_packet_t;
')
allow $1 bgp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send bgp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_bgp_server_packets',`
gen_require(`
type bgp_server_packet_t;
')
allow $1 bgp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send bgp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_bgp_server_packets',`
gen_require(`
type bgp_server_packet_t;
')
dontaudit $1 bgp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive bgp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_bgp_server_packets',`
gen_require(`
type bgp_server_packet_t;
')
allow $1 bgp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive bgp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_bgp_server_packets',`
gen_require(`
type bgp_server_packet_t;
')
dontaudit $1 bgp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive bgp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_bgp_server_packets',`
corenet_send_bgp_server_packets($1)
corenet_receive_bgp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive bgp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_bgp_server_packets',`
corenet_dontaudit_send_bgp_server_packets($1)
corenet_dontaudit_receive_bgp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to bgp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_bgp_server_packets',`
gen_require(`
type bgp_server_packet_t;
')
allow $1 bgp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_boinc_port',`
gen_require(`
type boinc_port_t;
')
allow $1 boinc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_boinc_port',`
gen_require(`
type boinc_port_t;
')
allow $1 boinc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_boinc_port',`
gen_require(`
type boinc_port_t;
')
dontaudit $1 boinc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_boinc_port',`
gen_require(`
type boinc_port_t;
')
allow $1 boinc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_boinc_port',`
gen_require(`
type boinc_port_t;
')
dontaudit $1 boinc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_boinc_port',`
corenet_udp_send_boinc_port($1)
corenet_udp_receive_boinc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_boinc_port',`
corenet_dontaudit_udp_send_boinc_port($1)
corenet_dontaudit_udp_receive_boinc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_boinc_port',`
gen_require(`
type boinc_port_t;
')
allow $1 boinc_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_boinc_port',`
gen_require(`
type boinc_port_t;
')
allow $1 boinc_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_boinc_port',`
gen_require(`
type boinc_port_t;
')
allow $1 boinc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send boinc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_boinc_client_packets',`
gen_require(`
type boinc_client_packet_t;
')
allow $1 boinc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send boinc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_boinc_client_packets',`
gen_require(`
type boinc_client_packet_t;
')
dontaudit $1 boinc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive boinc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_boinc_client_packets',`
gen_require(`
type boinc_client_packet_t;
')
allow $1 boinc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive boinc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_boinc_client_packets',`
gen_require(`
type boinc_client_packet_t;
')
dontaudit $1 boinc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive boinc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_boinc_client_packets',`
corenet_send_boinc_client_packets($1)
corenet_receive_boinc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive boinc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_boinc_client_packets',`
corenet_dontaudit_send_boinc_client_packets($1)
corenet_dontaudit_receive_boinc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to boinc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_boinc_client_packets',`
gen_require(`
type boinc_client_packet_t;
')
allow $1 boinc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send boinc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_boinc_server_packets',`
gen_require(`
type boinc_server_packet_t;
')
allow $1 boinc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send boinc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_boinc_server_packets',`
gen_require(`
type boinc_server_packet_t;
')
dontaudit $1 boinc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive boinc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_boinc_server_packets',`
gen_require(`
type boinc_server_packet_t;
')
allow $1 boinc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive boinc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_boinc_server_packets',`
gen_require(`
type boinc_server_packet_t;
')
dontaudit $1 boinc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive boinc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_boinc_server_packets',`
corenet_send_boinc_server_packets($1)
corenet_receive_boinc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive boinc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_boinc_server_packets',`
corenet_dontaudit_send_boinc_server_packets($1)
corenet_dontaudit_receive_boinc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to boinc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_boinc_server_packets',`
gen_require(`
type boinc_server_packet_t;
')
allow $1 boinc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_certmaster_port',`
gen_require(`
type certmaster_port_t;
')
allow $1 certmaster_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_certmaster_port',`
gen_require(`
type certmaster_port_t;
')
allow $1 certmaster_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_certmaster_port',`
gen_require(`
type certmaster_port_t;
')
dontaudit $1 certmaster_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_certmaster_port',`
gen_require(`
type certmaster_port_t;
')
allow $1 certmaster_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_certmaster_port',`
gen_require(`
type certmaster_port_t;
')
dontaudit $1 certmaster_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_certmaster_port',`
corenet_udp_send_certmaster_port($1)
corenet_udp_receive_certmaster_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_certmaster_port',`
corenet_dontaudit_udp_send_certmaster_port($1)
corenet_dontaudit_udp_receive_certmaster_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_certmaster_port',`
gen_require(`
type certmaster_port_t;
')
allow $1 certmaster_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_certmaster_port',`
gen_require(`
type certmaster_port_t;
')
allow $1 certmaster_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_certmaster_port',`
gen_require(`
type certmaster_port_t;
')
allow $1 certmaster_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send certmaster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_certmaster_client_packets',`
gen_require(`
type certmaster_client_packet_t;
')
allow $1 certmaster_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send certmaster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_certmaster_client_packets',`
gen_require(`
type certmaster_client_packet_t;
')
dontaudit $1 certmaster_client_packet_t:packet send;
')
########################################
## <summary>
## Receive certmaster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_certmaster_client_packets',`
gen_require(`
type certmaster_client_packet_t;
')
allow $1 certmaster_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive certmaster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_certmaster_client_packets',`
gen_require(`
type certmaster_client_packet_t;
')
dontaudit $1 certmaster_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive certmaster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_certmaster_client_packets',`
corenet_send_certmaster_client_packets($1)
corenet_receive_certmaster_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive certmaster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_certmaster_client_packets',`
corenet_dontaudit_send_certmaster_client_packets($1)
corenet_dontaudit_receive_certmaster_client_packets($1)
')
########################################
## <summary>
## Relabel packets to certmaster_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_certmaster_client_packets',`
gen_require(`
type certmaster_client_packet_t;
')
allow $1 certmaster_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send certmaster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_certmaster_server_packets',`
gen_require(`
type certmaster_server_packet_t;
')
allow $1 certmaster_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send certmaster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_certmaster_server_packets',`
gen_require(`
type certmaster_server_packet_t;
')
dontaudit $1 certmaster_server_packet_t:packet send;
')
########################################
## <summary>
## Receive certmaster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_certmaster_server_packets',`
gen_require(`
type certmaster_server_packet_t;
')
allow $1 certmaster_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive certmaster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_certmaster_server_packets',`
gen_require(`
type certmaster_server_packet_t;
')
dontaudit $1 certmaster_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive certmaster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_certmaster_server_packets',`
corenet_send_certmaster_server_packets($1)
corenet_receive_certmaster_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive certmaster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_certmaster_server_packets',`
corenet_dontaudit_send_certmaster_server_packets($1)
corenet_dontaudit_receive_certmaster_server_packets($1)
')
########################################
## <summary>
## Relabel packets to certmaster_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_certmaster_server_packets',`
gen_require(`
type certmaster_server_packet_t;
')
allow $1 certmaster_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the cockpit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_cockpit_port',`
gen_require(`
type cockpit_port_t;
')
allow $1 cockpit_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the cockpit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_cockpit_port',`
gen_require(`
type cockpit_port_t;
')
allow $1 cockpit_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the cockpit port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_cockpit_port',`
gen_require(`
type cockpit_port_t;
')
dontaudit $1 cockpit_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the cockpit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_cockpit_port',`
gen_require(`
type cockpit_port_t;
')
allow $1 cockpit_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the cockpit port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_cockpit_port',`
gen_require(`
type cockpit_port_t;
')
dontaudit $1 cockpit_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the cockpit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_cockpit_port',`
corenet_udp_send_cockpit_port($1)
corenet_udp_receive_cockpit_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the cockpit port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_cockpit_port',`
corenet_dontaudit_udp_send_cockpit_port($1)
corenet_dontaudit_udp_receive_cockpit_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the cockpit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_cockpit_port',`
gen_require(`
type cockpit_port_t;
')
allow $1 cockpit_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the cockpit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_cockpit_port',`
gen_require(`
type cockpit_port_t;
')
allow $1 cockpit_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the cockpit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_cockpit_port',`
gen_require(`
type cockpit_port_t;
')
allow $1 cockpit_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send cockpit_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cockpit_client_packets',`
gen_require(`
type cockpit_client_packet_t;
')
allow $1 cockpit_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cockpit_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cockpit_client_packets',`
gen_require(`
type cockpit_client_packet_t;
')
dontaudit $1 cockpit_client_packet_t:packet send;
')
########################################
## <summary>
## Receive cockpit_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cockpit_client_packets',`
gen_require(`
type cockpit_client_packet_t;
')
allow $1 cockpit_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cockpit_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cockpit_client_packets',`
gen_require(`
type cockpit_client_packet_t;
')
dontaudit $1 cockpit_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cockpit_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cockpit_client_packets',`
corenet_send_cockpit_client_packets($1)
corenet_receive_cockpit_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cockpit_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cockpit_client_packets',`
corenet_dontaudit_send_cockpit_client_packets($1)
corenet_dontaudit_receive_cockpit_client_packets($1)
')
########################################
## <summary>
## Relabel packets to cockpit_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cockpit_client_packets',`
gen_require(`
type cockpit_client_packet_t;
')
allow $1 cockpit_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send cockpit_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cockpit_server_packets',`
gen_require(`
type cockpit_server_packet_t;
')
allow $1 cockpit_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cockpit_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cockpit_server_packets',`
gen_require(`
type cockpit_server_packet_t;
')
dontaudit $1 cockpit_server_packet_t:packet send;
')
########################################
## <summary>
## Receive cockpit_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cockpit_server_packets',`
gen_require(`
type cockpit_server_packet_t;
')
allow $1 cockpit_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cockpit_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cockpit_server_packets',`
gen_require(`
type cockpit_server_packet_t;
')
dontaudit $1 cockpit_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cockpit_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cockpit_server_packets',`
corenet_send_cockpit_server_packets($1)
corenet_receive_cockpit_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cockpit_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cockpit_server_packets',`
corenet_dontaudit_send_cockpit_server_packets($1)
corenet_dontaudit_receive_cockpit_server_packets($1)
')
########################################
## <summary>
## Relabel packets to cockpit_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cockpit_server_packets',`
gen_require(`
type cockpit_server_packet_t;
')
allow $1 cockpit_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_collectd_port',`
gen_require(`
type collectd_port_t;
')
allow $1 collectd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_collectd_port',`
gen_require(`
type collectd_port_t;
')
allow $1 collectd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_collectd_port',`
gen_require(`
type collectd_port_t;
')
dontaudit $1 collectd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_collectd_port',`
gen_require(`
type collectd_port_t;
')
allow $1 collectd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_collectd_port',`
gen_require(`
type collectd_port_t;
')
dontaudit $1 collectd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_collectd_port',`
corenet_udp_send_collectd_port($1)
corenet_udp_receive_collectd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_collectd_port',`
corenet_dontaudit_udp_send_collectd_port($1)
corenet_dontaudit_udp_receive_collectd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_collectd_port',`
gen_require(`
type collectd_port_t;
')
allow $1 collectd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_collectd_port',`
gen_require(`
type collectd_port_t;
')
allow $1 collectd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_collectd_port',`
gen_require(`
type collectd_port_t;
')
allow $1 collectd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send collectd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_collectd_client_packets',`
gen_require(`
type collectd_client_packet_t;
')
allow $1 collectd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send collectd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_collectd_client_packets',`
gen_require(`
type collectd_client_packet_t;
')
dontaudit $1 collectd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive collectd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_collectd_client_packets',`
gen_require(`
type collectd_client_packet_t;
')
allow $1 collectd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive collectd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_collectd_client_packets',`
gen_require(`
type collectd_client_packet_t;
')
dontaudit $1 collectd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive collectd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_collectd_client_packets',`
corenet_send_collectd_client_packets($1)
corenet_receive_collectd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive collectd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_collectd_client_packets',`
corenet_dontaudit_send_collectd_client_packets($1)
corenet_dontaudit_receive_collectd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to collectd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_collectd_client_packets',`
gen_require(`
type collectd_client_packet_t;
')
allow $1 collectd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send collectd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_collectd_server_packets',`
gen_require(`
type collectd_server_packet_t;
')
allow $1 collectd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send collectd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_collectd_server_packets',`
gen_require(`
type collectd_server_packet_t;
')
dontaudit $1 collectd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive collectd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_collectd_server_packets',`
gen_require(`
type collectd_server_packet_t;
')
allow $1 collectd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive collectd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_collectd_server_packets',`
gen_require(`
type collectd_server_packet_t;
')
dontaudit $1 collectd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive collectd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_collectd_server_packets',`
corenet_send_collectd_server_packets($1)
corenet_receive_collectd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive collectd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_collectd_server_packets',`
corenet_dontaudit_send_collectd_server_packets($1)
corenet_dontaudit_receive_collectd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to collectd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_collectd_server_packets',`
gen_require(`
type collectd_server_packet_t;
')
allow $1 collectd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_chronyd_port',`
gen_require(`
type chronyd_port_t;
')
allow $1 chronyd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_chronyd_port',`
gen_require(`
type chronyd_port_t;
')
allow $1 chronyd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_chronyd_port',`
gen_require(`
type chronyd_port_t;
')
dontaudit $1 chronyd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_chronyd_port',`
gen_require(`
type chronyd_port_t;
')
allow $1 chronyd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_chronyd_port',`
gen_require(`
type chronyd_port_t;
')
dontaudit $1 chronyd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_chronyd_port',`
corenet_udp_send_chronyd_port($1)
corenet_udp_receive_chronyd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_chronyd_port',`
corenet_dontaudit_udp_send_chronyd_port($1)
corenet_dontaudit_udp_receive_chronyd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_chronyd_port',`
gen_require(`
type chronyd_port_t;
')
allow $1 chronyd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_chronyd_port',`
gen_require(`
type chronyd_port_t;
')
allow $1 chronyd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_chronyd_port',`
gen_require(`
type chronyd_port_t;
')
allow $1 chronyd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send chronyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_chronyd_client_packets',`
gen_require(`
type chronyd_client_packet_t;
')
allow $1 chronyd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send chronyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_chronyd_client_packets',`
gen_require(`
type chronyd_client_packet_t;
')
dontaudit $1 chronyd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive chronyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_chronyd_client_packets',`
gen_require(`
type chronyd_client_packet_t;
')
allow $1 chronyd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive chronyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_chronyd_client_packets',`
gen_require(`
type chronyd_client_packet_t;
')
dontaudit $1 chronyd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive chronyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_chronyd_client_packets',`
corenet_send_chronyd_client_packets($1)
corenet_receive_chronyd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive chronyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_chronyd_client_packets',`
corenet_dontaudit_send_chronyd_client_packets($1)
corenet_dontaudit_receive_chronyd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to chronyd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_chronyd_client_packets',`
gen_require(`
type chronyd_client_packet_t;
')
allow $1 chronyd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send chronyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_chronyd_server_packets',`
gen_require(`
type chronyd_server_packet_t;
')
allow $1 chronyd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send chronyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_chronyd_server_packets',`
gen_require(`
type chronyd_server_packet_t;
')
dontaudit $1 chronyd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive chronyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_chronyd_server_packets',`
gen_require(`
type chronyd_server_packet_t;
')
allow $1 chronyd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive chronyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_chronyd_server_packets',`
gen_require(`
type chronyd_server_packet_t;
')
dontaudit $1 chronyd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive chronyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_chronyd_server_packets',`
corenet_send_chronyd_server_packets($1)
corenet_receive_chronyd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive chronyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_chronyd_server_packets',`
corenet_dontaudit_send_chronyd_server_packets($1)
corenet_dontaudit_receive_chronyd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to chronyd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_chronyd_server_packets',`
gen_require(`
type chronyd_server_packet_t;
')
allow $1 chronyd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_clamd_port',`
gen_require(`
type clamd_port_t;
')
allow $1 clamd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_clamd_port',`
gen_require(`
type clamd_port_t;
')
allow $1 clamd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_clamd_port',`
gen_require(`
type clamd_port_t;
')
dontaudit $1 clamd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_clamd_port',`
gen_require(`
type clamd_port_t;
')
allow $1 clamd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_clamd_port',`
gen_require(`
type clamd_port_t;
')
dontaudit $1 clamd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_clamd_port',`
corenet_udp_send_clamd_port($1)
corenet_udp_receive_clamd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_clamd_port',`
corenet_dontaudit_udp_send_clamd_port($1)
corenet_dontaudit_udp_receive_clamd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_clamd_port',`
gen_require(`
type clamd_port_t;
')
allow $1 clamd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_clamd_port',`
gen_require(`
type clamd_port_t;
')
allow $1 clamd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_clamd_port',`
gen_require(`
type clamd_port_t;
')
allow $1 clamd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send clamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_clamd_client_packets',`
gen_require(`
type clamd_client_packet_t;
')
allow $1 clamd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send clamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_clamd_client_packets',`
gen_require(`
type clamd_client_packet_t;
')
dontaudit $1 clamd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive clamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_clamd_client_packets',`
gen_require(`
type clamd_client_packet_t;
')
allow $1 clamd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive clamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_clamd_client_packets',`
gen_require(`
type clamd_client_packet_t;
')
dontaudit $1 clamd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive clamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_clamd_client_packets',`
corenet_send_clamd_client_packets($1)
corenet_receive_clamd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive clamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_clamd_client_packets',`
corenet_dontaudit_send_clamd_client_packets($1)
corenet_dontaudit_receive_clamd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to clamd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_clamd_client_packets',`
gen_require(`
type clamd_client_packet_t;
')
allow $1 clamd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send clamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_clamd_server_packets',`
gen_require(`
type clamd_server_packet_t;
')
allow $1 clamd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send clamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_clamd_server_packets',`
gen_require(`
type clamd_server_packet_t;
')
dontaudit $1 clamd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive clamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_clamd_server_packets',`
gen_require(`
type clamd_server_packet_t;
')
allow $1 clamd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive clamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_clamd_server_packets',`
gen_require(`
type clamd_server_packet_t;
')
dontaudit $1 clamd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive clamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_clamd_server_packets',`
corenet_send_clamd_server_packets($1)
corenet_receive_clamd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive clamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_clamd_server_packets',`
corenet_dontaudit_send_clamd_server_packets($1)
corenet_dontaudit_receive_clamd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to clamd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_clamd_server_packets',`
gen_require(`
type clamd_server_packet_t;
')
allow $1 clamd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_clockspeed_port',`
gen_require(`
type clockspeed_port_t;
')
allow $1 clockspeed_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_clockspeed_port',`
gen_require(`
type clockspeed_port_t;
')
allow $1 clockspeed_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_clockspeed_port',`
gen_require(`
type clockspeed_port_t;
')
dontaudit $1 clockspeed_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_clockspeed_port',`
gen_require(`
type clockspeed_port_t;
')
allow $1 clockspeed_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_clockspeed_port',`
gen_require(`
type clockspeed_port_t;
')
dontaudit $1 clockspeed_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_clockspeed_port',`
corenet_udp_send_clockspeed_port($1)
corenet_udp_receive_clockspeed_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_clockspeed_port',`
corenet_dontaudit_udp_send_clockspeed_port($1)
corenet_dontaudit_udp_receive_clockspeed_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_clockspeed_port',`
gen_require(`
type clockspeed_port_t;
')
allow $1 clockspeed_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_clockspeed_port',`
gen_require(`
type clockspeed_port_t;
')
allow $1 clockspeed_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_clockspeed_port',`
gen_require(`
type clockspeed_port_t;
')
allow $1 clockspeed_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send clockspeed_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_clockspeed_client_packets',`
gen_require(`
type clockspeed_client_packet_t;
')
allow $1 clockspeed_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send clockspeed_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_clockspeed_client_packets',`
gen_require(`
type clockspeed_client_packet_t;
')
dontaudit $1 clockspeed_client_packet_t:packet send;
')
########################################
## <summary>
## Receive clockspeed_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_clockspeed_client_packets',`
gen_require(`
type clockspeed_client_packet_t;
')
allow $1 clockspeed_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive clockspeed_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_clockspeed_client_packets',`
gen_require(`
type clockspeed_client_packet_t;
')
dontaudit $1 clockspeed_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive clockspeed_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_clockspeed_client_packets',`
corenet_send_clockspeed_client_packets($1)
corenet_receive_clockspeed_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive clockspeed_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_clockspeed_client_packets',`
corenet_dontaudit_send_clockspeed_client_packets($1)
corenet_dontaudit_receive_clockspeed_client_packets($1)
')
########################################
## <summary>
## Relabel packets to clockspeed_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_clockspeed_client_packets',`
gen_require(`
type clockspeed_client_packet_t;
')
allow $1 clockspeed_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send clockspeed_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_clockspeed_server_packets',`
gen_require(`
type clockspeed_server_packet_t;
')
allow $1 clockspeed_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send clockspeed_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_clockspeed_server_packets',`
gen_require(`
type clockspeed_server_packet_t;
')
dontaudit $1 clockspeed_server_packet_t:packet send;
')
########################################
## <summary>
## Receive clockspeed_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_clockspeed_server_packets',`
gen_require(`
type clockspeed_server_packet_t;
')
allow $1 clockspeed_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive clockspeed_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_clockspeed_server_packets',`
gen_require(`
type clockspeed_server_packet_t;
')
dontaudit $1 clockspeed_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive clockspeed_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_clockspeed_server_packets',`
corenet_send_clockspeed_server_packets($1)
corenet_receive_clockspeed_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive clockspeed_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_clockspeed_server_packets',`
corenet_dontaudit_send_clockspeed_server_packets($1)
corenet_dontaudit_receive_clockspeed_server_packets($1)
')
########################################
## <summary>
## Relabel packets to clockspeed_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_clockspeed_server_packets',`
gen_require(`
type clockspeed_server_packet_t;
')
allow $1 clockspeed_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_cluster_port',`
gen_require(`
type cluster_port_t;
')
allow $1 cluster_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_cluster_port',`
gen_require(`
type cluster_port_t;
')
allow $1 cluster_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_cluster_port',`
gen_require(`
type cluster_port_t;
')
dontaudit $1 cluster_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_cluster_port',`
gen_require(`
type cluster_port_t;
')
allow $1 cluster_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_cluster_port',`
gen_require(`
type cluster_port_t;
')
dontaudit $1 cluster_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_cluster_port',`
corenet_udp_send_cluster_port($1)
corenet_udp_receive_cluster_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_cluster_port',`
corenet_dontaudit_udp_send_cluster_port($1)
corenet_dontaudit_udp_receive_cluster_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_cluster_port',`
gen_require(`
type cluster_port_t;
')
allow $1 cluster_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_cluster_port',`
gen_require(`
type cluster_port_t;
')
allow $1 cluster_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_cluster_port',`
gen_require(`
type cluster_port_t;
')
allow $1 cluster_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send cluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cluster_client_packets',`
gen_require(`
type cluster_client_packet_t;
')
allow $1 cluster_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cluster_client_packets',`
gen_require(`
type cluster_client_packet_t;
')
dontaudit $1 cluster_client_packet_t:packet send;
')
########################################
## <summary>
## Receive cluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cluster_client_packets',`
gen_require(`
type cluster_client_packet_t;
')
allow $1 cluster_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cluster_client_packets',`
gen_require(`
type cluster_client_packet_t;
')
dontaudit $1 cluster_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cluster_client_packets',`
corenet_send_cluster_client_packets($1)
corenet_receive_cluster_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cluster_client_packets',`
corenet_dontaudit_send_cluster_client_packets($1)
corenet_dontaudit_receive_cluster_client_packets($1)
')
########################################
## <summary>
## Relabel packets to cluster_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cluster_client_packets',`
gen_require(`
type cluster_client_packet_t;
')
allow $1 cluster_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send cluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cluster_server_packets',`
gen_require(`
type cluster_server_packet_t;
')
allow $1 cluster_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cluster_server_packets',`
gen_require(`
type cluster_server_packet_t;
')
dontaudit $1 cluster_server_packet_t:packet send;
')
########################################
## <summary>
## Receive cluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cluster_server_packets',`
gen_require(`
type cluster_server_packet_t;
')
allow $1 cluster_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cluster_server_packets',`
gen_require(`
type cluster_server_packet_t;
')
dontaudit $1 cluster_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cluster_server_packets',`
corenet_send_cluster_server_packets($1)
corenet_receive_cluster_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cluster_server_packets',`
corenet_dontaudit_send_cluster_server_packets($1)
corenet_dontaudit_receive_cluster_server_packets($1)
')
########################################
## <summary>
## Relabel packets to cluster_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cluster_server_packets',`
gen_require(`
type cluster_server_packet_t;
')
allow $1 cluster_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_cma_port',`
gen_require(`
type cma_port_t;
')
allow $1 cma_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_cma_port',`
gen_require(`
type cma_port_t;
')
allow $1 cma_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_cma_port',`
gen_require(`
type cma_port_t;
')
dontaudit $1 cma_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_cma_port',`
gen_require(`
type cma_port_t;
')
allow $1 cma_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_cma_port',`
gen_require(`
type cma_port_t;
')
dontaudit $1 cma_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_cma_port',`
corenet_udp_send_cma_port($1)
corenet_udp_receive_cma_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_cma_port',`
corenet_dontaudit_udp_send_cma_port($1)
corenet_dontaudit_udp_receive_cma_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_cma_port',`
gen_require(`
type cma_port_t;
')
allow $1 cma_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_cma_port',`
gen_require(`
type cma_port_t;
')
allow $1 cma_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_cma_port',`
gen_require(`
type cma_port_t;
')
allow $1 cma_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send cma_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cma_client_packets',`
gen_require(`
type cma_client_packet_t;
')
allow $1 cma_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cma_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cma_client_packets',`
gen_require(`
type cma_client_packet_t;
')
dontaudit $1 cma_client_packet_t:packet send;
')
########################################
## <summary>
## Receive cma_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cma_client_packets',`
gen_require(`
type cma_client_packet_t;
')
allow $1 cma_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cma_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cma_client_packets',`
gen_require(`
type cma_client_packet_t;
')
dontaudit $1 cma_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cma_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cma_client_packets',`
corenet_send_cma_client_packets($1)
corenet_receive_cma_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cma_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cma_client_packets',`
corenet_dontaudit_send_cma_client_packets($1)
corenet_dontaudit_receive_cma_client_packets($1)
')
########################################
## <summary>
## Relabel packets to cma_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cma_client_packets',`
gen_require(`
type cma_client_packet_t;
')
allow $1 cma_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send cma_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cma_server_packets',`
gen_require(`
type cma_server_packet_t;
')
allow $1 cma_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cma_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cma_server_packets',`
gen_require(`
type cma_server_packet_t;
')
dontaudit $1 cma_server_packet_t:packet send;
')
########################################
## <summary>
## Receive cma_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cma_server_packets',`
gen_require(`
type cma_server_packet_t;
')
allow $1 cma_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cma_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cma_server_packets',`
gen_require(`
type cma_server_packet_t;
')
dontaudit $1 cma_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cma_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cma_server_packets',`
corenet_send_cma_server_packets($1)
corenet_receive_cma_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cma_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cma_server_packets',`
corenet_dontaudit_send_cma_server_packets($1)
corenet_dontaudit_receive_cma_server_packets($1)
')
########################################
## <summary>
## Relabel packets to cma_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cma_server_packets',`
gen_require(`
type cma_server_packet_t;
')
allow $1 cma_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_cobbler_port',`
gen_require(`
type cobbler_port_t;
')
allow $1 cobbler_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_cobbler_port',`
gen_require(`
type cobbler_port_t;
')
allow $1 cobbler_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_cobbler_port',`
gen_require(`
type cobbler_port_t;
')
dontaudit $1 cobbler_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_cobbler_port',`
gen_require(`
type cobbler_port_t;
')
allow $1 cobbler_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_cobbler_port',`
gen_require(`
type cobbler_port_t;
')
dontaudit $1 cobbler_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_cobbler_port',`
corenet_udp_send_cobbler_port($1)
corenet_udp_receive_cobbler_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_cobbler_port',`
corenet_dontaudit_udp_send_cobbler_port($1)
corenet_dontaudit_udp_receive_cobbler_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_cobbler_port',`
gen_require(`
type cobbler_port_t;
')
allow $1 cobbler_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_cobbler_port',`
gen_require(`
type cobbler_port_t;
')
allow $1 cobbler_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_cobbler_port',`
gen_require(`
type cobbler_port_t;
')
allow $1 cobbler_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send cobbler_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cobbler_client_packets',`
gen_require(`
type cobbler_client_packet_t;
')
allow $1 cobbler_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cobbler_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cobbler_client_packets',`
gen_require(`
type cobbler_client_packet_t;
')
dontaudit $1 cobbler_client_packet_t:packet send;
')
########################################
## <summary>
## Receive cobbler_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cobbler_client_packets',`
gen_require(`
type cobbler_client_packet_t;
')
allow $1 cobbler_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cobbler_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cobbler_client_packets',`
gen_require(`
type cobbler_client_packet_t;
')
dontaudit $1 cobbler_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cobbler_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cobbler_client_packets',`
corenet_send_cobbler_client_packets($1)
corenet_receive_cobbler_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cobbler_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cobbler_client_packets',`
corenet_dontaudit_send_cobbler_client_packets($1)
corenet_dontaudit_receive_cobbler_client_packets($1)
')
########################################
## <summary>
## Relabel packets to cobbler_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cobbler_client_packets',`
gen_require(`
type cobbler_client_packet_t;
')
allow $1 cobbler_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send cobbler_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cobbler_server_packets',`
gen_require(`
type cobbler_server_packet_t;
')
allow $1 cobbler_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cobbler_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cobbler_server_packets',`
gen_require(`
type cobbler_server_packet_t;
')
dontaudit $1 cobbler_server_packet_t:packet send;
')
########################################
## <summary>
## Receive cobbler_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cobbler_server_packets',`
gen_require(`
type cobbler_server_packet_t;
')
allow $1 cobbler_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cobbler_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cobbler_server_packets',`
gen_require(`
type cobbler_server_packet_t;
')
dontaudit $1 cobbler_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cobbler_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cobbler_server_packets',`
corenet_send_cobbler_server_packets($1)
corenet_receive_cobbler_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cobbler_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cobbler_server_packets',`
corenet_dontaudit_send_cobbler_server_packets($1)
corenet_dontaudit_receive_cobbler_server_packets($1)
')
########################################
## <summary>
## Relabel packets to cobbler_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cobbler_server_packets',`
gen_require(`
type cobbler_server_packet_t;
')
allow $1 cobbler_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the commplex port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_commplex_port',`
gen_require(`
type commplex_port_t;
')
allow $1 commplex_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the commplex port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_commplex_port',`
gen_require(`
type commplex_port_t;
')
allow $1 commplex_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the commplex port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_commplex_port',`
gen_require(`
type commplex_port_t;
')
dontaudit $1 commplex_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the commplex port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_commplex_port',`
gen_require(`
type commplex_port_t;
')
allow $1 commplex_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the commplex port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_commplex_port',`
gen_require(`
type commplex_port_t;
')
dontaudit $1 commplex_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the commplex port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_commplex_port',`
corenet_udp_send_commplex_port($1)
corenet_udp_receive_commplex_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the commplex port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_commplex_port',`
corenet_dontaudit_udp_send_commplex_port($1)
corenet_dontaudit_udp_receive_commplex_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the commplex port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_commplex_port',`
gen_require(`
type commplex_port_t;
')
allow $1 commplex_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the commplex port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_commplex_port',`
gen_require(`
type commplex_port_t;
')
allow $1 commplex_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the commplex port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_commplex_port',`
gen_require(`
type commplex_port_t;
')
allow $1 commplex_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send commplex_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_commplex_client_packets',`
gen_require(`
type commplex_client_packet_t;
')
allow $1 commplex_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send commplex_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_commplex_client_packets',`
gen_require(`
type commplex_client_packet_t;
')
dontaudit $1 commplex_client_packet_t:packet send;
')
########################################
## <summary>
## Receive commplex_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_commplex_client_packets',`
gen_require(`
type commplex_client_packet_t;
')
allow $1 commplex_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive commplex_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_commplex_client_packets',`
gen_require(`
type commplex_client_packet_t;
')
dontaudit $1 commplex_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive commplex_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_commplex_client_packets',`
corenet_send_commplex_client_packets($1)
corenet_receive_commplex_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive commplex_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_commplex_client_packets',`
corenet_dontaudit_send_commplex_client_packets($1)
corenet_dontaudit_receive_commplex_client_packets($1)
')
########################################
## <summary>
## Relabel packets to commplex_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_commplex_client_packets',`
gen_require(`
type commplex_client_packet_t;
')
allow $1 commplex_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send commplex_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_commplex_server_packets',`
gen_require(`
type commplex_server_packet_t;
')
allow $1 commplex_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send commplex_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_commplex_server_packets',`
gen_require(`
type commplex_server_packet_t;
')
dontaudit $1 commplex_server_packet_t:packet send;
')
########################################
## <summary>
## Receive commplex_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_commplex_server_packets',`
gen_require(`
type commplex_server_packet_t;
')
allow $1 commplex_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive commplex_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_commplex_server_packets',`
gen_require(`
type commplex_server_packet_t;
')
dontaudit $1 commplex_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive commplex_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_commplex_server_packets',`
corenet_send_commplex_server_packets($1)
corenet_receive_commplex_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive commplex_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_commplex_server_packets',`
corenet_dontaudit_send_commplex_server_packets($1)
corenet_dontaudit_receive_commplex_server_packets($1)
')
########################################
## <summary>
## Relabel packets to commplex_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_commplex_server_packets',`
gen_require(`
type commplex_server_packet_t;
')
allow $1 commplex_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_comsat_port',`
gen_require(`
type comsat_port_t;
')
allow $1 comsat_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_comsat_port',`
gen_require(`
type comsat_port_t;
')
allow $1 comsat_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_comsat_port',`
gen_require(`
type comsat_port_t;
')
dontaudit $1 comsat_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_comsat_port',`
gen_require(`
type comsat_port_t;
')
allow $1 comsat_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_comsat_port',`
gen_require(`
type comsat_port_t;
')
dontaudit $1 comsat_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_comsat_port',`
corenet_udp_send_comsat_port($1)
corenet_udp_receive_comsat_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_comsat_port',`
corenet_dontaudit_udp_send_comsat_port($1)
corenet_dontaudit_udp_receive_comsat_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_comsat_port',`
gen_require(`
type comsat_port_t;
')
allow $1 comsat_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_comsat_port',`
gen_require(`
type comsat_port_t;
')
allow $1 comsat_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_comsat_port',`
gen_require(`
type comsat_port_t;
')
allow $1 comsat_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send comsat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_comsat_client_packets',`
gen_require(`
type comsat_client_packet_t;
')
allow $1 comsat_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send comsat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_comsat_client_packets',`
gen_require(`
type comsat_client_packet_t;
')
dontaudit $1 comsat_client_packet_t:packet send;
')
########################################
## <summary>
## Receive comsat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_comsat_client_packets',`
gen_require(`
type comsat_client_packet_t;
')
allow $1 comsat_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive comsat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_comsat_client_packets',`
gen_require(`
type comsat_client_packet_t;
')
dontaudit $1 comsat_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive comsat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_comsat_client_packets',`
corenet_send_comsat_client_packets($1)
corenet_receive_comsat_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive comsat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_comsat_client_packets',`
corenet_dontaudit_send_comsat_client_packets($1)
corenet_dontaudit_receive_comsat_client_packets($1)
')
########################################
## <summary>
## Relabel packets to comsat_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_comsat_client_packets',`
gen_require(`
type comsat_client_packet_t;
')
allow $1 comsat_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send comsat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_comsat_server_packets',`
gen_require(`
type comsat_server_packet_t;
')
allow $1 comsat_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send comsat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_comsat_server_packets',`
gen_require(`
type comsat_server_packet_t;
')
dontaudit $1 comsat_server_packet_t:packet send;
')
########################################
## <summary>
## Receive comsat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_comsat_server_packets',`
gen_require(`
type comsat_server_packet_t;
')
allow $1 comsat_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive comsat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_comsat_server_packets',`
gen_require(`
type comsat_server_packet_t;
')
dontaudit $1 comsat_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive comsat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_comsat_server_packets',`
corenet_send_comsat_server_packets($1)
corenet_receive_comsat_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive comsat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_comsat_server_packets',`
corenet_dontaudit_send_comsat_server_packets($1)
corenet_dontaudit_receive_comsat_server_packets($1)
')
########################################
## <summary>
## Relabel packets to comsat_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_comsat_server_packets',`
gen_require(`
type comsat_server_packet_t;
')
allow $1 comsat_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_condor_port',`
gen_require(`
type condor_port_t;
')
allow $1 condor_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_condor_port',`
gen_require(`
type condor_port_t;
')
allow $1 condor_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_condor_port',`
gen_require(`
type condor_port_t;
')
dontaudit $1 condor_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_condor_port',`
gen_require(`
type condor_port_t;
')
allow $1 condor_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_condor_port',`
gen_require(`
type condor_port_t;
')
dontaudit $1 condor_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_condor_port',`
corenet_udp_send_condor_port($1)
corenet_udp_receive_condor_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_condor_port',`
corenet_dontaudit_udp_send_condor_port($1)
corenet_dontaudit_udp_receive_condor_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_condor_port',`
gen_require(`
type condor_port_t;
')
allow $1 condor_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_condor_port',`
gen_require(`
type condor_port_t;
')
allow $1 condor_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_condor_port',`
gen_require(`
type condor_port_t;
')
allow $1 condor_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send condor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_condor_client_packets',`
gen_require(`
type condor_client_packet_t;
')
allow $1 condor_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send condor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_condor_client_packets',`
gen_require(`
type condor_client_packet_t;
')
dontaudit $1 condor_client_packet_t:packet send;
')
########################################
## <summary>
## Receive condor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_condor_client_packets',`
gen_require(`
type condor_client_packet_t;
')
allow $1 condor_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive condor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_condor_client_packets',`
gen_require(`
type condor_client_packet_t;
')
dontaudit $1 condor_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive condor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_condor_client_packets',`
corenet_send_condor_client_packets($1)
corenet_receive_condor_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive condor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_condor_client_packets',`
corenet_dontaudit_send_condor_client_packets($1)
corenet_dontaudit_receive_condor_client_packets($1)
')
########################################
## <summary>
## Relabel packets to condor_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_condor_client_packets',`
gen_require(`
type condor_client_packet_t;
')
allow $1 condor_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send condor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_condor_server_packets',`
gen_require(`
type condor_server_packet_t;
')
allow $1 condor_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send condor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_condor_server_packets',`
gen_require(`
type condor_server_packet_t;
')
dontaudit $1 condor_server_packet_t:packet send;
')
########################################
## <summary>
## Receive condor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_condor_server_packets',`
gen_require(`
type condor_server_packet_t;
')
allow $1 condor_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive condor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_condor_server_packets',`
gen_require(`
type condor_server_packet_t;
')
dontaudit $1 condor_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive condor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_condor_server_packets',`
corenet_send_condor_server_packets($1)
corenet_receive_condor_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive condor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_condor_server_packets',`
corenet_dontaudit_send_condor_server_packets($1)
corenet_dontaudit_receive_condor_server_packets($1)
')
########################################
## <summary>
## Relabel packets to condor_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_condor_server_packets',`
gen_require(`
type condor_server_packet_t;
')
allow $1 condor_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_conman_port',`
gen_require(`
type conman_port_t;
')
allow $1 conman_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_conman_port',`
gen_require(`
type conman_port_t;
')
allow $1 conman_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_conman_port',`
gen_require(`
type conman_port_t;
')
dontaudit $1 conman_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_conman_port',`
gen_require(`
type conman_port_t;
')
allow $1 conman_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_conman_port',`
gen_require(`
type conman_port_t;
')
dontaudit $1 conman_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_conman_port',`
corenet_udp_send_conman_port($1)
corenet_udp_receive_conman_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_conman_port',`
corenet_dontaudit_udp_send_conman_port($1)
corenet_dontaudit_udp_receive_conman_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_conman_port',`
gen_require(`
type conman_port_t;
')
allow $1 conman_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_conman_port',`
gen_require(`
type conman_port_t;
')
allow $1 conman_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_conman_port',`
gen_require(`
type conman_port_t;
')
allow $1 conman_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send conman_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_conman_client_packets',`
gen_require(`
type conman_client_packet_t;
')
allow $1 conman_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send conman_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_conman_client_packets',`
gen_require(`
type conman_client_packet_t;
')
dontaudit $1 conman_client_packet_t:packet send;
')
########################################
## <summary>
## Receive conman_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_conman_client_packets',`
gen_require(`
type conman_client_packet_t;
')
allow $1 conman_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive conman_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_conman_client_packets',`
gen_require(`
type conman_client_packet_t;
')
dontaudit $1 conman_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive conman_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_conman_client_packets',`
corenet_send_conman_client_packets($1)
corenet_receive_conman_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive conman_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_conman_client_packets',`
corenet_dontaudit_send_conman_client_packets($1)
corenet_dontaudit_receive_conman_client_packets($1)
')
########################################
## <summary>
## Relabel packets to conman_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_conman_client_packets',`
gen_require(`
type conman_client_packet_t;
')
allow $1 conman_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send conman_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_conman_server_packets',`
gen_require(`
type conman_server_packet_t;
')
allow $1 conman_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send conman_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_conman_server_packets',`
gen_require(`
type conman_server_packet_t;
')
dontaudit $1 conman_server_packet_t:packet send;
')
########################################
## <summary>
## Receive conman_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_conman_server_packets',`
gen_require(`
type conman_server_packet_t;
')
allow $1 conman_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive conman_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_conman_server_packets',`
gen_require(`
type conman_server_packet_t;
')
dontaudit $1 conman_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive conman_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_conman_server_packets',`
corenet_send_conman_server_packets($1)
corenet_receive_conman_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive conman_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_conman_server_packets',`
corenet_dontaudit_send_conman_server_packets($1)
corenet_dontaudit_receive_conman_server_packets($1)
')
########################################
## <summary>
## Relabel packets to conman_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_conman_server_packets',`
gen_require(`
type conman_server_packet_t;
')
allow $1 conman_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ctdb_port',`
gen_require(`
type ctdb_port_t;
')
allow $1 ctdb_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ctdb_port',`
gen_require(`
type ctdb_port_t;
')
allow $1 ctdb_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ctdb_port',`
gen_require(`
type ctdb_port_t;
')
dontaudit $1 ctdb_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ctdb_port',`
gen_require(`
type ctdb_port_t;
')
allow $1 ctdb_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ctdb_port',`
gen_require(`
type ctdb_port_t;
')
dontaudit $1 ctdb_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ctdb_port',`
corenet_udp_send_ctdb_port($1)
corenet_udp_receive_ctdb_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ctdb_port',`
corenet_dontaudit_udp_send_ctdb_port($1)
corenet_dontaudit_udp_receive_ctdb_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ctdb_port',`
gen_require(`
type ctdb_port_t;
')
allow $1 ctdb_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ctdb_port',`
gen_require(`
type ctdb_port_t;
')
allow $1 ctdb_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ctdb_port',`
gen_require(`
type ctdb_port_t;
')
allow $1 ctdb_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ctdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ctdb_client_packets',`
gen_require(`
type ctdb_client_packet_t;
')
allow $1 ctdb_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ctdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ctdb_client_packets',`
gen_require(`
type ctdb_client_packet_t;
')
dontaudit $1 ctdb_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ctdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ctdb_client_packets',`
gen_require(`
type ctdb_client_packet_t;
')
allow $1 ctdb_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ctdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ctdb_client_packets',`
gen_require(`
type ctdb_client_packet_t;
')
dontaudit $1 ctdb_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ctdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ctdb_client_packets',`
corenet_send_ctdb_client_packets($1)
corenet_receive_ctdb_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ctdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ctdb_client_packets',`
corenet_dontaudit_send_ctdb_client_packets($1)
corenet_dontaudit_receive_ctdb_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ctdb_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ctdb_client_packets',`
gen_require(`
type ctdb_client_packet_t;
')
allow $1 ctdb_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ctdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ctdb_server_packets',`
gen_require(`
type ctdb_server_packet_t;
')
allow $1 ctdb_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ctdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ctdb_server_packets',`
gen_require(`
type ctdb_server_packet_t;
')
dontaudit $1 ctdb_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ctdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ctdb_server_packets',`
gen_require(`
type ctdb_server_packet_t;
')
allow $1 ctdb_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ctdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ctdb_server_packets',`
gen_require(`
type ctdb_server_packet_t;
')
dontaudit $1 ctdb_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ctdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ctdb_server_packets',`
corenet_send_ctdb_server_packets($1)
corenet_receive_ctdb_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ctdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ctdb_server_packets',`
corenet_dontaudit_send_ctdb_server_packets($1)
corenet_dontaudit_receive_ctdb_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ctdb_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ctdb_server_packets',`
gen_require(`
type ctdb_server_packet_t;
')
allow $1 ctdb_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_cvs_port',`
gen_require(`
type cvs_port_t;
')
allow $1 cvs_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_cvs_port',`
gen_require(`
type cvs_port_t;
')
allow $1 cvs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_cvs_port',`
gen_require(`
type cvs_port_t;
')
dontaudit $1 cvs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_cvs_port',`
gen_require(`
type cvs_port_t;
')
allow $1 cvs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_cvs_port',`
gen_require(`
type cvs_port_t;
')
dontaudit $1 cvs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_cvs_port',`
corenet_udp_send_cvs_port($1)
corenet_udp_receive_cvs_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_cvs_port',`
corenet_dontaudit_udp_send_cvs_port($1)
corenet_dontaudit_udp_receive_cvs_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_cvs_port',`
gen_require(`
type cvs_port_t;
')
allow $1 cvs_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_cvs_port',`
gen_require(`
type cvs_port_t;
')
allow $1 cvs_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_cvs_port',`
gen_require(`
type cvs_port_t;
')
allow $1 cvs_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send cvs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cvs_client_packets',`
gen_require(`
type cvs_client_packet_t;
')
allow $1 cvs_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cvs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cvs_client_packets',`
gen_require(`
type cvs_client_packet_t;
')
dontaudit $1 cvs_client_packet_t:packet send;
')
########################################
## <summary>
## Receive cvs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cvs_client_packets',`
gen_require(`
type cvs_client_packet_t;
')
allow $1 cvs_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cvs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cvs_client_packets',`
gen_require(`
type cvs_client_packet_t;
')
dontaudit $1 cvs_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cvs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cvs_client_packets',`
corenet_send_cvs_client_packets($1)
corenet_receive_cvs_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cvs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cvs_client_packets',`
corenet_dontaudit_send_cvs_client_packets($1)
corenet_dontaudit_receive_cvs_client_packets($1)
')
########################################
## <summary>
## Relabel packets to cvs_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cvs_client_packets',`
gen_require(`
type cvs_client_packet_t;
')
allow $1 cvs_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send cvs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cvs_server_packets',`
gen_require(`
type cvs_server_packet_t;
')
allow $1 cvs_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cvs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cvs_server_packets',`
gen_require(`
type cvs_server_packet_t;
')
dontaudit $1 cvs_server_packet_t:packet send;
')
########################################
## <summary>
## Receive cvs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cvs_server_packets',`
gen_require(`
type cvs_server_packet_t;
')
allow $1 cvs_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cvs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cvs_server_packets',`
gen_require(`
type cvs_server_packet_t;
')
dontaudit $1 cvs_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cvs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cvs_server_packets',`
corenet_send_cvs_server_packets($1)
corenet_receive_cvs_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cvs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cvs_server_packets',`
corenet_dontaudit_send_cvs_server_packets($1)
corenet_dontaudit_receive_cvs_server_packets($1)
')
########################################
## <summary>
## Relabel packets to cvs_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cvs_server_packets',`
gen_require(`
type cvs_server_packet_t;
')
allow $1 cvs_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_cyphesis_port',`
gen_require(`
type cyphesis_port_t;
')
allow $1 cyphesis_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_cyphesis_port',`
gen_require(`
type cyphesis_port_t;
')
allow $1 cyphesis_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_cyphesis_port',`
gen_require(`
type cyphesis_port_t;
')
dontaudit $1 cyphesis_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_cyphesis_port',`
gen_require(`
type cyphesis_port_t;
')
allow $1 cyphesis_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_cyphesis_port',`
gen_require(`
type cyphesis_port_t;
')
dontaudit $1 cyphesis_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_cyphesis_port',`
corenet_udp_send_cyphesis_port($1)
corenet_udp_receive_cyphesis_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_cyphesis_port',`
corenet_dontaudit_udp_send_cyphesis_port($1)
corenet_dontaudit_udp_receive_cyphesis_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_cyphesis_port',`
gen_require(`
type cyphesis_port_t;
')
allow $1 cyphesis_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_cyphesis_port',`
gen_require(`
type cyphesis_port_t;
')
allow $1 cyphesis_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_cyphesis_port',`
gen_require(`
type cyphesis_port_t;
')
allow $1 cyphesis_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send cyphesis_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cyphesis_client_packets',`
gen_require(`
type cyphesis_client_packet_t;
')
allow $1 cyphesis_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cyphesis_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cyphesis_client_packets',`
gen_require(`
type cyphesis_client_packet_t;
')
dontaudit $1 cyphesis_client_packet_t:packet send;
')
########################################
## <summary>
## Receive cyphesis_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cyphesis_client_packets',`
gen_require(`
type cyphesis_client_packet_t;
')
allow $1 cyphesis_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cyphesis_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cyphesis_client_packets',`
gen_require(`
type cyphesis_client_packet_t;
')
dontaudit $1 cyphesis_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cyphesis_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cyphesis_client_packets',`
corenet_send_cyphesis_client_packets($1)
corenet_receive_cyphesis_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cyphesis_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cyphesis_client_packets',`
corenet_dontaudit_send_cyphesis_client_packets($1)
corenet_dontaudit_receive_cyphesis_client_packets($1)
')
########################################
## <summary>
## Relabel packets to cyphesis_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cyphesis_client_packets',`
gen_require(`
type cyphesis_client_packet_t;
')
allow $1 cyphesis_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send cyphesis_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cyphesis_server_packets',`
gen_require(`
type cyphesis_server_packet_t;
')
allow $1 cyphesis_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cyphesis_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cyphesis_server_packets',`
gen_require(`
type cyphesis_server_packet_t;
')
dontaudit $1 cyphesis_server_packet_t:packet send;
')
########################################
## <summary>
## Receive cyphesis_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cyphesis_server_packets',`
gen_require(`
type cyphesis_server_packet_t;
')
allow $1 cyphesis_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cyphesis_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cyphesis_server_packets',`
gen_require(`
type cyphesis_server_packet_t;
')
dontaudit $1 cyphesis_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cyphesis_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cyphesis_server_packets',`
corenet_send_cyphesis_server_packets($1)
corenet_receive_cyphesis_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cyphesis_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cyphesis_server_packets',`
corenet_dontaudit_send_cyphesis_server_packets($1)
corenet_dontaudit_receive_cyphesis_server_packets($1)
')
########################################
## <summary>
## Relabel packets to cyphesis_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cyphesis_server_packets',`
gen_require(`
type cyphesis_server_packet_t;
')
allow $1 cyphesis_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_connlcli_port',`
gen_require(`
type connlcli_port_t;
')
allow $1 connlcli_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_connlcli_port',`
gen_require(`
type connlcli_port_t;
')
allow $1 connlcli_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_connlcli_port',`
gen_require(`
type connlcli_port_t;
')
dontaudit $1 connlcli_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_connlcli_port',`
gen_require(`
type connlcli_port_t;
')
allow $1 connlcli_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_connlcli_port',`
gen_require(`
type connlcli_port_t;
')
dontaudit $1 connlcli_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_connlcli_port',`
corenet_udp_send_connlcli_port($1)
corenet_udp_receive_connlcli_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_connlcli_port',`
corenet_dontaudit_udp_send_connlcli_port($1)
corenet_dontaudit_udp_receive_connlcli_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_connlcli_port',`
gen_require(`
type connlcli_port_t;
')
allow $1 connlcli_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_connlcli_port',`
gen_require(`
type connlcli_port_t;
')
allow $1 connlcli_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_connlcli_port',`
gen_require(`
type connlcli_port_t;
')
allow $1 connlcli_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send connlcli_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_connlcli_client_packets',`
gen_require(`
type connlcli_client_packet_t;
')
allow $1 connlcli_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send connlcli_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_connlcli_client_packets',`
gen_require(`
type connlcli_client_packet_t;
')
dontaudit $1 connlcli_client_packet_t:packet send;
')
########################################
## <summary>
## Receive connlcli_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_connlcli_client_packets',`
gen_require(`
type connlcli_client_packet_t;
')
allow $1 connlcli_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive connlcli_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_connlcli_client_packets',`
gen_require(`
type connlcli_client_packet_t;
')
dontaudit $1 connlcli_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive connlcli_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_connlcli_client_packets',`
corenet_send_connlcli_client_packets($1)
corenet_receive_connlcli_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive connlcli_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_connlcli_client_packets',`
corenet_dontaudit_send_connlcli_client_packets($1)
corenet_dontaudit_receive_connlcli_client_packets($1)
')
########################################
## <summary>
## Relabel packets to connlcli_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_connlcli_client_packets',`
gen_require(`
type connlcli_client_packet_t;
')
allow $1 connlcli_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send connlcli_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_connlcli_server_packets',`
gen_require(`
type connlcli_server_packet_t;
')
allow $1 connlcli_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send connlcli_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_connlcli_server_packets',`
gen_require(`
type connlcli_server_packet_t;
')
dontaudit $1 connlcli_server_packet_t:packet send;
')
########################################
## <summary>
## Receive connlcli_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_connlcli_server_packets',`
gen_require(`
type connlcli_server_packet_t;
')
allow $1 connlcli_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive connlcli_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_connlcli_server_packets',`
gen_require(`
type connlcli_server_packet_t;
')
dontaudit $1 connlcli_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive connlcli_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_connlcli_server_packets',`
corenet_send_connlcli_server_packets($1)
corenet_receive_connlcli_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive connlcli_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_connlcli_server_packets',`
corenet_dontaudit_send_connlcli_server_packets($1)
corenet_dontaudit_receive_connlcli_server_packets($1)
')
########################################
## <summary>
## Relabel packets to connlcli_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_connlcli_server_packets',`
gen_require(`
type connlcli_server_packet_t;
')
allow $1 connlcli_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_gluster_port',`
gen_require(`
type gluster_port_t;
')
allow $1 gluster_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_gluster_port',`
gen_require(`
type gluster_port_t;
')
allow $1 gluster_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_gluster_port',`
gen_require(`
type gluster_port_t;
')
dontaudit $1 gluster_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_gluster_port',`
gen_require(`
type gluster_port_t;
')
allow $1 gluster_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_gluster_port',`
gen_require(`
type gluster_port_t;
')
dontaudit $1 gluster_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_gluster_port',`
corenet_udp_send_gluster_port($1)
corenet_udp_receive_gluster_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_gluster_port',`
corenet_dontaudit_udp_send_gluster_port($1)
corenet_dontaudit_udp_receive_gluster_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_gluster_port',`
gen_require(`
type gluster_port_t;
')
allow $1 gluster_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_gluster_port',`
gen_require(`
type gluster_port_t;
')
allow $1 gluster_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_gluster_port',`
gen_require(`
type gluster_port_t;
')
allow $1 gluster_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send gluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gluster_client_packets',`
gen_require(`
type gluster_client_packet_t;
')
allow $1 gluster_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gluster_client_packets',`
gen_require(`
type gluster_client_packet_t;
')
dontaudit $1 gluster_client_packet_t:packet send;
')
########################################
## <summary>
## Receive gluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gluster_client_packets',`
gen_require(`
type gluster_client_packet_t;
')
allow $1 gluster_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gluster_client_packets',`
gen_require(`
type gluster_client_packet_t;
')
dontaudit $1 gluster_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gluster_client_packets',`
corenet_send_gluster_client_packets($1)
corenet_receive_gluster_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gluster_client_packets',`
corenet_dontaudit_send_gluster_client_packets($1)
corenet_dontaudit_receive_gluster_client_packets($1)
')
########################################
## <summary>
## Relabel packets to gluster_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gluster_client_packets',`
gen_require(`
type gluster_client_packet_t;
')
allow $1 gluster_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send gluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gluster_server_packets',`
gen_require(`
type gluster_server_packet_t;
')
allow $1 gluster_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gluster_server_packets',`
gen_require(`
type gluster_server_packet_t;
')
dontaudit $1 gluster_server_packet_t:packet send;
')
########################################
## <summary>
## Receive gluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gluster_server_packets',`
gen_require(`
type gluster_server_packet_t;
')
allow $1 gluster_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gluster_server_packets',`
gen_require(`
type gluster_server_packet_t;
')
dontaudit $1 gluster_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gluster_server_packets',`
corenet_send_gluster_server_packets($1)
corenet_receive_gluster_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gluster_server_packets',`
corenet_dontaudit_send_gluster_server_packets($1)
corenet_dontaudit_receive_gluster_server_packets($1)
')
########################################
## <summary>
## Relabel packets to gluster_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gluster_server_packets',`
gen_require(`
type gluster_server_packet_t;
')
allow $1 gluster_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dbskkd_port',`
gen_require(`
type dbskkd_port_t;
')
allow $1 dbskkd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dbskkd_port',`
gen_require(`
type dbskkd_port_t;
')
allow $1 dbskkd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dbskkd_port',`
gen_require(`
type dbskkd_port_t;
')
dontaudit $1 dbskkd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dbskkd_port',`
gen_require(`
type dbskkd_port_t;
')
allow $1 dbskkd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dbskkd_port',`
gen_require(`
type dbskkd_port_t;
')
dontaudit $1 dbskkd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dbskkd_port',`
corenet_udp_send_dbskkd_port($1)
corenet_udp_receive_dbskkd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dbskkd_port',`
corenet_dontaudit_udp_send_dbskkd_port($1)
corenet_dontaudit_udp_receive_dbskkd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dbskkd_port',`
gen_require(`
type dbskkd_port_t;
')
allow $1 dbskkd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dbskkd_port',`
gen_require(`
type dbskkd_port_t;
')
allow $1 dbskkd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dbskkd_port',`
gen_require(`
type dbskkd_port_t;
')
allow $1 dbskkd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dbskkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dbskkd_client_packets',`
gen_require(`
type dbskkd_client_packet_t;
')
allow $1 dbskkd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dbskkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dbskkd_client_packets',`
gen_require(`
type dbskkd_client_packet_t;
')
dontaudit $1 dbskkd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dbskkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dbskkd_client_packets',`
gen_require(`
type dbskkd_client_packet_t;
')
allow $1 dbskkd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dbskkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dbskkd_client_packets',`
gen_require(`
type dbskkd_client_packet_t;
')
dontaudit $1 dbskkd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dbskkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dbskkd_client_packets',`
corenet_send_dbskkd_client_packets($1)
corenet_receive_dbskkd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dbskkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dbskkd_client_packets',`
corenet_dontaudit_send_dbskkd_client_packets($1)
corenet_dontaudit_receive_dbskkd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dbskkd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dbskkd_client_packets',`
gen_require(`
type dbskkd_client_packet_t;
')
allow $1 dbskkd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dbskkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dbskkd_server_packets',`
gen_require(`
type dbskkd_server_packet_t;
')
allow $1 dbskkd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dbskkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dbskkd_server_packets',`
gen_require(`
type dbskkd_server_packet_t;
')
dontaudit $1 dbskkd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dbskkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dbskkd_server_packets',`
gen_require(`
type dbskkd_server_packet_t;
')
allow $1 dbskkd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dbskkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dbskkd_server_packets',`
gen_require(`
type dbskkd_server_packet_t;
')
dontaudit $1 dbskkd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dbskkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dbskkd_server_packets',`
corenet_send_dbskkd_server_packets($1)
corenet_receive_dbskkd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dbskkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dbskkd_server_packets',`
corenet_dontaudit_send_dbskkd_server_packets($1)
corenet_dontaudit_receive_dbskkd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dbskkd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dbskkd_server_packets',`
gen_require(`
type dbskkd_server_packet_t;
')
allow $1 dbskkd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dcc_port',`
gen_require(`
type dcc_port_t;
')
allow $1 dcc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dcc_port',`
gen_require(`
type dcc_port_t;
')
allow $1 dcc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dcc_port',`
gen_require(`
type dcc_port_t;
')
dontaudit $1 dcc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dcc_port',`
gen_require(`
type dcc_port_t;
')
allow $1 dcc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dcc_port',`
gen_require(`
type dcc_port_t;
')
dontaudit $1 dcc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dcc_port',`
corenet_udp_send_dcc_port($1)
corenet_udp_receive_dcc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dcc_port',`
corenet_dontaudit_udp_send_dcc_port($1)
corenet_dontaudit_udp_receive_dcc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dcc_port',`
gen_require(`
type dcc_port_t;
')
allow $1 dcc_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dcc_port',`
gen_require(`
type dcc_port_t;
')
allow $1 dcc_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dcc_port',`
gen_require(`
type dcc_port_t;
')
allow $1 dcc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dcc_client_packets',`
gen_require(`
type dcc_client_packet_t;
')
allow $1 dcc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dcc_client_packets',`
gen_require(`
type dcc_client_packet_t;
')
dontaudit $1 dcc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dcc_client_packets',`
gen_require(`
type dcc_client_packet_t;
')
allow $1 dcc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dcc_client_packets',`
gen_require(`
type dcc_client_packet_t;
')
dontaudit $1 dcc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dcc_client_packets',`
corenet_send_dcc_client_packets($1)
corenet_receive_dcc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dcc_client_packets',`
corenet_dontaudit_send_dcc_client_packets($1)
corenet_dontaudit_receive_dcc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dcc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dcc_client_packets',`
gen_require(`
type dcc_client_packet_t;
')
allow $1 dcc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dcc_server_packets',`
gen_require(`
type dcc_server_packet_t;
')
allow $1 dcc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dcc_server_packets',`
gen_require(`
type dcc_server_packet_t;
')
dontaudit $1 dcc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dcc_server_packets',`
gen_require(`
type dcc_server_packet_t;
')
allow $1 dcc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dcc_server_packets',`
gen_require(`
type dcc_server_packet_t;
')
dontaudit $1 dcc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dcc_server_packets',`
corenet_send_dcc_server_packets($1)
corenet_receive_dcc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dcc_server_packets',`
corenet_dontaudit_send_dcc_server_packets($1)
corenet_dontaudit_receive_dcc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dcc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dcc_server_packets',`
gen_require(`
type dcc_server_packet_t;
')
allow $1 dcc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dccm_port',`
gen_require(`
type dccm_port_t;
')
allow $1 dccm_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dccm_port',`
gen_require(`
type dccm_port_t;
')
allow $1 dccm_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dccm_port',`
gen_require(`
type dccm_port_t;
')
dontaudit $1 dccm_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dccm_port',`
gen_require(`
type dccm_port_t;
')
allow $1 dccm_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dccm_port',`
gen_require(`
type dccm_port_t;
')
dontaudit $1 dccm_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dccm_port',`
corenet_udp_send_dccm_port($1)
corenet_udp_receive_dccm_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dccm_port',`
corenet_dontaudit_udp_send_dccm_port($1)
corenet_dontaudit_udp_receive_dccm_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dccm_port',`
gen_require(`
type dccm_port_t;
')
allow $1 dccm_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dccm_port',`
gen_require(`
type dccm_port_t;
')
allow $1 dccm_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dccm_port',`
gen_require(`
type dccm_port_t;
')
allow $1 dccm_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dccm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dccm_client_packets',`
gen_require(`
type dccm_client_packet_t;
')
allow $1 dccm_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dccm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dccm_client_packets',`
gen_require(`
type dccm_client_packet_t;
')
dontaudit $1 dccm_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dccm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dccm_client_packets',`
gen_require(`
type dccm_client_packet_t;
')
allow $1 dccm_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dccm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dccm_client_packets',`
gen_require(`
type dccm_client_packet_t;
')
dontaudit $1 dccm_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dccm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dccm_client_packets',`
corenet_send_dccm_client_packets($1)
corenet_receive_dccm_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dccm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dccm_client_packets',`
corenet_dontaudit_send_dccm_client_packets($1)
corenet_dontaudit_receive_dccm_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dccm_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dccm_client_packets',`
gen_require(`
type dccm_client_packet_t;
')
allow $1 dccm_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dccm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dccm_server_packets',`
gen_require(`
type dccm_server_packet_t;
')
allow $1 dccm_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dccm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dccm_server_packets',`
gen_require(`
type dccm_server_packet_t;
')
dontaudit $1 dccm_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dccm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dccm_server_packets',`
gen_require(`
type dccm_server_packet_t;
')
allow $1 dccm_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dccm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dccm_server_packets',`
gen_require(`
type dccm_server_packet_t;
')
dontaudit $1 dccm_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dccm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dccm_server_packets',`
corenet_send_dccm_server_packets($1)
corenet_receive_dccm_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dccm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dccm_server_packets',`
corenet_dontaudit_send_dccm_server_packets($1)
corenet_dontaudit_receive_dccm_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dccm_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dccm_server_packets',`
gen_require(`
type dccm_server_packet_t;
')
allow $1 dccm_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dhcpc_port',`
gen_require(`
type dhcpc_port_t;
')
allow $1 dhcpc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dhcpc_port',`
gen_require(`
type dhcpc_port_t;
')
allow $1 dhcpc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dhcpc_port',`
gen_require(`
type dhcpc_port_t;
')
dontaudit $1 dhcpc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dhcpc_port',`
gen_require(`
type dhcpc_port_t;
')
allow $1 dhcpc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dhcpc_port',`
gen_require(`
type dhcpc_port_t;
')
dontaudit $1 dhcpc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dhcpc_port',`
corenet_udp_send_dhcpc_port($1)
corenet_udp_receive_dhcpc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dhcpc_port',`
corenet_dontaudit_udp_send_dhcpc_port($1)
corenet_dontaudit_udp_receive_dhcpc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dhcpc_port',`
gen_require(`
type dhcpc_port_t;
')
allow $1 dhcpc_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dhcpc_port',`
gen_require(`
type dhcpc_port_t;
')
allow $1 dhcpc_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dhcpc_port',`
gen_require(`
type dhcpc_port_t;
')
allow $1 dhcpc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dhcpc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dhcpc_client_packets',`
gen_require(`
type dhcpc_client_packet_t;
')
allow $1 dhcpc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dhcpc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dhcpc_client_packets',`
gen_require(`
type dhcpc_client_packet_t;
')
dontaudit $1 dhcpc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dhcpc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dhcpc_client_packets',`
gen_require(`
type dhcpc_client_packet_t;
')
allow $1 dhcpc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dhcpc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dhcpc_client_packets',`
gen_require(`
type dhcpc_client_packet_t;
')
dontaudit $1 dhcpc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dhcpc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dhcpc_client_packets',`
corenet_send_dhcpc_client_packets($1)
corenet_receive_dhcpc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dhcpc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dhcpc_client_packets',`
corenet_dontaudit_send_dhcpc_client_packets($1)
corenet_dontaudit_receive_dhcpc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dhcpc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dhcpc_client_packets',`
gen_require(`
type dhcpc_client_packet_t;
')
allow $1 dhcpc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dhcpc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dhcpc_server_packets',`
gen_require(`
type dhcpc_server_packet_t;
')
allow $1 dhcpc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dhcpc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dhcpc_server_packets',`
gen_require(`
type dhcpc_server_packet_t;
')
dontaudit $1 dhcpc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dhcpc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dhcpc_server_packets',`
gen_require(`
type dhcpc_server_packet_t;
')
allow $1 dhcpc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dhcpc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dhcpc_server_packets',`
gen_require(`
type dhcpc_server_packet_t;
')
dontaudit $1 dhcpc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dhcpc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dhcpc_server_packets',`
corenet_send_dhcpc_server_packets($1)
corenet_receive_dhcpc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dhcpc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dhcpc_server_packets',`
corenet_dontaudit_send_dhcpc_server_packets($1)
corenet_dontaudit_receive_dhcpc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dhcpc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dhcpc_server_packets',`
gen_require(`
type dhcpc_server_packet_t;
')
allow $1 dhcpc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dhcpd_port',`
gen_require(`
type dhcpd_port_t;
')
allow $1 dhcpd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dhcpd_port',`
gen_require(`
type dhcpd_port_t;
')
allow $1 dhcpd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dhcpd_port',`
gen_require(`
type dhcpd_port_t;
')
dontaudit $1 dhcpd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dhcpd_port',`
gen_require(`
type dhcpd_port_t;
')
allow $1 dhcpd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dhcpd_port',`
gen_require(`
type dhcpd_port_t;
')
dontaudit $1 dhcpd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dhcpd_port',`
corenet_udp_send_dhcpd_port($1)
corenet_udp_receive_dhcpd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dhcpd_port',`
corenet_dontaudit_udp_send_dhcpd_port($1)
corenet_dontaudit_udp_receive_dhcpd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dhcpd_port',`
gen_require(`
type dhcpd_port_t;
')
allow $1 dhcpd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dhcpd_port',`
gen_require(`
type dhcpd_port_t;
')
allow $1 dhcpd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dhcpd_port',`
gen_require(`
type dhcpd_port_t;
')
allow $1 dhcpd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dhcpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dhcpd_client_packets',`
gen_require(`
type dhcpd_client_packet_t;
')
allow $1 dhcpd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dhcpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dhcpd_client_packets',`
gen_require(`
type dhcpd_client_packet_t;
')
dontaudit $1 dhcpd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dhcpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dhcpd_client_packets',`
gen_require(`
type dhcpd_client_packet_t;
')
allow $1 dhcpd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dhcpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dhcpd_client_packets',`
gen_require(`
type dhcpd_client_packet_t;
')
dontaudit $1 dhcpd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dhcpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dhcpd_client_packets',`
corenet_send_dhcpd_client_packets($1)
corenet_receive_dhcpd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dhcpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dhcpd_client_packets',`
corenet_dontaudit_send_dhcpd_client_packets($1)
corenet_dontaudit_receive_dhcpd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dhcpd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dhcpd_client_packets',`
gen_require(`
type dhcpd_client_packet_t;
')
allow $1 dhcpd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dhcpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dhcpd_server_packets',`
gen_require(`
type dhcpd_server_packet_t;
')
allow $1 dhcpd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dhcpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dhcpd_server_packets',`
gen_require(`
type dhcpd_server_packet_t;
')
dontaudit $1 dhcpd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dhcpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dhcpd_server_packets',`
gen_require(`
type dhcpd_server_packet_t;
')
allow $1 dhcpd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dhcpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dhcpd_server_packets',`
gen_require(`
type dhcpd_server_packet_t;
')
dontaudit $1 dhcpd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dhcpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dhcpd_server_packets',`
corenet_send_dhcpd_server_packets($1)
corenet_receive_dhcpd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dhcpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dhcpd_server_packets',`
corenet_dontaudit_send_dhcpd_server_packets($1)
corenet_dontaudit_receive_dhcpd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dhcpd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dhcpd_server_packets',`
gen_require(`
type dhcpd_server_packet_t;
')
allow $1 dhcpd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dey_sapi_port',`
gen_require(`
type dey_sapi_port_t;
')
allow $1 dey_sapi_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dey_sapi_port',`
gen_require(`
type dey_sapi_port_t;
')
allow $1 dey_sapi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dey_sapi_port',`
gen_require(`
type dey_sapi_port_t;
')
dontaudit $1 dey_sapi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dey_sapi_port',`
gen_require(`
type dey_sapi_port_t;
')
allow $1 dey_sapi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dey_sapi_port',`
gen_require(`
type dey_sapi_port_t;
')
dontaudit $1 dey_sapi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dey_sapi_port',`
corenet_udp_send_dey_sapi_port($1)
corenet_udp_receive_dey_sapi_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dey_sapi_port',`
corenet_dontaudit_udp_send_dey_sapi_port($1)
corenet_dontaudit_udp_receive_dey_sapi_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dey_sapi_port',`
gen_require(`
type dey_sapi_port_t;
')
allow $1 dey_sapi_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dey_sapi_port',`
gen_require(`
type dey_sapi_port_t;
')
allow $1 dey_sapi_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dey_sapi_port',`
gen_require(`
type dey_sapi_port_t;
')
allow $1 dey_sapi_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dey_sapi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dey_sapi_client_packets',`
gen_require(`
type dey_sapi_client_packet_t;
')
allow $1 dey_sapi_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dey_sapi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dey_sapi_client_packets',`
gen_require(`
type dey_sapi_client_packet_t;
')
dontaudit $1 dey_sapi_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dey_sapi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dey_sapi_client_packets',`
gen_require(`
type dey_sapi_client_packet_t;
')
allow $1 dey_sapi_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dey_sapi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dey_sapi_client_packets',`
gen_require(`
type dey_sapi_client_packet_t;
')
dontaudit $1 dey_sapi_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dey_sapi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dey_sapi_client_packets',`
corenet_send_dey_sapi_client_packets($1)
corenet_receive_dey_sapi_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dey_sapi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dey_sapi_client_packets',`
corenet_dontaudit_send_dey_sapi_client_packets($1)
corenet_dontaudit_receive_dey_sapi_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dey_sapi_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dey_sapi_client_packets',`
gen_require(`
type dey_sapi_client_packet_t;
')
allow $1 dey_sapi_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dey_sapi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dey_sapi_server_packets',`
gen_require(`
type dey_sapi_server_packet_t;
')
allow $1 dey_sapi_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dey_sapi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dey_sapi_server_packets',`
gen_require(`
type dey_sapi_server_packet_t;
')
dontaudit $1 dey_sapi_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dey_sapi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dey_sapi_server_packets',`
gen_require(`
type dey_sapi_server_packet_t;
')
allow $1 dey_sapi_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dey_sapi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dey_sapi_server_packets',`
gen_require(`
type dey_sapi_server_packet_t;
')
dontaudit $1 dey_sapi_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dey_sapi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dey_sapi_server_packets',`
corenet_send_dey_sapi_server_packets($1)
corenet_receive_dey_sapi_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dey_sapi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dey_sapi_server_packets',`
corenet_dontaudit_send_dey_sapi_server_packets($1)
corenet_dontaudit_receive_dey_sapi_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dey_sapi_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dey_sapi_server_packets',`
gen_require(`
type dey_sapi_server_packet_t;
')
allow $1 dey_sapi_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dict_port',`
gen_require(`
type dict_port_t;
')
allow $1 dict_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dict_port',`
gen_require(`
type dict_port_t;
')
allow $1 dict_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dict_port',`
gen_require(`
type dict_port_t;
')
dontaudit $1 dict_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dict_port',`
gen_require(`
type dict_port_t;
')
allow $1 dict_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dict_port',`
gen_require(`
type dict_port_t;
')
dontaudit $1 dict_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dict_port',`
corenet_udp_send_dict_port($1)
corenet_udp_receive_dict_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dict_port',`
corenet_dontaudit_udp_send_dict_port($1)
corenet_dontaudit_udp_receive_dict_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dict_port',`
gen_require(`
type dict_port_t;
')
allow $1 dict_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dict_port',`
gen_require(`
type dict_port_t;
')
allow $1 dict_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dict_port',`
gen_require(`
type dict_port_t;
')
allow $1 dict_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dict_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dict_client_packets',`
gen_require(`
type dict_client_packet_t;
')
allow $1 dict_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dict_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dict_client_packets',`
gen_require(`
type dict_client_packet_t;
')
dontaudit $1 dict_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dict_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dict_client_packets',`
gen_require(`
type dict_client_packet_t;
')
allow $1 dict_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dict_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dict_client_packets',`
gen_require(`
type dict_client_packet_t;
')
dontaudit $1 dict_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dict_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dict_client_packets',`
corenet_send_dict_client_packets($1)
corenet_receive_dict_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dict_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dict_client_packets',`
corenet_dontaudit_send_dict_client_packets($1)
corenet_dontaudit_receive_dict_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dict_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dict_client_packets',`
gen_require(`
type dict_client_packet_t;
')
allow $1 dict_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dict_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dict_server_packets',`
gen_require(`
type dict_server_packet_t;
')
allow $1 dict_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dict_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dict_server_packets',`
gen_require(`
type dict_server_packet_t;
')
dontaudit $1 dict_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dict_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dict_server_packets',`
gen_require(`
type dict_server_packet_t;
')
allow $1 dict_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dict_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dict_server_packets',`
gen_require(`
type dict_server_packet_t;
')
dontaudit $1 dict_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dict_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dict_server_packets',`
corenet_send_dict_server_packets($1)
corenet_receive_dict_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dict_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dict_server_packets',`
corenet_dontaudit_send_dict_server_packets($1)
corenet_dontaudit_receive_dict_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dict_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dict_server_packets',`
gen_require(`
type dict_server_packet_t;
')
allow $1 dict_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_distccd_port',`
gen_require(`
type distccd_port_t;
')
allow $1 distccd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_distccd_port',`
gen_require(`
type distccd_port_t;
')
allow $1 distccd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_distccd_port',`
gen_require(`
type distccd_port_t;
')
dontaudit $1 distccd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_distccd_port',`
gen_require(`
type distccd_port_t;
')
allow $1 distccd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_distccd_port',`
gen_require(`
type distccd_port_t;
')
dontaudit $1 distccd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_distccd_port',`
corenet_udp_send_distccd_port($1)
corenet_udp_receive_distccd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_distccd_port',`
corenet_dontaudit_udp_send_distccd_port($1)
corenet_dontaudit_udp_receive_distccd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_distccd_port',`
gen_require(`
type distccd_port_t;
')
allow $1 distccd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_distccd_port',`
gen_require(`
type distccd_port_t;
')
allow $1 distccd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_distccd_port',`
gen_require(`
type distccd_port_t;
')
allow $1 distccd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send distccd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_distccd_client_packets',`
gen_require(`
type distccd_client_packet_t;
')
allow $1 distccd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send distccd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_distccd_client_packets',`
gen_require(`
type distccd_client_packet_t;
')
dontaudit $1 distccd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive distccd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_distccd_client_packets',`
gen_require(`
type distccd_client_packet_t;
')
allow $1 distccd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive distccd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_distccd_client_packets',`
gen_require(`
type distccd_client_packet_t;
')
dontaudit $1 distccd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive distccd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_distccd_client_packets',`
corenet_send_distccd_client_packets($1)
corenet_receive_distccd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive distccd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_distccd_client_packets',`
corenet_dontaudit_send_distccd_client_packets($1)
corenet_dontaudit_receive_distccd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to distccd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_distccd_client_packets',`
gen_require(`
type distccd_client_packet_t;
')
allow $1 distccd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send distccd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_distccd_server_packets',`
gen_require(`
type distccd_server_packet_t;
')
allow $1 distccd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send distccd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_distccd_server_packets',`
gen_require(`
type distccd_server_packet_t;
')
dontaudit $1 distccd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive distccd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_distccd_server_packets',`
gen_require(`
type distccd_server_packet_t;
')
allow $1 distccd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive distccd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_distccd_server_packets',`
gen_require(`
type distccd_server_packet_t;
')
dontaudit $1 distccd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive distccd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_distccd_server_packets',`
corenet_send_distccd_server_packets($1)
corenet_receive_distccd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive distccd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_distccd_server_packets',`
corenet_dontaudit_send_distccd_server_packets($1)
corenet_dontaudit_receive_distccd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to distccd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_distccd_server_packets',`
gen_require(`
type distccd_server_packet_t;
')
allow $1 distccd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dns_port',`
gen_require(`
type dns_port_t;
')
allow $1 dns_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dns_port',`
gen_require(`
type dns_port_t;
')
allow $1 dns_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dns_port',`
gen_require(`
type dns_port_t;
')
dontaudit $1 dns_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dns_port',`
gen_require(`
type dns_port_t;
')
allow $1 dns_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dns_port',`
gen_require(`
type dns_port_t;
')
dontaudit $1 dns_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dns_port',`
corenet_udp_send_dns_port($1)
corenet_udp_receive_dns_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dns_port',`
corenet_dontaudit_udp_send_dns_port($1)
corenet_dontaudit_udp_receive_dns_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dns_port',`
gen_require(`
type dns_port_t;
')
allow $1 dns_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dns_port',`
gen_require(`
type dns_port_t;
')
allow $1 dns_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dns_port',`
gen_require(`
type dns_port_t;
')
allow $1 dns_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dns_client_packets',`
gen_require(`
type dns_client_packet_t;
')
allow $1 dns_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dns_client_packets',`
gen_require(`
type dns_client_packet_t;
')
dontaudit $1 dns_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dns_client_packets',`
gen_require(`
type dns_client_packet_t;
')
allow $1 dns_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dns_client_packets',`
gen_require(`
type dns_client_packet_t;
')
dontaudit $1 dns_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dns_client_packets',`
corenet_send_dns_client_packets($1)
corenet_receive_dns_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dns_client_packets',`
corenet_dontaudit_send_dns_client_packets($1)
corenet_dontaudit_receive_dns_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dns_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dns_client_packets',`
gen_require(`
type dns_client_packet_t;
')
allow $1 dns_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dns_server_packets',`
gen_require(`
type dns_server_packet_t;
')
allow $1 dns_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dns_server_packets',`
gen_require(`
type dns_server_packet_t;
')
dontaudit $1 dns_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dns_server_packets',`
gen_require(`
type dns_server_packet_t;
')
allow $1 dns_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dns_server_packets',`
gen_require(`
type dns_server_packet_t;
')
dontaudit $1 dns_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dns_server_packets',`
corenet_send_dns_server_packets($1)
corenet_receive_dns_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dns_server_packets',`
corenet_dontaudit_send_dns_server_packets($1)
corenet_dontaudit_receive_dns_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dns_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dns_server_packets',`
gen_require(`
type dns_server_packet_t;
')
allow $1 dns_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dogtag_port',`
gen_require(`
type dogtag_port_t;
')
allow $1 dogtag_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dogtag_port',`
gen_require(`
type dogtag_port_t;
')
allow $1 dogtag_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dogtag_port',`
gen_require(`
type dogtag_port_t;
')
dontaudit $1 dogtag_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dogtag_port',`
gen_require(`
type dogtag_port_t;
')
allow $1 dogtag_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dogtag_port',`
gen_require(`
type dogtag_port_t;
')
dontaudit $1 dogtag_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dogtag_port',`
corenet_udp_send_dogtag_port($1)
corenet_udp_receive_dogtag_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dogtag_port',`
corenet_dontaudit_udp_send_dogtag_port($1)
corenet_dontaudit_udp_receive_dogtag_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dogtag_port',`
gen_require(`
type dogtag_port_t;
')
allow $1 dogtag_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dogtag_port',`
gen_require(`
type dogtag_port_t;
')
allow $1 dogtag_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dogtag_port',`
gen_require(`
type dogtag_port_t;
')
allow $1 dogtag_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dogtag_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dogtag_client_packets',`
gen_require(`
type dogtag_client_packet_t;
')
allow $1 dogtag_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dogtag_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dogtag_client_packets',`
gen_require(`
type dogtag_client_packet_t;
')
dontaudit $1 dogtag_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dogtag_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dogtag_client_packets',`
gen_require(`
type dogtag_client_packet_t;
')
allow $1 dogtag_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dogtag_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dogtag_client_packets',`
gen_require(`
type dogtag_client_packet_t;
')
dontaudit $1 dogtag_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dogtag_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dogtag_client_packets',`
corenet_send_dogtag_client_packets($1)
corenet_receive_dogtag_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dogtag_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dogtag_client_packets',`
corenet_dontaudit_send_dogtag_client_packets($1)
corenet_dontaudit_receive_dogtag_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dogtag_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dogtag_client_packets',`
gen_require(`
type dogtag_client_packet_t;
')
allow $1 dogtag_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dogtag_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dogtag_server_packets',`
gen_require(`
type dogtag_server_packet_t;
')
allow $1 dogtag_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dogtag_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dogtag_server_packets',`
gen_require(`
type dogtag_server_packet_t;
')
dontaudit $1 dogtag_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dogtag_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dogtag_server_packets',`
gen_require(`
type dogtag_server_packet_t;
')
allow $1 dogtag_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dogtag_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dogtag_server_packets',`
gen_require(`
type dogtag_server_packet_t;
')
dontaudit $1 dogtag_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dogtag_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dogtag_server_packets',`
corenet_send_dogtag_server_packets($1)
corenet_receive_dogtag_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dogtag_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dogtag_server_packets',`
corenet_dontaudit_send_dogtag_server_packets($1)
corenet_dontaudit_receive_dogtag_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dogtag_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dogtag_server_packets',`
gen_require(`
type dogtag_server_packet_t;
')
allow $1 dogtag_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dspam port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dspam_port',`
gen_require(`
type dspam_port_t;
')
allow $1 dspam_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dspam port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dspam_port',`
gen_require(`
type dspam_port_t;
')
allow $1 dspam_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dspam port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dspam_port',`
gen_require(`
type dspam_port_t;
')
dontaudit $1 dspam_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dspam port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dspam_port',`
gen_require(`
type dspam_port_t;
')
allow $1 dspam_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dspam port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dspam_port',`
gen_require(`
type dspam_port_t;
')
dontaudit $1 dspam_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dspam port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dspam_port',`
corenet_udp_send_dspam_port($1)
corenet_udp_receive_dspam_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dspam port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dspam_port',`
corenet_dontaudit_udp_send_dspam_port($1)
corenet_dontaudit_udp_receive_dspam_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dspam port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dspam_port',`
gen_require(`
type dspam_port_t;
')
allow $1 dspam_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the dspam port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dspam_port',`
gen_require(`
type dspam_port_t;
')
allow $1 dspam_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the dspam port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dspam_port',`
gen_require(`
type dspam_port_t;
')
allow $1 dspam_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dspam_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dspam_client_packets',`
gen_require(`
type dspam_client_packet_t;
')
allow $1 dspam_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dspam_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dspam_client_packets',`
gen_require(`
type dspam_client_packet_t;
')
dontaudit $1 dspam_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dspam_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dspam_client_packets',`
gen_require(`
type dspam_client_packet_t;
')
allow $1 dspam_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dspam_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dspam_client_packets',`
gen_require(`
type dspam_client_packet_t;
')
dontaudit $1 dspam_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dspam_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dspam_client_packets',`
corenet_send_dspam_client_packets($1)
corenet_receive_dspam_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dspam_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dspam_client_packets',`
corenet_dontaudit_send_dspam_client_packets($1)
corenet_dontaudit_receive_dspam_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dspam_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dspam_client_packets',`
gen_require(`
type dspam_client_packet_t;
')
allow $1 dspam_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dspam_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dspam_server_packets',`
gen_require(`
type dspam_server_packet_t;
')
allow $1 dspam_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dspam_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dspam_server_packets',`
gen_require(`
type dspam_server_packet_t;
')
dontaudit $1 dspam_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dspam_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dspam_server_packets',`
gen_require(`
type dspam_server_packet_t;
')
allow $1 dspam_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dspam_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dspam_server_packets',`
gen_require(`
type dspam_server_packet_t;
')
dontaudit $1 dspam_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dspam_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dspam_server_packets',`
corenet_send_dspam_server_packets($1)
corenet_receive_dspam_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dspam_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dspam_server_packets',`
corenet_dontaudit_send_dspam_server_packets($1)
corenet_dontaudit_receive_dspam_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dspam_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dspam_server_packets',`
gen_require(`
type dspam_server_packet_t;
')
allow $1 dspam_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_epmap_port',`
gen_require(`
type epmap_port_t;
')
allow $1 epmap_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_epmap_port',`
gen_require(`
type epmap_port_t;
')
allow $1 epmap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_epmap_port',`
gen_require(`
type epmap_port_t;
')
dontaudit $1 epmap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_epmap_port',`
gen_require(`
type epmap_port_t;
')
allow $1 epmap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_epmap_port',`
gen_require(`
type epmap_port_t;
')
dontaudit $1 epmap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_epmap_port',`
corenet_udp_send_epmap_port($1)
corenet_udp_receive_epmap_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_epmap_port',`
corenet_dontaudit_udp_send_epmap_port($1)
corenet_dontaudit_udp_receive_epmap_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_epmap_port',`
gen_require(`
type epmap_port_t;
')
allow $1 epmap_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_epmap_port',`
gen_require(`
type epmap_port_t;
')
allow $1 epmap_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_epmap_port',`
gen_require(`
type epmap_port_t;
')
allow $1 epmap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send epmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_epmap_client_packets',`
gen_require(`
type epmap_client_packet_t;
')
allow $1 epmap_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send epmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_epmap_client_packets',`
gen_require(`
type epmap_client_packet_t;
')
dontaudit $1 epmap_client_packet_t:packet send;
')
########################################
## <summary>
## Receive epmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_epmap_client_packets',`
gen_require(`
type epmap_client_packet_t;
')
allow $1 epmap_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive epmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_epmap_client_packets',`
gen_require(`
type epmap_client_packet_t;
')
dontaudit $1 epmap_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive epmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_epmap_client_packets',`
corenet_send_epmap_client_packets($1)
corenet_receive_epmap_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive epmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_epmap_client_packets',`
corenet_dontaudit_send_epmap_client_packets($1)
corenet_dontaudit_receive_epmap_client_packets($1)
')
########################################
## <summary>
## Relabel packets to epmap_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_epmap_client_packets',`
gen_require(`
type epmap_client_packet_t;
')
allow $1 epmap_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send epmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_epmap_server_packets',`
gen_require(`
type epmap_server_packet_t;
')
allow $1 epmap_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send epmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_epmap_server_packets',`
gen_require(`
type epmap_server_packet_t;
')
dontaudit $1 epmap_server_packet_t:packet send;
')
########################################
## <summary>
## Receive epmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_epmap_server_packets',`
gen_require(`
type epmap_server_packet_t;
')
allow $1 epmap_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive epmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_epmap_server_packets',`
gen_require(`
type epmap_server_packet_t;
')
dontaudit $1 epmap_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive epmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_epmap_server_packets',`
corenet_send_epmap_server_packets($1)
corenet_receive_epmap_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive epmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_epmap_server_packets',`
corenet_dontaudit_send_epmap_server_packets($1)
corenet_dontaudit_receive_epmap_server_packets($1)
')
########################################
## <summary>
## Relabel packets to epmap_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_epmap_server_packets',`
gen_require(`
type epmap_server_packet_t;
')
allow $1 epmap_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the festival port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_festival_port',`
gen_require(`
type festival_port_t;
')
allow $1 festival_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the festival port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_festival_port',`
gen_require(`
type festival_port_t;
')
allow $1 festival_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the festival port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_festival_port',`
gen_require(`
type festival_port_t;
')
dontaudit $1 festival_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the festival port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_festival_port',`
gen_require(`
type festival_port_t;
')
allow $1 festival_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the festival port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_festival_port',`
gen_require(`
type festival_port_t;
')
dontaudit $1 festival_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the festival port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_festival_port',`
corenet_udp_send_festival_port($1)
corenet_udp_receive_festival_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the festival port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_festival_port',`
corenet_dontaudit_udp_send_festival_port($1)
corenet_dontaudit_udp_receive_festival_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the festival port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_festival_port',`
gen_require(`
type festival_port_t;
')
allow $1 festival_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the festival port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_festival_port',`
gen_require(`
type festival_port_t;
')
allow $1 festival_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the festival port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_festival_port',`
gen_require(`
type festival_port_t;
')
allow $1 festival_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send festival_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_festival_client_packets',`
gen_require(`
type festival_client_packet_t;
')
allow $1 festival_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send festival_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_festival_client_packets',`
gen_require(`
type festival_client_packet_t;
')
dontaudit $1 festival_client_packet_t:packet send;
')
########################################
## <summary>
## Receive festival_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_festival_client_packets',`
gen_require(`
type festival_client_packet_t;
')
allow $1 festival_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive festival_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_festival_client_packets',`
gen_require(`
type festival_client_packet_t;
')
dontaudit $1 festival_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive festival_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_festival_client_packets',`
corenet_send_festival_client_packets($1)
corenet_receive_festival_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive festival_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_festival_client_packets',`
corenet_dontaudit_send_festival_client_packets($1)
corenet_dontaudit_receive_festival_client_packets($1)
')
########################################
## <summary>
## Relabel packets to festival_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_festival_client_packets',`
gen_require(`
type festival_client_packet_t;
')
allow $1 festival_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send festival_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_festival_server_packets',`
gen_require(`
type festival_server_packet_t;
')
allow $1 festival_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send festival_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_festival_server_packets',`
gen_require(`
type festival_server_packet_t;
')
dontaudit $1 festival_server_packet_t:packet send;
')
########################################
## <summary>
## Receive festival_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_festival_server_packets',`
gen_require(`
type festival_server_packet_t;
')
allow $1 festival_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive festival_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_festival_server_packets',`
gen_require(`
type festival_server_packet_t;
')
dontaudit $1 festival_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive festival_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_festival_server_packets',`
corenet_send_festival_server_packets($1)
corenet_receive_festival_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive festival_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_festival_server_packets',`
corenet_dontaudit_send_festival_server_packets($1)
corenet_dontaudit_receive_festival_server_packets($1)
')
########################################
## <summary>
## Relabel packets to festival_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_festival_server_packets',`
gen_require(`
type festival_server_packet_t;
')
allow $1 festival_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_fingerd_port',`
gen_require(`
type fingerd_port_t;
')
allow $1 fingerd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_fingerd_port',`
gen_require(`
type fingerd_port_t;
')
allow $1 fingerd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_fingerd_port',`
gen_require(`
type fingerd_port_t;
')
dontaudit $1 fingerd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_fingerd_port',`
gen_require(`
type fingerd_port_t;
')
allow $1 fingerd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_fingerd_port',`
gen_require(`
type fingerd_port_t;
')
dontaudit $1 fingerd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_fingerd_port',`
corenet_udp_send_fingerd_port($1)
corenet_udp_receive_fingerd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_fingerd_port',`
corenet_dontaudit_udp_send_fingerd_port($1)
corenet_dontaudit_udp_receive_fingerd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_fingerd_port',`
gen_require(`
type fingerd_port_t;
')
allow $1 fingerd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_fingerd_port',`
gen_require(`
type fingerd_port_t;
')
allow $1 fingerd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_fingerd_port',`
gen_require(`
type fingerd_port_t;
')
allow $1 fingerd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send fingerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_fingerd_client_packets',`
gen_require(`
type fingerd_client_packet_t;
')
allow $1 fingerd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send fingerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_fingerd_client_packets',`
gen_require(`
type fingerd_client_packet_t;
')
dontaudit $1 fingerd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive fingerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_fingerd_client_packets',`
gen_require(`
type fingerd_client_packet_t;
')
allow $1 fingerd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive fingerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_fingerd_client_packets',`
gen_require(`
type fingerd_client_packet_t;
')
dontaudit $1 fingerd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive fingerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_fingerd_client_packets',`
corenet_send_fingerd_client_packets($1)
corenet_receive_fingerd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive fingerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_fingerd_client_packets',`
corenet_dontaudit_send_fingerd_client_packets($1)
corenet_dontaudit_receive_fingerd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to fingerd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_fingerd_client_packets',`
gen_require(`
type fingerd_client_packet_t;
')
allow $1 fingerd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send fingerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_fingerd_server_packets',`
gen_require(`
type fingerd_server_packet_t;
')
allow $1 fingerd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send fingerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_fingerd_server_packets',`
gen_require(`
type fingerd_server_packet_t;
')
dontaudit $1 fingerd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive fingerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_fingerd_server_packets',`
gen_require(`
type fingerd_server_packet_t;
')
allow $1 fingerd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive fingerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_fingerd_server_packets',`
gen_require(`
type fingerd_server_packet_t;
')
dontaudit $1 fingerd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive fingerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_fingerd_server_packets',`
corenet_send_fingerd_server_packets($1)
corenet_receive_fingerd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive fingerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_fingerd_server_packets',`
corenet_dontaudit_send_fingerd_server_packets($1)
corenet_dontaudit_receive_fingerd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to fingerd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_fingerd_server_packets',`
gen_require(`
type fingerd_server_packet_t;
')
allow $1 fingerd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_flash_port',`
gen_require(`
type flash_port_t;
')
allow $1 flash_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_flash_port',`
gen_require(`
type flash_port_t;
')
allow $1 flash_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_flash_port',`
gen_require(`
type flash_port_t;
')
dontaudit $1 flash_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_flash_port',`
gen_require(`
type flash_port_t;
')
allow $1 flash_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_flash_port',`
gen_require(`
type flash_port_t;
')
dontaudit $1 flash_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_flash_port',`
corenet_udp_send_flash_port($1)
corenet_udp_receive_flash_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_flash_port',`
corenet_dontaudit_udp_send_flash_port($1)
corenet_dontaudit_udp_receive_flash_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_flash_port',`
gen_require(`
type flash_port_t;
')
allow $1 flash_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_flash_port',`
gen_require(`
type flash_port_t;
')
allow $1 flash_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_flash_port',`
gen_require(`
type flash_port_t;
')
allow $1 flash_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send flash_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_flash_client_packets',`
gen_require(`
type flash_client_packet_t;
')
allow $1 flash_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send flash_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_flash_client_packets',`
gen_require(`
type flash_client_packet_t;
')
dontaudit $1 flash_client_packet_t:packet send;
')
########################################
## <summary>
## Receive flash_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_flash_client_packets',`
gen_require(`
type flash_client_packet_t;
')
allow $1 flash_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive flash_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_flash_client_packets',`
gen_require(`
type flash_client_packet_t;
')
dontaudit $1 flash_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive flash_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_flash_client_packets',`
corenet_send_flash_client_packets($1)
corenet_receive_flash_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive flash_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_flash_client_packets',`
corenet_dontaudit_send_flash_client_packets($1)
corenet_dontaudit_receive_flash_client_packets($1)
')
########################################
## <summary>
## Relabel packets to flash_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_flash_client_packets',`
gen_require(`
type flash_client_packet_t;
')
allow $1 flash_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send flash_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_flash_server_packets',`
gen_require(`
type flash_server_packet_t;
')
allow $1 flash_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send flash_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_flash_server_packets',`
gen_require(`
type flash_server_packet_t;
')
dontaudit $1 flash_server_packet_t:packet send;
')
########################################
## <summary>
## Receive flash_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_flash_server_packets',`
gen_require(`
type flash_server_packet_t;
')
allow $1 flash_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive flash_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_flash_server_packets',`
gen_require(`
type flash_server_packet_t;
')
dontaudit $1 flash_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive flash_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_flash_server_packets',`
corenet_send_flash_server_packets($1)
corenet_receive_flash_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive flash_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_flash_server_packets',`
corenet_dontaudit_send_flash_server_packets($1)
corenet_dontaudit_receive_flash_server_packets($1)
')
########################################
## <summary>
## Relabel packets to flash_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_flash_server_packets',`
gen_require(`
type flash_server_packet_t;
')
allow $1 flash_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the florence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_florence_port',`
gen_require(`
type florence_port_t;
')
allow $1 florence_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the florence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_florence_port',`
gen_require(`
type florence_port_t;
')
allow $1 florence_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the florence port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_florence_port',`
gen_require(`
type florence_port_t;
')
dontaudit $1 florence_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the florence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_florence_port',`
gen_require(`
type florence_port_t;
')
allow $1 florence_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the florence port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_florence_port',`
gen_require(`
type florence_port_t;
')
dontaudit $1 florence_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the florence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_florence_port',`
corenet_udp_send_florence_port($1)
corenet_udp_receive_florence_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the florence port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_florence_port',`
corenet_dontaudit_udp_send_florence_port($1)
corenet_dontaudit_udp_receive_florence_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the florence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_florence_port',`
gen_require(`
type florence_port_t;
')
allow $1 florence_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the florence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_florence_port',`
gen_require(`
type florence_port_t;
')
allow $1 florence_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the florence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_florence_port',`
gen_require(`
type florence_port_t;
')
allow $1 florence_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send florence_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_florence_client_packets',`
gen_require(`
type florence_client_packet_t;
')
allow $1 florence_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send florence_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_florence_client_packets',`
gen_require(`
type florence_client_packet_t;
')
dontaudit $1 florence_client_packet_t:packet send;
')
########################################
## <summary>
## Receive florence_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_florence_client_packets',`
gen_require(`
type florence_client_packet_t;
')
allow $1 florence_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive florence_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_florence_client_packets',`
gen_require(`
type florence_client_packet_t;
')
dontaudit $1 florence_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive florence_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_florence_client_packets',`
corenet_send_florence_client_packets($1)
corenet_receive_florence_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive florence_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_florence_client_packets',`
corenet_dontaudit_send_florence_client_packets($1)
corenet_dontaudit_receive_florence_client_packets($1)
')
########################################
## <summary>
## Relabel packets to florence_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_florence_client_packets',`
gen_require(`
type florence_client_packet_t;
')
allow $1 florence_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send florence_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_florence_server_packets',`
gen_require(`
type florence_server_packet_t;
')
allow $1 florence_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send florence_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_florence_server_packets',`
gen_require(`
type florence_server_packet_t;
')
dontaudit $1 florence_server_packet_t:packet send;
')
########################################
## <summary>
## Receive florence_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_florence_server_packets',`
gen_require(`
type florence_server_packet_t;
')
allow $1 florence_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive florence_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_florence_server_packets',`
gen_require(`
type florence_server_packet_t;
')
dontaudit $1 florence_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive florence_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_florence_server_packets',`
corenet_send_florence_server_packets($1)
corenet_receive_florence_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive florence_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_florence_server_packets',`
corenet_dontaudit_send_florence_server_packets($1)
corenet_dontaudit_receive_florence_server_packets($1)
')
########################################
## <summary>
## Relabel packets to florence_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_florence_server_packets',`
gen_require(`
type florence_server_packet_t;
')
allow $1 florence_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_freeipmi_port',`
gen_require(`
type freeipmi_port_t;
')
allow $1 freeipmi_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_freeipmi_port',`
gen_require(`
type freeipmi_port_t;
')
allow $1 freeipmi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_freeipmi_port',`
gen_require(`
type freeipmi_port_t;
')
dontaudit $1 freeipmi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_freeipmi_port',`
gen_require(`
type freeipmi_port_t;
')
allow $1 freeipmi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_freeipmi_port',`
gen_require(`
type freeipmi_port_t;
')
dontaudit $1 freeipmi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_freeipmi_port',`
corenet_udp_send_freeipmi_port($1)
corenet_udp_receive_freeipmi_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_freeipmi_port',`
corenet_dontaudit_udp_send_freeipmi_port($1)
corenet_dontaudit_udp_receive_freeipmi_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_freeipmi_port',`
gen_require(`
type freeipmi_port_t;
')
allow $1 freeipmi_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_freeipmi_port',`
gen_require(`
type freeipmi_port_t;
')
allow $1 freeipmi_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_freeipmi_port',`
gen_require(`
type freeipmi_port_t;
')
allow $1 freeipmi_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send freeipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_freeipmi_client_packets',`
gen_require(`
type freeipmi_client_packet_t;
')
allow $1 freeipmi_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send freeipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_freeipmi_client_packets',`
gen_require(`
type freeipmi_client_packet_t;
')
dontaudit $1 freeipmi_client_packet_t:packet send;
')
########################################
## <summary>
## Receive freeipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_freeipmi_client_packets',`
gen_require(`
type freeipmi_client_packet_t;
')
allow $1 freeipmi_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive freeipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_freeipmi_client_packets',`
gen_require(`
type freeipmi_client_packet_t;
')
dontaudit $1 freeipmi_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive freeipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_freeipmi_client_packets',`
corenet_send_freeipmi_client_packets($1)
corenet_receive_freeipmi_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive freeipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_freeipmi_client_packets',`
corenet_dontaudit_send_freeipmi_client_packets($1)
corenet_dontaudit_receive_freeipmi_client_packets($1)
')
########################################
## <summary>
## Relabel packets to freeipmi_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_freeipmi_client_packets',`
gen_require(`
type freeipmi_client_packet_t;
')
allow $1 freeipmi_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send freeipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_freeipmi_server_packets',`
gen_require(`
type freeipmi_server_packet_t;
')
allow $1 freeipmi_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send freeipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_freeipmi_server_packets',`
gen_require(`
type freeipmi_server_packet_t;
')
dontaudit $1 freeipmi_server_packet_t:packet send;
')
########################################
## <summary>
## Receive freeipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_freeipmi_server_packets',`
gen_require(`
type freeipmi_server_packet_t;
')
allow $1 freeipmi_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive freeipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_freeipmi_server_packets',`
gen_require(`
type freeipmi_server_packet_t;
')
dontaudit $1 freeipmi_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive freeipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_freeipmi_server_packets',`
corenet_send_freeipmi_server_packets($1)
corenet_receive_freeipmi_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive freeipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_freeipmi_server_packets',`
corenet_dontaudit_send_freeipmi_server_packets($1)
corenet_dontaudit_receive_freeipmi_server_packets($1)
')
########################################
## <summary>
## Relabel packets to freeipmi_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_freeipmi_server_packets',`
gen_require(`
type freeipmi_server_packet_t;
')
allow $1 freeipmi_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ftp_port',`
gen_require(`
type ftp_port_t;
')
allow $1 ftp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ftp_port',`
gen_require(`
type ftp_port_t;
')
allow $1 ftp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ftp_port',`
gen_require(`
type ftp_port_t;
')
dontaudit $1 ftp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ftp_port',`
gen_require(`
type ftp_port_t;
')
allow $1 ftp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ftp_port',`
gen_require(`
type ftp_port_t;
')
dontaudit $1 ftp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ftp_port',`
corenet_udp_send_ftp_port($1)
corenet_udp_receive_ftp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ftp_port',`
corenet_dontaudit_udp_send_ftp_port($1)
corenet_dontaudit_udp_receive_ftp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ftp_port',`
gen_require(`
type ftp_port_t;
')
allow $1 ftp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ftp_port',`
gen_require(`
type ftp_port_t;
')
allow $1 ftp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ftp_port',`
gen_require(`
type ftp_port_t;
')
allow $1 ftp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ftp_client_packets',`
gen_require(`
type ftp_client_packet_t;
')
allow $1 ftp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ftp_client_packets',`
gen_require(`
type ftp_client_packet_t;
')
dontaudit $1 ftp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ftp_client_packets',`
gen_require(`
type ftp_client_packet_t;
')
allow $1 ftp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ftp_client_packets',`
gen_require(`
type ftp_client_packet_t;
')
dontaudit $1 ftp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ftp_client_packets',`
corenet_send_ftp_client_packets($1)
corenet_receive_ftp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ftp_client_packets',`
corenet_dontaudit_send_ftp_client_packets($1)
corenet_dontaudit_receive_ftp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ftp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ftp_client_packets',`
gen_require(`
type ftp_client_packet_t;
')
allow $1 ftp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ftp_server_packets',`
gen_require(`
type ftp_server_packet_t;
')
allow $1 ftp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ftp_server_packets',`
gen_require(`
type ftp_server_packet_t;
')
dontaudit $1 ftp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ftp_server_packets',`
gen_require(`
type ftp_server_packet_t;
')
allow $1 ftp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ftp_server_packets',`
gen_require(`
type ftp_server_packet_t;
')
dontaudit $1 ftp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ftp_server_packets',`
corenet_send_ftp_server_packets($1)
corenet_receive_ftp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ftp_server_packets',`
corenet_dontaudit_send_ftp_server_packets($1)
corenet_dontaudit_receive_ftp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ftp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ftp_server_packets',`
gen_require(`
type ftp_server_packet_t;
')
allow $1 ftp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ftp_data_port',`
gen_require(`
type ftp_data_port_t;
')
allow $1 ftp_data_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ftp_data_port',`
gen_require(`
type ftp_data_port_t;
')
allow $1 ftp_data_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ftp_data_port',`
gen_require(`
type ftp_data_port_t;
')
dontaudit $1 ftp_data_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ftp_data_port',`
gen_require(`
type ftp_data_port_t;
')
allow $1 ftp_data_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ftp_data_port',`
gen_require(`
type ftp_data_port_t;
')
dontaudit $1 ftp_data_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ftp_data_port',`
corenet_udp_send_ftp_data_port($1)
corenet_udp_receive_ftp_data_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ftp_data_port',`
corenet_dontaudit_udp_send_ftp_data_port($1)
corenet_dontaudit_udp_receive_ftp_data_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ftp_data_port',`
gen_require(`
type ftp_data_port_t;
')
allow $1 ftp_data_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ftp_data_port',`
gen_require(`
type ftp_data_port_t;
')
allow $1 ftp_data_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ftp_data_port',`
gen_require(`
type ftp_data_port_t;
')
allow $1 ftp_data_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ftp_data_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ftp_data_client_packets',`
gen_require(`
type ftp_data_client_packet_t;
')
allow $1 ftp_data_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ftp_data_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ftp_data_client_packets',`
gen_require(`
type ftp_data_client_packet_t;
')
dontaudit $1 ftp_data_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ftp_data_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ftp_data_client_packets',`
gen_require(`
type ftp_data_client_packet_t;
')
allow $1 ftp_data_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ftp_data_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ftp_data_client_packets',`
gen_require(`
type ftp_data_client_packet_t;
')
dontaudit $1 ftp_data_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ftp_data_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ftp_data_client_packets',`
corenet_send_ftp_data_client_packets($1)
corenet_receive_ftp_data_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ftp_data_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ftp_data_client_packets',`
corenet_dontaudit_send_ftp_data_client_packets($1)
corenet_dontaudit_receive_ftp_data_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ftp_data_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ftp_data_client_packets',`
gen_require(`
type ftp_data_client_packet_t;
')
allow $1 ftp_data_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ftp_data_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ftp_data_server_packets',`
gen_require(`
type ftp_data_server_packet_t;
')
allow $1 ftp_data_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ftp_data_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ftp_data_server_packets',`
gen_require(`
type ftp_data_server_packet_t;
')
dontaudit $1 ftp_data_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ftp_data_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ftp_data_server_packets',`
gen_require(`
type ftp_data_server_packet_t;
')
allow $1 ftp_data_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ftp_data_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ftp_data_server_packets',`
gen_require(`
type ftp_data_server_packet_t;
')
dontaudit $1 ftp_data_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ftp_data_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ftp_data_server_packets',`
corenet_send_ftp_data_server_packets($1)
corenet_receive_ftp_data_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ftp_data_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ftp_data_server_packets',`
corenet_dontaudit_send_ftp_data_server_packets($1)
corenet_dontaudit_receive_ftp_data_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ftp_data_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ftp_data_server_packets',`
gen_require(`
type ftp_data_server_packet_t;
')
allow $1 ftp_data_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_gatekeeper_port',`
gen_require(`
type gatekeeper_port_t;
')
allow $1 gatekeeper_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_gatekeeper_port',`
gen_require(`
type gatekeeper_port_t;
')
allow $1 gatekeeper_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_gatekeeper_port',`
gen_require(`
type gatekeeper_port_t;
')
dontaudit $1 gatekeeper_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_gatekeeper_port',`
gen_require(`
type gatekeeper_port_t;
')
allow $1 gatekeeper_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_gatekeeper_port',`
gen_require(`
type gatekeeper_port_t;
')
dontaudit $1 gatekeeper_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_gatekeeper_port',`
corenet_udp_send_gatekeeper_port($1)
corenet_udp_receive_gatekeeper_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_gatekeeper_port',`
corenet_dontaudit_udp_send_gatekeeper_port($1)
corenet_dontaudit_udp_receive_gatekeeper_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_gatekeeper_port',`
gen_require(`
type gatekeeper_port_t;
')
allow $1 gatekeeper_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_gatekeeper_port',`
gen_require(`
type gatekeeper_port_t;
')
allow $1 gatekeeper_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_gatekeeper_port',`
gen_require(`
type gatekeeper_port_t;
')
allow $1 gatekeeper_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send gatekeeper_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gatekeeper_client_packets',`
gen_require(`
type gatekeeper_client_packet_t;
')
allow $1 gatekeeper_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gatekeeper_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gatekeeper_client_packets',`
gen_require(`
type gatekeeper_client_packet_t;
')
dontaudit $1 gatekeeper_client_packet_t:packet send;
')
########################################
## <summary>
## Receive gatekeeper_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gatekeeper_client_packets',`
gen_require(`
type gatekeeper_client_packet_t;
')
allow $1 gatekeeper_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gatekeeper_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gatekeeper_client_packets',`
gen_require(`
type gatekeeper_client_packet_t;
')
dontaudit $1 gatekeeper_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gatekeeper_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gatekeeper_client_packets',`
corenet_send_gatekeeper_client_packets($1)
corenet_receive_gatekeeper_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gatekeeper_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gatekeeper_client_packets',`
corenet_dontaudit_send_gatekeeper_client_packets($1)
corenet_dontaudit_receive_gatekeeper_client_packets($1)
')
########################################
## <summary>
## Relabel packets to gatekeeper_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gatekeeper_client_packets',`
gen_require(`
type gatekeeper_client_packet_t;
')
allow $1 gatekeeper_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send gatekeeper_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gatekeeper_server_packets',`
gen_require(`
type gatekeeper_server_packet_t;
')
allow $1 gatekeeper_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gatekeeper_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gatekeeper_server_packets',`
gen_require(`
type gatekeeper_server_packet_t;
')
dontaudit $1 gatekeeper_server_packet_t:packet send;
')
########################################
## <summary>
## Receive gatekeeper_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gatekeeper_server_packets',`
gen_require(`
type gatekeeper_server_packet_t;
')
allow $1 gatekeeper_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gatekeeper_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gatekeeper_server_packets',`
gen_require(`
type gatekeeper_server_packet_t;
')
dontaudit $1 gatekeeper_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gatekeeper_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gatekeeper_server_packets',`
corenet_send_gatekeeper_server_packets($1)
corenet_receive_gatekeeper_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gatekeeper_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gatekeeper_server_packets',`
corenet_dontaudit_send_gatekeeper_server_packets($1)
corenet_dontaudit_receive_gatekeeper_server_packets($1)
')
########################################
## <summary>
## Relabel packets to gatekeeper_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gatekeeper_server_packets',`
gen_require(`
type gatekeeper_server_packet_t;
')
allow $1 gatekeeper_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_giftd_port',`
gen_require(`
type giftd_port_t;
')
allow $1 giftd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_giftd_port',`
gen_require(`
type giftd_port_t;
')
allow $1 giftd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_giftd_port',`
gen_require(`
type giftd_port_t;
')
dontaudit $1 giftd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_giftd_port',`
gen_require(`
type giftd_port_t;
')
allow $1 giftd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_giftd_port',`
gen_require(`
type giftd_port_t;
')
dontaudit $1 giftd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_giftd_port',`
corenet_udp_send_giftd_port($1)
corenet_udp_receive_giftd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_giftd_port',`
corenet_dontaudit_udp_send_giftd_port($1)
corenet_dontaudit_udp_receive_giftd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_giftd_port',`
gen_require(`
type giftd_port_t;
')
allow $1 giftd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_giftd_port',`
gen_require(`
type giftd_port_t;
')
allow $1 giftd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_giftd_port',`
gen_require(`
type giftd_port_t;
')
allow $1 giftd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send giftd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_giftd_client_packets',`
gen_require(`
type giftd_client_packet_t;
')
allow $1 giftd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send giftd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_giftd_client_packets',`
gen_require(`
type giftd_client_packet_t;
')
dontaudit $1 giftd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive giftd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_giftd_client_packets',`
gen_require(`
type giftd_client_packet_t;
')
allow $1 giftd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive giftd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_giftd_client_packets',`
gen_require(`
type giftd_client_packet_t;
')
dontaudit $1 giftd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive giftd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_giftd_client_packets',`
corenet_send_giftd_client_packets($1)
corenet_receive_giftd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive giftd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_giftd_client_packets',`
corenet_dontaudit_send_giftd_client_packets($1)
corenet_dontaudit_receive_giftd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to giftd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_giftd_client_packets',`
gen_require(`
type giftd_client_packet_t;
')
allow $1 giftd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send giftd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_giftd_server_packets',`
gen_require(`
type giftd_server_packet_t;
')
allow $1 giftd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send giftd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_giftd_server_packets',`
gen_require(`
type giftd_server_packet_t;
')
dontaudit $1 giftd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive giftd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_giftd_server_packets',`
gen_require(`
type giftd_server_packet_t;
')
allow $1 giftd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive giftd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_giftd_server_packets',`
gen_require(`
type giftd_server_packet_t;
')
dontaudit $1 giftd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive giftd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_giftd_server_packets',`
corenet_send_giftd_server_packets($1)
corenet_receive_giftd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive giftd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_giftd_server_packets',`
corenet_dontaudit_send_giftd_server_packets($1)
corenet_dontaudit_receive_giftd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to giftd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_giftd_server_packets',`
gen_require(`
type giftd_server_packet_t;
')
allow $1 giftd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_git_port',`
gen_require(`
type git_port_t;
')
allow $1 git_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_git_port',`
gen_require(`
type git_port_t;
')
allow $1 git_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_git_port',`
gen_require(`
type git_port_t;
')
dontaudit $1 git_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_git_port',`
gen_require(`
type git_port_t;
')
allow $1 git_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_git_port',`
gen_require(`
type git_port_t;
')
dontaudit $1 git_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_git_port',`
corenet_udp_send_git_port($1)
corenet_udp_receive_git_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_git_port',`
corenet_dontaudit_udp_send_git_port($1)
corenet_dontaudit_udp_receive_git_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_git_port',`
gen_require(`
type git_port_t;
')
allow $1 git_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_git_port',`
gen_require(`
type git_port_t;
')
allow $1 git_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_git_port',`
gen_require(`
type git_port_t;
')
allow $1 git_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send git_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_git_client_packets',`
gen_require(`
type git_client_packet_t;
')
allow $1 git_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send git_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_git_client_packets',`
gen_require(`
type git_client_packet_t;
')
dontaudit $1 git_client_packet_t:packet send;
')
########################################
## <summary>
## Receive git_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_git_client_packets',`
gen_require(`
type git_client_packet_t;
')
allow $1 git_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive git_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_git_client_packets',`
gen_require(`
type git_client_packet_t;
')
dontaudit $1 git_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive git_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_git_client_packets',`
corenet_send_git_client_packets($1)
corenet_receive_git_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive git_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_git_client_packets',`
corenet_dontaudit_send_git_client_packets($1)
corenet_dontaudit_receive_git_client_packets($1)
')
########################################
## <summary>
## Relabel packets to git_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_git_client_packets',`
gen_require(`
type git_client_packet_t;
')
allow $1 git_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send git_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_git_server_packets',`
gen_require(`
type git_server_packet_t;
')
allow $1 git_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send git_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_git_server_packets',`
gen_require(`
type git_server_packet_t;
')
dontaudit $1 git_server_packet_t:packet send;
')
########################################
## <summary>
## Receive git_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_git_server_packets',`
gen_require(`
type git_server_packet_t;
')
allow $1 git_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive git_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_git_server_packets',`
gen_require(`
type git_server_packet_t;
')
dontaudit $1 git_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive git_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_git_server_packets',`
corenet_send_git_server_packets($1)
corenet_receive_git_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive git_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_git_server_packets',`
corenet_dontaudit_send_git_server_packets($1)
corenet_dontaudit_receive_git_server_packets($1)
')
########################################
## <summary>
## Relabel packets to git_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_git_server_packets',`
gen_require(`
type git_server_packet_t;
')
allow $1 git_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_glance_port',`
gen_require(`
type glance_port_t;
')
allow $1 glance_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_glance_port',`
gen_require(`
type glance_port_t;
')
allow $1 glance_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_glance_port',`
gen_require(`
type glance_port_t;
')
dontaudit $1 glance_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_glance_port',`
gen_require(`
type glance_port_t;
')
allow $1 glance_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_glance_port',`
gen_require(`
type glance_port_t;
')
dontaudit $1 glance_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_glance_port',`
corenet_udp_send_glance_port($1)
corenet_udp_receive_glance_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_glance_port',`
corenet_dontaudit_udp_send_glance_port($1)
corenet_dontaudit_udp_receive_glance_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_glance_port',`
gen_require(`
type glance_port_t;
')
allow $1 glance_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_glance_port',`
gen_require(`
type glance_port_t;
')
allow $1 glance_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_glance_port',`
gen_require(`
type glance_port_t;
')
allow $1 glance_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send glance_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_glance_client_packets',`
gen_require(`
type glance_client_packet_t;
')
allow $1 glance_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send glance_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_glance_client_packets',`
gen_require(`
type glance_client_packet_t;
')
dontaudit $1 glance_client_packet_t:packet send;
')
########################################
## <summary>
## Receive glance_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_glance_client_packets',`
gen_require(`
type glance_client_packet_t;
')
allow $1 glance_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive glance_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_glance_client_packets',`
gen_require(`
type glance_client_packet_t;
')
dontaudit $1 glance_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive glance_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_glance_client_packets',`
corenet_send_glance_client_packets($1)
corenet_receive_glance_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive glance_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_glance_client_packets',`
corenet_dontaudit_send_glance_client_packets($1)
corenet_dontaudit_receive_glance_client_packets($1)
')
########################################
## <summary>
## Relabel packets to glance_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_glance_client_packets',`
gen_require(`
type glance_client_packet_t;
')
allow $1 glance_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send glance_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_glance_server_packets',`
gen_require(`
type glance_server_packet_t;
')
allow $1 glance_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send glance_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_glance_server_packets',`
gen_require(`
type glance_server_packet_t;
')
dontaudit $1 glance_server_packet_t:packet send;
')
########################################
## <summary>
## Receive glance_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_glance_server_packets',`
gen_require(`
type glance_server_packet_t;
')
allow $1 glance_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive glance_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_glance_server_packets',`
gen_require(`
type glance_server_packet_t;
')
dontaudit $1 glance_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive glance_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_glance_server_packets',`
corenet_send_glance_server_packets($1)
corenet_receive_glance_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive glance_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_glance_server_packets',`
corenet_dontaudit_send_glance_server_packets($1)
corenet_dontaudit_receive_glance_server_packets($1)
')
########################################
## <summary>
## Relabel packets to glance_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_glance_server_packets',`
gen_require(`
type glance_server_packet_t;
')
allow $1 glance_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_glance_registry_port',`
gen_require(`
type glance_registry_port_t;
')
allow $1 glance_registry_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_glance_registry_port',`
gen_require(`
type glance_registry_port_t;
')
allow $1 glance_registry_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_glance_registry_port',`
gen_require(`
type glance_registry_port_t;
')
dontaudit $1 glance_registry_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_glance_registry_port',`
gen_require(`
type glance_registry_port_t;
')
allow $1 glance_registry_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_glance_registry_port',`
gen_require(`
type glance_registry_port_t;
')
dontaudit $1 glance_registry_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_glance_registry_port',`
corenet_udp_send_glance_registry_port($1)
corenet_udp_receive_glance_registry_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_glance_registry_port',`
corenet_dontaudit_udp_send_glance_registry_port($1)
corenet_dontaudit_udp_receive_glance_registry_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_glance_registry_port',`
gen_require(`
type glance_registry_port_t;
')
allow $1 glance_registry_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_glance_registry_port',`
gen_require(`
type glance_registry_port_t;
')
allow $1 glance_registry_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_glance_registry_port',`
gen_require(`
type glance_registry_port_t;
')
allow $1 glance_registry_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send glance_registry_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_glance_registry_client_packets',`
gen_require(`
type glance_registry_client_packet_t;
')
allow $1 glance_registry_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send glance_registry_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_glance_registry_client_packets',`
gen_require(`
type glance_registry_client_packet_t;
')
dontaudit $1 glance_registry_client_packet_t:packet send;
')
########################################
## <summary>
## Receive glance_registry_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_glance_registry_client_packets',`
gen_require(`
type glance_registry_client_packet_t;
')
allow $1 glance_registry_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive glance_registry_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_glance_registry_client_packets',`
gen_require(`
type glance_registry_client_packet_t;
')
dontaudit $1 glance_registry_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive glance_registry_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_glance_registry_client_packets',`
corenet_send_glance_registry_client_packets($1)
corenet_receive_glance_registry_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive glance_registry_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_glance_registry_client_packets',`
corenet_dontaudit_send_glance_registry_client_packets($1)
corenet_dontaudit_receive_glance_registry_client_packets($1)
')
########################################
## <summary>
## Relabel packets to glance_registry_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_glance_registry_client_packets',`
gen_require(`
type glance_registry_client_packet_t;
')
allow $1 glance_registry_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send glance_registry_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_glance_registry_server_packets',`
gen_require(`
type glance_registry_server_packet_t;
')
allow $1 glance_registry_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send glance_registry_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_glance_registry_server_packets',`
gen_require(`
type glance_registry_server_packet_t;
')
dontaudit $1 glance_registry_server_packet_t:packet send;
')
########################################
## <summary>
## Receive glance_registry_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_glance_registry_server_packets',`
gen_require(`
type glance_registry_server_packet_t;
')
allow $1 glance_registry_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive glance_registry_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_glance_registry_server_packets',`
gen_require(`
type glance_registry_server_packet_t;
')
dontaudit $1 glance_registry_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive glance_registry_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_glance_registry_server_packets',`
corenet_send_glance_registry_server_packets($1)
corenet_receive_glance_registry_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive glance_registry_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_glance_registry_server_packets',`
corenet_dontaudit_send_glance_registry_server_packets($1)
corenet_dontaudit_receive_glance_registry_server_packets($1)
')
########################################
## <summary>
## Relabel packets to glance_registry_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_glance_registry_server_packets',`
gen_require(`
type glance_registry_server_packet_t;
')
allow $1 glance_registry_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_gopher_port',`
gen_require(`
type gopher_port_t;
')
allow $1 gopher_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_gopher_port',`
gen_require(`
type gopher_port_t;
')
allow $1 gopher_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_gopher_port',`
gen_require(`
type gopher_port_t;
')
dontaudit $1 gopher_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_gopher_port',`
gen_require(`
type gopher_port_t;
')
allow $1 gopher_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_gopher_port',`
gen_require(`
type gopher_port_t;
')
dontaudit $1 gopher_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_gopher_port',`
corenet_udp_send_gopher_port($1)
corenet_udp_receive_gopher_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_gopher_port',`
corenet_dontaudit_udp_send_gopher_port($1)
corenet_dontaudit_udp_receive_gopher_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_gopher_port',`
gen_require(`
type gopher_port_t;
')
allow $1 gopher_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_gopher_port',`
gen_require(`
type gopher_port_t;
')
allow $1 gopher_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_gopher_port',`
gen_require(`
type gopher_port_t;
')
allow $1 gopher_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send gopher_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gopher_client_packets',`
gen_require(`
type gopher_client_packet_t;
')
allow $1 gopher_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gopher_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gopher_client_packets',`
gen_require(`
type gopher_client_packet_t;
')
dontaudit $1 gopher_client_packet_t:packet send;
')
########################################
## <summary>
## Receive gopher_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gopher_client_packets',`
gen_require(`
type gopher_client_packet_t;
')
allow $1 gopher_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gopher_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gopher_client_packets',`
gen_require(`
type gopher_client_packet_t;
')
dontaudit $1 gopher_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gopher_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gopher_client_packets',`
corenet_send_gopher_client_packets($1)
corenet_receive_gopher_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gopher_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gopher_client_packets',`
corenet_dontaudit_send_gopher_client_packets($1)
corenet_dontaudit_receive_gopher_client_packets($1)
')
########################################
## <summary>
## Relabel packets to gopher_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gopher_client_packets',`
gen_require(`
type gopher_client_packet_t;
')
allow $1 gopher_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send gopher_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gopher_server_packets',`
gen_require(`
type gopher_server_packet_t;
')
allow $1 gopher_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gopher_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gopher_server_packets',`
gen_require(`
type gopher_server_packet_t;
')
dontaudit $1 gopher_server_packet_t:packet send;
')
########################################
## <summary>
## Receive gopher_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gopher_server_packets',`
gen_require(`
type gopher_server_packet_t;
')
allow $1 gopher_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gopher_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gopher_server_packets',`
gen_require(`
type gopher_server_packet_t;
')
dontaudit $1 gopher_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gopher_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gopher_server_packets',`
corenet_send_gopher_server_packets($1)
corenet_receive_gopher_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gopher_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gopher_server_packets',`
corenet_dontaudit_send_gopher_server_packets($1)
corenet_dontaudit_receive_gopher_server_packets($1)
')
########################################
## <summary>
## Relabel packets to gopher_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gopher_server_packets',`
gen_require(`
type gopher_server_packet_t;
')
allow $1 gopher_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_gpsd_port',`
gen_require(`
type gpsd_port_t;
')
allow $1 gpsd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_gpsd_port',`
gen_require(`
type gpsd_port_t;
')
allow $1 gpsd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_gpsd_port',`
gen_require(`
type gpsd_port_t;
')
dontaudit $1 gpsd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_gpsd_port',`
gen_require(`
type gpsd_port_t;
')
allow $1 gpsd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_gpsd_port',`
gen_require(`
type gpsd_port_t;
')
dontaudit $1 gpsd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_gpsd_port',`
corenet_udp_send_gpsd_port($1)
corenet_udp_receive_gpsd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_gpsd_port',`
corenet_dontaudit_udp_send_gpsd_port($1)
corenet_dontaudit_udp_receive_gpsd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_gpsd_port',`
gen_require(`
type gpsd_port_t;
')
allow $1 gpsd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_gpsd_port',`
gen_require(`
type gpsd_port_t;
')
allow $1 gpsd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_gpsd_port',`
gen_require(`
type gpsd_port_t;
')
allow $1 gpsd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send gpsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gpsd_client_packets',`
gen_require(`
type gpsd_client_packet_t;
')
allow $1 gpsd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gpsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gpsd_client_packets',`
gen_require(`
type gpsd_client_packet_t;
')
dontaudit $1 gpsd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive gpsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gpsd_client_packets',`
gen_require(`
type gpsd_client_packet_t;
')
allow $1 gpsd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gpsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gpsd_client_packets',`
gen_require(`
type gpsd_client_packet_t;
')
dontaudit $1 gpsd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gpsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gpsd_client_packets',`
corenet_send_gpsd_client_packets($1)
corenet_receive_gpsd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gpsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gpsd_client_packets',`
corenet_dontaudit_send_gpsd_client_packets($1)
corenet_dontaudit_receive_gpsd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to gpsd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gpsd_client_packets',`
gen_require(`
type gpsd_client_packet_t;
')
allow $1 gpsd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send gpsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gpsd_server_packets',`
gen_require(`
type gpsd_server_packet_t;
')
allow $1 gpsd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gpsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gpsd_server_packets',`
gen_require(`
type gpsd_server_packet_t;
')
dontaudit $1 gpsd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive gpsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gpsd_server_packets',`
gen_require(`
type gpsd_server_packet_t;
')
allow $1 gpsd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gpsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gpsd_server_packets',`
gen_require(`
type gpsd_server_packet_t;
')
dontaudit $1 gpsd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gpsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gpsd_server_packets',`
corenet_send_gpsd_server_packets($1)
corenet_receive_gpsd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gpsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gpsd_server_packets',`
corenet_dontaudit_send_gpsd_server_packets($1)
corenet_dontaudit_receive_gpsd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to gpsd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gpsd_server_packets',`
gen_require(`
type gpsd_server_packet_t;
')
allow $1 gpsd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_hddtemp_port',`
gen_require(`
type hddtemp_port_t;
')
allow $1 hddtemp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_hddtemp_port',`
gen_require(`
type hddtemp_port_t;
')
allow $1 hddtemp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_hddtemp_port',`
gen_require(`
type hddtemp_port_t;
')
dontaudit $1 hddtemp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_hddtemp_port',`
gen_require(`
type hddtemp_port_t;
')
allow $1 hddtemp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_hddtemp_port',`
gen_require(`
type hddtemp_port_t;
')
dontaudit $1 hddtemp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_hddtemp_port',`
corenet_udp_send_hddtemp_port($1)
corenet_udp_receive_hddtemp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_hddtemp_port',`
corenet_dontaudit_udp_send_hddtemp_port($1)
corenet_dontaudit_udp_receive_hddtemp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_hddtemp_port',`
gen_require(`
type hddtemp_port_t;
')
allow $1 hddtemp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_hddtemp_port',`
gen_require(`
type hddtemp_port_t;
')
allow $1 hddtemp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_hddtemp_port',`
gen_require(`
type hddtemp_port_t;
')
allow $1 hddtemp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send hddtemp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_hddtemp_client_packets',`
gen_require(`
type hddtemp_client_packet_t;
')
allow $1 hddtemp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send hddtemp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_hddtemp_client_packets',`
gen_require(`
type hddtemp_client_packet_t;
')
dontaudit $1 hddtemp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive hddtemp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_hddtemp_client_packets',`
gen_require(`
type hddtemp_client_packet_t;
')
allow $1 hddtemp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive hddtemp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_hddtemp_client_packets',`
gen_require(`
type hddtemp_client_packet_t;
')
dontaudit $1 hddtemp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive hddtemp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_hddtemp_client_packets',`
corenet_send_hddtemp_client_packets($1)
corenet_receive_hddtemp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive hddtemp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_hddtemp_client_packets',`
corenet_dontaudit_send_hddtemp_client_packets($1)
corenet_dontaudit_receive_hddtemp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to hddtemp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_hddtemp_client_packets',`
gen_require(`
type hddtemp_client_packet_t;
')
allow $1 hddtemp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send hddtemp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_hddtemp_server_packets',`
gen_require(`
type hddtemp_server_packet_t;
')
allow $1 hddtemp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send hddtemp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_hddtemp_server_packets',`
gen_require(`
type hddtemp_server_packet_t;
')
dontaudit $1 hddtemp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive hddtemp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_hddtemp_server_packets',`
gen_require(`
type hddtemp_server_packet_t;
')
allow $1 hddtemp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive hddtemp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_hddtemp_server_packets',`
gen_require(`
type hddtemp_server_packet_t;
')
dontaudit $1 hddtemp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive hddtemp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_hddtemp_server_packets',`
corenet_send_hddtemp_server_packets($1)
corenet_receive_hddtemp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive hddtemp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_hddtemp_server_packets',`
corenet_dontaudit_send_hddtemp_server_packets($1)
corenet_dontaudit_receive_hddtemp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to hddtemp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_hddtemp_server_packets',`
gen_require(`
type hddtemp_server_packet_t;
')
allow $1 hddtemp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_howl_port',`
gen_require(`
type howl_port_t;
')
allow $1 howl_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_howl_port',`
gen_require(`
type howl_port_t;
')
allow $1 howl_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_howl_port',`
gen_require(`
type howl_port_t;
')
dontaudit $1 howl_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_howl_port',`
gen_require(`
type howl_port_t;
')
allow $1 howl_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_howl_port',`
gen_require(`
type howl_port_t;
')
dontaudit $1 howl_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_howl_port',`
corenet_udp_send_howl_port($1)
corenet_udp_receive_howl_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_howl_port',`
corenet_dontaudit_udp_send_howl_port($1)
corenet_dontaudit_udp_receive_howl_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_howl_port',`
gen_require(`
type howl_port_t;
')
allow $1 howl_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_howl_port',`
gen_require(`
type howl_port_t;
')
allow $1 howl_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_howl_port',`
gen_require(`
type howl_port_t;
')
allow $1 howl_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send howl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_howl_client_packets',`
gen_require(`
type howl_client_packet_t;
')
allow $1 howl_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send howl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_howl_client_packets',`
gen_require(`
type howl_client_packet_t;
')
dontaudit $1 howl_client_packet_t:packet send;
')
########################################
## <summary>
## Receive howl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_howl_client_packets',`
gen_require(`
type howl_client_packet_t;
')
allow $1 howl_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive howl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_howl_client_packets',`
gen_require(`
type howl_client_packet_t;
')
dontaudit $1 howl_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive howl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_howl_client_packets',`
corenet_send_howl_client_packets($1)
corenet_receive_howl_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive howl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_howl_client_packets',`
corenet_dontaudit_send_howl_client_packets($1)
corenet_dontaudit_receive_howl_client_packets($1)
')
########################################
## <summary>
## Relabel packets to howl_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_howl_client_packets',`
gen_require(`
type howl_client_packet_t;
')
allow $1 howl_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send howl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_howl_server_packets',`
gen_require(`
type howl_server_packet_t;
')
allow $1 howl_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send howl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_howl_server_packets',`
gen_require(`
type howl_server_packet_t;
')
dontaudit $1 howl_server_packet_t:packet send;
')
########################################
## <summary>
## Receive howl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_howl_server_packets',`
gen_require(`
type howl_server_packet_t;
')
allow $1 howl_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive howl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_howl_server_packets',`
gen_require(`
type howl_server_packet_t;
')
dontaudit $1 howl_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive howl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_howl_server_packets',`
corenet_send_howl_server_packets($1)
corenet_receive_howl_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive howl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_howl_server_packets',`
corenet_dontaudit_send_howl_server_packets($1)
corenet_dontaudit_receive_howl_server_packets($1)
')
########################################
## <summary>
## Relabel packets to howl_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_howl_server_packets',`
gen_require(`
type howl_server_packet_t;
')
allow $1 howl_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_hplip_port',`
gen_require(`
type hplip_port_t;
')
allow $1 hplip_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_hplip_port',`
gen_require(`
type hplip_port_t;
')
allow $1 hplip_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_hplip_port',`
gen_require(`
type hplip_port_t;
')
dontaudit $1 hplip_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_hplip_port',`
gen_require(`
type hplip_port_t;
')
allow $1 hplip_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_hplip_port',`
gen_require(`
type hplip_port_t;
')
dontaudit $1 hplip_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_hplip_port',`
corenet_udp_send_hplip_port($1)
corenet_udp_receive_hplip_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_hplip_port',`
corenet_dontaudit_udp_send_hplip_port($1)
corenet_dontaudit_udp_receive_hplip_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_hplip_port',`
gen_require(`
type hplip_port_t;
')
allow $1 hplip_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_hplip_port',`
gen_require(`
type hplip_port_t;
')
allow $1 hplip_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_hplip_port',`
gen_require(`
type hplip_port_t;
')
allow $1 hplip_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send hplip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_hplip_client_packets',`
gen_require(`
type hplip_client_packet_t;
')
allow $1 hplip_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send hplip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_hplip_client_packets',`
gen_require(`
type hplip_client_packet_t;
')
dontaudit $1 hplip_client_packet_t:packet send;
')
########################################
## <summary>
## Receive hplip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_hplip_client_packets',`
gen_require(`
type hplip_client_packet_t;
')
allow $1 hplip_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive hplip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_hplip_client_packets',`
gen_require(`
type hplip_client_packet_t;
')
dontaudit $1 hplip_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive hplip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_hplip_client_packets',`
corenet_send_hplip_client_packets($1)
corenet_receive_hplip_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive hplip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_hplip_client_packets',`
corenet_dontaudit_send_hplip_client_packets($1)
corenet_dontaudit_receive_hplip_client_packets($1)
')
########################################
## <summary>
## Relabel packets to hplip_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_hplip_client_packets',`
gen_require(`
type hplip_client_packet_t;
')
allow $1 hplip_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send hplip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_hplip_server_packets',`
gen_require(`
type hplip_server_packet_t;
')
allow $1 hplip_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send hplip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_hplip_server_packets',`
gen_require(`
type hplip_server_packet_t;
')
dontaudit $1 hplip_server_packet_t:packet send;
')
########################################
## <summary>
## Receive hplip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_hplip_server_packets',`
gen_require(`
type hplip_server_packet_t;
')
allow $1 hplip_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive hplip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_hplip_server_packets',`
gen_require(`
type hplip_server_packet_t;
')
dontaudit $1 hplip_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive hplip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_hplip_server_packets',`
corenet_send_hplip_server_packets($1)
corenet_receive_hplip_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive hplip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_hplip_server_packets',`
corenet_dontaudit_send_hplip_server_packets($1)
corenet_dontaudit_receive_hplip_server_packets($1)
')
########################################
## <summary>
## Relabel packets to hplip_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_hplip_server_packets',`
gen_require(`
type hplip_server_packet_t;
')
allow $1 hplip_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_http_port',`
gen_require(`
type http_port_t;
')
allow $1 http_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_http_port',`
gen_require(`
type http_port_t;
')
allow $1 http_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_http_port',`
gen_require(`
type http_port_t;
')
dontaudit $1 http_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_http_port',`
gen_require(`
type http_port_t;
')
allow $1 http_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_http_port',`
gen_require(`
type http_port_t;
')
dontaudit $1 http_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_http_port',`
corenet_udp_send_http_port($1)
corenet_udp_receive_http_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_http_port',`
corenet_dontaudit_udp_send_http_port($1)
corenet_dontaudit_udp_receive_http_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_http_port',`
gen_require(`
type http_port_t;
')
allow $1 http_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_http_port',`
gen_require(`
type http_port_t;
')
allow $1 http_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_http_port',`
gen_require(`
type http_port_t;
')
allow $1 http_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_http_client_packets',`
gen_require(`
type http_client_packet_t;
')
allow $1 http_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_http_client_packets',`
gen_require(`
type http_client_packet_t;
')
dontaudit $1 http_client_packet_t:packet send;
')
########################################
## <summary>
## Receive http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_http_client_packets',`
gen_require(`
type http_client_packet_t;
')
allow $1 http_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_http_client_packets',`
gen_require(`
type http_client_packet_t;
')
dontaudit $1 http_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_http_client_packets',`
corenet_send_http_client_packets($1)
corenet_receive_http_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_http_client_packets',`
corenet_dontaudit_send_http_client_packets($1)
corenet_dontaudit_receive_http_client_packets($1)
')
########################################
## <summary>
## Relabel packets to http_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_http_client_packets',`
gen_require(`
type http_client_packet_t;
')
allow $1 http_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_http_server_packets',`
gen_require(`
type http_server_packet_t;
')
allow $1 http_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_http_server_packets',`
gen_require(`
type http_server_packet_t;
')
dontaudit $1 http_server_packet_t:packet send;
')
########################################
## <summary>
## Receive http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_http_server_packets',`
gen_require(`
type http_server_packet_t;
')
allow $1 http_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_http_server_packets',`
gen_require(`
type http_server_packet_t;
')
dontaudit $1 http_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_http_server_packets',`
corenet_send_http_server_packets($1)
corenet_receive_http_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_http_server_packets',`
corenet_dontaudit_send_http_server_packets($1)
corenet_dontaudit_receive_http_server_packets($1)
')
########################################
## <summary>
## Relabel packets to http_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_http_server_packets',`
gen_require(`
type http_server_packet_t;
')
allow $1 http_server_packet_t:packet relabelto;
')
#8443 is mod_nss default port
########################################
## <summary>
## Send and receive TCP traffic on the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_http_cache_port',`
gen_require(`
type http_cache_port_t;
')
allow $1 http_cache_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_http_cache_port',`
gen_require(`
type http_cache_port_t;
')
allow $1 http_cache_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_http_cache_port',`
gen_require(`
type http_cache_port_t;
')
dontaudit $1 http_cache_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_http_cache_port',`
gen_require(`
type http_cache_port_t;
')
allow $1 http_cache_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_http_cache_port',`
gen_require(`
type http_cache_port_t;
')
dontaudit $1 http_cache_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_http_cache_port',`
corenet_udp_send_http_cache_port($1)
corenet_udp_receive_http_cache_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_http_cache_port',`
corenet_dontaudit_udp_send_http_cache_port($1)
corenet_dontaudit_udp_receive_http_cache_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_http_cache_port',`
gen_require(`
type http_cache_port_t;
')
allow $1 http_cache_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_http_cache_port',`
gen_require(`
type http_cache_port_t;
')
allow $1 http_cache_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_http_cache_port',`
gen_require(`
type http_cache_port_t;
')
allow $1 http_cache_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send http_cache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_http_cache_client_packets',`
gen_require(`
type http_cache_client_packet_t;
')
allow $1 http_cache_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send http_cache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_http_cache_client_packets',`
gen_require(`
type http_cache_client_packet_t;
')
dontaudit $1 http_cache_client_packet_t:packet send;
')
########################################
## <summary>
## Receive http_cache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_http_cache_client_packets',`
gen_require(`
type http_cache_client_packet_t;
')
allow $1 http_cache_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive http_cache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_http_cache_client_packets',`
gen_require(`
type http_cache_client_packet_t;
')
dontaudit $1 http_cache_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive http_cache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_http_cache_client_packets',`
corenet_send_http_cache_client_packets($1)
corenet_receive_http_cache_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive http_cache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_http_cache_client_packets',`
corenet_dontaudit_send_http_cache_client_packets($1)
corenet_dontaudit_receive_http_cache_client_packets($1)
')
########################################
## <summary>
## Relabel packets to http_cache_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_http_cache_client_packets',`
gen_require(`
type http_cache_client_packet_t;
')
allow $1 http_cache_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send http_cache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_http_cache_server_packets',`
gen_require(`
type http_cache_server_packet_t;
')
allow $1 http_cache_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send http_cache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_http_cache_server_packets',`
gen_require(`
type http_cache_server_packet_t;
')
dontaudit $1 http_cache_server_packet_t:packet send;
')
########################################
## <summary>
## Receive http_cache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_http_cache_server_packets',`
gen_require(`
type http_cache_server_packet_t;
')
allow $1 http_cache_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive http_cache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_http_cache_server_packets',`
gen_require(`
type http_cache_server_packet_t;
')
dontaudit $1 http_cache_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive http_cache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_http_cache_server_packets',`
corenet_send_http_cache_server_packets($1)
corenet_receive_http_cache_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive http_cache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_http_cache_server_packets',`
corenet_dontaudit_send_http_cache_server_packets($1)
corenet_dontaudit_receive_http_cache_server_packets($1)
')
########################################
## <summary>
## Relabel packets to http_cache_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_http_cache_server_packets',`
gen_require(`
type http_cache_server_packet_t;
')
allow $1 http_cache_server_packet_t:packet relabelto;
')
# 8118 is for privoxy
########################################
## <summary>
## Send and receive TCP traffic on the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_i18n_input_port',`
gen_require(`
type i18n_input_port_t;
')
allow $1 i18n_input_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_i18n_input_port',`
gen_require(`
type i18n_input_port_t;
')
allow $1 i18n_input_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_i18n_input_port',`
gen_require(`
type i18n_input_port_t;
')
dontaudit $1 i18n_input_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_i18n_input_port',`
gen_require(`
type i18n_input_port_t;
')
allow $1 i18n_input_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_i18n_input_port',`
gen_require(`
type i18n_input_port_t;
')
dontaudit $1 i18n_input_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_i18n_input_port',`
corenet_udp_send_i18n_input_port($1)
corenet_udp_receive_i18n_input_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_i18n_input_port',`
corenet_dontaudit_udp_send_i18n_input_port($1)
corenet_dontaudit_udp_receive_i18n_input_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_i18n_input_port',`
gen_require(`
type i18n_input_port_t;
')
allow $1 i18n_input_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_i18n_input_port',`
gen_require(`
type i18n_input_port_t;
')
allow $1 i18n_input_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_i18n_input_port',`
gen_require(`
type i18n_input_port_t;
')
allow $1 i18n_input_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send i18n_input_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_i18n_input_client_packets',`
gen_require(`
type i18n_input_client_packet_t;
')
allow $1 i18n_input_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send i18n_input_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_i18n_input_client_packets',`
gen_require(`
type i18n_input_client_packet_t;
')
dontaudit $1 i18n_input_client_packet_t:packet send;
')
########################################
## <summary>
## Receive i18n_input_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_i18n_input_client_packets',`
gen_require(`
type i18n_input_client_packet_t;
')
allow $1 i18n_input_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive i18n_input_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_i18n_input_client_packets',`
gen_require(`
type i18n_input_client_packet_t;
')
dontaudit $1 i18n_input_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive i18n_input_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_i18n_input_client_packets',`
corenet_send_i18n_input_client_packets($1)
corenet_receive_i18n_input_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive i18n_input_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_i18n_input_client_packets',`
corenet_dontaudit_send_i18n_input_client_packets($1)
corenet_dontaudit_receive_i18n_input_client_packets($1)
')
########################################
## <summary>
## Relabel packets to i18n_input_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_i18n_input_client_packets',`
gen_require(`
type i18n_input_client_packet_t;
')
allow $1 i18n_input_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send i18n_input_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_i18n_input_server_packets',`
gen_require(`
type i18n_input_server_packet_t;
')
allow $1 i18n_input_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send i18n_input_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_i18n_input_server_packets',`
gen_require(`
type i18n_input_server_packet_t;
')
dontaudit $1 i18n_input_server_packet_t:packet send;
')
########################################
## <summary>
## Receive i18n_input_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_i18n_input_server_packets',`
gen_require(`
type i18n_input_server_packet_t;
')
allow $1 i18n_input_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive i18n_input_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_i18n_input_server_packets',`
gen_require(`
type i18n_input_server_packet_t;
')
dontaudit $1 i18n_input_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive i18n_input_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_i18n_input_server_packets',`
corenet_send_i18n_input_server_packets($1)
corenet_receive_i18n_input_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive i18n_input_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_i18n_input_server_packets',`
corenet_dontaudit_send_i18n_input_server_packets($1)
corenet_dontaudit_receive_i18n_input_server_packets($1)
')
########################################
## <summary>
## Relabel packets to i18n_input_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_i18n_input_server_packets',`
gen_require(`
type i18n_input_server_packet_t;
')
allow $1 i18n_input_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_imaze_port',`
gen_require(`
type imaze_port_t;
')
allow $1 imaze_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_imaze_port',`
gen_require(`
type imaze_port_t;
')
allow $1 imaze_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_imaze_port',`
gen_require(`
type imaze_port_t;
')
dontaudit $1 imaze_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_imaze_port',`
gen_require(`
type imaze_port_t;
')
allow $1 imaze_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_imaze_port',`
gen_require(`
type imaze_port_t;
')
dontaudit $1 imaze_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_imaze_port',`
corenet_udp_send_imaze_port($1)
corenet_udp_receive_imaze_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_imaze_port',`
corenet_dontaudit_udp_send_imaze_port($1)
corenet_dontaudit_udp_receive_imaze_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_imaze_port',`
gen_require(`
type imaze_port_t;
')
allow $1 imaze_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_imaze_port',`
gen_require(`
type imaze_port_t;
')
allow $1 imaze_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_imaze_port',`
gen_require(`
type imaze_port_t;
')
allow $1 imaze_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send imaze_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_imaze_client_packets',`
gen_require(`
type imaze_client_packet_t;
')
allow $1 imaze_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send imaze_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_imaze_client_packets',`
gen_require(`
type imaze_client_packet_t;
')
dontaudit $1 imaze_client_packet_t:packet send;
')
########################################
## <summary>
## Receive imaze_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_imaze_client_packets',`
gen_require(`
type imaze_client_packet_t;
')
allow $1 imaze_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive imaze_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_imaze_client_packets',`
gen_require(`
type imaze_client_packet_t;
')
dontaudit $1 imaze_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive imaze_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_imaze_client_packets',`
corenet_send_imaze_client_packets($1)
corenet_receive_imaze_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive imaze_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_imaze_client_packets',`
corenet_dontaudit_send_imaze_client_packets($1)
corenet_dontaudit_receive_imaze_client_packets($1)
')
########################################
## <summary>
## Relabel packets to imaze_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_imaze_client_packets',`
gen_require(`
type imaze_client_packet_t;
')
allow $1 imaze_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send imaze_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_imaze_server_packets',`
gen_require(`
type imaze_server_packet_t;
')
allow $1 imaze_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send imaze_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_imaze_server_packets',`
gen_require(`
type imaze_server_packet_t;
')
dontaudit $1 imaze_server_packet_t:packet send;
')
########################################
## <summary>
## Receive imaze_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_imaze_server_packets',`
gen_require(`
type imaze_server_packet_t;
')
allow $1 imaze_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive imaze_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_imaze_server_packets',`
gen_require(`
type imaze_server_packet_t;
')
dontaudit $1 imaze_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive imaze_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_imaze_server_packets',`
corenet_send_imaze_server_packets($1)
corenet_receive_imaze_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive imaze_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_imaze_server_packets',`
corenet_dontaudit_send_imaze_server_packets($1)
corenet_dontaudit_receive_imaze_server_packets($1)
')
########################################
## <summary>
## Relabel packets to imaze_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_imaze_server_packets',`
gen_require(`
type imaze_server_packet_t;
')
allow $1 imaze_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_inetd_child_port',`
gen_require(`
type inetd_child_port_t;
')
allow $1 inetd_child_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_inetd_child_port',`
gen_require(`
type inetd_child_port_t;
')
allow $1 inetd_child_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_inetd_child_port',`
gen_require(`
type inetd_child_port_t;
')
dontaudit $1 inetd_child_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_inetd_child_port',`
gen_require(`
type inetd_child_port_t;
')
allow $1 inetd_child_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_inetd_child_port',`
gen_require(`
type inetd_child_port_t;
')
dontaudit $1 inetd_child_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_inetd_child_port',`
corenet_udp_send_inetd_child_port($1)
corenet_udp_receive_inetd_child_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_inetd_child_port',`
corenet_dontaudit_udp_send_inetd_child_port($1)
corenet_dontaudit_udp_receive_inetd_child_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_inetd_child_port',`
gen_require(`
type inetd_child_port_t;
')
allow $1 inetd_child_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_inetd_child_port',`
gen_require(`
type inetd_child_port_t;
')
allow $1 inetd_child_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_inetd_child_port',`
gen_require(`
type inetd_child_port_t;
')
allow $1 inetd_child_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send inetd_child_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_inetd_child_client_packets',`
gen_require(`
type inetd_child_client_packet_t;
')
allow $1 inetd_child_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send inetd_child_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_inetd_child_client_packets',`
gen_require(`
type inetd_child_client_packet_t;
')
dontaudit $1 inetd_child_client_packet_t:packet send;
')
########################################
## <summary>
## Receive inetd_child_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_inetd_child_client_packets',`
gen_require(`
type inetd_child_client_packet_t;
')
allow $1 inetd_child_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive inetd_child_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_inetd_child_client_packets',`
gen_require(`
type inetd_child_client_packet_t;
')
dontaudit $1 inetd_child_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive inetd_child_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_inetd_child_client_packets',`
corenet_send_inetd_child_client_packets($1)
corenet_receive_inetd_child_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive inetd_child_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_inetd_child_client_packets',`
corenet_dontaudit_send_inetd_child_client_packets($1)
corenet_dontaudit_receive_inetd_child_client_packets($1)
')
########################################
## <summary>
## Relabel packets to inetd_child_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_inetd_child_client_packets',`
gen_require(`
type inetd_child_client_packet_t;
')
allow $1 inetd_child_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send inetd_child_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_inetd_child_server_packets',`
gen_require(`
type inetd_child_server_packet_t;
')
allow $1 inetd_child_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send inetd_child_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_inetd_child_server_packets',`
gen_require(`
type inetd_child_server_packet_t;
')
dontaudit $1 inetd_child_server_packet_t:packet send;
')
########################################
## <summary>
## Receive inetd_child_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_inetd_child_server_packets',`
gen_require(`
type inetd_child_server_packet_t;
')
allow $1 inetd_child_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive inetd_child_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_inetd_child_server_packets',`
gen_require(`
type inetd_child_server_packet_t;
')
dontaudit $1 inetd_child_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive inetd_child_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_inetd_child_server_packets',`
corenet_send_inetd_child_server_packets($1)
corenet_receive_inetd_child_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive inetd_child_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_inetd_child_server_packets',`
corenet_dontaudit_send_inetd_child_server_packets($1)
corenet_dontaudit_receive_inetd_child_server_packets($1)
')
########################################
## <summary>
## Relabel packets to inetd_child_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_inetd_child_server_packets',`
gen_require(`
type inetd_child_server_packet_t;
')
allow $1 inetd_child_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_innd_port',`
gen_require(`
type innd_port_t;
')
allow $1 innd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_innd_port',`
gen_require(`
type innd_port_t;
')
allow $1 innd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_innd_port',`
gen_require(`
type innd_port_t;
')
dontaudit $1 innd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_innd_port',`
gen_require(`
type innd_port_t;
')
allow $1 innd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_innd_port',`
gen_require(`
type innd_port_t;
')
dontaudit $1 innd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_innd_port',`
corenet_udp_send_innd_port($1)
corenet_udp_receive_innd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_innd_port',`
corenet_dontaudit_udp_send_innd_port($1)
corenet_dontaudit_udp_receive_innd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_innd_port',`
gen_require(`
type innd_port_t;
')
allow $1 innd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_innd_port',`
gen_require(`
type innd_port_t;
')
allow $1 innd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_innd_port',`
gen_require(`
type innd_port_t;
')
allow $1 innd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send innd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_innd_client_packets',`
gen_require(`
type innd_client_packet_t;
')
allow $1 innd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send innd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_innd_client_packets',`
gen_require(`
type innd_client_packet_t;
')
dontaudit $1 innd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive innd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_innd_client_packets',`
gen_require(`
type innd_client_packet_t;
')
allow $1 innd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive innd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_innd_client_packets',`
gen_require(`
type innd_client_packet_t;
')
dontaudit $1 innd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive innd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_innd_client_packets',`
corenet_send_innd_client_packets($1)
corenet_receive_innd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive innd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_innd_client_packets',`
corenet_dontaudit_send_innd_client_packets($1)
corenet_dontaudit_receive_innd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to innd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_innd_client_packets',`
gen_require(`
type innd_client_packet_t;
')
allow $1 innd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send innd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_innd_server_packets',`
gen_require(`
type innd_server_packet_t;
')
allow $1 innd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send innd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_innd_server_packets',`
gen_require(`
type innd_server_packet_t;
')
dontaudit $1 innd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive innd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_innd_server_packets',`
gen_require(`
type innd_server_packet_t;
')
allow $1 innd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive innd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_innd_server_packets',`
gen_require(`
type innd_server_packet_t;
')
dontaudit $1 innd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive innd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_innd_server_packets',`
corenet_send_innd_server_packets($1)
corenet_receive_innd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive innd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_innd_server_packets',`
corenet_dontaudit_send_innd_server_packets($1)
corenet_dontaudit_receive_innd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to innd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_innd_server_packets',`
gen_require(`
type innd_server_packet_t;
')
allow $1 innd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ionixnetmon_port',`
gen_require(`
type ionixnetmon_port_t;
')
allow $1 ionixnetmon_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ionixnetmon_port',`
gen_require(`
type ionixnetmon_port_t;
')
allow $1 ionixnetmon_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ionixnetmon_port',`
gen_require(`
type ionixnetmon_port_t;
')
dontaudit $1 ionixnetmon_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ionixnetmon_port',`
gen_require(`
type ionixnetmon_port_t;
')
allow $1 ionixnetmon_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ionixnetmon_port',`
gen_require(`
type ionixnetmon_port_t;
')
dontaudit $1 ionixnetmon_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ionixnetmon_port',`
corenet_udp_send_ionixnetmon_port($1)
corenet_udp_receive_ionixnetmon_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ionixnetmon_port',`
corenet_dontaudit_udp_send_ionixnetmon_port($1)
corenet_dontaudit_udp_receive_ionixnetmon_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ionixnetmon_port',`
gen_require(`
type ionixnetmon_port_t;
')
allow $1 ionixnetmon_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ionixnetmon_port',`
gen_require(`
type ionixnetmon_port_t;
')
allow $1 ionixnetmon_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ionixnetmon_port',`
gen_require(`
type ionixnetmon_port_t;
')
allow $1 ionixnetmon_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ionixnetmon_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ionixnetmon_client_packets',`
gen_require(`
type ionixnetmon_client_packet_t;
')
allow $1 ionixnetmon_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ionixnetmon_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ionixnetmon_client_packets',`
gen_require(`
type ionixnetmon_client_packet_t;
')
dontaudit $1 ionixnetmon_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ionixnetmon_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ionixnetmon_client_packets',`
gen_require(`
type ionixnetmon_client_packet_t;
')
allow $1 ionixnetmon_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ionixnetmon_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ionixnetmon_client_packets',`
gen_require(`
type ionixnetmon_client_packet_t;
')
dontaudit $1 ionixnetmon_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ionixnetmon_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ionixnetmon_client_packets',`
corenet_send_ionixnetmon_client_packets($1)
corenet_receive_ionixnetmon_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ionixnetmon_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ionixnetmon_client_packets',`
corenet_dontaudit_send_ionixnetmon_client_packets($1)
corenet_dontaudit_receive_ionixnetmon_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ionixnetmon_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ionixnetmon_client_packets',`
gen_require(`
type ionixnetmon_client_packet_t;
')
allow $1 ionixnetmon_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ionixnetmon_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ionixnetmon_server_packets',`
gen_require(`
type ionixnetmon_server_packet_t;
')
allow $1 ionixnetmon_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ionixnetmon_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ionixnetmon_server_packets',`
gen_require(`
type ionixnetmon_server_packet_t;
')
dontaudit $1 ionixnetmon_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ionixnetmon_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ionixnetmon_server_packets',`
gen_require(`
type ionixnetmon_server_packet_t;
')
allow $1 ionixnetmon_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ionixnetmon_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ionixnetmon_server_packets',`
gen_require(`
type ionixnetmon_server_packet_t;
')
dontaudit $1 ionixnetmon_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ionixnetmon_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ionixnetmon_server_packets',`
corenet_send_ionixnetmon_server_packets($1)
corenet_receive_ionixnetmon_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ionixnetmon_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ionixnetmon_server_packets',`
corenet_dontaudit_send_ionixnetmon_server_packets($1)
corenet_dontaudit_receive_ionixnetmon_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ionixnetmon_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ionixnetmon_server_packets',`
gen_require(`
type ionixnetmon_server_packet_t;
')
allow $1 ionixnetmon_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ipmi_port',`
gen_require(`
type ipmi_port_t;
')
allow $1 ipmi_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ipmi_port',`
gen_require(`
type ipmi_port_t;
')
allow $1 ipmi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ipmi_port',`
gen_require(`
type ipmi_port_t;
')
dontaudit $1 ipmi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ipmi_port',`
gen_require(`
type ipmi_port_t;
')
allow $1 ipmi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ipmi_port',`
gen_require(`
type ipmi_port_t;
')
dontaudit $1 ipmi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ipmi_port',`
corenet_udp_send_ipmi_port($1)
corenet_udp_receive_ipmi_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ipmi_port',`
corenet_dontaudit_udp_send_ipmi_port($1)
corenet_dontaudit_udp_receive_ipmi_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ipmi_port',`
gen_require(`
type ipmi_port_t;
')
allow $1 ipmi_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ipmi_port',`
gen_require(`
type ipmi_port_t;
')
allow $1 ipmi_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ipmi_port',`
gen_require(`
type ipmi_port_t;
')
allow $1 ipmi_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ipmi_client_packets',`
gen_require(`
type ipmi_client_packet_t;
')
allow $1 ipmi_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ipmi_client_packets',`
gen_require(`
type ipmi_client_packet_t;
')
dontaudit $1 ipmi_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ipmi_client_packets',`
gen_require(`
type ipmi_client_packet_t;
')
allow $1 ipmi_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ipmi_client_packets',`
gen_require(`
type ipmi_client_packet_t;
')
dontaudit $1 ipmi_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ipmi_client_packets',`
corenet_send_ipmi_client_packets($1)
corenet_receive_ipmi_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ipmi_client_packets',`
corenet_dontaudit_send_ipmi_client_packets($1)
corenet_dontaudit_receive_ipmi_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ipmi_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ipmi_client_packets',`
gen_require(`
type ipmi_client_packet_t;
')
allow $1 ipmi_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ipmi_server_packets',`
gen_require(`
type ipmi_server_packet_t;
')
allow $1 ipmi_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ipmi_server_packets',`
gen_require(`
type ipmi_server_packet_t;
')
dontaudit $1 ipmi_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ipmi_server_packets',`
gen_require(`
type ipmi_server_packet_t;
')
allow $1 ipmi_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ipmi_server_packets',`
gen_require(`
type ipmi_server_packet_t;
')
dontaudit $1 ipmi_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ipmi_server_packets',`
corenet_send_ipmi_server_packets($1)
corenet_receive_ipmi_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ipmi_server_packets',`
corenet_dontaudit_send_ipmi_server_packets($1)
corenet_dontaudit_receive_ipmi_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ipmi_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ipmi_server_packets',`
gen_require(`
type ipmi_server_packet_t;
')
allow $1 ipmi_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ipp_port',`
gen_require(`
type ipp_port_t;
')
allow $1 ipp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ipp_port',`
gen_require(`
type ipp_port_t;
')
allow $1 ipp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ipp_port',`
gen_require(`
type ipp_port_t;
')
dontaudit $1 ipp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ipp_port',`
gen_require(`
type ipp_port_t;
')
allow $1 ipp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ipp_port',`
gen_require(`
type ipp_port_t;
')
dontaudit $1 ipp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ipp_port',`
corenet_udp_send_ipp_port($1)
corenet_udp_receive_ipp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ipp_port',`
corenet_dontaudit_udp_send_ipp_port($1)
corenet_dontaudit_udp_receive_ipp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ipp_port',`
gen_require(`
type ipp_port_t;
')
allow $1 ipp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ipp_port',`
gen_require(`
type ipp_port_t;
')
allow $1 ipp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ipp_port',`
gen_require(`
type ipp_port_t;
')
allow $1 ipp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ipp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ipp_client_packets',`
gen_require(`
type ipp_client_packet_t;
')
allow $1 ipp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ipp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ipp_client_packets',`
gen_require(`
type ipp_client_packet_t;
')
dontaudit $1 ipp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ipp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ipp_client_packets',`
gen_require(`
type ipp_client_packet_t;
')
allow $1 ipp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ipp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ipp_client_packets',`
gen_require(`
type ipp_client_packet_t;
')
dontaudit $1 ipp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ipp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ipp_client_packets',`
corenet_send_ipp_client_packets($1)
corenet_receive_ipp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ipp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ipp_client_packets',`
corenet_dontaudit_send_ipp_client_packets($1)
corenet_dontaudit_receive_ipp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ipp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ipp_client_packets',`
gen_require(`
type ipp_client_packet_t;
')
allow $1 ipp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ipp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ipp_server_packets',`
gen_require(`
type ipp_server_packet_t;
')
allow $1 ipp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ipp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ipp_server_packets',`
gen_require(`
type ipp_server_packet_t;
')
dontaudit $1 ipp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ipp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ipp_server_packets',`
gen_require(`
type ipp_server_packet_t;
')
allow $1 ipp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ipp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ipp_server_packets',`
gen_require(`
type ipp_server_packet_t;
')
dontaudit $1 ipp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ipp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ipp_server_packets',`
corenet_send_ipp_server_packets($1)
corenet_receive_ipp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ipp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ipp_server_packets',`
corenet_dontaudit_send_ipp_server_packets($1)
corenet_dontaudit_receive_ipp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ipp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ipp_server_packets',`
gen_require(`
type ipp_server_packet_t;
')
allow $1 ipp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ipsecnat_port',`
gen_require(`
type ipsecnat_port_t;
')
allow $1 ipsecnat_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ipsecnat_port',`
gen_require(`
type ipsecnat_port_t;
')
allow $1 ipsecnat_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ipsecnat_port',`
gen_require(`
type ipsecnat_port_t;
')
dontaudit $1 ipsecnat_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ipsecnat_port',`
gen_require(`
type ipsecnat_port_t;
')
allow $1 ipsecnat_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ipsecnat_port',`
gen_require(`
type ipsecnat_port_t;
')
dontaudit $1 ipsecnat_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ipsecnat_port',`
corenet_udp_send_ipsecnat_port($1)
corenet_udp_receive_ipsecnat_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ipsecnat_port',`
corenet_dontaudit_udp_send_ipsecnat_port($1)
corenet_dontaudit_udp_receive_ipsecnat_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ipsecnat_port',`
gen_require(`
type ipsecnat_port_t;
')
allow $1 ipsecnat_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ipsecnat_port',`
gen_require(`
type ipsecnat_port_t;
')
allow $1 ipsecnat_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ipsecnat_port',`
gen_require(`
type ipsecnat_port_t;
')
allow $1 ipsecnat_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ipsecnat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ipsecnat_client_packets',`
gen_require(`
type ipsecnat_client_packet_t;
')
allow $1 ipsecnat_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ipsecnat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ipsecnat_client_packets',`
gen_require(`
type ipsecnat_client_packet_t;
')
dontaudit $1 ipsecnat_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ipsecnat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ipsecnat_client_packets',`
gen_require(`
type ipsecnat_client_packet_t;
')
allow $1 ipsecnat_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ipsecnat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ipsecnat_client_packets',`
gen_require(`
type ipsecnat_client_packet_t;
')
dontaudit $1 ipsecnat_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ipsecnat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ipsecnat_client_packets',`
corenet_send_ipsecnat_client_packets($1)
corenet_receive_ipsecnat_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ipsecnat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ipsecnat_client_packets',`
corenet_dontaudit_send_ipsecnat_client_packets($1)
corenet_dontaudit_receive_ipsecnat_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ipsecnat_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ipsecnat_client_packets',`
gen_require(`
type ipsecnat_client_packet_t;
')
allow $1 ipsecnat_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ipsecnat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ipsecnat_server_packets',`
gen_require(`
type ipsecnat_server_packet_t;
')
allow $1 ipsecnat_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ipsecnat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ipsecnat_server_packets',`
gen_require(`
type ipsecnat_server_packet_t;
')
dontaudit $1 ipsecnat_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ipsecnat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ipsecnat_server_packets',`
gen_require(`
type ipsecnat_server_packet_t;
')
allow $1 ipsecnat_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ipsecnat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ipsecnat_server_packets',`
gen_require(`
type ipsecnat_server_packet_t;
')
dontaudit $1 ipsecnat_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ipsecnat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ipsecnat_server_packets',`
corenet_send_ipsecnat_server_packets($1)
corenet_receive_ipsecnat_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ipsecnat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ipsecnat_server_packets',`
corenet_dontaudit_send_ipsecnat_server_packets($1)
corenet_dontaudit_receive_ipsecnat_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ipsecnat_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ipsecnat_server_packets',`
gen_require(`
type ipsecnat_server_packet_t;
')
allow $1 ipsecnat_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ircd_port',`
gen_require(`
type ircd_port_t;
')
allow $1 ircd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ircd_port',`
gen_require(`
type ircd_port_t;
')
allow $1 ircd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ircd_port',`
gen_require(`
type ircd_port_t;
')
dontaudit $1 ircd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ircd_port',`
gen_require(`
type ircd_port_t;
')
allow $1 ircd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ircd_port',`
gen_require(`
type ircd_port_t;
')
dontaudit $1 ircd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ircd_port',`
corenet_udp_send_ircd_port($1)
corenet_udp_receive_ircd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ircd_port',`
corenet_dontaudit_udp_send_ircd_port($1)
corenet_dontaudit_udp_receive_ircd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ircd_port',`
gen_require(`
type ircd_port_t;
')
allow $1 ircd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ircd_port',`
gen_require(`
type ircd_port_t;
')
allow $1 ircd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ircd_port',`
gen_require(`
type ircd_port_t;
')
allow $1 ircd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ircd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ircd_client_packets',`
gen_require(`
type ircd_client_packet_t;
')
allow $1 ircd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ircd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ircd_client_packets',`
gen_require(`
type ircd_client_packet_t;
')
dontaudit $1 ircd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ircd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ircd_client_packets',`
gen_require(`
type ircd_client_packet_t;
')
allow $1 ircd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ircd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ircd_client_packets',`
gen_require(`
type ircd_client_packet_t;
')
dontaudit $1 ircd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ircd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ircd_client_packets',`
corenet_send_ircd_client_packets($1)
corenet_receive_ircd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ircd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ircd_client_packets',`
corenet_dontaudit_send_ircd_client_packets($1)
corenet_dontaudit_receive_ircd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ircd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ircd_client_packets',`
gen_require(`
type ircd_client_packet_t;
')
allow $1 ircd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ircd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ircd_server_packets',`
gen_require(`
type ircd_server_packet_t;
')
allow $1 ircd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ircd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ircd_server_packets',`
gen_require(`
type ircd_server_packet_t;
')
dontaudit $1 ircd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ircd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ircd_server_packets',`
gen_require(`
type ircd_server_packet_t;
')
allow $1 ircd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ircd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ircd_server_packets',`
gen_require(`
type ircd_server_packet_t;
')
dontaudit $1 ircd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ircd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ircd_server_packets',`
corenet_send_ircd_server_packets($1)
corenet_receive_ircd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ircd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ircd_server_packets',`
corenet_dontaudit_send_ircd_server_packets($1)
corenet_dontaudit_receive_ircd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ircd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ircd_server_packets',`
gen_require(`
type ircd_server_packet_t;
')
allow $1 ircd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_isakmp_port',`
gen_require(`
type isakmp_port_t;
')
allow $1 isakmp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_isakmp_port',`
gen_require(`
type isakmp_port_t;
')
allow $1 isakmp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_isakmp_port',`
gen_require(`
type isakmp_port_t;
')
dontaudit $1 isakmp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_isakmp_port',`
gen_require(`
type isakmp_port_t;
')
allow $1 isakmp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_isakmp_port',`
gen_require(`
type isakmp_port_t;
')
dontaudit $1 isakmp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_isakmp_port',`
corenet_udp_send_isakmp_port($1)
corenet_udp_receive_isakmp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_isakmp_port',`
corenet_dontaudit_udp_send_isakmp_port($1)
corenet_dontaudit_udp_receive_isakmp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_isakmp_port',`
gen_require(`
type isakmp_port_t;
')
allow $1 isakmp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_isakmp_port',`
gen_require(`
type isakmp_port_t;
')
allow $1 isakmp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_isakmp_port',`
gen_require(`
type isakmp_port_t;
')
allow $1 isakmp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send isakmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_isakmp_client_packets',`
gen_require(`
type isakmp_client_packet_t;
')
allow $1 isakmp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send isakmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_isakmp_client_packets',`
gen_require(`
type isakmp_client_packet_t;
')
dontaudit $1 isakmp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive isakmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_isakmp_client_packets',`
gen_require(`
type isakmp_client_packet_t;
')
allow $1 isakmp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive isakmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_isakmp_client_packets',`
gen_require(`
type isakmp_client_packet_t;
')
dontaudit $1 isakmp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive isakmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_isakmp_client_packets',`
corenet_send_isakmp_client_packets($1)
corenet_receive_isakmp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive isakmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_isakmp_client_packets',`
corenet_dontaudit_send_isakmp_client_packets($1)
corenet_dontaudit_receive_isakmp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to isakmp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_isakmp_client_packets',`
gen_require(`
type isakmp_client_packet_t;
')
allow $1 isakmp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send isakmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_isakmp_server_packets',`
gen_require(`
type isakmp_server_packet_t;
')
allow $1 isakmp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send isakmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_isakmp_server_packets',`
gen_require(`
type isakmp_server_packet_t;
')
dontaudit $1 isakmp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive isakmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_isakmp_server_packets',`
gen_require(`
type isakmp_server_packet_t;
')
allow $1 isakmp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive isakmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_isakmp_server_packets',`
gen_require(`
type isakmp_server_packet_t;
')
dontaudit $1 isakmp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive isakmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_isakmp_server_packets',`
corenet_send_isakmp_server_packets($1)
corenet_receive_isakmp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive isakmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_isakmp_server_packets',`
corenet_dontaudit_send_isakmp_server_packets($1)
corenet_dontaudit_receive_isakmp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to isakmp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_isakmp_server_packets',`
gen_require(`
type isakmp_server_packet_t;
')
allow $1 isakmp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_iscsi_port',`
gen_require(`
type iscsi_port_t;
')
allow $1 iscsi_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_iscsi_port',`
gen_require(`
type iscsi_port_t;
')
allow $1 iscsi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_iscsi_port',`
gen_require(`
type iscsi_port_t;
')
dontaudit $1 iscsi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_iscsi_port',`
gen_require(`
type iscsi_port_t;
')
allow $1 iscsi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_iscsi_port',`
gen_require(`
type iscsi_port_t;
')
dontaudit $1 iscsi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_iscsi_port',`
corenet_udp_send_iscsi_port($1)
corenet_udp_receive_iscsi_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_iscsi_port',`
corenet_dontaudit_udp_send_iscsi_port($1)
corenet_dontaudit_udp_receive_iscsi_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_iscsi_port',`
gen_require(`
type iscsi_port_t;
')
allow $1 iscsi_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_iscsi_port',`
gen_require(`
type iscsi_port_t;
')
allow $1 iscsi_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_iscsi_port',`
gen_require(`
type iscsi_port_t;
')
allow $1 iscsi_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send iscsi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_iscsi_client_packets',`
gen_require(`
type iscsi_client_packet_t;
')
allow $1 iscsi_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send iscsi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_iscsi_client_packets',`
gen_require(`
type iscsi_client_packet_t;
')
dontaudit $1 iscsi_client_packet_t:packet send;
')
########################################
## <summary>
## Receive iscsi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_iscsi_client_packets',`
gen_require(`
type iscsi_client_packet_t;
')
allow $1 iscsi_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive iscsi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_iscsi_client_packets',`
gen_require(`
type iscsi_client_packet_t;
')
dontaudit $1 iscsi_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive iscsi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_iscsi_client_packets',`
corenet_send_iscsi_client_packets($1)
corenet_receive_iscsi_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive iscsi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_iscsi_client_packets',`
corenet_dontaudit_send_iscsi_client_packets($1)
corenet_dontaudit_receive_iscsi_client_packets($1)
')
########################################
## <summary>
## Relabel packets to iscsi_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_iscsi_client_packets',`
gen_require(`
type iscsi_client_packet_t;
')
allow $1 iscsi_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send iscsi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_iscsi_server_packets',`
gen_require(`
type iscsi_server_packet_t;
')
allow $1 iscsi_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send iscsi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_iscsi_server_packets',`
gen_require(`
type iscsi_server_packet_t;
')
dontaudit $1 iscsi_server_packet_t:packet send;
')
########################################
## <summary>
## Receive iscsi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_iscsi_server_packets',`
gen_require(`
type iscsi_server_packet_t;
')
allow $1 iscsi_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive iscsi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_iscsi_server_packets',`
gen_require(`
type iscsi_server_packet_t;
')
dontaudit $1 iscsi_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive iscsi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_iscsi_server_packets',`
corenet_send_iscsi_server_packets($1)
corenet_receive_iscsi_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive iscsi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_iscsi_server_packets',`
corenet_dontaudit_send_iscsi_server_packets($1)
corenet_dontaudit_receive_iscsi_server_packets($1)
')
########################################
## <summary>
## Relabel packets to iscsi_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_iscsi_server_packets',`
gen_require(`
type iscsi_server_packet_t;
')
allow $1 iscsi_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_isns_port',`
gen_require(`
type isns_port_t;
')
allow $1 isns_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_isns_port',`
gen_require(`
type isns_port_t;
')
allow $1 isns_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_isns_port',`
gen_require(`
type isns_port_t;
')
dontaudit $1 isns_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_isns_port',`
gen_require(`
type isns_port_t;
')
allow $1 isns_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_isns_port',`
gen_require(`
type isns_port_t;
')
dontaudit $1 isns_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_isns_port',`
corenet_udp_send_isns_port($1)
corenet_udp_receive_isns_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_isns_port',`
corenet_dontaudit_udp_send_isns_port($1)
corenet_dontaudit_udp_receive_isns_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_isns_port',`
gen_require(`
type isns_port_t;
')
allow $1 isns_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_isns_port',`
gen_require(`
type isns_port_t;
')
allow $1 isns_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_isns_port',`
gen_require(`
type isns_port_t;
')
allow $1 isns_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send isns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_isns_client_packets',`
gen_require(`
type isns_client_packet_t;
')
allow $1 isns_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send isns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_isns_client_packets',`
gen_require(`
type isns_client_packet_t;
')
dontaudit $1 isns_client_packet_t:packet send;
')
########################################
## <summary>
## Receive isns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_isns_client_packets',`
gen_require(`
type isns_client_packet_t;
')
allow $1 isns_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive isns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_isns_client_packets',`
gen_require(`
type isns_client_packet_t;
')
dontaudit $1 isns_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive isns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_isns_client_packets',`
corenet_send_isns_client_packets($1)
corenet_receive_isns_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive isns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_isns_client_packets',`
corenet_dontaudit_send_isns_client_packets($1)
corenet_dontaudit_receive_isns_client_packets($1)
')
########################################
## <summary>
## Relabel packets to isns_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_isns_client_packets',`
gen_require(`
type isns_client_packet_t;
')
allow $1 isns_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send isns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_isns_server_packets',`
gen_require(`
type isns_server_packet_t;
')
allow $1 isns_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send isns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_isns_server_packets',`
gen_require(`
type isns_server_packet_t;
')
dontaudit $1 isns_server_packet_t:packet send;
')
########################################
## <summary>
## Receive isns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_isns_server_packets',`
gen_require(`
type isns_server_packet_t;
')
allow $1 isns_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive isns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_isns_server_packets',`
gen_require(`
type isns_server_packet_t;
')
dontaudit $1 isns_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive isns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_isns_server_packets',`
corenet_send_isns_server_packets($1)
corenet_receive_isns_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive isns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_isns_server_packets',`
corenet_dontaudit_send_isns_server_packets($1)
corenet_dontaudit_receive_isns_server_packets($1)
')
########################################
## <summary>
## Relabel packets to isns_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_isns_server_packets',`
gen_require(`
type isns_server_packet_t;
')
allow $1 isns_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_jabber_client_port',`
gen_require(`
type jabber_client_port_t;
')
allow $1 jabber_client_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_jabber_client_port',`
gen_require(`
type jabber_client_port_t;
')
allow $1 jabber_client_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_jabber_client_port',`
gen_require(`
type jabber_client_port_t;
')
dontaudit $1 jabber_client_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_jabber_client_port',`
gen_require(`
type jabber_client_port_t;
')
allow $1 jabber_client_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_jabber_client_port',`
gen_require(`
type jabber_client_port_t;
')
dontaudit $1 jabber_client_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_jabber_client_port',`
corenet_udp_send_jabber_client_port($1)
corenet_udp_receive_jabber_client_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_jabber_client_port',`
corenet_dontaudit_udp_send_jabber_client_port($1)
corenet_dontaudit_udp_receive_jabber_client_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_jabber_client_port',`
gen_require(`
type jabber_client_port_t;
')
allow $1 jabber_client_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_jabber_client_port',`
gen_require(`
type jabber_client_port_t;
')
allow $1 jabber_client_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_jabber_client_port',`
gen_require(`
type jabber_client_port_t;
')
allow $1 jabber_client_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send jabber_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jabber_client_client_packets',`
gen_require(`
type jabber_client_client_packet_t;
')
allow $1 jabber_client_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jabber_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jabber_client_client_packets',`
gen_require(`
type jabber_client_client_packet_t;
')
dontaudit $1 jabber_client_client_packet_t:packet send;
')
########################################
## <summary>
## Receive jabber_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jabber_client_client_packets',`
gen_require(`
type jabber_client_client_packet_t;
')
allow $1 jabber_client_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jabber_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jabber_client_client_packets',`
gen_require(`
type jabber_client_client_packet_t;
')
dontaudit $1 jabber_client_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jabber_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jabber_client_client_packets',`
corenet_send_jabber_client_client_packets($1)
corenet_receive_jabber_client_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jabber_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jabber_client_client_packets',`
corenet_dontaudit_send_jabber_client_client_packets($1)
corenet_dontaudit_receive_jabber_client_client_packets($1)
')
########################################
## <summary>
## Relabel packets to jabber_client_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jabber_client_client_packets',`
gen_require(`
type jabber_client_client_packet_t;
')
allow $1 jabber_client_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send jabber_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jabber_client_server_packets',`
gen_require(`
type jabber_client_server_packet_t;
')
allow $1 jabber_client_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jabber_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jabber_client_server_packets',`
gen_require(`
type jabber_client_server_packet_t;
')
dontaudit $1 jabber_client_server_packet_t:packet send;
')
########################################
## <summary>
## Receive jabber_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jabber_client_server_packets',`
gen_require(`
type jabber_client_server_packet_t;
')
allow $1 jabber_client_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jabber_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jabber_client_server_packets',`
gen_require(`
type jabber_client_server_packet_t;
')
dontaudit $1 jabber_client_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jabber_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jabber_client_server_packets',`
corenet_send_jabber_client_server_packets($1)
corenet_receive_jabber_client_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jabber_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jabber_client_server_packets',`
corenet_dontaudit_send_jabber_client_server_packets($1)
corenet_dontaudit_receive_jabber_client_server_packets($1)
')
########################################
## <summary>
## Relabel packets to jabber_client_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jabber_client_server_packets',`
gen_require(`
type jabber_client_server_packet_t;
')
allow $1 jabber_client_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_jabber_interserver_port',`
gen_require(`
type jabber_interserver_port_t;
')
allow $1 jabber_interserver_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_jabber_interserver_port',`
gen_require(`
type jabber_interserver_port_t;
')
allow $1 jabber_interserver_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_jabber_interserver_port',`
gen_require(`
type jabber_interserver_port_t;
')
dontaudit $1 jabber_interserver_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_jabber_interserver_port',`
gen_require(`
type jabber_interserver_port_t;
')
allow $1 jabber_interserver_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_jabber_interserver_port',`
gen_require(`
type jabber_interserver_port_t;
')
dontaudit $1 jabber_interserver_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_jabber_interserver_port',`
corenet_udp_send_jabber_interserver_port($1)
corenet_udp_receive_jabber_interserver_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_jabber_interserver_port',`
corenet_dontaudit_udp_send_jabber_interserver_port($1)
corenet_dontaudit_udp_receive_jabber_interserver_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_jabber_interserver_port',`
gen_require(`
type jabber_interserver_port_t;
')
allow $1 jabber_interserver_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_jabber_interserver_port',`
gen_require(`
type jabber_interserver_port_t;
')
allow $1 jabber_interserver_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_jabber_interserver_port',`
gen_require(`
type jabber_interserver_port_t;
')
allow $1 jabber_interserver_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send jabber_interserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jabber_interserver_client_packets',`
gen_require(`
type jabber_interserver_client_packet_t;
')
allow $1 jabber_interserver_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jabber_interserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jabber_interserver_client_packets',`
gen_require(`
type jabber_interserver_client_packet_t;
')
dontaudit $1 jabber_interserver_client_packet_t:packet send;
')
########################################
## <summary>
## Receive jabber_interserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jabber_interserver_client_packets',`
gen_require(`
type jabber_interserver_client_packet_t;
')
allow $1 jabber_interserver_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jabber_interserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jabber_interserver_client_packets',`
gen_require(`
type jabber_interserver_client_packet_t;
')
dontaudit $1 jabber_interserver_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jabber_interserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jabber_interserver_client_packets',`
corenet_send_jabber_interserver_client_packets($1)
corenet_receive_jabber_interserver_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jabber_interserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jabber_interserver_client_packets',`
corenet_dontaudit_send_jabber_interserver_client_packets($1)
corenet_dontaudit_receive_jabber_interserver_client_packets($1)
')
########################################
## <summary>
## Relabel packets to jabber_interserver_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jabber_interserver_client_packets',`
gen_require(`
type jabber_interserver_client_packet_t;
')
allow $1 jabber_interserver_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send jabber_interserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jabber_interserver_server_packets',`
gen_require(`
type jabber_interserver_server_packet_t;
')
allow $1 jabber_interserver_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jabber_interserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jabber_interserver_server_packets',`
gen_require(`
type jabber_interserver_server_packet_t;
')
dontaudit $1 jabber_interserver_server_packet_t:packet send;
')
########################################
## <summary>
## Receive jabber_interserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jabber_interserver_server_packets',`
gen_require(`
type jabber_interserver_server_packet_t;
')
allow $1 jabber_interserver_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jabber_interserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jabber_interserver_server_packets',`
gen_require(`
type jabber_interserver_server_packet_t;
')
dontaudit $1 jabber_interserver_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jabber_interserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jabber_interserver_server_packets',`
corenet_send_jabber_interserver_server_packets($1)
corenet_receive_jabber_interserver_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jabber_interserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jabber_interserver_server_packets',`
corenet_dontaudit_send_jabber_interserver_server_packets($1)
corenet_dontaudit_receive_jabber_interserver_server_packets($1)
')
########################################
## <summary>
## Relabel packets to jabber_interserver_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jabber_interserver_server_packets',`
gen_require(`
type jabber_interserver_server_packet_t;
')
allow $1 jabber_interserver_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_jabber_router_port',`
gen_require(`
type jabber_router_port_t;
')
allow $1 jabber_router_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_jabber_router_port',`
gen_require(`
type jabber_router_port_t;
')
allow $1 jabber_router_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_jabber_router_port',`
gen_require(`
type jabber_router_port_t;
')
dontaudit $1 jabber_router_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_jabber_router_port',`
gen_require(`
type jabber_router_port_t;
')
allow $1 jabber_router_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_jabber_router_port',`
gen_require(`
type jabber_router_port_t;
')
dontaudit $1 jabber_router_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_jabber_router_port',`
corenet_udp_send_jabber_router_port($1)
corenet_udp_receive_jabber_router_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_jabber_router_port',`
corenet_dontaudit_udp_send_jabber_router_port($1)
corenet_dontaudit_udp_receive_jabber_router_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_jabber_router_port',`
gen_require(`
type jabber_router_port_t;
')
allow $1 jabber_router_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_jabber_router_port',`
gen_require(`
type jabber_router_port_t;
')
allow $1 jabber_router_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_jabber_router_port',`
gen_require(`
type jabber_router_port_t;
')
allow $1 jabber_router_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send jabber_router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jabber_router_client_packets',`
gen_require(`
type jabber_router_client_packet_t;
')
allow $1 jabber_router_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jabber_router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jabber_router_client_packets',`
gen_require(`
type jabber_router_client_packet_t;
')
dontaudit $1 jabber_router_client_packet_t:packet send;
')
########################################
## <summary>
## Receive jabber_router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jabber_router_client_packets',`
gen_require(`
type jabber_router_client_packet_t;
')
allow $1 jabber_router_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jabber_router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jabber_router_client_packets',`
gen_require(`
type jabber_router_client_packet_t;
')
dontaudit $1 jabber_router_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jabber_router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jabber_router_client_packets',`
corenet_send_jabber_router_client_packets($1)
corenet_receive_jabber_router_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jabber_router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jabber_router_client_packets',`
corenet_dontaudit_send_jabber_router_client_packets($1)
corenet_dontaudit_receive_jabber_router_client_packets($1)
')
########################################
## <summary>
## Relabel packets to jabber_router_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jabber_router_client_packets',`
gen_require(`
type jabber_router_client_packet_t;
')
allow $1 jabber_router_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send jabber_router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jabber_router_server_packets',`
gen_require(`
type jabber_router_server_packet_t;
')
allow $1 jabber_router_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jabber_router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jabber_router_server_packets',`
gen_require(`
type jabber_router_server_packet_t;
')
dontaudit $1 jabber_router_server_packet_t:packet send;
')
########################################
## <summary>
## Receive jabber_router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jabber_router_server_packets',`
gen_require(`
type jabber_router_server_packet_t;
')
allow $1 jabber_router_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jabber_router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jabber_router_server_packets',`
gen_require(`
type jabber_router_server_packet_t;
')
dontaudit $1 jabber_router_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jabber_router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jabber_router_server_packets',`
corenet_send_jabber_router_server_packets($1)
corenet_receive_jabber_router_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jabber_router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jabber_router_server_packets',`
corenet_dontaudit_send_jabber_router_server_packets($1)
corenet_dontaudit_receive_jabber_router_server_packets($1)
')
########################################
## <summary>
## Relabel packets to jabber_router_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jabber_router_server_packets',`
gen_require(`
type jabber_router_server_packet_t;
')
allow $1 jabber_router_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_jacorb_port',`
gen_require(`
type jacorb_port_t;
')
allow $1 jacorb_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_jacorb_port',`
gen_require(`
type jacorb_port_t;
')
allow $1 jacorb_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_jacorb_port',`
gen_require(`
type jacorb_port_t;
')
dontaudit $1 jacorb_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_jacorb_port',`
gen_require(`
type jacorb_port_t;
')
allow $1 jacorb_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_jacorb_port',`
gen_require(`
type jacorb_port_t;
')
dontaudit $1 jacorb_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_jacorb_port',`
corenet_udp_send_jacorb_port($1)
corenet_udp_receive_jacorb_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_jacorb_port',`
corenet_dontaudit_udp_send_jacorb_port($1)
corenet_dontaudit_udp_receive_jacorb_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_jacorb_port',`
gen_require(`
type jacorb_port_t;
')
allow $1 jacorb_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_jacorb_port',`
gen_require(`
type jacorb_port_t;
')
allow $1 jacorb_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_jacorb_port',`
gen_require(`
type jacorb_port_t;
')
allow $1 jacorb_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send jacorb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jacorb_client_packets',`
gen_require(`
type jacorb_client_packet_t;
')
allow $1 jacorb_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jacorb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jacorb_client_packets',`
gen_require(`
type jacorb_client_packet_t;
')
dontaudit $1 jacorb_client_packet_t:packet send;
')
########################################
## <summary>
## Receive jacorb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jacorb_client_packets',`
gen_require(`
type jacorb_client_packet_t;
')
allow $1 jacorb_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jacorb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jacorb_client_packets',`
gen_require(`
type jacorb_client_packet_t;
')
dontaudit $1 jacorb_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jacorb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jacorb_client_packets',`
corenet_send_jacorb_client_packets($1)
corenet_receive_jacorb_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jacorb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jacorb_client_packets',`
corenet_dontaudit_send_jacorb_client_packets($1)
corenet_dontaudit_receive_jacorb_client_packets($1)
')
########################################
## <summary>
## Relabel packets to jacorb_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jacorb_client_packets',`
gen_require(`
type jacorb_client_packet_t;
')
allow $1 jacorb_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send jacorb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jacorb_server_packets',`
gen_require(`
type jacorb_server_packet_t;
')
allow $1 jacorb_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jacorb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jacorb_server_packets',`
gen_require(`
type jacorb_server_packet_t;
')
dontaudit $1 jacorb_server_packet_t:packet send;
')
########################################
## <summary>
## Receive jacorb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jacorb_server_packets',`
gen_require(`
type jacorb_server_packet_t;
')
allow $1 jacorb_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jacorb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jacorb_server_packets',`
gen_require(`
type jacorb_server_packet_t;
')
dontaudit $1 jacorb_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jacorb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jacorb_server_packets',`
corenet_send_jacorb_server_packets($1)
corenet_receive_jacorb_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jacorb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jacorb_server_packets',`
corenet_dontaudit_send_jacorb_server_packets($1)
corenet_dontaudit_receive_jacorb_server_packets($1)
')
########################################
## <summary>
## Relabel packets to jacorb_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jacorb_server_packets',`
gen_require(`
type jacorb_server_packet_t;
')
allow $1 jacorb_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_jboss_debug_port',`
gen_require(`
type jboss_debug_port_t;
')
allow $1 jboss_debug_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_jboss_debug_port',`
gen_require(`
type jboss_debug_port_t;
')
allow $1 jboss_debug_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_jboss_debug_port',`
gen_require(`
type jboss_debug_port_t;
')
dontaudit $1 jboss_debug_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_jboss_debug_port',`
gen_require(`
type jboss_debug_port_t;
')
allow $1 jboss_debug_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_jboss_debug_port',`
gen_require(`
type jboss_debug_port_t;
')
dontaudit $1 jboss_debug_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_jboss_debug_port',`
corenet_udp_send_jboss_debug_port($1)
corenet_udp_receive_jboss_debug_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_jboss_debug_port',`
corenet_dontaudit_udp_send_jboss_debug_port($1)
corenet_dontaudit_udp_receive_jboss_debug_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_jboss_debug_port',`
gen_require(`
type jboss_debug_port_t;
')
allow $1 jboss_debug_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_jboss_debug_port',`
gen_require(`
type jboss_debug_port_t;
')
allow $1 jboss_debug_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_jboss_debug_port',`
gen_require(`
type jboss_debug_port_t;
')
allow $1 jboss_debug_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send jboss_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jboss_debug_client_packets',`
gen_require(`
type jboss_debug_client_packet_t;
')
allow $1 jboss_debug_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jboss_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jboss_debug_client_packets',`
gen_require(`
type jboss_debug_client_packet_t;
')
dontaudit $1 jboss_debug_client_packet_t:packet send;
')
########################################
## <summary>
## Receive jboss_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jboss_debug_client_packets',`
gen_require(`
type jboss_debug_client_packet_t;
')
allow $1 jboss_debug_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jboss_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jboss_debug_client_packets',`
gen_require(`
type jboss_debug_client_packet_t;
')
dontaudit $1 jboss_debug_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jboss_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jboss_debug_client_packets',`
corenet_send_jboss_debug_client_packets($1)
corenet_receive_jboss_debug_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jboss_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jboss_debug_client_packets',`
corenet_dontaudit_send_jboss_debug_client_packets($1)
corenet_dontaudit_receive_jboss_debug_client_packets($1)
')
########################################
## <summary>
## Relabel packets to jboss_debug_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jboss_debug_client_packets',`
gen_require(`
type jboss_debug_client_packet_t;
')
allow $1 jboss_debug_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send jboss_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jboss_debug_server_packets',`
gen_require(`
type jboss_debug_server_packet_t;
')
allow $1 jboss_debug_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jboss_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jboss_debug_server_packets',`
gen_require(`
type jboss_debug_server_packet_t;
')
dontaudit $1 jboss_debug_server_packet_t:packet send;
')
########################################
## <summary>
## Receive jboss_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jboss_debug_server_packets',`
gen_require(`
type jboss_debug_server_packet_t;
')
allow $1 jboss_debug_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jboss_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jboss_debug_server_packets',`
gen_require(`
type jboss_debug_server_packet_t;
')
dontaudit $1 jboss_debug_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jboss_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jboss_debug_server_packets',`
corenet_send_jboss_debug_server_packets($1)
corenet_receive_jboss_debug_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jboss_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jboss_debug_server_packets',`
corenet_dontaudit_send_jboss_debug_server_packets($1)
corenet_dontaudit_receive_jboss_debug_server_packets($1)
')
########################################
## <summary>
## Relabel packets to jboss_debug_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jboss_debug_server_packets',`
gen_require(`
type jboss_debug_server_packet_t;
')
allow $1 jboss_debug_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_jboss_messaging_port',`
gen_require(`
type jboss_messaging_port_t;
')
allow $1 jboss_messaging_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_jboss_messaging_port',`
gen_require(`
type jboss_messaging_port_t;
')
allow $1 jboss_messaging_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_jboss_messaging_port',`
gen_require(`
type jboss_messaging_port_t;
')
dontaudit $1 jboss_messaging_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_jboss_messaging_port',`
gen_require(`
type jboss_messaging_port_t;
')
allow $1 jboss_messaging_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_jboss_messaging_port',`
gen_require(`
type jboss_messaging_port_t;
')
dontaudit $1 jboss_messaging_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_jboss_messaging_port',`
corenet_udp_send_jboss_messaging_port($1)
corenet_udp_receive_jboss_messaging_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_jboss_messaging_port',`
corenet_dontaudit_udp_send_jboss_messaging_port($1)
corenet_dontaudit_udp_receive_jboss_messaging_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_jboss_messaging_port',`
gen_require(`
type jboss_messaging_port_t;
')
allow $1 jboss_messaging_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_jboss_messaging_port',`
gen_require(`
type jboss_messaging_port_t;
')
allow $1 jboss_messaging_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_jboss_messaging_port',`
gen_require(`
type jboss_messaging_port_t;
')
allow $1 jboss_messaging_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send jboss_messaging_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jboss_messaging_client_packets',`
gen_require(`
type jboss_messaging_client_packet_t;
')
allow $1 jboss_messaging_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jboss_messaging_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jboss_messaging_client_packets',`
gen_require(`
type jboss_messaging_client_packet_t;
')
dontaudit $1 jboss_messaging_client_packet_t:packet send;
')
########################################
## <summary>
## Receive jboss_messaging_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jboss_messaging_client_packets',`
gen_require(`
type jboss_messaging_client_packet_t;
')
allow $1 jboss_messaging_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jboss_messaging_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jboss_messaging_client_packets',`
gen_require(`
type jboss_messaging_client_packet_t;
')
dontaudit $1 jboss_messaging_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jboss_messaging_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jboss_messaging_client_packets',`
corenet_send_jboss_messaging_client_packets($1)
corenet_receive_jboss_messaging_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jboss_messaging_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jboss_messaging_client_packets',`
corenet_dontaudit_send_jboss_messaging_client_packets($1)
corenet_dontaudit_receive_jboss_messaging_client_packets($1)
')
########################################
## <summary>
## Relabel packets to jboss_messaging_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jboss_messaging_client_packets',`
gen_require(`
type jboss_messaging_client_packet_t;
')
allow $1 jboss_messaging_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send jboss_messaging_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jboss_messaging_server_packets',`
gen_require(`
type jboss_messaging_server_packet_t;
')
allow $1 jboss_messaging_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jboss_messaging_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jboss_messaging_server_packets',`
gen_require(`
type jboss_messaging_server_packet_t;
')
dontaudit $1 jboss_messaging_server_packet_t:packet send;
')
########################################
## <summary>
## Receive jboss_messaging_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jboss_messaging_server_packets',`
gen_require(`
type jboss_messaging_server_packet_t;
')
allow $1 jboss_messaging_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jboss_messaging_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jboss_messaging_server_packets',`
gen_require(`
type jboss_messaging_server_packet_t;
')
dontaudit $1 jboss_messaging_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jboss_messaging_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jboss_messaging_server_packets',`
corenet_send_jboss_messaging_server_packets($1)
corenet_receive_jboss_messaging_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jboss_messaging_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jboss_messaging_server_packets',`
corenet_dontaudit_send_jboss_messaging_server_packets($1)
corenet_dontaudit_receive_jboss_messaging_server_packets($1)
')
########################################
## <summary>
## Relabel packets to jboss_messaging_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jboss_messaging_server_packets',`
gen_require(`
type jboss_messaging_server_packet_t;
')
allow $1 jboss_messaging_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_jboss_management_port',`
gen_require(`
type jboss_management_port_t;
')
allow $1 jboss_management_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_jboss_management_port',`
gen_require(`
type jboss_management_port_t;
')
allow $1 jboss_management_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_jboss_management_port',`
gen_require(`
type jboss_management_port_t;
')
dontaudit $1 jboss_management_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_jboss_management_port',`
gen_require(`
type jboss_management_port_t;
')
allow $1 jboss_management_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_jboss_management_port',`
gen_require(`
type jboss_management_port_t;
')
dontaudit $1 jboss_management_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_jboss_management_port',`
corenet_udp_send_jboss_management_port($1)
corenet_udp_receive_jboss_management_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_jboss_management_port',`
corenet_dontaudit_udp_send_jboss_management_port($1)
corenet_dontaudit_udp_receive_jboss_management_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_jboss_management_port',`
gen_require(`
type jboss_management_port_t;
')
allow $1 jboss_management_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_jboss_management_port',`
gen_require(`
type jboss_management_port_t;
')
allow $1 jboss_management_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_jboss_management_port',`
gen_require(`
type jboss_management_port_t;
')
allow $1 jboss_management_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send jboss_management_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jboss_management_client_packets',`
gen_require(`
type jboss_management_client_packet_t;
')
allow $1 jboss_management_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jboss_management_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jboss_management_client_packets',`
gen_require(`
type jboss_management_client_packet_t;
')
dontaudit $1 jboss_management_client_packet_t:packet send;
')
########################################
## <summary>
## Receive jboss_management_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jboss_management_client_packets',`
gen_require(`
type jboss_management_client_packet_t;
')
allow $1 jboss_management_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jboss_management_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jboss_management_client_packets',`
gen_require(`
type jboss_management_client_packet_t;
')
dontaudit $1 jboss_management_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jboss_management_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jboss_management_client_packets',`
corenet_send_jboss_management_client_packets($1)
corenet_receive_jboss_management_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jboss_management_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jboss_management_client_packets',`
corenet_dontaudit_send_jboss_management_client_packets($1)
corenet_dontaudit_receive_jboss_management_client_packets($1)
')
########################################
## <summary>
## Relabel packets to jboss_management_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jboss_management_client_packets',`
gen_require(`
type jboss_management_client_packet_t;
')
allow $1 jboss_management_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send jboss_management_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jboss_management_server_packets',`
gen_require(`
type jboss_management_server_packet_t;
')
allow $1 jboss_management_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jboss_management_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jboss_management_server_packets',`
gen_require(`
type jboss_management_server_packet_t;
')
dontaudit $1 jboss_management_server_packet_t:packet send;
')
########################################
## <summary>
## Receive jboss_management_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jboss_management_server_packets',`
gen_require(`
type jboss_management_server_packet_t;
')
allow $1 jboss_management_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jboss_management_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jboss_management_server_packets',`
gen_require(`
type jboss_management_server_packet_t;
')
dontaudit $1 jboss_management_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jboss_management_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jboss_management_server_packets',`
corenet_send_jboss_management_server_packets($1)
corenet_receive_jboss_management_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jboss_management_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jboss_management_server_packets',`
corenet_dontaudit_send_jboss_management_server_packets($1)
corenet_dontaudit_receive_jboss_management_server_packets($1)
')
########################################
## <summary>
## Relabel packets to jboss_management_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jboss_management_server_packets',`
gen_require(`
type jboss_management_server_packet_t;
')
allow $1 jboss_management_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_kerberos_port',`
gen_require(`
type kerberos_port_t;
')
allow $1 kerberos_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_kerberos_port',`
gen_require(`
type kerberos_port_t;
')
allow $1 kerberos_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_kerberos_port',`
gen_require(`
type kerberos_port_t;
')
dontaudit $1 kerberos_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_kerberos_port',`
gen_require(`
type kerberos_port_t;
')
allow $1 kerberos_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_kerberos_port',`
gen_require(`
type kerberos_port_t;
')
dontaudit $1 kerberos_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_kerberos_port',`
corenet_udp_send_kerberos_port($1)
corenet_udp_receive_kerberos_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_kerberos_port',`
corenet_dontaudit_udp_send_kerberos_port($1)
corenet_dontaudit_udp_receive_kerberos_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_kerberos_port',`
gen_require(`
type kerberos_port_t;
')
allow $1 kerberos_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_kerberos_port',`
gen_require(`
type kerberos_port_t;
')
allow $1 kerberos_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_kerberos_port',`
gen_require(`
type kerberos_port_t;
')
allow $1 kerberos_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send kerberos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kerberos_client_packets',`
gen_require(`
type kerberos_client_packet_t;
')
allow $1 kerberos_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kerberos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kerberos_client_packets',`
gen_require(`
type kerberos_client_packet_t;
')
dontaudit $1 kerberos_client_packet_t:packet send;
')
########################################
## <summary>
## Receive kerberos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kerberos_client_packets',`
gen_require(`
type kerberos_client_packet_t;
')
allow $1 kerberos_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kerberos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kerberos_client_packets',`
gen_require(`
type kerberos_client_packet_t;
')
dontaudit $1 kerberos_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kerberos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kerberos_client_packets',`
corenet_send_kerberos_client_packets($1)
corenet_receive_kerberos_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kerberos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kerberos_client_packets',`
corenet_dontaudit_send_kerberos_client_packets($1)
corenet_dontaudit_receive_kerberos_client_packets($1)
')
########################################
## <summary>
## Relabel packets to kerberos_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kerberos_client_packets',`
gen_require(`
type kerberos_client_packet_t;
')
allow $1 kerberos_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send kerberos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kerberos_server_packets',`
gen_require(`
type kerberos_server_packet_t;
')
allow $1 kerberos_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kerberos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kerberos_server_packets',`
gen_require(`
type kerberos_server_packet_t;
')
dontaudit $1 kerberos_server_packet_t:packet send;
')
########################################
## <summary>
## Receive kerberos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kerberos_server_packets',`
gen_require(`
type kerberos_server_packet_t;
')
allow $1 kerberos_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kerberos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kerberos_server_packets',`
gen_require(`
type kerberos_server_packet_t;
')
dontaudit $1 kerberos_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kerberos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kerberos_server_packets',`
corenet_send_kerberos_server_packets($1)
corenet_receive_kerberos_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kerberos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kerberos_server_packets',`
corenet_dontaudit_send_kerberos_server_packets($1)
corenet_dontaudit_receive_kerberos_server_packets($1)
')
########################################
## <summary>
## Relabel packets to kerberos_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kerberos_server_packets',`
gen_require(`
type kerberos_server_packet_t;
')
allow $1 kerberos_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_kerberos_admin_port',`
gen_require(`
type kerberos_admin_port_t;
')
allow $1 kerberos_admin_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_kerberos_admin_port',`
gen_require(`
type kerberos_admin_port_t;
')
allow $1 kerberos_admin_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_kerberos_admin_port',`
gen_require(`
type kerberos_admin_port_t;
')
dontaudit $1 kerberos_admin_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_kerberos_admin_port',`
gen_require(`
type kerberos_admin_port_t;
')
allow $1 kerberos_admin_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_kerberos_admin_port',`
gen_require(`
type kerberos_admin_port_t;
')
dontaudit $1 kerberos_admin_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_kerberos_admin_port',`
corenet_udp_send_kerberos_admin_port($1)
corenet_udp_receive_kerberos_admin_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_kerberos_admin_port',`
corenet_dontaudit_udp_send_kerberos_admin_port($1)
corenet_dontaudit_udp_receive_kerberos_admin_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_kerberos_admin_port',`
gen_require(`
type kerberos_admin_port_t;
')
allow $1 kerberos_admin_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_kerberos_admin_port',`
gen_require(`
type kerberos_admin_port_t;
')
allow $1 kerberos_admin_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_kerberos_admin_port',`
gen_require(`
type kerberos_admin_port_t;
')
allow $1 kerberos_admin_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send kerberos_admin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kerberos_admin_client_packets',`
gen_require(`
type kerberos_admin_client_packet_t;
')
allow $1 kerberos_admin_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kerberos_admin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kerberos_admin_client_packets',`
gen_require(`
type kerberos_admin_client_packet_t;
')
dontaudit $1 kerberos_admin_client_packet_t:packet send;
')
########################################
## <summary>
## Receive kerberos_admin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kerberos_admin_client_packets',`
gen_require(`
type kerberos_admin_client_packet_t;
')
allow $1 kerberos_admin_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kerberos_admin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kerberos_admin_client_packets',`
gen_require(`
type kerberos_admin_client_packet_t;
')
dontaudit $1 kerberos_admin_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kerberos_admin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kerberos_admin_client_packets',`
corenet_send_kerberos_admin_client_packets($1)
corenet_receive_kerberos_admin_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kerberos_admin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kerberos_admin_client_packets',`
corenet_dontaudit_send_kerberos_admin_client_packets($1)
corenet_dontaudit_receive_kerberos_admin_client_packets($1)
')
########################################
## <summary>
## Relabel packets to kerberos_admin_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kerberos_admin_client_packets',`
gen_require(`
type kerberos_admin_client_packet_t;
')
allow $1 kerberos_admin_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send kerberos_admin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kerberos_admin_server_packets',`
gen_require(`
type kerberos_admin_server_packet_t;
')
allow $1 kerberos_admin_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kerberos_admin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kerberos_admin_server_packets',`
gen_require(`
type kerberos_admin_server_packet_t;
')
dontaudit $1 kerberos_admin_server_packet_t:packet send;
')
########################################
## <summary>
## Receive kerberos_admin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kerberos_admin_server_packets',`
gen_require(`
type kerberos_admin_server_packet_t;
')
allow $1 kerberos_admin_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kerberos_admin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kerberos_admin_server_packets',`
gen_require(`
type kerberos_admin_server_packet_t;
')
dontaudit $1 kerberos_admin_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kerberos_admin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kerberos_admin_server_packets',`
corenet_send_kerberos_admin_server_packets($1)
corenet_receive_kerberos_admin_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kerberos_admin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kerberos_admin_server_packets',`
corenet_dontaudit_send_kerberos_admin_server_packets($1)
corenet_dontaudit_receive_kerberos_admin_server_packets($1)
')
########################################
## <summary>
## Relabel packets to kerberos_admin_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kerberos_admin_server_packets',`
gen_require(`
type kerberos_admin_server_packet_t;
')
allow $1 kerberos_admin_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the kerberos_master port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_kerberos_master_port',`
gen_require(`
type kerberos_master_port_t;
')
allow $1 kerberos_master_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the kerberos_master port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_kerberos_master_port',`
gen_require(`
type kerberos_master_port_t;
')
allow $1 kerberos_master_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the kerberos_master port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_kerberos_master_port',`
gen_require(`
type kerberos_master_port_t;
')
dontaudit $1 kerberos_master_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the kerberos_master port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_kerberos_master_port',`
gen_require(`
type kerberos_master_port_t;
')
allow $1 kerberos_master_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the kerberos_master port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_kerberos_master_port',`
gen_require(`
type kerberos_master_port_t;
')
dontaudit $1 kerberos_master_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the kerberos_master port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_kerberos_master_port',`
corenet_udp_send_kerberos_master_port($1)
corenet_udp_receive_kerberos_master_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the kerberos_master port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_kerberos_master_port',`
corenet_dontaudit_udp_send_kerberos_master_port($1)
corenet_dontaudit_udp_receive_kerberos_master_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the kerberos_master port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_kerberos_master_port',`
gen_require(`
type kerberos_master_port_t;
')
allow $1 kerberos_master_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the kerberos_master port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_kerberos_master_port',`
gen_require(`
type kerberos_master_port_t;
')
allow $1 kerberos_master_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the kerberos_master port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_kerberos_master_port',`
gen_require(`
type kerberos_master_port_t;
')
allow $1 kerberos_master_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send kerberos_master_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kerberos_master_client_packets',`
gen_require(`
type kerberos_master_client_packet_t;
')
allow $1 kerberos_master_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kerberos_master_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kerberos_master_client_packets',`
gen_require(`
type kerberos_master_client_packet_t;
')
dontaudit $1 kerberos_master_client_packet_t:packet send;
')
########################################
## <summary>
## Receive kerberos_master_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kerberos_master_client_packets',`
gen_require(`
type kerberos_master_client_packet_t;
')
allow $1 kerberos_master_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kerberos_master_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kerberos_master_client_packets',`
gen_require(`
type kerberos_master_client_packet_t;
')
dontaudit $1 kerberos_master_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kerberos_master_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kerberos_master_client_packets',`
corenet_send_kerberos_master_client_packets($1)
corenet_receive_kerberos_master_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kerberos_master_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kerberos_master_client_packets',`
corenet_dontaudit_send_kerberos_master_client_packets($1)
corenet_dontaudit_receive_kerberos_master_client_packets($1)
')
########################################
## <summary>
## Relabel packets to kerberos_master_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kerberos_master_client_packets',`
gen_require(`
type kerberos_master_client_packet_t;
')
allow $1 kerberos_master_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send kerberos_master_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kerberos_master_server_packets',`
gen_require(`
type kerberos_master_server_packet_t;
')
allow $1 kerberos_master_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kerberos_master_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kerberos_master_server_packets',`
gen_require(`
type kerberos_master_server_packet_t;
')
dontaudit $1 kerberos_master_server_packet_t:packet send;
')
########################################
## <summary>
## Receive kerberos_master_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kerberos_master_server_packets',`
gen_require(`
type kerberos_master_server_packet_t;
')
allow $1 kerberos_master_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kerberos_master_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kerberos_master_server_packets',`
gen_require(`
type kerberos_master_server_packet_t;
')
dontaudit $1 kerberos_master_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kerberos_master_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kerberos_master_server_packets',`
corenet_send_kerberos_master_server_packets($1)
corenet_receive_kerberos_master_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kerberos_master_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kerberos_master_server_packets',`
corenet_dontaudit_send_kerberos_master_server_packets($1)
corenet_dontaudit_receive_kerberos_master_server_packets($1)
')
########################################
## <summary>
## Relabel packets to kerberos_master_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kerberos_master_server_packets',`
gen_require(`
type kerberos_master_server_packet_t;
')
allow $1 kerberos_master_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_kerberos_password_port',`
gen_require(`
type kerberos_password_port_t;
')
allow $1 kerberos_password_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_kerberos_password_port',`
gen_require(`
type kerberos_password_port_t;
')
allow $1 kerberos_password_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_kerberos_password_port',`
gen_require(`
type kerberos_password_port_t;
')
dontaudit $1 kerberos_password_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_kerberos_password_port',`
gen_require(`
type kerberos_password_port_t;
')
allow $1 kerberos_password_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_kerberos_password_port',`
gen_require(`
type kerberos_password_port_t;
')
dontaudit $1 kerberos_password_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_kerberos_password_port',`
corenet_udp_send_kerberos_password_port($1)
corenet_udp_receive_kerberos_password_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_kerberos_password_port',`
corenet_dontaudit_udp_send_kerberos_password_port($1)
corenet_dontaudit_udp_receive_kerberos_password_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_kerberos_password_port',`
gen_require(`
type kerberos_password_port_t;
')
allow $1 kerberos_password_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_kerberos_password_port',`
gen_require(`
type kerberos_password_port_t;
')
allow $1 kerberos_password_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_kerberos_password_port',`
gen_require(`
type kerberos_password_port_t;
')
allow $1 kerberos_password_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send kerberos_password_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kerberos_password_client_packets',`
gen_require(`
type kerberos_password_client_packet_t;
')
allow $1 kerberos_password_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kerberos_password_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kerberos_password_client_packets',`
gen_require(`
type kerberos_password_client_packet_t;
')
dontaudit $1 kerberos_password_client_packet_t:packet send;
')
########################################
## <summary>
## Receive kerberos_password_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kerberos_password_client_packets',`
gen_require(`
type kerberos_password_client_packet_t;
')
allow $1 kerberos_password_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kerberos_password_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kerberos_password_client_packets',`
gen_require(`
type kerberos_password_client_packet_t;
')
dontaudit $1 kerberos_password_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kerberos_password_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kerberos_password_client_packets',`
corenet_send_kerberos_password_client_packets($1)
corenet_receive_kerberos_password_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kerberos_password_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kerberos_password_client_packets',`
corenet_dontaudit_send_kerberos_password_client_packets($1)
corenet_dontaudit_receive_kerberos_password_client_packets($1)
')
########################################
## <summary>
## Relabel packets to kerberos_password_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kerberos_password_client_packets',`
gen_require(`
type kerberos_password_client_packet_t;
')
allow $1 kerberos_password_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send kerberos_password_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kerberos_password_server_packets',`
gen_require(`
type kerberos_password_server_packet_t;
')
allow $1 kerberos_password_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kerberos_password_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kerberos_password_server_packets',`
gen_require(`
type kerberos_password_server_packet_t;
')
dontaudit $1 kerberos_password_server_packet_t:packet send;
')
########################################
## <summary>
## Receive kerberos_password_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kerberos_password_server_packets',`
gen_require(`
type kerberos_password_server_packet_t;
')
allow $1 kerberos_password_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kerberos_password_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kerberos_password_server_packets',`
gen_require(`
type kerberos_password_server_packet_t;
')
dontaudit $1 kerberos_password_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kerberos_password_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kerberos_password_server_packets',`
corenet_send_kerberos_password_server_packets($1)
corenet_receive_kerberos_password_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kerberos_password_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kerberos_password_server_packets',`
corenet_dontaudit_send_kerberos_password_server_packets($1)
corenet_dontaudit_receive_kerberos_password_server_packets($1)
')
########################################
## <summary>
## Relabel packets to kerberos_password_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kerberos_password_server_packets',`
gen_require(`
type kerberos_password_server_packet_t;
')
allow $1 kerberos_password_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the kismet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_kismet_port',`
gen_require(`
type kismet_port_t;
')
allow $1 kismet_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the kismet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_kismet_port',`
gen_require(`
type kismet_port_t;
')
allow $1 kismet_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the kismet port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_kismet_port',`
gen_require(`
type kismet_port_t;
')
dontaudit $1 kismet_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the kismet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_kismet_port',`
gen_require(`
type kismet_port_t;
')
allow $1 kismet_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the kismet port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_kismet_port',`
gen_require(`
type kismet_port_t;
')
dontaudit $1 kismet_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the kismet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_kismet_port',`
corenet_udp_send_kismet_port($1)
corenet_udp_receive_kismet_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the kismet port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_kismet_port',`
corenet_dontaudit_udp_send_kismet_port($1)
corenet_dontaudit_udp_receive_kismet_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the kismet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_kismet_port',`
gen_require(`
type kismet_port_t;
')
allow $1 kismet_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the kismet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_kismet_port',`
gen_require(`
type kismet_port_t;
')
allow $1 kismet_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the kismet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_kismet_port',`
gen_require(`
type kismet_port_t;
')
allow $1 kismet_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send kismet_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kismet_client_packets',`
gen_require(`
type kismet_client_packet_t;
')
allow $1 kismet_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kismet_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kismet_client_packets',`
gen_require(`
type kismet_client_packet_t;
')
dontaudit $1 kismet_client_packet_t:packet send;
')
########################################
## <summary>
## Receive kismet_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kismet_client_packets',`
gen_require(`
type kismet_client_packet_t;
')
allow $1 kismet_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kismet_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kismet_client_packets',`
gen_require(`
type kismet_client_packet_t;
')
dontaudit $1 kismet_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kismet_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kismet_client_packets',`
corenet_send_kismet_client_packets($1)
corenet_receive_kismet_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kismet_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kismet_client_packets',`
corenet_dontaudit_send_kismet_client_packets($1)
corenet_dontaudit_receive_kismet_client_packets($1)
')
########################################
## <summary>
## Relabel packets to kismet_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kismet_client_packets',`
gen_require(`
type kismet_client_packet_t;
')
allow $1 kismet_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send kismet_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kismet_server_packets',`
gen_require(`
type kismet_server_packet_t;
')
allow $1 kismet_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kismet_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kismet_server_packets',`
gen_require(`
type kismet_server_packet_t;
')
dontaudit $1 kismet_server_packet_t:packet send;
')
########################################
## <summary>
## Receive kismet_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kismet_server_packets',`
gen_require(`
type kismet_server_packet_t;
')
allow $1 kismet_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kismet_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kismet_server_packets',`
gen_require(`
type kismet_server_packet_t;
')
dontaudit $1 kismet_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kismet_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kismet_server_packets',`
corenet_send_kismet_server_packets($1)
corenet_receive_kismet_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kismet_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kismet_server_packets',`
corenet_dontaudit_send_kismet_server_packets($1)
corenet_dontaudit_receive_kismet_server_packets($1)
')
########################################
## <summary>
## Relabel packets to kismet_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kismet_server_packets',`
gen_require(`
type kismet_server_packet_t;
')
allow $1 kismet_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_kprop_port',`
gen_require(`
type kprop_port_t;
')
allow $1 kprop_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_kprop_port',`
gen_require(`
type kprop_port_t;
')
allow $1 kprop_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_kprop_port',`
gen_require(`
type kprop_port_t;
')
dontaudit $1 kprop_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_kprop_port',`
gen_require(`
type kprop_port_t;
')
allow $1 kprop_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_kprop_port',`
gen_require(`
type kprop_port_t;
')
dontaudit $1 kprop_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_kprop_port',`
corenet_udp_send_kprop_port($1)
corenet_udp_receive_kprop_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_kprop_port',`
corenet_dontaudit_udp_send_kprop_port($1)
corenet_dontaudit_udp_receive_kprop_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_kprop_port',`
gen_require(`
type kprop_port_t;
')
allow $1 kprop_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_kprop_port',`
gen_require(`
type kprop_port_t;
')
allow $1 kprop_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_kprop_port',`
gen_require(`
type kprop_port_t;
')
allow $1 kprop_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send kprop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kprop_client_packets',`
gen_require(`
type kprop_client_packet_t;
')
allow $1 kprop_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kprop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kprop_client_packets',`
gen_require(`
type kprop_client_packet_t;
')
dontaudit $1 kprop_client_packet_t:packet send;
')
########################################
## <summary>
## Receive kprop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kprop_client_packets',`
gen_require(`
type kprop_client_packet_t;
')
allow $1 kprop_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kprop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kprop_client_packets',`
gen_require(`
type kprop_client_packet_t;
')
dontaudit $1 kprop_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kprop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kprop_client_packets',`
corenet_send_kprop_client_packets($1)
corenet_receive_kprop_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kprop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kprop_client_packets',`
corenet_dontaudit_send_kprop_client_packets($1)
corenet_dontaudit_receive_kprop_client_packets($1)
')
########################################
## <summary>
## Relabel packets to kprop_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kprop_client_packets',`
gen_require(`
type kprop_client_packet_t;
')
allow $1 kprop_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send kprop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kprop_server_packets',`
gen_require(`
type kprop_server_packet_t;
')
allow $1 kprop_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kprop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kprop_server_packets',`
gen_require(`
type kprop_server_packet_t;
')
dontaudit $1 kprop_server_packet_t:packet send;
')
########################################
## <summary>
## Receive kprop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kprop_server_packets',`
gen_require(`
type kprop_server_packet_t;
')
allow $1 kprop_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kprop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kprop_server_packets',`
gen_require(`
type kprop_server_packet_t;
')
dontaudit $1 kprop_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kprop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kprop_server_packets',`
corenet_send_kprop_server_packets($1)
corenet_receive_kprop_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kprop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kprop_server_packets',`
corenet_dontaudit_send_kprop_server_packets($1)
corenet_dontaudit_receive_kprop_server_packets($1)
')
########################################
## <summary>
## Relabel packets to kprop_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kprop_server_packets',`
gen_require(`
type kprop_server_packet_t;
')
allow $1 kprop_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ktalkd_port',`
gen_require(`
type ktalkd_port_t;
')
allow $1 ktalkd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ktalkd_port',`
gen_require(`
type ktalkd_port_t;
')
allow $1 ktalkd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ktalkd_port',`
gen_require(`
type ktalkd_port_t;
')
dontaudit $1 ktalkd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ktalkd_port',`
gen_require(`
type ktalkd_port_t;
')
allow $1 ktalkd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ktalkd_port',`
gen_require(`
type ktalkd_port_t;
')
dontaudit $1 ktalkd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ktalkd_port',`
corenet_udp_send_ktalkd_port($1)
corenet_udp_receive_ktalkd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ktalkd_port',`
corenet_dontaudit_udp_send_ktalkd_port($1)
corenet_dontaudit_udp_receive_ktalkd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ktalkd_port',`
gen_require(`
type ktalkd_port_t;
')
allow $1 ktalkd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ktalkd_port',`
gen_require(`
type ktalkd_port_t;
')
allow $1 ktalkd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ktalkd_port',`
gen_require(`
type ktalkd_port_t;
')
allow $1 ktalkd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ktalkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ktalkd_client_packets',`
gen_require(`
type ktalkd_client_packet_t;
')
allow $1 ktalkd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ktalkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ktalkd_client_packets',`
gen_require(`
type ktalkd_client_packet_t;
')
dontaudit $1 ktalkd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ktalkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ktalkd_client_packets',`
gen_require(`
type ktalkd_client_packet_t;
')
allow $1 ktalkd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ktalkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ktalkd_client_packets',`
gen_require(`
type ktalkd_client_packet_t;
')
dontaudit $1 ktalkd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ktalkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ktalkd_client_packets',`
corenet_send_ktalkd_client_packets($1)
corenet_receive_ktalkd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ktalkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ktalkd_client_packets',`
corenet_dontaudit_send_ktalkd_client_packets($1)
corenet_dontaudit_receive_ktalkd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ktalkd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ktalkd_client_packets',`
gen_require(`
type ktalkd_client_packet_t;
')
allow $1 ktalkd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ktalkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ktalkd_server_packets',`
gen_require(`
type ktalkd_server_packet_t;
')
allow $1 ktalkd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ktalkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ktalkd_server_packets',`
gen_require(`
type ktalkd_server_packet_t;
')
dontaudit $1 ktalkd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ktalkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ktalkd_server_packets',`
gen_require(`
type ktalkd_server_packet_t;
')
allow $1 ktalkd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ktalkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ktalkd_server_packets',`
gen_require(`
type ktalkd_server_packet_t;
')
dontaudit $1 ktalkd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ktalkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ktalkd_server_packets',`
corenet_send_ktalkd_server_packets($1)
corenet_receive_ktalkd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ktalkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ktalkd_server_packets',`
corenet_dontaudit_send_ktalkd_server_packets($1)
corenet_dontaudit_receive_ktalkd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ktalkd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ktalkd_server_packets',`
gen_require(`
type ktalkd_server_packet_t;
')
allow $1 ktalkd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ldap_port',`
gen_require(`
type ldap_port_t;
')
allow $1 ldap_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ldap_port',`
gen_require(`
type ldap_port_t;
')
allow $1 ldap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ldap_port',`
gen_require(`
type ldap_port_t;
')
dontaudit $1 ldap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ldap_port',`
gen_require(`
type ldap_port_t;
')
allow $1 ldap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ldap_port',`
gen_require(`
type ldap_port_t;
')
dontaudit $1 ldap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ldap_port',`
corenet_udp_send_ldap_port($1)
corenet_udp_receive_ldap_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ldap_port',`
corenet_dontaudit_udp_send_ldap_port($1)
corenet_dontaudit_udp_receive_ldap_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ldap_port',`
gen_require(`
type ldap_port_t;
')
allow $1 ldap_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ldap_port',`
gen_require(`
type ldap_port_t;
')
allow $1 ldap_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ldap_port',`
gen_require(`
type ldap_port_t;
')
allow $1 ldap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ldap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ldap_client_packets',`
gen_require(`
type ldap_client_packet_t;
')
allow $1 ldap_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ldap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ldap_client_packets',`
gen_require(`
type ldap_client_packet_t;
')
dontaudit $1 ldap_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ldap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ldap_client_packets',`
gen_require(`
type ldap_client_packet_t;
')
allow $1 ldap_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ldap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ldap_client_packets',`
gen_require(`
type ldap_client_packet_t;
')
dontaudit $1 ldap_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ldap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ldap_client_packets',`
corenet_send_ldap_client_packets($1)
corenet_receive_ldap_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ldap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ldap_client_packets',`
corenet_dontaudit_send_ldap_client_packets($1)
corenet_dontaudit_receive_ldap_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ldap_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ldap_client_packets',`
gen_require(`
type ldap_client_packet_t;
')
allow $1 ldap_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ldap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ldap_server_packets',`
gen_require(`
type ldap_server_packet_t;
')
allow $1 ldap_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ldap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ldap_server_packets',`
gen_require(`
type ldap_server_packet_t;
')
dontaudit $1 ldap_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ldap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ldap_server_packets',`
gen_require(`
type ldap_server_packet_t;
')
allow $1 ldap_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ldap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ldap_server_packets',`
gen_require(`
type ldap_server_packet_t;
')
dontaudit $1 ldap_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ldap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ldap_server_packets',`
corenet_send_ldap_server_packets($1)
corenet_receive_ldap_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ldap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ldap_server_packets',`
corenet_dontaudit_send_ldap_server_packets($1)
corenet_dontaudit_receive_ldap_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ldap_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ldap_server_packets',`
gen_require(`
type ldap_server_packet_t;
')
allow $1 ldap_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_lmtp_port',`
gen_require(`
type lmtp_port_t;
')
allow $1 lmtp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_lmtp_port',`
gen_require(`
type lmtp_port_t;
')
allow $1 lmtp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_lmtp_port',`
gen_require(`
type lmtp_port_t;
')
dontaudit $1 lmtp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_lmtp_port',`
gen_require(`
type lmtp_port_t;
')
allow $1 lmtp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_lmtp_port',`
gen_require(`
type lmtp_port_t;
')
dontaudit $1 lmtp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_lmtp_port',`
corenet_udp_send_lmtp_port($1)
corenet_udp_receive_lmtp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_lmtp_port',`
corenet_dontaudit_udp_send_lmtp_port($1)
corenet_dontaudit_udp_receive_lmtp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_lmtp_port',`
gen_require(`
type lmtp_port_t;
')
allow $1 lmtp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_lmtp_port',`
gen_require(`
type lmtp_port_t;
')
allow $1 lmtp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_lmtp_port',`
gen_require(`
type lmtp_port_t;
')
allow $1 lmtp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send lmtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_lmtp_client_packets',`
gen_require(`
type lmtp_client_packet_t;
')
allow $1 lmtp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send lmtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_lmtp_client_packets',`
gen_require(`
type lmtp_client_packet_t;
')
dontaudit $1 lmtp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive lmtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_lmtp_client_packets',`
gen_require(`
type lmtp_client_packet_t;
')
allow $1 lmtp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive lmtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_lmtp_client_packets',`
gen_require(`
type lmtp_client_packet_t;
')
dontaudit $1 lmtp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive lmtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_lmtp_client_packets',`
corenet_send_lmtp_client_packets($1)
corenet_receive_lmtp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive lmtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_lmtp_client_packets',`
corenet_dontaudit_send_lmtp_client_packets($1)
corenet_dontaudit_receive_lmtp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to lmtp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_lmtp_client_packets',`
gen_require(`
type lmtp_client_packet_t;
')
allow $1 lmtp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send lmtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_lmtp_server_packets',`
gen_require(`
type lmtp_server_packet_t;
')
allow $1 lmtp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send lmtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_lmtp_server_packets',`
gen_require(`
type lmtp_server_packet_t;
')
dontaudit $1 lmtp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive lmtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_lmtp_server_packets',`
gen_require(`
type lmtp_server_packet_t;
')
allow $1 lmtp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive lmtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_lmtp_server_packets',`
gen_require(`
type lmtp_server_packet_t;
')
dontaudit $1 lmtp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive lmtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_lmtp_server_packets',`
corenet_send_lmtp_server_packets($1)
corenet_receive_lmtp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive lmtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_lmtp_server_packets',`
corenet_dontaudit_send_lmtp_server_packets($1)
corenet_dontaudit_receive_lmtp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to lmtp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_lmtp_server_packets',`
gen_require(`
type lmtp_server_packet_t;
')
allow $1 lmtp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_lirc_port',`
gen_require(`
type lirc_port_t;
')
allow $1 lirc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_lirc_port',`
gen_require(`
type lirc_port_t;
')
allow $1 lirc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_lirc_port',`
gen_require(`
type lirc_port_t;
')
dontaudit $1 lirc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_lirc_port',`
gen_require(`
type lirc_port_t;
')
allow $1 lirc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_lirc_port',`
gen_require(`
type lirc_port_t;
')
dontaudit $1 lirc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_lirc_port',`
corenet_udp_send_lirc_port($1)
corenet_udp_receive_lirc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_lirc_port',`
corenet_dontaudit_udp_send_lirc_port($1)
corenet_dontaudit_udp_receive_lirc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_lirc_port',`
gen_require(`
type lirc_port_t;
')
allow $1 lirc_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_lirc_port',`
gen_require(`
type lirc_port_t;
')
allow $1 lirc_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_lirc_port',`
gen_require(`
type lirc_port_t;
')
allow $1 lirc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send lirc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_lirc_client_packets',`
gen_require(`
type lirc_client_packet_t;
')
allow $1 lirc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send lirc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_lirc_client_packets',`
gen_require(`
type lirc_client_packet_t;
')
dontaudit $1 lirc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive lirc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_lirc_client_packets',`
gen_require(`
type lirc_client_packet_t;
')
allow $1 lirc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive lirc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_lirc_client_packets',`
gen_require(`
type lirc_client_packet_t;
')
dontaudit $1 lirc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive lirc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_lirc_client_packets',`
corenet_send_lirc_client_packets($1)
corenet_receive_lirc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive lirc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_lirc_client_packets',`
corenet_dontaudit_send_lirc_client_packets($1)
corenet_dontaudit_receive_lirc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to lirc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_lirc_client_packets',`
gen_require(`
type lirc_client_packet_t;
')
allow $1 lirc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send lirc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_lirc_server_packets',`
gen_require(`
type lirc_server_packet_t;
')
allow $1 lirc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send lirc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_lirc_server_packets',`
gen_require(`
type lirc_server_packet_t;
')
dontaudit $1 lirc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive lirc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_lirc_server_packets',`
gen_require(`
type lirc_server_packet_t;
')
allow $1 lirc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive lirc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_lirc_server_packets',`
gen_require(`
type lirc_server_packet_t;
')
dontaudit $1 lirc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive lirc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_lirc_server_packets',`
corenet_send_lirc_server_packets($1)
corenet_receive_lirc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive lirc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_lirc_server_packets',`
corenet_dontaudit_send_lirc_server_packets($1)
corenet_dontaudit_receive_lirc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to lirc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_lirc_server_packets',`
gen_require(`
type lirc_server_packet_t;
')
allow $1 lirc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_luci_port',`
gen_require(`
type luci_port_t;
')
allow $1 luci_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_luci_port',`
gen_require(`
type luci_port_t;
')
allow $1 luci_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_luci_port',`
gen_require(`
type luci_port_t;
')
dontaudit $1 luci_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_luci_port',`
gen_require(`
type luci_port_t;
')
allow $1 luci_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_luci_port',`
gen_require(`
type luci_port_t;
')
dontaudit $1 luci_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_luci_port',`
corenet_udp_send_luci_port($1)
corenet_udp_receive_luci_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_luci_port',`
corenet_dontaudit_udp_send_luci_port($1)
corenet_dontaudit_udp_receive_luci_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_luci_port',`
gen_require(`
type luci_port_t;
')
allow $1 luci_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_luci_port',`
gen_require(`
type luci_port_t;
')
allow $1 luci_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_luci_port',`
gen_require(`
type luci_port_t;
')
allow $1 luci_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send luci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_luci_client_packets',`
gen_require(`
type luci_client_packet_t;
')
allow $1 luci_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send luci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_luci_client_packets',`
gen_require(`
type luci_client_packet_t;
')
dontaudit $1 luci_client_packet_t:packet send;
')
########################################
## <summary>
## Receive luci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_luci_client_packets',`
gen_require(`
type luci_client_packet_t;
')
allow $1 luci_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive luci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_luci_client_packets',`
gen_require(`
type luci_client_packet_t;
')
dontaudit $1 luci_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive luci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_luci_client_packets',`
corenet_send_luci_client_packets($1)
corenet_receive_luci_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive luci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_luci_client_packets',`
corenet_dontaudit_send_luci_client_packets($1)
corenet_dontaudit_receive_luci_client_packets($1)
')
########################################
## <summary>
## Relabel packets to luci_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_luci_client_packets',`
gen_require(`
type luci_client_packet_t;
')
allow $1 luci_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send luci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_luci_server_packets',`
gen_require(`
type luci_server_packet_t;
')
allow $1 luci_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send luci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_luci_server_packets',`
gen_require(`
type luci_server_packet_t;
')
dontaudit $1 luci_server_packet_t:packet send;
')
########################################
## <summary>
## Receive luci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_luci_server_packets',`
gen_require(`
type luci_server_packet_t;
')
allow $1 luci_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive luci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_luci_server_packets',`
gen_require(`
type luci_server_packet_t;
')
dontaudit $1 luci_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive luci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_luci_server_packets',`
corenet_send_luci_server_packets($1)
corenet_receive_luci_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive luci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_luci_server_packets',`
corenet_dontaudit_send_luci_server_packets($1)
corenet_dontaudit_receive_luci_server_packets($1)
')
########################################
## <summary>
## Relabel packets to luci_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_luci_server_packets',`
gen_require(`
type luci_server_packet_t;
')
allow $1 luci_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_l2tp_port',`
gen_require(`
type l2tp_port_t;
')
allow $1 l2tp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_l2tp_port',`
gen_require(`
type l2tp_port_t;
')
allow $1 l2tp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_l2tp_port',`
gen_require(`
type l2tp_port_t;
')
dontaudit $1 l2tp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_l2tp_port',`
gen_require(`
type l2tp_port_t;
')
allow $1 l2tp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_l2tp_port',`
gen_require(`
type l2tp_port_t;
')
dontaudit $1 l2tp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_l2tp_port',`
corenet_udp_send_l2tp_port($1)
corenet_udp_receive_l2tp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_l2tp_port',`
corenet_dontaudit_udp_send_l2tp_port($1)
corenet_dontaudit_udp_receive_l2tp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_l2tp_port',`
gen_require(`
type l2tp_port_t;
')
allow $1 l2tp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_l2tp_port',`
gen_require(`
type l2tp_port_t;
')
allow $1 l2tp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_l2tp_port',`
gen_require(`
type l2tp_port_t;
')
allow $1 l2tp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send l2tp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_l2tp_client_packets',`
gen_require(`
type l2tp_client_packet_t;
')
allow $1 l2tp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send l2tp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_l2tp_client_packets',`
gen_require(`
type l2tp_client_packet_t;
')
dontaudit $1 l2tp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive l2tp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_l2tp_client_packets',`
gen_require(`
type l2tp_client_packet_t;
')
allow $1 l2tp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive l2tp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_l2tp_client_packets',`
gen_require(`
type l2tp_client_packet_t;
')
dontaudit $1 l2tp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive l2tp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_l2tp_client_packets',`
corenet_send_l2tp_client_packets($1)
corenet_receive_l2tp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive l2tp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_l2tp_client_packets',`
corenet_dontaudit_send_l2tp_client_packets($1)
corenet_dontaudit_receive_l2tp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to l2tp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_l2tp_client_packets',`
gen_require(`
type l2tp_client_packet_t;
')
allow $1 l2tp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send l2tp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_l2tp_server_packets',`
gen_require(`
type l2tp_server_packet_t;
')
allow $1 l2tp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send l2tp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_l2tp_server_packets',`
gen_require(`
type l2tp_server_packet_t;
')
dontaudit $1 l2tp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive l2tp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_l2tp_server_packets',`
gen_require(`
type l2tp_server_packet_t;
')
allow $1 l2tp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive l2tp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_l2tp_server_packets',`
gen_require(`
type l2tp_server_packet_t;
')
dontaudit $1 l2tp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive l2tp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_l2tp_server_packets',`
corenet_send_l2tp_server_packets($1)
corenet_receive_l2tp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive l2tp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_l2tp_server_packets',`
corenet_dontaudit_send_l2tp_server_packets($1)
corenet_dontaudit_receive_l2tp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to l2tp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_l2tp_server_packets',`
gen_require(`
type l2tp_server_packet_t;
')
allow $1 l2tp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mail_port',`
gen_require(`
type mail_port_t;
')
allow $1 mail_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mail_port',`
gen_require(`
type mail_port_t;
')
allow $1 mail_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mail_port',`
gen_require(`
type mail_port_t;
')
dontaudit $1 mail_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mail_port',`
gen_require(`
type mail_port_t;
')
allow $1 mail_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mail_port',`
gen_require(`
type mail_port_t;
')
dontaudit $1 mail_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mail_port',`
corenet_udp_send_mail_port($1)
corenet_udp_receive_mail_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mail_port',`
corenet_dontaudit_udp_send_mail_port($1)
corenet_dontaudit_udp_receive_mail_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mail_port',`
gen_require(`
type mail_port_t;
')
allow $1 mail_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mail_port',`
gen_require(`
type mail_port_t;
')
allow $1 mail_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mail_port',`
gen_require(`
type mail_port_t;
')
allow $1 mail_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mail_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mail_client_packets',`
gen_require(`
type mail_client_packet_t;
')
allow $1 mail_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mail_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mail_client_packets',`
gen_require(`
type mail_client_packet_t;
')
dontaudit $1 mail_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mail_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mail_client_packets',`
gen_require(`
type mail_client_packet_t;
')
allow $1 mail_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mail_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mail_client_packets',`
gen_require(`
type mail_client_packet_t;
')
dontaudit $1 mail_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mail_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mail_client_packets',`
corenet_send_mail_client_packets($1)
corenet_receive_mail_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mail_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mail_client_packets',`
corenet_dontaudit_send_mail_client_packets($1)
corenet_dontaudit_receive_mail_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mail_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mail_client_packets',`
gen_require(`
type mail_client_packet_t;
')
allow $1 mail_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mail_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mail_server_packets',`
gen_require(`
type mail_server_packet_t;
')
allow $1 mail_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mail_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mail_server_packets',`
gen_require(`
type mail_server_packet_t;
')
dontaudit $1 mail_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mail_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mail_server_packets',`
gen_require(`
type mail_server_packet_t;
')
allow $1 mail_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mail_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mail_server_packets',`
gen_require(`
type mail_server_packet_t;
')
dontaudit $1 mail_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mail_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mail_server_packets',`
corenet_send_mail_server_packets($1)
corenet_receive_mail_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mail_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mail_server_packets',`
corenet_dontaudit_send_mail_server_packets($1)
corenet_dontaudit_receive_mail_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mail_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mail_server_packets',`
gen_require(`
type mail_server_packet_t;
')
allow $1 mail_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_matahari_port',`
gen_require(`
type matahari_port_t;
')
allow $1 matahari_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_matahari_port',`
gen_require(`
type matahari_port_t;
')
allow $1 matahari_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_matahari_port',`
gen_require(`
type matahari_port_t;
')
dontaudit $1 matahari_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_matahari_port',`
gen_require(`
type matahari_port_t;
')
allow $1 matahari_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_matahari_port',`
gen_require(`
type matahari_port_t;
')
dontaudit $1 matahari_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_matahari_port',`
corenet_udp_send_matahari_port($1)
corenet_udp_receive_matahari_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_matahari_port',`
corenet_dontaudit_udp_send_matahari_port($1)
corenet_dontaudit_udp_receive_matahari_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_matahari_port',`
gen_require(`
type matahari_port_t;
')
allow $1 matahari_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_matahari_port',`
gen_require(`
type matahari_port_t;
')
allow $1 matahari_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_matahari_port',`
gen_require(`
type matahari_port_t;
')
allow $1 matahari_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send matahari_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_matahari_client_packets',`
gen_require(`
type matahari_client_packet_t;
')
allow $1 matahari_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send matahari_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_matahari_client_packets',`
gen_require(`
type matahari_client_packet_t;
')
dontaudit $1 matahari_client_packet_t:packet send;
')
########################################
## <summary>
## Receive matahari_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_matahari_client_packets',`
gen_require(`
type matahari_client_packet_t;
')
allow $1 matahari_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive matahari_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_matahari_client_packets',`
gen_require(`
type matahari_client_packet_t;
')
dontaudit $1 matahari_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive matahari_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_matahari_client_packets',`
corenet_send_matahari_client_packets($1)
corenet_receive_matahari_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive matahari_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_matahari_client_packets',`
corenet_dontaudit_send_matahari_client_packets($1)
corenet_dontaudit_receive_matahari_client_packets($1)
')
########################################
## <summary>
## Relabel packets to matahari_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_matahari_client_packets',`
gen_require(`
type matahari_client_packet_t;
')
allow $1 matahari_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send matahari_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_matahari_server_packets',`
gen_require(`
type matahari_server_packet_t;
')
allow $1 matahari_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send matahari_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_matahari_server_packets',`
gen_require(`
type matahari_server_packet_t;
')
dontaudit $1 matahari_server_packet_t:packet send;
')
########################################
## <summary>
## Receive matahari_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_matahari_server_packets',`
gen_require(`
type matahari_server_packet_t;
')
allow $1 matahari_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive matahari_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_matahari_server_packets',`
gen_require(`
type matahari_server_packet_t;
')
dontaudit $1 matahari_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive matahari_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_matahari_server_packets',`
corenet_send_matahari_server_packets($1)
corenet_receive_matahari_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive matahari_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_matahari_server_packets',`
corenet_dontaudit_send_matahari_server_packets($1)
corenet_dontaudit_receive_matahari_server_packets($1)
')
########################################
## <summary>
## Relabel packets to matahari_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_matahari_server_packets',`
gen_require(`
type matahari_server_packet_t;
')
allow $1 matahari_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_memcache_port',`
gen_require(`
type memcache_port_t;
')
allow $1 memcache_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_memcache_port',`
gen_require(`
type memcache_port_t;
')
allow $1 memcache_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_memcache_port',`
gen_require(`
type memcache_port_t;
')
dontaudit $1 memcache_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_memcache_port',`
gen_require(`
type memcache_port_t;
')
allow $1 memcache_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_memcache_port',`
gen_require(`
type memcache_port_t;
')
dontaudit $1 memcache_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_memcache_port',`
corenet_udp_send_memcache_port($1)
corenet_udp_receive_memcache_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_memcache_port',`
corenet_dontaudit_udp_send_memcache_port($1)
corenet_dontaudit_udp_receive_memcache_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_memcache_port',`
gen_require(`
type memcache_port_t;
')
allow $1 memcache_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_memcache_port',`
gen_require(`
type memcache_port_t;
')
allow $1 memcache_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_memcache_port',`
gen_require(`
type memcache_port_t;
')
allow $1 memcache_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send memcache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_memcache_client_packets',`
gen_require(`
type memcache_client_packet_t;
')
allow $1 memcache_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send memcache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_memcache_client_packets',`
gen_require(`
type memcache_client_packet_t;
')
dontaudit $1 memcache_client_packet_t:packet send;
')
########################################
## <summary>
## Receive memcache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_memcache_client_packets',`
gen_require(`
type memcache_client_packet_t;
')
allow $1 memcache_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive memcache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_memcache_client_packets',`
gen_require(`
type memcache_client_packet_t;
')
dontaudit $1 memcache_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive memcache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_memcache_client_packets',`
corenet_send_memcache_client_packets($1)
corenet_receive_memcache_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive memcache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_memcache_client_packets',`
corenet_dontaudit_send_memcache_client_packets($1)
corenet_dontaudit_receive_memcache_client_packets($1)
')
########################################
## <summary>
## Relabel packets to memcache_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_memcache_client_packets',`
gen_require(`
type memcache_client_packet_t;
')
allow $1 memcache_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send memcache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_memcache_server_packets',`
gen_require(`
type memcache_server_packet_t;
')
allow $1 memcache_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send memcache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_memcache_server_packets',`
gen_require(`
type memcache_server_packet_t;
')
dontaudit $1 memcache_server_packet_t:packet send;
')
########################################
## <summary>
## Receive memcache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_memcache_server_packets',`
gen_require(`
type memcache_server_packet_t;
')
allow $1 memcache_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive memcache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_memcache_server_packets',`
gen_require(`
type memcache_server_packet_t;
')
dontaudit $1 memcache_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive memcache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_memcache_server_packets',`
corenet_send_memcache_server_packets($1)
corenet_receive_memcache_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive memcache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_memcache_server_packets',`
corenet_dontaudit_send_memcache_server_packets($1)
corenet_dontaudit_receive_memcache_server_packets($1)
')
########################################
## <summary>
## Relabel packets to memcache_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_memcache_server_packets',`
gen_require(`
type memcache_server_packet_t;
')
allow $1 memcache_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_milter_port',`
gen_require(`
type milter_port_t;
')
allow $1 milter_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_milter_port',`
gen_require(`
type milter_port_t;
')
allow $1 milter_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_milter_port',`
gen_require(`
type milter_port_t;
')
dontaudit $1 milter_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_milter_port',`
gen_require(`
type milter_port_t;
')
allow $1 milter_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_milter_port',`
gen_require(`
type milter_port_t;
')
dontaudit $1 milter_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_milter_port',`
corenet_udp_send_milter_port($1)
corenet_udp_receive_milter_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_milter_port',`
corenet_dontaudit_udp_send_milter_port($1)
corenet_dontaudit_udp_receive_milter_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_milter_port',`
gen_require(`
type milter_port_t;
')
allow $1 milter_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_milter_port',`
gen_require(`
type milter_port_t;
')
allow $1 milter_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_milter_port',`
gen_require(`
type milter_port_t;
')
allow $1 milter_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send milter_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_milter_client_packets',`
gen_require(`
type milter_client_packet_t;
')
allow $1 milter_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send milter_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_milter_client_packets',`
gen_require(`
type milter_client_packet_t;
')
dontaudit $1 milter_client_packet_t:packet send;
')
########################################
## <summary>
## Receive milter_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_milter_client_packets',`
gen_require(`
type milter_client_packet_t;
')
allow $1 milter_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive milter_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_milter_client_packets',`
gen_require(`
type milter_client_packet_t;
')
dontaudit $1 milter_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive milter_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_milter_client_packets',`
corenet_send_milter_client_packets($1)
corenet_receive_milter_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive milter_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_milter_client_packets',`
corenet_dontaudit_send_milter_client_packets($1)
corenet_dontaudit_receive_milter_client_packets($1)
')
########################################
## <summary>
## Relabel packets to milter_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_milter_client_packets',`
gen_require(`
type milter_client_packet_t;
')
allow $1 milter_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send milter_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_milter_server_packets',`
gen_require(`
type milter_server_packet_t;
')
allow $1 milter_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send milter_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_milter_server_packets',`
gen_require(`
type milter_server_packet_t;
')
dontaudit $1 milter_server_packet_t:packet send;
')
########################################
## <summary>
## Receive milter_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_milter_server_packets',`
gen_require(`
type milter_server_packet_t;
')
allow $1 milter_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive milter_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_milter_server_packets',`
gen_require(`
type milter_server_packet_t;
')
dontaudit $1 milter_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive milter_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_milter_server_packets',`
corenet_send_milter_server_packets($1)
corenet_receive_milter_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive milter_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_milter_server_packets',`
corenet_dontaudit_send_milter_server_packets($1)
corenet_dontaudit_receive_milter_server_packets($1)
')
########################################
## <summary>
## Relabel packets to milter_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_milter_server_packets',`
gen_require(`
type milter_server_packet_t;
')
allow $1 milter_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mmcc_port',`
gen_require(`
type mmcc_port_t;
')
allow $1 mmcc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mmcc_port',`
gen_require(`
type mmcc_port_t;
')
allow $1 mmcc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mmcc_port',`
gen_require(`
type mmcc_port_t;
')
dontaudit $1 mmcc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mmcc_port',`
gen_require(`
type mmcc_port_t;
')
allow $1 mmcc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mmcc_port',`
gen_require(`
type mmcc_port_t;
')
dontaudit $1 mmcc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mmcc_port',`
corenet_udp_send_mmcc_port($1)
corenet_udp_receive_mmcc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mmcc_port',`
corenet_dontaudit_udp_send_mmcc_port($1)
corenet_dontaudit_udp_receive_mmcc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mmcc_port',`
gen_require(`
type mmcc_port_t;
')
allow $1 mmcc_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mmcc_port',`
gen_require(`
type mmcc_port_t;
')
allow $1 mmcc_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mmcc_port',`
gen_require(`
type mmcc_port_t;
')
allow $1 mmcc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mmcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mmcc_client_packets',`
gen_require(`
type mmcc_client_packet_t;
')
allow $1 mmcc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mmcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mmcc_client_packets',`
gen_require(`
type mmcc_client_packet_t;
')
dontaudit $1 mmcc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mmcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mmcc_client_packets',`
gen_require(`
type mmcc_client_packet_t;
')
allow $1 mmcc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mmcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mmcc_client_packets',`
gen_require(`
type mmcc_client_packet_t;
')
dontaudit $1 mmcc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mmcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mmcc_client_packets',`
corenet_send_mmcc_client_packets($1)
corenet_receive_mmcc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mmcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mmcc_client_packets',`
corenet_dontaudit_send_mmcc_client_packets($1)
corenet_dontaudit_receive_mmcc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mmcc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mmcc_client_packets',`
gen_require(`
type mmcc_client_packet_t;
')
allow $1 mmcc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mmcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mmcc_server_packets',`
gen_require(`
type mmcc_server_packet_t;
')
allow $1 mmcc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mmcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mmcc_server_packets',`
gen_require(`
type mmcc_server_packet_t;
')
dontaudit $1 mmcc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mmcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mmcc_server_packets',`
gen_require(`
type mmcc_server_packet_t;
')
allow $1 mmcc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mmcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mmcc_server_packets',`
gen_require(`
type mmcc_server_packet_t;
')
dontaudit $1 mmcc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mmcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mmcc_server_packets',`
corenet_send_mmcc_server_packets($1)
corenet_receive_mmcc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mmcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mmcc_server_packets',`
corenet_dontaudit_send_mmcc_server_packets($1)
corenet_dontaudit_receive_mmcc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mmcc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mmcc_server_packets',`
gen_require(`
type mmcc_server_packet_t;
')
allow $1 mmcc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mongod_port',`
gen_require(`
type mongod_port_t;
')
allow $1 mongod_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mongod_port',`
gen_require(`
type mongod_port_t;
')
allow $1 mongod_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mongod_port',`
gen_require(`
type mongod_port_t;
')
dontaudit $1 mongod_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mongod_port',`
gen_require(`
type mongod_port_t;
')
allow $1 mongod_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mongod_port',`
gen_require(`
type mongod_port_t;
')
dontaudit $1 mongod_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mongod_port',`
corenet_udp_send_mongod_port($1)
corenet_udp_receive_mongod_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mongod_port',`
corenet_dontaudit_udp_send_mongod_port($1)
corenet_dontaudit_udp_receive_mongod_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mongod_port',`
gen_require(`
type mongod_port_t;
')
allow $1 mongod_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mongod_port',`
gen_require(`
type mongod_port_t;
')
allow $1 mongod_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mongod_port',`
gen_require(`
type mongod_port_t;
')
allow $1 mongod_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mongod_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mongod_client_packets',`
gen_require(`
type mongod_client_packet_t;
')
allow $1 mongod_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mongod_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mongod_client_packets',`
gen_require(`
type mongod_client_packet_t;
')
dontaudit $1 mongod_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mongod_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mongod_client_packets',`
gen_require(`
type mongod_client_packet_t;
')
allow $1 mongod_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mongod_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mongod_client_packets',`
gen_require(`
type mongod_client_packet_t;
')
dontaudit $1 mongod_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mongod_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mongod_client_packets',`
corenet_send_mongod_client_packets($1)
corenet_receive_mongod_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mongod_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mongod_client_packets',`
corenet_dontaudit_send_mongod_client_packets($1)
corenet_dontaudit_receive_mongod_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mongod_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mongod_client_packets',`
gen_require(`
type mongod_client_packet_t;
')
allow $1 mongod_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mongod_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mongod_server_packets',`
gen_require(`
type mongod_server_packet_t;
')
allow $1 mongod_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mongod_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mongod_server_packets',`
gen_require(`
type mongod_server_packet_t;
')
dontaudit $1 mongod_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mongod_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mongod_server_packets',`
gen_require(`
type mongod_server_packet_t;
')
allow $1 mongod_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mongod_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mongod_server_packets',`
gen_require(`
type mongod_server_packet_t;
')
dontaudit $1 mongod_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mongod_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mongod_server_packets',`
corenet_send_mongod_server_packets($1)
corenet_receive_mongod_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mongod_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mongod_server_packets',`
corenet_dontaudit_send_mongod_server_packets($1)
corenet_dontaudit_receive_mongod_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mongod_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mongod_server_packets',`
gen_require(`
type mongod_server_packet_t;
')
allow $1 mongod_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_monopd_port',`
gen_require(`
type monopd_port_t;
')
allow $1 monopd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_monopd_port',`
gen_require(`
type monopd_port_t;
')
allow $1 monopd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_monopd_port',`
gen_require(`
type monopd_port_t;
')
dontaudit $1 monopd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_monopd_port',`
gen_require(`
type monopd_port_t;
')
allow $1 monopd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_monopd_port',`
gen_require(`
type monopd_port_t;
')
dontaudit $1 monopd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_monopd_port',`
corenet_udp_send_monopd_port($1)
corenet_udp_receive_monopd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_monopd_port',`
corenet_dontaudit_udp_send_monopd_port($1)
corenet_dontaudit_udp_receive_monopd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_monopd_port',`
gen_require(`
type monopd_port_t;
')
allow $1 monopd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_monopd_port',`
gen_require(`
type monopd_port_t;
')
allow $1 monopd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_monopd_port',`
gen_require(`
type monopd_port_t;
')
allow $1 monopd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send monopd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_monopd_client_packets',`
gen_require(`
type monopd_client_packet_t;
')
allow $1 monopd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send monopd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_monopd_client_packets',`
gen_require(`
type monopd_client_packet_t;
')
dontaudit $1 monopd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive monopd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_monopd_client_packets',`
gen_require(`
type monopd_client_packet_t;
')
allow $1 monopd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive monopd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_monopd_client_packets',`
gen_require(`
type monopd_client_packet_t;
')
dontaudit $1 monopd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive monopd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_monopd_client_packets',`
corenet_send_monopd_client_packets($1)
corenet_receive_monopd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive monopd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_monopd_client_packets',`
corenet_dontaudit_send_monopd_client_packets($1)
corenet_dontaudit_receive_monopd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to monopd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_monopd_client_packets',`
gen_require(`
type monopd_client_packet_t;
')
allow $1 monopd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send monopd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_monopd_server_packets',`
gen_require(`
type monopd_server_packet_t;
')
allow $1 monopd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send monopd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_monopd_server_packets',`
gen_require(`
type monopd_server_packet_t;
')
dontaudit $1 monopd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive monopd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_monopd_server_packets',`
gen_require(`
type monopd_server_packet_t;
')
allow $1 monopd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive monopd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_monopd_server_packets',`
gen_require(`
type monopd_server_packet_t;
')
dontaudit $1 monopd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive monopd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_monopd_server_packets',`
corenet_send_monopd_server_packets($1)
corenet_receive_monopd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive monopd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_monopd_server_packets',`
corenet_dontaudit_send_monopd_server_packets($1)
corenet_dontaudit_receive_monopd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to monopd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_monopd_server_packets',`
gen_require(`
type monopd_server_packet_t;
')
allow $1 monopd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mpd_port',`
gen_require(`
type mpd_port_t;
')
allow $1 mpd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mpd_port',`
gen_require(`
type mpd_port_t;
')
allow $1 mpd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mpd_port',`
gen_require(`
type mpd_port_t;
')
dontaudit $1 mpd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mpd_port',`
gen_require(`
type mpd_port_t;
')
allow $1 mpd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mpd_port',`
gen_require(`
type mpd_port_t;
')
dontaudit $1 mpd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mpd_port',`
corenet_udp_send_mpd_port($1)
corenet_udp_receive_mpd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mpd_port',`
corenet_dontaudit_udp_send_mpd_port($1)
corenet_dontaudit_udp_receive_mpd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mpd_port',`
gen_require(`
type mpd_port_t;
')
allow $1 mpd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mpd_port',`
gen_require(`
type mpd_port_t;
')
allow $1 mpd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mpd_port',`
gen_require(`
type mpd_port_t;
')
allow $1 mpd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mpd_client_packets',`
gen_require(`
type mpd_client_packet_t;
')
allow $1 mpd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mpd_client_packets',`
gen_require(`
type mpd_client_packet_t;
')
dontaudit $1 mpd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mpd_client_packets',`
gen_require(`
type mpd_client_packet_t;
')
allow $1 mpd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mpd_client_packets',`
gen_require(`
type mpd_client_packet_t;
')
dontaudit $1 mpd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mpd_client_packets',`
corenet_send_mpd_client_packets($1)
corenet_receive_mpd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mpd_client_packets',`
corenet_dontaudit_send_mpd_client_packets($1)
corenet_dontaudit_receive_mpd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mpd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mpd_client_packets',`
gen_require(`
type mpd_client_packet_t;
')
allow $1 mpd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mpd_server_packets',`
gen_require(`
type mpd_server_packet_t;
')
allow $1 mpd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mpd_server_packets',`
gen_require(`
type mpd_server_packet_t;
')
dontaudit $1 mpd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mpd_server_packets',`
gen_require(`
type mpd_server_packet_t;
')
allow $1 mpd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mpd_server_packets',`
gen_require(`
type mpd_server_packet_t;
')
dontaudit $1 mpd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mpd_server_packets',`
corenet_send_mpd_server_packets($1)
corenet_receive_mpd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mpd_server_packets',`
corenet_dontaudit_send_mpd_server_packets($1)
corenet_dontaudit_receive_mpd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mpd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mpd_server_packets',`
gen_require(`
type mpd_server_packet_t;
')
allow $1 mpd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_msnp_port',`
gen_require(`
type msnp_port_t;
')
allow $1 msnp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_msnp_port',`
gen_require(`
type msnp_port_t;
')
allow $1 msnp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_msnp_port',`
gen_require(`
type msnp_port_t;
')
dontaudit $1 msnp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_msnp_port',`
gen_require(`
type msnp_port_t;
')
allow $1 msnp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_msnp_port',`
gen_require(`
type msnp_port_t;
')
dontaudit $1 msnp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_msnp_port',`
corenet_udp_send_msnp_port($1)
corenet_udp_receive_msnp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_msnp_port',`
corenet_dontaudit_udp_send_msnp_port($1)
corenet_dontaudit_udp_receive_msnp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_msnp_port',`
gen_require(`
type msnp_port_t;
')
allow $1 msnp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_msnp_port',`
gen_require(`
type msnp_port_t;
')
allow $1 msnp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_msnp_port',`
gen_require(`
type msnp_port_t;
')
allow $1 msnp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send msnp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_msnp_client_packets',`
gen_require(`
type msnp_client_packet_t;
')
allow $1 msnp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send msnp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_msnp_client_packets',`
gen_require(`
type msnp_client_packet_t;
')
dontaudit $1 msnp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive msnp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_msnp_client_packets',`
gen_require(`
type msnp_client_packet_t;
')
allow $1 msnp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive msnp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_msnp_client_packets',`
gen_require(`
type msnp_client_packet_t;
')
dontaudit $1 msnp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive msnp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_msnp_client_packets',`
corenet_send_msnp_client_packets($1)
corenet_receive_msnp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive msnp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_msnp_client_packets',`
corenet_dontaudit_send_msnp_client_packets($1)
corenet_dontaudit_receive_msnp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to msnp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_msnp_client_packets',`
gen_require(`
type msnp_client_packet_t;
')
allow $1 msnp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send msnp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_msnp_server_packets',`
gen_require(`
type msnp_server_packet_t;
')
allow $1 msnp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send msnp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_msnp_server_packets',`
gen_require(`
type msnp_server_packet_t;
')
dontaudit $1 msnp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive msnp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_msnp_server_packets',`
gen_require(`
type msnp_server_packet_t;
')
allow $1 msnp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive msnp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_msnp_server_packets',`
gen_require(`
type msnp_server_packet_t;
')
dontaudit $1 msnp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive msnp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_msnp_server_packets',`
corenet_send_msnp_server_packets($1)
corenet_receive_msnp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive msnp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_msnp_server_packets',`
corenet_dontaudit_send_msnp_server_packets($1)
corenet_dontaudit_receive_msnp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to msnp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_msnp_server_packets',`
gen_require(`
type msnp_server_packet_t;
')
allow $1 msnp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mssql_port',`
gen_require(`
type mssql_port_t;
')
allow $1 mssql_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mssql_port',`
gen_require(`
type mssql_port_t;
')
allow $1 mssql_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mssql_port',`
gen_require(`
type mssql_port_t;
')
dontaudit $1 mssql_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mssql_port',`
gen_require(`
type mssql_port_t;
')
allow $1 mssql_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mssql_port',`
gen_require(`
type mssql_port_t;
')
dontaudit $1 mssql_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mssql_port',`
corenet_udp_send_mssql_port($1)
corenet_udp_receive_mssql_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mssql_port',`
corenet_dontaudit_udp_send_mssql_port($1)
corenet_dontaudit_udp_receive_mssql_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mssql_port',`
gen_require(`
type mssql_port_t;
')
allow $1 mssql_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mssql_port',`
gen_require(`
type mssql_port_t;
')
allow $1 mssql_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mssql_port',`
gen_require(`
type mssql_port_t;
')
allow $1 mssql_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mssql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mssql_client_packets',`
gen_require(`
type mssql_client_packet_t;
')
allow $1 mssql_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mssql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mssql_client_packets',`
gen_require(`
type mssql_client_packet_t;
')
dontaudit $1 mssql_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mssql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mssql_client_packets',`
gen_require(`
type mssql_client_packet_t;
')
allow $1 mssql_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mssql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mssql_client_packets',`
gen_require(`
type mssql_client_packet_t;
')
dontaudit $1 mssql_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mssql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mssql_client_packets',`
corenet_send_mssql_client_packets($1)
corenet_receive_mssql_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mssql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mssql_client_packets',`
corenet_dontaudit_send_mssql_client_packets($1)
corenet_dontaudit_receive_mssql_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mssql_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mssql_client_packets',`
gen_require(`
type mssql_client_packet_t;
')
allow $1 mssql_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mssql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mssql_server_packets',`
gen_require(`
type mssql_server_packet_t;
')
allow $1 mssql_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mssql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mssql_server_packets',`
gen_require(`
type mssql_server_packet_t;
')
dontaudit $1 mssql_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mssql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mssql_server_packets',`
gen_require(`
type mssql_server_packet_t;
')
allow $1 mssql_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mssql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mssql_server_packets',`
gen_require(`
type mssql_server_packet_t;
')
dontaudit $1 mssql_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mssql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mssql_server_packets',`
corenet_send_mssql_server_packets($1)
corenet_receive_mssql_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mssql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mssql_server_packets',`
corenet_dontaudit_send_mssql_server_packets($1)
corenet_dontaudit_receive_mssql_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mssql_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mssql_server_packets',`
gen_require(`
type mssql_server_packet_t;
')
allow $1 mssql_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_munin_port',`
gen_require(`
type munin_port_t;
')
allow $1 munin_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_munin_port',`
gen_require(`
type munin_port_t;
')
allow $1 munin_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_munin_port',`
gen_require(`
type munin_port_t;
')
dontaudit $1 munin_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_munin_port',`
gen_require(`
type munin_port_t;
')
allow $1 munin_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_munin_port',`
gen_require(`
type munin_port_t;
')
dontaudit $1 munin_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_munin_port',`
corenet_udp_send_munin_port($1)
corenet_udp_receive_munin_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_munin_port',`
corenet_dontaudit_udp_send_munin_port($1)
corenet_dontaudit_udp_receive_munin_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_munin_port',`
gen_require(`
type munin_port_t;
')
allow $1 munin_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_munin_port',`
gen_require(`
type munin_port_t;
')
allow $1 munin_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_munin_port',`
gen_require(`
type munin_port_t;
')
allow $1 munin_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send munin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_munin_client_packets',`
gen_require(`
type munin_client_packet_t;
')
allow $1 munin_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send munin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_munin_client_packets',`
gen_require(`
type munin_client_packet_t;
')
dontaudit $1 munin_client_packet_t:packet send;
')
########################################
## <summary>
## Receive munin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_munin_client_packets',`
gen_require(`
type munin_client_packet_t;
')
allow $1 munin_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive munin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_munin_client_packets',`
gen_require(`
type munin_client_packet_t;
')
dontaudit $1 munin_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive munin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_munin_client_packets',`
corenet_send_munin_client_packets($1)
corenet_receive_munin_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive munin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_munin_client_packets',`
corenet_dontaudit_send_munin_client_packets($1)
corenet_dontaudit_receive_munin_client_packets($1)
')
########################################
## <summary>
## Relabel packets to munin_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_munin_client_packets',`
gen_require(`
type munin_client_packet_t;
')
allow $1 munin_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send munin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_munin_server_packets',`
gen_require(`
type munin_server_packet_t;
')
allow $1 munin_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send munin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_munin_server_packets',`
gen_require(`
type munin_server_packet_t;
')
dontaudit $1 munin_server_packet_t:packet send;
')
########################################
## <summary>
## Receive munin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_munin_server_packets',`
gen_require(`
type munin_server_packet_t;
')
allow $1 munin_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive munin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_munin_server_packets',`
gen_require(`
type munin_server_packet_t;
')
dontaudit $1 munin_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive munin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_munin_server_packets',`
corenet_send_munin_server_packets($1)
corenet_receive_munin_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive munin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_munin_server_packets',`
corenet_dontaudit_send_munin_server_packets($1)
corenet_dontaudit_receive_munin_server_packets($1)
')
########################################
## <summary>
## Relabel packets to munin_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_munin_server_packets',`
gen_require(`
type munin_server_packet_t;
')
allow $1 munin_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mysqld_port',`
gen_require(`
type mysqld_port_t;
')
allow $1 mysqld_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mysqld_port',`
gen_require(`
type mysqld_port_t;
')
allow $1 mysqld_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mysqld_port',`
gen_require(`
type mysqld_port_t;
')
dontaudit $1 mysqld_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mysqld_port',`
gen_require(`
type mysqld_port_t;
')
allow $1 mysqld_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mysqld_port',`
gen_require(`
type mysqld_port_t;
')
dontaudit $1 mysqld_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mysqld_port',`
corenet_udp_send_mysqld_port($1)
corenet_udp_receive_mysqld_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mysqld_port',`
corenet_dontaudit_udp_send_mysqld_port($1)
corenet_dontaudit_udp_receive_mysqld_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mysqld_port',`
gen_require(`
type mysqld_port_t;
')
allow $1 mysqld_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mysqld_port',`
gen_require(`
type mysqld_port_t;
')
allow $1 mysqld_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mysqld_port',`
gen_require(`
type mysqld_port_t;
')
allow $1 mysqld_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mysqld_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mysqld_client_packets',`
gen_require(`
type mysqld_client_packet_t;
')
allow $1 mysqld_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mysqld_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mysqld_client_packets',`
gen_require(`
type mysqld_client_packet_t;
')
dontaudit $1 mysqld_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mysqld_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mysqld_client_packets',`
gen_require(`
type mysqld_client_packet_t;
')
allow $1 mysqld_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mysqld_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mysqld_client_packets',`
gen_require(`
type mysqld_client_packet_t;
')
dontaudit $1 mysqld_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mysqld_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mysqld_client_packets',`
corenet_send_mysqld_client_packets($1)
corenet_receive_mysqld_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mysqld_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mysqld_client_packets',`
corenet_dontaudit_send_mysqld_client_packets($1)
corenet_dontaudit_receive_mysqld_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mysqld_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mysqld_client_packets',`
gen_require(`
type mysqld_client_packet_t;
')
allow $1 mysqld_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mysqld_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mysqld_server_packets',`
gen_require(`
type mysqld_server_packet_t;
')
allow $1 mysqld_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mysqld_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mysqld_server_packets',`
gen_require(`
type mysqld_server_packet_t;
')
dontaudit $1 mysqld_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mysqld_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mysqld_server_packets',`
gen_require(`
type mysqld_server_packet_t;
')
allow $1 mysqld_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mysqld_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mysqld_server_packets',`
gen_require(`
type mysqld_server_packet_t;
')
dontaudit $1 mysqld_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mysqld_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mysqld_server_packets',`
corenet_send_mysqld_server_packets($1)
corenet_receive_mysqld_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mysqld_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mysqld_server_packets',`
corenet_dontaudit_send_mysqld_server_packets($1)
corenet_dontaudit_receive_mysqld_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mysqld_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mysqld_server_packets',`
gen_require(`
type mysqld_server_packet_t;
')
allow $1 mysqld_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mysqlmanagerd_port',`
gen_require(`
type mysqlmanagerd_port_t;
')
allow $1 mysqlmanagerd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mysqlmanagerd_port',`
gen_require(`
type mysqlmanagerd_port_t;
')
allow $1 mysqlmanagerd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mysqlmanagerd_port',`
gen_require(`
type mysqlmanagerd_port_t;
')
dontaudit $1 mysqlmanagerd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mysqlmanagerd_port',`
gen_require(`
type mysqlmanagerd_port_t;
')
allow $1 mysqlmanagerd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mysqlmanagerd_port',`
gen_require(`
type mysqlmanagerd_port_t;
')
dontaudit $1 mysqlmanagerd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mysqlmanagerd_port',`
corenet_udp_send_mysqlmanagerd_port($1)
corenet_udp_receive_mysqlmanagerd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mysqlmanagerd_port',`
corenet_dontaudit_udp_send_mysqlmanagerd_port($1)
corenet_dontaudit_udp_receive_mysqlmanagerd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mysqlmanagerd_port',`
gen_require(`
type mysqlmanagerd_port_t;
')
allow $1 mysqlmanagerd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mysqlmanagerd_port',`
gen_require(`
type mysqlmanagerd_port_t;
')
allow $1 mysqlmanagerd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mysqlmanagerd_port',`
gen_require(`
type mysqlmanagerd_port_t;
')
allow $1 mysqlmanagerd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mysqlmanagerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mysqlmanagerd_client_packets',`
gen_require(`
type mysqlmanagerd_client_packet_t;
')
allow $1 mysqlmanagerd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mysqlmanagerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mysqlmanagerd_client_packets',`
gen_require(`
type mysqlmanagerd_client_packet_t;
')
dontaudit $1 mysqlmanagerd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mysqlmanagerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mysqlmanagerd_client_packets',`
gen_require(`
type mysqlmanagerd_client_packet_t;
')
allow $1 mysqlmanagerd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mysqlmanagerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mysqlmanagerd_client_packets',`
gen_require(`
type mysqlmanagerd_client_packet_t;
')
dontaudit $1 mysqlmanagerd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mysqlmanagerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mysqlmanagerd_client_packets',`
corenet_send_mysqlmanagerd_client_packets($1)
corenet_receive_mysqlmanagerd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mysqlmanagerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mysqlmanagerd_client_packets',`
corenet_dontaudit_send_mysqlmanagerd_client_packets($1)
corenet_dontaudit_receive_mysqlmanagerd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mysqlmanagerd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mysqlmanagerd_client_packets',`
gen_require(`
type mysqlmanagerd_client_packet_t;
')
allow $1 mysqlmanagerd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mysqlmanagerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mysqlmanagerd_server_packets',`
gen_require(`
type mysqlmanagerd_server_packet_t;
')
allow $1 mysqlmanagerd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mysqlmanagerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mysqlmanagerd_server_packets',`
gen_require(`
type mysqlmanagerd_server_packet_t;
')
dontaudit $1 mysqlmanagerd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mysqlmanagerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mysqlmanagerd_server_packets',`
gen_require(`
type mysqlmanagerd_server_packet_t;
')
allow $1 mysqlmanagerd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mysqlmanagerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mysqlmanagerd_server_packets',`
gen_require(`
type mysqlmanagerd_server_packet_t;
')
dontaudit $1 mysqlmanagerd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mysqlmanagerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mysqlmanagerd_server_packets',`
corenet_send_mysqlmanagerd_server_packets($1)
corenet_receive_mysqlmanagerd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mysqlmanagerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mysqlmanagerd_server_packets',`
corenet_dontaudit_send_mysqlmanagerd_server_packets($1)
corenet_dontaudit_receive_mysqlmanagerd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mysqlmanagerd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mysqlmanagerd_server_packets',`
gen_require(`
type mysqlmanagerd_server_packet_t;
')
allow $1 mysqlmanagerd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_movaz_ssc_port',`
gen_require(`
type movaz_ssc_port_t;
')
allow $1 movaz_ssc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_movaz_ssc_port',`
gen_require(`
type movaz_ssc_port_t;
')
allow $1 movaz_ssc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_movaz_ssc_port',`
gen_require(`
type movaz_ssc_port_t;
')
dontaudit $1 movaz_ssc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_movaz_ssc_port',`
gen_require(`
type movaz_ssc_port_t;
')
allow $1 movaz_ssc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_movaz_ssc_port',`
gen_require(`
type movaz_ssc_port_t;
')
dontaudit $1 movaz_ssc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_movaz_ssc_port',`
corenet_udp_send_movaz_ssc_port($1)
corenet_udp_receive_movaz_ssc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_movaz_ssc_port',`
corenet_dontaudit_udp_send_movaz_ssc_port($1)
corenet_dontaudit_udp_receive_movaz_ssc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_movaz_ssc_port',`
gen_require(`
type movaz_ssc_port_t;
')
allow $1 movaz_ssc_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_movaz_ssc_port',`
gen_require(`
type movaz_ssc_port_t;
')
allow $1 movaz_ssc_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_movaz_ssc_port',`
gen_require(`
type movaz_ssc_port_t;
')
allow $1 movaz_ssc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send movaz_ssc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_movaz_ssc_client_packets',`
gen_require(`
type movaz_ssc_client_packet_t;
')
allow $1 movaz_ssc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send movaz_ssc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_movaz_ssc_client_packets',`
gen_require(`
type movaz_ssc_client_packet_t;
')
dontaudit $1 movaz_ssc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive movaz_ssc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_movaz_ssc_client_packets',`
gen_require(`
type movaz_ssc_client_packet_t;
')
allow $1 movaz_ssc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive movaz_ssc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_movaz_ssc_client_packets',`
gen_require(`
type movaz_ssc_client_packet_t;
')
dontaudit $1 movaz_ssc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive movaz_ssc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_movaz_ssc_client_packets',`
corenet_send_movaz_ssc_client_packets($1)
corenet_receive_movaz_ssc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive movaz_ssc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_movaz_ssc_client_packets',`
corenet_dontaudit_send_movaz_ssc_client_packets($1)
corenet_dontaudit_receive_movaz_ssc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to movaz_ssc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_movaz_ssc_client_packets',`
gen_require(`
type movaz_ssc_client_packet_t;
')
allow $1 movaz_ssc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send movaz_ssc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_movaz_ssc_server_packets',`
gen_require(`
type movaz_ssc_server_packet_t;
')
allow $1 movaz_ssc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send movaz_ssc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_movaz_ssc_server_packets',`
gen_require(`
type movaz_ssc_server_packet_t;
')
dontaudit $1 movaz_ssc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive movaz_ssc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_movaz_ssc_server_packets',`
gen_require(`
type movaz_ssc_server_packet_t;
')
allow $1 movaz_ssc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive movaz_ssc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_movaz_ssc_server_packets',`
gen_require(`
type movaz_ssc_server_packet_t;
')
dontaudit $1 movaz_ssc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive movaz_ssc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_movaz_ssc_server_packets',`
corenet_send_movaz_ssc_server_packets($1)
corenet_receive_movaz_ssc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive movaz_ssc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_movaz_ssc_server_packets',`
corenet_dontaudit_send_movaz_ssc_server_packets($1)
corenet_dontaudit_receive_movaz_ssc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to movaz_ssc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_movaz_ssc_server_packets',`
gen_require(`
type movaz_ssc_server_packet_t;
')
allow $1 movaz_ssc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mountd_port',`
gen_require(`
type mountd_port_t;
')
allow $1 mountd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mountd_port',`
gen_require(`
type mountd_port_t;
')
allow $1 mountd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mountd_port',`
gen_require(`
type mountd_port_t;
')
dontaudit $1 mountd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mountd_port',`
gen_require(`
type mountd_port_t;
')
allow $1 mountd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mountd_port',`
gen_require(`
type mountd_port_t;
')
dontaudit $1 mountd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mountd_port',`
corenet_udp_send_mountd_port($1)
corenet_udp_receive_mountd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mountd_port',`
corenet_dontaudit_udp_send_mountd_port($1)
corenet_dontaudit_udp_receive_mountd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mountd_port',`
gen_require(`
type mountd_port_t;
')
allow $1 mountd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mountd_port',`
gen_require(`
type mountd_port_t;
')
allow $1 mountd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mountd_port',`
gen_require(`
type mountd_port_t;
')
allow $1 mountd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mountd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mountd_client_packets',`
gen_require(`
type mountd_client_packet_t;
')
allow $1 mountd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mountd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mountd_client_packets',`
gen_require(`
type mountd_client_packet_t;
')
dontaudit $1 mountd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mountd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mountd_client_packets',`
gen_require(`
type mountd_client_packet_t;
')
allow $1 mountd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mountd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mountd_client_packets',`
gen_require(`
type mountd_client_packet_t;
')
dontaudit $1 mountd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mountd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mountd_client_packets',`
corenet_send_mountd_client_packets($1)
corenet_receive_mountd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mountd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mountd_client_packets',`
corenet_dontaudit_send_mountd_client_packets($1)
corenet_dontaudit_receive_mountd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mountd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mountd_client_packets',`
gen_require(`
type mountd_client_packet_t;
')
allow $1 mountd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mountd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mountd_server_packets',`
gen_require(`
type mountd_server_packet_t;
')
allow $1 mountd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mountd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mountd_server_packets',`
gen_require(`
type mountd_server_packet_t;
')
dontaudit $1 mountd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mountd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mountd_server_packets',`
gen_require(`
type mountd_server_packet_t;
')
allow $1 mountd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mountd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mountd_server_packets',`
gen_require(`
type mountd_server_packet_t;
')
dontaudit $1 mountd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mountd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mountd_server_packets',`
corenet_send_mountd_server_packets($1)
corenet_receive_mountd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mountd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mountd_server_packets',`
corenet_dontaudit_send_mountd_server_packets($1)
corenet_dontaudit_receive_mountd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mountd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mountd_server_packets',`
gen_require(`
type mountd_server_packet_t;
')
allow $1 mountd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_nessus_port',`
gen_require(`
type nessus_port_t;
')
allow $1 nessus_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_nessus_port',`
gen_require(`
type nessus_port_t;
')
allow $1 nessus_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_nessus_port',`
gen_require(`
type nessus_port_t;
')
dontaudit $1 nessus_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_nessus_port',`
gen_require(`
type nessus_port_t;
')
allow $1 nessus_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_nessus_port',`
gen_require(`
type nessus_port_t;
')
dontaudit $1 nessus_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_nessus_port',`
corenet_udp_send_nessus_port($1)
corenet_udp_receive_nessus_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_nessus_port',`
corenet_dontaudit_udp_send_nessus_port($1)
corenet_dontaudit_udp_receive_nessus_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_nessus_port',`
gen_require(`
type nessus_port_t;
')
allow $1 nessus_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_nessus_port',`
gen_require(`
type nessus_port_t;
')
allow $1 nessus_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_nessus_port',`
gen_require(`
type nessus_port_t;
')
allow $1 nessus_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send nessus_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nessus_client_packets',`
gen_require(`
type nessus_client_packet_t;
')
allow $1 nessus_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nessus_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nessus_client_packets',`
gen_require(`
type nessus_client_packet_t;
')
dontaudit $1 nessus_client_packet_t:packet send;
')
########################################
## <summary>
## Receive nessus_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nessus_client_packets',`
gen_require(`
type nessus_client_packet_t;
')
allow $1 nessus_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nessus_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nessus_client_packets',`
gen_require(`
type nessus_client_packet_t;
')
dontaudit $1 nessus_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nessus_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nessus_client_packets',`
corenet_send_nessus_client_packets($1)
corenet_receive_nessus_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nessus_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nessus_client_packets',`
corenet_dontaudit_send_nessus_client_packets($1)
corenet_dontaudit_receive_nessus_client_packets($1)
')
########################################
## <summary>
## Relabel packets to nessus_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nessus_client_packets',`
gen_require(`
type nessus_client_packet_t;
')
allow $1 nessus_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send nessus_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nessus_server_packets',`
gen_require(`
type nessus_server_packet_t;
')
allow $1 nessus_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nessus_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nessus_server_packets',`
gen_require(`
type nessus_server_packet_t;
')
dontaudit $1 nessus_server_packet_t:packet send;
')
########################################
## <summary>
## Receive nessus_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nessus_server_packets',`
gen_require(`
type nessus_server_packet_t;
')
allow $1 nessus_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nessus_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nessus_server_packets',`
gen_require(`
type nessus_server_packet_t;
')
dontaudit $1 nessus_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nessus_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nessus_server_packets',`
corenet_send_nessus_server_packets($1)
corenet_receive_nessus_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nessus_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nessus_server_packets',`
corenet_dontaudit_send_nessus_server_packets($1)
corenet_dontaudit_receive_nessus_server_packets($1)
')
########################################
## <summary>
## Relabel packets to nessus_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nessus_server_packets',`
gen_require(`
type nessus_server_packet_t;
')
allow $1 nessus_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_netport_port',`
gen_require(`
type netport_port_t;
')
allow $1 netport_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_netport_port',`
gen_require(`
type netport_port_t;
')
allow $1 netport_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_netport_port',`
gen_require(`
type netport_port_t;
')
dontaudit $1 netport_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_netport_port',`
gen_require(`
type netport_port_t;
')
allow $1 netport_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_netport_port',`
gen_require(`
type netport_port_t;
')
dontaudit $1 netport_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_netport_port',`
corenet_udp_send_netport_port($1)
corenet_udp_receive_netport_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_netport_port',`
corenet_dontaudit_udp_send_netport_port($1)
corenet_dontaudit_udp_receive_netport_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_netport_port',`
gen_require(`
type netport_port_t;
')
allow $1 netport_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_netport_port',`
gen_require(`
type netport_port_t;
')
allow $1 netport_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_netport_port',`
gen_require(`
type netport_port_t;
')
allow $1 netport_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send netport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_netport_client_packets',`
gen_require(`
type netport_client_packet_t;
')
allow $1 netport_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send netport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_netport_client_packets',`
gen_require(`
type netport_client_packet_t;
')
dontaudit $1 netport_client_packet_t:packet send;
')
########################################
## <summary>
## Receive netport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_netport_client_packets',`
gen_require(`
type netport_client_packet_t;
')
allow $1 netport_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive netport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_netport_client_packets',`
gen_require(`
type netport_client_packet_t;
')
dontaudit $1 netport_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive netport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_netport_client_packets',`
corenet_send_netport_client_packets($1)
corenet_receive_netport_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive netport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_netport_client_packets',`
corenet_dontaudit_send_netport_client_packets($1)
corenet_dontaudit_receive_netport_client_packets($1)
')
########################################
## <summary>
## Relabel packets to netport_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_netport_client_packets',`
gen_require(`
type netport_client_packet_t;
')
allow $1 netport_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send netport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_netport_server_packets',`
gen_require(`
type netport_server_packet_t;
')
allow $1 netport_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send netport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_netport_server_packets',`
gen_require(`
type netport_server_packet_t;
')
dontaudit $1 netport_server_packet_t:packet send;
')
########################################
## <summary>
## Receive netport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_netport_server_packets',`
gen_require(`
type netport_server_packet_t;
')
allow $1 netport_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive netport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_netport_server_packets',`
gen_require(`
type netport_server_packet_t;
')
dontaudit $1 netport_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive netport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_netport_server_packets',`
corenet_send_netport_server_packets($1)
corenet_receive_netport_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive netport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_netport_server_packets',`
corenet_dontaudit_send_netport_server_packets($1)
corenet_dontaudit_receive_netport_server_packets($1)
')
########################################
## <summary>
## Relabel packets to netport_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_netport_server_packets',`
gen_require(`
type netport_server_packet_t;
')
allow $1 netport_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_netsupport_port',`
gen_require(`
type netsupport_port_t;
')
allow $1 netsupport_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_netsupport_port',`
gen_require(`
type netsupport_port_t;
')
allow $1 netsupport_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_netsupport_port',`
gen_require(`
type netsupport_port_t;
')
dontaudit $1 netsupport_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_netsupport_port',`
gen_require(`
type netsupport_port_t;
')
allow $1 netsupport_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_netsupport_port',`
gen_require(`
type netsupport_port_t;
')
dontaudit $1 netsupport_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_netsupport_port',`
corenet_udp_send_netsupport_port($1)
corenet_udp_receive_netsupport_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_netsupport_port',`
corenet_dontaudit_udp_send_netsupport_port($1)
corenet_dontaudit_udp_receive_netsupport_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_netsupport_port',`
gen_require(`
type netsupport_port_t;
')
allow $1 netsupport_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_netsupport_port',`
gen_require(`
type netsupport_port_t;
')
allow $1 netsupport_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_netsupport_port',`
gen_require(`
type netsupport_port_t;
')
allow $1 netsupport_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send netsupport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_netsupport_client_packets',`
gen_require(`
type netsupport_client_packet_t;
')
allow $1 netsupport_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send netsupport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_netsupport_client_packets',`
gen_require(`
type netsupport_client_packet_t;
')
dontaudit $1 netsupport_client_packet_t:packet send;
')
########################################
## <summary>
## Receive netsupport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_netsupport_client_packets',`
gen_require(`
type netsupport_client_packet_t;
')
allow $1 netsupport_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive netsupport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_netsupport_client_packets',`
gen_require(`
type netsupport_client_packet_t;
')
dontaudit $1 netsupport_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive netsupport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_netsupport_client_packets',`
corenet_send_netsupport_client_packets($1)
corenet_receive_netsupport_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive netsupport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_netsupport_client_packets',`
corenet_dontaudit_send_netsupport_client_packets($1)
corenet_dontaudit_receive_netsupport_client_packets($1)
')
########################################
## <summary>
## Relabel packets to netsupport_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_netsupport_client_packets',`
gen_require(`
type netsupport_client_packet_t;
')
allow $1 netsupport_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send netsupport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_netsupport_server_packets',`
gen_require(`
type netsupport_server_packet_t;
')
allow $1 netsupport_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send netsupport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_netsupport_server_packets',`
gen_require(`
type netsupport_server_packet_t;
')
dontaudit $1 netsupport_server_packet_t:packet send;
')
########################################
## <summary>
## Receive netsupport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_netsupport_server_packets',`
gen_require(`
type netsupport_server_packet_t;
')
allow $1 netsupport_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive netsupport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_netsupport_server_packets',`
gen_require(`
type netsupport_server_packet_t;
')
dontaudit $1 netsupport_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive netsupport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_netsupport_server_packets',`
corenet_send_netsupport_server_packets($1)
corenet_receive_netsupport_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive netsupport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_netsupport_server_packets',`
corenet_dontaudit_send_netsupport_server_packets($1)
corenet_dontaudit_receive_netsupport_server_packets($1)
')
########################################
## <summary>
## Relabel packets to netsupport_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_netsupport_server_packets',`
gen_require(`
type netsupport_server_packet_t;
')
allow $1 netsupport_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_nfs_port',`
gen_require(`
type nfs_port_t;
')
allow $1 nfs_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_nfs_port',`
gen_require(`
type nfs_port_t;
')
allow $1 nfs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_nfs_port',`
gen_require(`
type nfs_port_t;
')
dontaudit $1 nfs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_nfs_port',`
gen_require(`
type nfs_port_t;
')
allow $1 nfs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_nfs_port',`
gen_require(`
type nfs_port_t;
')
dontaudit $1 nfs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_nfs_port',`
corenet_udp_send_nfs_port($1)
corenet_udp_receive_nfs_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_nfs_port',`
corenet_dontaudit_udp_send_nfs_port($1)
corenet_dontaudit_udp_receive_nfs_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_nfs_port',`
gen_require(`
type nfs_port_t;
')
allow $1 nfs_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_nfs_port',`
gen_require(`
type nfs_port_t;
')
allow $1 nfs_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_nfs_port',`
gen_require(`
type nfs_port_t;
')
allow $1 nfs_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send nfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nfs_client_packets',`
gen_require(`
type nfs_client_packet_t;
')
allow $1 nfs_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nfs_client_packets',`
gen_require(`
type nfs_client_packet_t;
')
dontaudit $1 nfs_client_packet_t:packet send;
')
########################################
## <summary>
## Receive nfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nfs_client_packets',`
gen_require(`
type nfs_client_packet_t;
')
allow $1 nfs_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nfs_client_packets',`
gen_require(`
type nfs_client_packet_t;
')
dontaudit $1 nfs_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nfs_client_packets',`
corenet_send_nfs_client_packets($1)
corenet_receive_nfs_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nfs_client_packets',`
corenet_dontaudit_send_nfs_client_packets($1)
corenet_dontaudit_receive_nfs_client_packets($1)
')
########################################
## <summary>
## Relabel packets to nfs_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nfs_client_packets',`
gen_require(`
type nfs_client_packet_t;
')
allow $1 nfs_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send nfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nfs_server_packets',`
gen_require(`
type nfs_server_packet_t;
')
allow $1 nfs_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nfs_server_packets',`
gen_require(`
type nfs_server_packet_t;
')
dontaudit $1 nfs_server_packet_t:packet send;
')
########################################
## <summary>
## Receive nfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nfs_server_packets',`
gen_require(`
type nfs_server_packet_t;
')
allow $1 nfs_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nfs_server_packets',`
gen_require(`
type nfs_server_packet_t;
')
dontaudit $1 nfs_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nfs_server_packets',`
corenet_send_nfs_server_packets($1)
corenet_receive_nfs_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nfs_server_packets',`
corenet_dontaudit_send_nfs_server_packets($1)
corenet_dontaudit_receive_nfs_server_packets($1)
')
########################################
## <summary>
## Relabel packets to nfs_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nfs_server_packets',`
gen_require(`
type nfs_server_packet_t;
')
allow $1 nfs_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_nmbd_port',`
gen_require(`
type nmbd_port_t;
')
allow $1 nmbd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_nmbd_port',`
gen_require(`
type nmbd_port_t;
')
allow $1 nmbd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_nmbd_port',`
gen_require(`
type nmbd_port_t;
')
dontaudit $1 nmbd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_nmbd_port',`
gen_require(`
type nmbd_port_t;
')
allow $1 nmbd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_nmbd_port',`
gen_require(`
type nmbd_port_t;
')
dontaudit $1 nmbd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_nmbd_port',`
corenet_udp_send_nmbd_port($1)
corenet_udp_receive_nmbd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_nmbd_port',`
corenet_dontaudit_udp_send_nmbd_port($1)
corenet_dontaudit_udp_receive_nmbd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_nmbd_port',`
gen_require(`
type nmbd_port_t;
')
allow $1 nmbd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_nmbd_port',`
gen_require(`
type nmbd_port_t;
')
allow $1 nmbd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_nmbd_port',`
gen_require(`
type nmbd_port_t;
')
allow $1 nmbd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send nmbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nmbd_client_packets',`
gen_require(`
type nmbd_client_packet_t;
')
allow $1 nmbd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nmbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nmbd_client_packets',`
gen_require(`
type nmbd_client_packet_t;
')
dontaudit $1 nmbd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive nmbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nmbd_client_packets',`
gen_require(`
type nmbd_client_packet_t;
')
allow $1 nmbd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nmbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nmbd_client_packets',`
gen_require(`
type nmbd_client_packet_t;
')
dontaudit $1 nmbd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nmbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nmbd_client_packets',`
corenet_send_nmbd_client_packets($1)
corenet_receive_nmbd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nmbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nmbd_client_packets',`
corenet_dontaudit_send_nmbd_client_packets($1)
corenet_dontaudit_receive_nmbd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to nmbd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nmbd_client_packets',`
gen_require(`
type nmbd_client_packet_t;
')
allow $1 nmbd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send nmbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nmbd_server_packets',`
gen_require(`
type nmbd_server_packet_t;
')
allow $1 nmbd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nmbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nmbd_server_packets',`
gen_require(`
type nmbd_server_packet_t;
')
dontaudit $1 nmbd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive nmbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nmbd_server_packets',`
gen_require(`
type nmbd_server_packet_t;
')
allow $1 nmbd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nmbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nmbd_server_packets',`
gen_require(`
type nmbd_server_packet_t;
')
dontaudit $1 nmbd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nmbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nmbd_server_packets',`
corenet_send_nmbd_server_packets($1)
corenet_receive_nmbd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nmbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nmbd_server_packets',`
corenet_dontaudit_send_nmbd_server_packets($1)
corenet_dontaudit_receive_nmbd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to nmbd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nmbd_server_packets',`
gen_require(`
type nmbd_server_packet_t;
')
allow $1 nmbd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_nodejs_debug_port',`
gen_require(`
type nodejs_debug_port_t;
')
allow $1 nodejs_debug_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_nodejs_debug_port',`
gen_require(`
type nodejs_debug_port_t;
')
allow $1 nodejs_debug_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_nodejs_debug_port',`
gen_require(`
type nodejs_debug_port_t;
')
dontaudit $1 nodejs_debug_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_nodejs_debug_port',`
gen_require(`
type nodejs_debug_port_t;
')
allow $1 nodejs_debug_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_nodejs_debug_port',`
gen_require(`
type nodejs_debug_port_t;
')
dontaudit $1 nodejs_debug_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_nodejs_debug_port',`
corenet_udp_send_nodejs_debug_port($1)
corenet_udp_receive_nodejs_debug_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_nodejs_debug_port',`
corenet_dontaudit_udp_send_nodejs_debug_port($1)
corenet_dontaudit_udp_receive_nodejs_debug_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_nodejs_debug_port',`
gen_require(`
type nodejs_debug_port_t;
')
allow $1 nodejs_debug_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_nodejs_debug_port',`
gen_require(`
type nodejs_debug_port_t;
')
allow $1 nodejs_debug_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_nodejs_debug_port',`
gen_require(`
type nodejs_debug_port_t;
')
allow $1 nodejs_debug_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send nodejs_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nodejs_debug_client_packets',`
gen_require(`
type nodejs_debug_client_packet_t;
')
allow $1 nodejs_debug_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nodejs_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nodejs_debug_client_packets',`
gen_require(`
type nodejs_debug_client_packet_t;
')
dontaudit $1 nodejs_debug_client_packet_t:packet send;
')
########################################
## <summary>
## Receive nodejs_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nodejs_debug_client_packets',`
gen_require(`
type nodejs_debug_client_packet_t;
')
allow $1 nodejs_debug_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nodejs_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nodejs_debug_client_packets',`
gen_require(`
type nodejs_debug_client_packet_t;
')
dontaudit $1 nodejs_debug_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nodejs_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nodejs_debug_client_packets',`
corenet_send_nodejs_debug_client_packets($1)
corenet_receive_nodejs_debug_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nodejs_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nodejs_debug_client_packets',`
corenet_dontaudit_send_nodejs_debug_client_packets($1)
corenet_dontaudit_receive_nodejs_debug_client_packets($1)
')
########################################
## <summary>
## Relabel packets to nodejs_debug_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nodejs_debug_client_packets',`
gen_require(`
type nodejs_debug_client_packet_t;
')
allow $1 nodejs_debug_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send nodejs_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nodejs_debug_server_packets',`
gen_require(`
type nodejs_debug_server_packet_t;
')
allow $1 nodejs_debug_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nodejs_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nodejs_debug_server_packets',`
gen_require(`
type nodejs_debug_server_packet_t;
')
dontaudit $1 nodejs_debug_server_packet_t:packet send;
')
########################################
## <summary>
## Receive nodejs_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nodejs_debug_server_packets',`
gen_require(`
type nodejs_debug_server_packet_t;
')
allow $1 nodejs_debug_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nodejs_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nodejs_debug_server_packets',`
gen_require(`
type nodejs_debug_server_packet_t;
')
dontaudit $1 nodejs_debug_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nodejs_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nodejs_debug_server_packets',`
corenet_send_nodejs_debug_server_packets($1)
corenet_receive_nodejs_debug_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nodejs_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nodejs_debug_server_packets',`
corenet_dontaudit_send_nodejs_debug_server_packets($1)
corenet_dontaudit_receive_nodejs_debug_server_packets($1)
')
########################################
## <summary>
## Relabel packets to nodejs_debug_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nodejs_debug_server_packets',`
gen_require(`
type nodejs_debug_server_packet_t;
')
allow $1 nodejs_debug_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ntp_port',`
gen_require(`
type ntp_port_t;
')
allow $1 ntp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ntp_port',`
gen_require(`
type ntp_port_t;
')
allow $1 ntp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ntp_port',`
gen_require(`
type ntp_port_t;
')
dontaudit $1 ntp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ntp_port',`
gen_require(`
type ntp_port_t;
')
allow $1 ntp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ntp_port',`
gen_require(`
type ntp_port_t;
')
dontaudit $1 ntp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ntp_port',`
corenet_udp_send_ntp_port($1)
corenet_udp_receive_ntp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ntp_port',`
corenet_dontaudit_udp_send_ntp_port($1)
corenet_dontaudit_udp_receive_ntp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ntp_port',`
gen_require(`
type ntp_port_t;
')
allow $1 ntp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ntp_port',`
gen_require(`
type ntp_port_t;
')
allow $1 ntp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ntp_port',`
gen_require(`
type ntp_port_t;
')
allow $1 ntp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ntp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ntp_client_packets',`
gen_require(`
type ntp_client_packet_t;
')
allow $1 ntp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ntp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ntp_client_packets',`
gen_require(`
type ntp_client_packet_t;
')
dontaudit $1 ntp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ntp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ntp_client_packets',`
gen_require(`
type ntp_client_packet_t;
')
allow $1 ntp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ntp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ntp_client_packets',`
gen_require(`
type ntp_client_packet_t;
')
dontaudit $1 ntp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ntp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ntp_client_packets',`
corenet_send_ntp_client_packets($1)
corenet_receive_ntp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ntp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ntp_client_packets',`
corenet_dontaudit_send_ntp_client_packets($1)
corenet_dontaudit_receive_ntp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ntp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ntp_client_packets',`
gen_require(`
type ntp_client_packet_t;
')
allow $1 ntp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ntp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ntp_server_packets',`
gen_require(`
type ntp_server_packet_t;
')
allow $1 ntp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ntp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ntp_server_packets',`
gen_require(`
type ntp_server_packet_t;
')
dontaudit $1 ntp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ntp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ntp_server_packets',`
gen_require(`
type ntp_server_packet_t;
')
allow $1 ntp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ntp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ntp_server_packets',`
gen_require(`
type ntp_server_packet_t;
')
dontaudit $1 ntp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ntp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ntp_server_packets',`
corenet_send_ntp_server_packets($1)
corenet_receive_ntp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ntp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ntp_server_packets',`
corenet_dontaudit_send_ntp_server_packets($1)
corenet_dontaudit_receive_ntp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ntp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ntp_server_packets',`
gen_require(`
type ntp_server_packet_t;
')
allow $1 ntp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ntop_port',`
gen_require(`
type ntop_port_t;
')
allow $1 ntop_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ntop_port',`
gen_require(`
type ntop_port_t;
')
allow $1 ntop_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ntop_port',`
gen_require(`
type ntop_port_t;
')
dontaudit $1 ntop_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ntop_port',`
gen_require(`
type ntop_port_t;
')
allow $1 ntop_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ntop_port',`
gen_require(`
type ntop_port_t;
')
dontaudit $1 ntop_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ntop_port',`
corenet_udp_send_ntop_port($1)
corenet_udp_receive_ntop_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ntop_port',`
corenet_dontaudit_udp_send_ntop_port($1)
corenet_dontaudit_udp_receive_ntop_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ntop_port',`
gen_require(`
type ntop_port_t;
')
allow $1 ntop_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ntop_port',`
gen_require(`
type ntop_port_t;
')
allow $1 ntop_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ntop_port',`
gen_require(`
type ntop_port_t;
')
allow $1 ntop_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ntop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ntop_client_packets',`
gen_require(`
type ntop_client_packet_t;
')
allow $1 ntop_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ntop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ntop_client_packets',`
gen_require(`
type ntop_client_packet_t;
')
dontaudit $1 ntop_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ntop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ntop_client_packets',`
gen_require(`
type ntop_client_packet_t;
')
allow $1 ntop_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ntop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ntop_client_packets',`
gen_require(`
type ntop_client_packet_t;
')
dontaudit $1 ntop_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ntop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ntop_client_packets',`
corenet_send_ntop_client_packets($1)
corenet_receive_ntop_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ntop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ntop_client_packets',`
corenet_dontaudit_send_ntop_client_packets($1)
corenet_dontaudit_receive_ntop_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ntop_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ntop_client_packets',`
gen_require(`
type ntop_client_packet_t;
')
allow $1 ntop_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ntop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ntop_server_packets',`
gen_require(`
type ntop_server_packet_t;
')
allow $1 ntop_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ntop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ntop_server_packets',`
gen_require(`
type ntop_server_packet_t;
')
dontaudit $1 ntop_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ntop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ntop_server_packets',`
gen_require(`
type ntop_server_packet_t;
')
allow $1 ntop_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ntop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ntop_server_packets',`
gen_require(`
type ntop_server_packet_t;
')
dontaudit $1 ntop_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ntop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ntop_server_packets',`
corenet_send_ntop_server_packets($1)
corenet_receive_ntop_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ntop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ntop_server_packets',`
corenet_dontaudit_send_ntop_server_packets($1)
corenet_dontaudit_receive_ntop_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ntop_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ntop_server_packets',`
gen_require(`
type ntop_server_packet_t;
')
allow $1 ntop_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_oracle_port',`
gen_require(`
type oracle_port_t;
')
allow $1 oracle_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_oracle_port',`
gen_require(`
type oracle_port_t;
')
allow $1 oracle_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_oracle_port',`
gen_require(`
type oracle_port_t;
')
dontaudit $1 oracle_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_oracle_port',`
gen_require(`
type oracle_port_t;
')
allow $1 oracle_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_oracle_port',`
gen_require(`
type oracle_port_t;
')
dontaudit $1 oracle_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_oracle_port',`
corenet_udp_send_oracle_port($1)
corenet_udp_receive_oracle_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_oracle_port',`
corenet_dontaudit_udp_send_oracle_port($1)
corenet_dontaudit_udp_receive_oracle_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_oracle_port',`
gen_require(`
type oracle_port_t;
')
allow $1 oracle_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_oracle_port',`
gen_require(`
type oracle_port_t;
')
allow $1 oracle_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_oracle_port',`
gen_require(`
type oracle_port_t;
')
allow $1 oracle_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send oracle_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_oracle_client_packets',`
gen_require(`
type oracle_client_packet_t;
')
allow $1 oracle_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send oracle_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_oracle_client_packets',`
gen_require(`
type oracle_client_packet_t;
')
dontaudit $1 oracle_client_packet_t:packet send;
')
########################################
## <summary>
## Receive oracle_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_oracle_client_packets',`
gen_require(`
type oracle_client_packet_t;
')
allow $1 oracle_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive oracle_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_oracle_client_packets',`
gen_require(`
type oracle_client_packet_t;
')
dontaudit $1 oracle_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive oracle_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_oracle_client_packets',`
corenet_send_oracle_client_packets($1)
corenet_receive_oracle_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive oracle_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_oracle_client_packets',`
corenet_dontaudit_send_oracle_client_packets($1)
corenet_dontaudit_receive_oracle_client_packets($1)
')
########################################
## <summary>
## Relabel packets to oracle_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_oracle_client_packets',`
gen_require(`
type oracle_client_packet_t;
')
allow $1 oracle_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send oracle_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_oracle_server_packets',`
gen_require(`
type oracle_server_packet_t;
')
allow $1 oracle_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send oracle_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_oracle_server_packets',`
gen_require(`
type oracle_server_packet_t;
')
dontaudit $1 oracle_server_packet_t:packet send;
')
########################################
## <summary>
## Receive oracle_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_oracle_server_packets',`
gen_require(`
type oracle_server_packet_t;
')
allow $1 oracle_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive oracle_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_oracle_server_packets',`
gen_require(`
type oracle_server_packet_t;
')
dontaudit $1 oracle_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive oracle_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_oracle_server_packets',`
corenet_send_oracle_server_packets($1)
corenet_receive_oracle_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive oracle_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_oracle_server_packets',`
corenet_dontaudit_send_oracle_server_packets($1)
corenet_dontaudit_receive_oracle_server_packets($1)
')
########################################
## <summary>
## Relabel packets to oracle_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_oracle_server_packets',`
gen_require(`
type oracle_server_packet_t;
')
allow $1 oracle_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ocsp_port',`
gen_require(`
type ocsp_port_t;
')
allow $1 ocsp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ocsp_port',`
gen_require(`
type ocsp_port_t;
')
allow $1 ocsp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ocsp_port',`
gen_require(`
type ocsp_port_t;
')
dontaudit $1 ocsp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ocsp_port',`
gen_require(`
type ocsp_port_t;
')
allow $1 ocsp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ocsp_port',`
gen_require(`
type ocsp_port_t;
')
dontaudit $1 ocsp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ocsp_port',`
corenet_udp_send_ocsp_port($1)
corenet_udp_receive_ocsp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ocsp_port',`
corenet_dontaudit_udp_send_ocsp_port($1)
corenet_dontaudit_udp_receive_ocsp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ocsp_port',`
gen_require(`
type ocsp_port_t;
')
allow $1 ocsp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ocsp_port',`
gen_require(`
type ocsp_port_t;
')
allow $1 ocsp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ocsp_port',`
gen_require(`
type ocsp_port_t;
')
allow $1 ocsp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ocsp_client_packets',`
gen_require(`
type ocsp_client_packet_t;
')
allow $1 ocsp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ocsp_client_packets',`
gen_require(`
type ocsp_client_packet_t;
')
dontaudit $1 ocsp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ocsp_client_packets',`
gen_require(`
type ocsp_client_packet_t;
')
allow $1 ocsp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ocsp_client_packets',`
gen_require(`
type ocsp_client_packet_t;
')
dontaudit $1 ocsp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ocsp_client_packets',`
corenet_send_ocsp_client_packets($1)
corenet_receive_ocsp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ocsp_client_packets',`
corenet_dontaudit_send_ocsp_client_packets($1)
corenet_dontaudit_receive_ocsp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ocsp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ocsp_client_packets',`
gen_require(`
type ocsp_client_packet_t;
')
allow $1 ocsp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ocsp_server_packets',`
gen_require(`
type ocsp_server_packet_t;
')
allow $1 ocsp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ocsp_server_packets',`
gen_require(`
type ocsp_server_packet_t;
')
dontaudit $1 ocsp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ocsp_server_packets',`
gen_require(`
type ocsp_server_packet_t;
')
allow $1 ocsp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ocsp_server_packets',`
gen_require(`
type ocsp_server_packet_t;
')
dontaudit $1 ocsp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ocsp_server_packets',`
corenet_send_ocsp_server_packets($1)
corenet_receive_ocsp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ocsp_server_packets',`
corenet_dontaudit_send_ocsp_server_packets($1)
corenet_dontaudit_receive_ocsp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ocsp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ocsp_server_packets',`
gen_require(`
type ocsp_server_packet_t;
')
allow $1 ocsp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_openhpid_port',`
gen_require(`
type openhpid_port_t;
')
allow $1 openhpid_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_openhpid_port',`
gen_require(`
type openhpid_port_t;
')
allow $1 openhpid_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_openhpid_port',`
gen_require(`
type openhpid_port_t;
')
dontaudit $1 openhpid_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_openhpid_port',`
gen_require(`
type openhpid_port_t;
')
allow $1 openhpid_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_openhpid_port',`
gen_require(`
type openhpid_port_t;
')
dontaudit $1 openhpid_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_openhpid_port',`
corenet_udp_send_openhpid_port($1)
corenet_udp_receive_openhpid_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_openhpid_port',`
corenet_dontaudit_udp_send_openhpid_port($1)
corenet_dontaudit_udp_receive_openhpid_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_openhpid_port',`
gen_require(`
type openhpid_port_t;
')
allow $1 openhpid_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_openhpid_port',`
gen_require(`
type openhpid_port_t;
')
allow $1 openhpid_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_openhpid_port',`
gen_require(`
type openhpid_port_t;
')
allow $1 openhpid_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send openhpid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_openhpid_client_packets',`
gen_require(`
type openhpid_client_packet_t;
')
allow $1 openhpid_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send openhpid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_openhpid_client_packets',`
gen_require(`
type openhpid_client_packet_t;
')
dontaudit $1 openhpid_client_packet_t:packet send;
')
########################################
## <summary>
## Receive openhpid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_openhpid_client_packets',`
gen_require(`
type openhpid_client_packet_t;
')
allow $1 openhpid_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive openhpid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_openhpid_client_packets',`
gen_require(`
type openhpid_client_packet_t;
')
dontaudit $1 openhpid_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive openhpid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_openhpid_client_packets',`
corenet_send_openhpid_client_packets($1)
corenet_receive_openhpid_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive openhpid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_openhpid_client_packets',`
corenet_dontaudit_send_openhpid_client_packets($1)
corenet_dontaudit_receive_openhpid_client_packets($1)
')
########################################
## <summary>
## Relabel packets to openhpid_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_openhpid_client_packets',`
gen_require(`
type openhpid_client_packet_t;
')
allow $1 openhpid_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send openhpid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_openhpid_server_packets',`
gen_require(`
type openhpid_server_packet_t;
')
allow $1 openhpid_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send openhpid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_openhpid_server_packets',`
gen_require(`
type openhpid_server_packet_t;
')
dontaudit $1 openhpid_server_packet_t:packet send;
')
########################################
## <summary>
## Receive openhpid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_openhpid_server_packets',`
gen_require(`
type openhpid_server_packet_t;
')
allow $1 openhpid_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive openhpid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_openhpid_server_packets',`
gen_require(`
type openhpid_server_packet_t;
')
dontaudit $1 openhpid_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive openhpid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_openhpid_server_packets',`
corenet_send_openhpid_server_packets($1)
corenet_receive_openhpid_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive openhpid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_openhpid_server_packets',`
corenet_dontaudit_send_openhpid_server_packets($1)
corenet_dontaudit_receive_openhpid_server_packets($1)
')
########################################
## <summary>
## Relabel packets to openhpid_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_openhpid_server_packets',`
gen_require(`
type openhpid_server_packet_t;
')
allow $1 openhpid_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_openvpn_port',`
gen_require(`
type openvpn_port_t;
')
allow $1 openvpn_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_openvpn_port',`
gen_require(`
type openvpn_port_t;
')
allow $1 openvpn_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_openvpn_port',`
gen_require(`
type openvpn_port_t;
')
dontaudit $1 openvpn_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_openvpn_port',`
gen_require(`
type openvpn_port_t;
')
allow $1 openvpn_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_openvpn_port',`
gen_require(`
type openvpn_port_t;
')
dontaudit $1 openvpn_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_openvpn_port',`
corenet_udp_send_openvpn_port($1)
corenet_udp_receive_openvpn_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_openvpn_port',`
corenet_dontaudit_udp_send_openvpn_port($1)
corenet_dontaudit_udp_receive_openvpn_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_openvpn_port',`
gen_require(`
type openvpn_port_t;
')
allow $1 openvpn_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_openvpn_port',`
gen_require(`
type openvpn_port_t;
')
allow $1 openvpn_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_openvpn_port',`
gen_require(`
type openvpn_port_t;
')
allow $1 openvpn_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send openvpn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_openvpn_client_packets',`
gen_require(`
type openvpn_client_packet_t;
')
allow $1 openvpn_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send openvpn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_openvpn_client_packets',`
gen_require(`
type openvpn_client_packet_t;
')
dontaudit $1 openvpn_client_packet_t:packet send;
')
########################################
## <summary>
## Receive openvpn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_openvpn_client_packets',`
gen_require(`
type openvpn_client_packet_t;
')
allow $1 openvpn_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive openvpn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_openvpn_client_packets',`
gen_require(`
type openvpn_client_packet_t;
')
dontaudit $1 openvpn_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive openvpn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_openvpn_client_packets',`
corenet_send_openvpn_client_packets($1)
corenet_receive_openvpn_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive openvpn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_openvpn_client_packets',`
corenet_dontaudit_send_openvpn_client_packets($1)
corenet_dontaudit_receive_openvpn_client_packets($1)
')
########################################
## <summary>
## Relabel packets to openvpn_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_openvpn_client_packets',`
gen_require(`
type openvpn_client_packet_t;
')
allow $1 openvpn_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send openvpn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_openvpn_server_packets',`
gen_require(`
type openvpn_server_packet_t;
')
allow $1 openvpn_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send openvpn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_openvpn_server_packets',`
gen_require(`
type openvpn_server_packet_t;
')
dontaudit $1 openvpn_server_packet_t:packet send;
')
########################################
## <summary>
## Receive openvpn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_openvpn_server_packets',`
gen_require(`
type openvpn_server_packet_t;
')
allow $1 openvpn_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive openvpn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_openvpn_server_packets',`
gen_require(`
type openvpn_server_packet_t;
')
dontaudit $1 openvpn_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive openvpn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_openvpn_server_packets',`
corenet_send_openvpn_server_packets($1)
corenet_receive_openvpn_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive openvpn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_openvpn_server_packets',`
corenet_dontaudit_send_openvpn_server_packets($1)
corenet_dontaudit_receive_openvpn_server_packets($1)
')
########################################
## <summary>
## Relabel packets to openvpn_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_openvpn_server_packets',`
gen_require(`
type openvpn_server_packet_t;
')
allow $1 openvpn_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pktcable port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pktcable_port',`
gen_require(`
type pktcable_port_t;
')
allow $1 pktcable_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pktcable port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pktcable_port',`
gen_require(`
type pktcable_port_t;
')
allow $1 pktcable_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pktcable port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pktcable_port',`
gen_require(`
type pktcable_port_t;
')
dontaudit $1 pktcable_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pktcable port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pktcable_port',`
gen_require(`
type pktcable_port_t;
')
allow $1 pktcable_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pktcable port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pktcable_port',`
gen_require(`
type pktcable_port_t;
')
dontaudit $1 pktcable_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pktcable port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pktcable_port',`
corenet_udp_send_pktcable_port($1)
corenet_udp_receive_pktcable_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pktcable port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pktcable_port',`
corenet_dontaudit_udp_send_pktcable_port($1)
corenet_dontaudit_udp_receive_pktcable_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pktcable port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pktcable_port',`
gen_require(`
type pktcable_port_t;
')
allow $1 pktcable_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pktcable port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pktcable_port',`
gen_require(`
type pktcable_port_t;
')
allow $1 pktcable_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pktcable port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pktcable_port',`
gen_require(`
type pktcable_port_t;
')
allow $1 pktcable_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pktcable_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pktcable_client_packets',`
gen_require(`
type pktcable_client_packet_t;
')
allow $1 pktcable_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pktcable_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pktcable_client_packets',`
gen_require(`
type pktcable_client_packet_t;
')
dontaudit $1 pktcable_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pktcable_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pktcable_client_packets',`
gen_require(`
type pktcable_client_packet_t;
')
allow $1 pktcable_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pktcable_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pktcable_client_packets',`
gen_require(`
type pktcable_client_packet_t;
')
dontaudit $1 pktcable_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pktcable_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pktcable_client_packets',`
corenet_send_pktcable_client_packets($1)
corenet_receive_pktcable_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pktcable_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pktcable_client_packets',`
corenet_dontaudit_send_pktcable_client_packets($1)
corenet_dontaudit_receive_pktcable_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pktcable_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pktcable_client_packets',`
gen_require(`
type pktcable_client_packet_t;
')
allow $1 pktcable_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pktcable_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pktcable_server_packets',`
gen_require(`
type pktcable_server_packet_t;
')
allow $1 pktcable_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pktcable_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pktcable_server_packets',`
gen_require(`
type pktcable_server_packet_t;
')
dontaudit $1 pktcable_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pktcable_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pktcable_server_packets',`
gen_require(`
type pktcable_server_packet_t;
')
allow $1 pktcable_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pktcable_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pktcable_server_packets',`
gen_require(`
type pktcable_server_packet_t;
')
dontaudit $1 pktcable_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pktcable_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pktcable_server_packets',`
corenet_send_pktcable_server_packets($1)
corenet_receive_pktcable_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pktcable_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pktcable_server_packets',`
corenet_dontaudit_send_pktcable_server_packets($1)
corenet_dontaudit_receive_pktcable_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pktcable_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pktcable_server_packets',`
gen_require(`
type pktcable_server_packet_t;
')
allow $1 pktcable_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pegasus_http_port',`
gen_require(`
type pegasus_http_port_t;
')
allow $1 pegasus_http_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pegasus_http_port',`
gen_require(`
type pegasus_http_port_t;
')
allow $1 pegasus_http_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pegasus_http_port',`
gen_require(`
type pegasus_http_port_t;
')
dontaudit $1 pegasus_http_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pegasus_http_port',`
gen_require(`
type pegasus_http_port_t;
')
allow $1 pegasus_http_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pegasus_http_port',`
gen_require(`
type pegasus_http_port_t;
')
dontaudit $1 pegasus_http_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pegasus_http_port',`
corenet_udp_send_pegasus_http_port($1)
corenet_udp_receive_pegasus_http_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pegasus_http_port',`
corenet_dontaudit_udp_send_pegasus_http_port($1)
corenet_dontaudit_udp_receive_pegasus_http_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pegasus_http_port',`
gen_require(`
type pegasus_http_port_t;
')
allow $1 pegasus_http_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pegasus_http_port',`
gen_require(`
type pegasus_http_port_t;
')
allow $1 pegasus_http_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pegasus_http_port',`
gen_require(`
type pegasus_http_port_t;
')
allow $1 pegasus_http_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pegasus_http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pegasus_http_client_packets',`
gen_require(`
type pegasus_http_client_packet_t;
')
allow $1 pegasus_http_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pegasus_http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pegasus_http_client_packets',`
gen_require(`
type pegasus_http_client_packet_t;
')
dontaudit $1 pegasus_http_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pegasus_http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pegasus_http_client_packets',`
gen_require(`
type pegasus_http_client_packet_t;
')
allow $1 pegasus_http_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pegasus_http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pegasus_http_client_packets',`
gen_require(`
type pegasus_http_client_packet_t;
')
dontaudit $1 pegasus_http_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pegasus_http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pegasus_http_client_packets',`
corenet_send_pegasus_http_client_packets($1)
corenet_receive_pegasus_http_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pegasus_http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pegasus_http_client_packets',`
corenet_dontaudit_send_pegasus_http_client_packets($1)
corenet_dontaudit_receive_pegasus_http_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pegasus_http_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pegasus_http_client_packets',`
gen_require(`
type pegasus_http_client_packet_t;
')
allow $1 pegasus_http_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pegasus_http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pegasus_http_server_packets',`
gen_require(`
type pegasus_http_server_packet_t;
')
allow $1 pegasus_http_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pegasus_http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pegasus_http_server_packets',`
gen_require(`
type pegasus_http_server_packet_t;
')
dontaudit $1 pegasus_http_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pegasus_http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pegasus_http_server_packets',`
gen_require(`
type pegasus_http_server_packet_t;
')
allow $1 pegasus_http_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pegasus_http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pegasus_http_server_packets',`
gen_require(`
type pegasus_http_server_packet_t;
')
dontaudit $1 pegasus_http_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pegasus_http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pegasus_http_server_packets',`
corenet_send_pegasus_http_server_packets($1)
corenet_receive_pegasus_http_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pegasus_http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pegasus_http_server_packets',`
corenet_dontaudit_send_pegasus_http_server_packets($1)
corenet_dontaudit_receive_pegasus_http_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pegasus_http_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pegasus_http_server_packets',`
gen_require(`
type pegasus_http_server_packet_t;
')
allow $1 pegasus_http_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pegasus_https_port',`
gen_require(`
type pegasus_https_port_t;
')
allow $1 pegasus_https_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pegasus_https_port',`
gen_require(`
type pegasus_https_port_t;
')
allow $1 pegasus_https_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pegasus_https_port',`
gen_require(`
type pegasus_https_port_t;
')
dontaudit $1 pegasus_https_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pegasus_https_port',`
gen_require(`
type pegasus_https_port_t;
')
allow $1 pegasus_https_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pegasus_https_port',`
gen_require(`
type pegasus_https_port_t;
')
dontaudit $1 pegasus_https_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pegasus_https_port',`
corenet_udp_send_pegasus_https_port($1)
corenet_udp_receive_pegasus_https_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pegasus_https_port',`
corenet_dontaudit_udp_send_pegasus_https_port($1)
corenet_dontaudit_udp_receive_pegasus_https_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pegasus_https_port',`
gen_require(`
type pegasus_https_port_t;
')
allow $1 pegasus_https_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pegasus_https_port',`
gen_require(`
type pegasus_https_port_t;
')
allow $1 pegasus_https_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pegasus_https_port',`
gen_require(`
type pegasus_https_port_t;
')
allow $1 pegasus_https_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pegasus_https_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pegasus_https_client_packets',`
gen_require(`
type pegasus_https_client_packet_t;
')
allow $1 pegasus_https_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pegasus_https_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pegasus_https_client_packets',`
gen_require(`
type pegasus_https_client_packet_t;
')
dontaudit $1 pegasus_https_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pegasus_https_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pegasus_https_client_packets',`
gen_require(`
type pegasus_https_client_packet_t;
')
allow $1 pegasus_https_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pegasus_https_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pegasus_https_client_packets',`
gen_require(`
type pegasus_https_client_packet_t;
')
dontaudit $1 pegasus_https_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pegasus_https_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pegasus_https_client_packets',`
corenet_send_pegasus_https_client_packets($1)
corenet_receive_pegasus_https_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pegasus_https_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pegasus_https_client_packets',`
corenet_dontaudit_send_pegasus_https_client_packets($1)
corenet_dontaudit_receive_pegasus_https_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pegasus_https_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pegasus_https_client_packets',`
gen_require(`
type pegasus_https_client_packet_t;
')
allow $1 pegasus_https_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pegasus_https_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pegasus_https_server_packets',`
gen_require(`
type pegasus_https_server_packet_t;
')
allow $1 pegasus_https_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pegasus_https_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pegasus_https_server_packets',`
gen_require(`
type pegasus_https_server_packet_t;
')
dontaudit $1 pegasus_https_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pegasus_https_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pegasus_https_server_packets',`
gen_require(`
type pegasus_https_server_packet_t;
')
allow $1 pegasus_https_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pegasus_https_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pegasus_https_server_packets',`
gen_require(`
type pegasus_https_server_packet_t;
')
dontaudit $1 pegasus_https_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pegasus_https_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pegasus_https_server_packets',`
corenet_send_pegasus_https_server_packets($1)
corenet_receive_pegasus_https_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pegasus_https_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pegasus_https_server_packets',`
corenet_dontaudit_send_pegasus_https_server_packets($1)
corenet_dontaudit_receive_pegasus_https_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pegasus_https_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pegasus_https_server_packets',`
gen_require(`
type pegasus_https_server_packet_t;
')
allow $1 pegasus_https_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pgpkeyserver_port',`
gen_require(`
type pgpkeyserver_port_t;
')
allow $1 pgpkeyserver_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pgpkeyserver_port',`
gen_require(`
type pgpkeyserver_port_t;
')
allow $1 pgpkeyserver_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pgpkeyserver_port',`
gen_require(`
type pgpkeyserver_port_t;
')
dontaudit $1 pgpkeyserver_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pgpkeyserver_port',`
gen_require(`
type pgpkeyserver_port_t;
')
allow $1 pgpkeyserver_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pgpkeyserver_port',`
gen_require(`
type pgpkeyserver_port_t;
')
dontaudit $1 pgpkeyserver_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pgpkeyserver_port',`
corenet_udp_send_pgpkeyserver_port($1)
corenet_udp_receive_pgpkeyserver_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pgpkeyserver_port',`
corenet_dontaudit_udp_send_pgpkeyserver_port($1)
corenet_dontaudit_udp_receive_pgpkeyserver_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pgpkeyserver_port',`
gen_require(`
type pgpkeyserver_port_t;
')
allow $1 pgpkeyserver_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pgpkeyserver_port',`
gen_require(`
type pgpkeyserver_port_t;
')
allow $1 pgpkeyserver_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pgpkeyserver_port',`
gen_require(`
type pgpkeyserver_port_t;
')
allow $1 pgpkeyserver_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pgpkeyserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pgpkeyserver_client_packets',`
gen_require(`
type pgpkeyserver_client_packet_t;
')
allow $1 pgpkeyserver_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pgpkeyserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pgpkeyserver_client_packets',`
gen_require(`
type pgpkeyserver_client_packet_t;
')
dontaudit $1 pgpkeyserver_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pgpkeyserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pgpkeyserver_client_packets',`
gen_require(`
type pgpkeyserver_client_packet_t;
')
allow $1 pgpkeyserver_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pgpkeyserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pgpkeyserver_client_packets',`
gen_require(`
type pgpkeyserver_client_packet_t;
')
dontaudit $1 pgpkeyserver_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pgpkeyserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pgpkeyserver_client_packets',`
corenet_send_pgpkeyserver_client_packets($1)
corenet_receive_pgpkeyserver_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pgpkeyserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pgpkeyserver_client_packets',`
corenet_dontaudit_send_pgpkeyserver_client_packets($1)
corenet_dontaudit_receive_pgpkeyserver_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pgpkeyserver_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pgpkeyserver_client_packets',`
gen_require(`
type pgpkeyserver_client_packet_t;
')
allow $1 pgpkeyserver_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pgpkeyserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pgpkeyserver_server_packets',`
gen_require(`
type pgpkeyserver_server_packet_t;
')
allow $1 pgpkeyserver_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pgpkeyserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pgpkeyserver_server_packets',`
gen_require(`
type pgpkeyserver_server_packet_t;
')
dontaudit $1 pgpkeyserver_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pgpkeyserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pgpkeyserver_server_packets',`
gen_require(`
type pgpkeyserver_server_packet_t;
')
allow $1 pgpkeyserver_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pgpkeyserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pgpkeyserver_server_packets',`
gen_require(`
type pgpkeyserver_server_packet_t;
')
dontaudit $1 pgpkeyserver_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pgpkeyserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pgpkeyserver_server_packets',`
corenet_send_pgpkeyserver_server_packets($1)
corenet_receive_pgpkeyserver_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pgpkeyserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pgpkeyserver_server_packets',`
corenet_dontaudit_send_pgpkeyserver_server_packets($1)
corenet_dontaudit_receive_pgpkeyserver_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pgpkeyserver_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pgpkeyserver_server_packets',`
gen_require(`
type pgpkeyserver_server_packet_t;
')
allow $1 pgpkeyserver_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pingd_port',`
gen_require(`
type pingd_port_t;
')
allow $1 pingd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pingd_port',`
gen_require(`
type pingd_port_t;
')
allow $1 pingd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pingd_port',`
gen_require(`
type pingd_port_t;
')
dontaudit $1 pingd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pingd_port',`
gen_require(`
type pingd_port_t;
')
allow $1 pingd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pingd_port',`
gen_require(`
type pingd_port_t;
')
dontaudit $1 pingd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pingd_port',`
corenet_udp_send_pingd_port($1)
corenet_udp_receive_pingd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pingd_port',`
corenet_dontaudit_udp_send_pingd_port($1)
corenet_dontaudit_udp_receive_pingd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pingd_port',`
gen_require(`
type pingd_port_t;
')
allow $1 pingd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pingd_port',`
gen_require(`
type pingd_port_t;
')
allow $1 pingd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pingd_port',`
gen_require(`
type pingd_port_t;
')
allow $1 pingd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pingd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pingd_client_packets',`
gen_require(`
type pingd_client_packet_t;
')
allow $1 pingd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pingd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pingd_client_packets',`
gen_require(`
type pingd_client_packet_t;
')
dontaudit $1 pingd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pingd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pingd_client_packets',`
gen_require(`
type pingd_client_packet_t;
')
allow $1 pingd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pingd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pingd_client_packets',`
gen_require(`
type pingd_client_packet_t;
')
dontaudit $1 pingd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pingd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pingd_client_packets',`
corenet_send_pingd_client_packets($1)
corenet_receive_pingd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pingd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pingd_client_packets',`
corenet_dontaudit_send_pingd_client_packets($1)
corenet_dontaudit_receive_pingd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pingd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pingd_client_packets',`
gen_require(`
type pingd_client_packet_t;
')
allow $1 pingd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pingd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pingd_server_packets',`
gen_require(`
type pingd_server_packet_t;
')
allow $1 pingd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pingd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pingd_server_packets',`
gen_require(`
type pingd_server_packet_t;
')
dontaudit $1 pingd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pingd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pingd_server_packets',`
gen_require(`
type pingd_server_packet_t;
')
allow $1 pingd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pingd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pingd_server_packets',`
gen_require(`
type pingd_server_packet_t;
')
dontaudit $1 pingd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pingd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pingd_server_packets',`
corenet_send_pingd_server_packets($1)
corenet_receive_pingd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pingd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pingd_server_packets',`
corenet_dontaudit_send_pingd_server_packets($1)
corenet_dontaudit_receive_pingd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pingd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pingd_server_packets',`
gen_require(`
type pingd_server_packet_t;
')
allow $1 pingd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the piranha port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_piranha_port',`
gen_require(`
type piranha_port_t;
')
allow $1 piranha_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the piranha port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_piranha_port',`
gen_require(`
type piranha_port_t;
')
allow $1 piranha_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the piranha port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_piranha_port',`
gen_require(`
type piranha_port_t;
')
dontaudit $1 piranha_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the piranha port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_piranha_port',`
gen_require(`
type piranha_port_t;
')
allow $1 piranha_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the piranha port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_piranha_port',`
gen_require(`
type piranha_port_t;
')
dontaudit $1 piranha_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the piranha port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_piranha_port',`
corenet_udp_send_piranha_port($1)
corenet_udp_receive_piranha_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the piranha port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_piranha_port',`
corenet_dontaudit_udp_send_piranha_port($1)
corenet_dontaudit_udp_receive_piranha_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the piranha port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_piranha_port',`
gen_require(`
type piranha_port_t;
')
allow $1 piranha_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the piranha port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_piranha_port',`
gen_require(`
type piranha_port_t;
')
allow $1 piranha_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the piranha port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_piranha_port',`
gen_require(`
type piranha_port_t;
')
allow $1 piranha_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send piranha_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_piranha_client_packets',`
gen_require(`
type piranha_client_packet_t;
')
allow $1 piranha_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send piranha_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_piranha_client_packets',`
gen_require(`
type piranha_client_packet_t;
')
dontaudit $1 piranha_client_packet_t:packet send;
')
########################################
## <summary>
## Receive piranha_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_piranha_client_packets',`
gen_require(`
type piranha_client_packet_t;
')
allow $1 piranha_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive piranha_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_piranha_client_packets',`
gen_require(`
type piranha_client_packet_t;
')
dontaudit $1 piranha_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive piranha_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_piranha_client_packets',`
corenet_send_piranha_client_packets($1)
corenet_receive_piranha_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive piranha_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_piranha_client_packets',`
corenet_dontaudit_send_piranha_client_packets($1)
corenet_dontaudit_receive_piranha_client_packets($1)
')
########################################
## <summary>
## Relabel packets to piranha_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_piranha_client_packets',`
gen_require(`
type piranha_client_packet_t;
')
allow $1 piranha_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send piranha_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_piranha_server_packets',`
gen_require(`
type piranha_server_packet_t;
')
allow $1 piranha_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send piranha_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_piranha_server_packets',`
gen_require(`
type piranha_server_packet_t;
')
dontaudit $1 piranha_server_packet_t:packet send;
')
########################################
## <summary>
## Receive piranha_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_piranha_server_packets',`
gen_require(`
type piranha_server_packet_t;
')
allow $1 piranha_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive piranha_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_piranha_server_packets',`
gen_require(`
type piranha_server_packet_t;
')
dontaudit $1 piranha_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive piranha_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_piranha_server_packets',`
corenet_send_piranha_server_packets($1)
corenet_receive_piranha_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive piranha_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_piranha_server_packets',`
corenet_dontaudit_send_piranha_server_packets($1)
corenet_dontaudit_receive_piranha_server_packets($1)
')
########################################
## <summary>
## Relabel packets to piranha_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_piranha_server_packets',`
gen_require(`
type piranha_server_packet_t;
')
allow $1 piranha_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pki_ca_port',`
gen_require(`
type pki_ca_port_t;
')
allow $1 pki_ca_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pki_ca_port',`
gen_require(`
type pki_ca_port_t;
')
allow $1 pki_ca_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pki_ca_port',`
gen_require(`
type pki_ca_port_t;
')
dontaudit $1 pki_ca_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pki_ca_port',`
gen_require(`
type pki_ca_port_t;
')
allow $1 pki_ca_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pki_ca_port',`
gen_require(`
type pki_ca_port_t;
')
dontaudit $1 pki_ca_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pki_ca_port',`
corenet_udp_send_pki_ca_port($1)
corenet_udp_receive_pki_ca_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pki_ca_port',`
corenet_dontaudit_udp_send_pki_ca_port($1)
corenet_dontaudit_udp_receive_pki_ca_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pki_ca_port',`
gen_require(`
type pki_ca_port_t;
')
allow $1 pki_ca_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pki_ca_port',`
gen_require(`
type pki_ca_port_t;
')
allow $1 pki_ca_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pki_ca_port',`
gen_require(`
type pki_ca_port_t;
')
allow $1 pki_ca_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pki_ca_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_ca_client_packets',`
gen_require(`
type pki_ca_client_packet_t;
')
allow $1 pki_ca_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_ca_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_ca_client_packets',`
gen_require(`
type pki_ca_client_packet_t;
')
dontaudit $1 pki_ca_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_ca_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_ca_client_packets',`
gen_require(`
type pki_ca_client_packet_t;
')
allow $1 pki_ca_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_ca_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_ca_client_packets',`
gen_require(`
type pki_ca_client_packet_t;
')
dontaudit $1 pki_ca_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_ca_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_ca_client_packets',`
corenet_send_pki_ca_client_packets($1)
corenet_receive_pki_ca_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_ca_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_ca_client_packets',`
corenet_dontaudit_send_pki_ca_client_packets($1)
corenet_dontaudit_receive_pki_ca_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_ca_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_ca_client_packets',`
gen_require(`
type pki_ca_client_packet_t;
')
allow $1 pki_ca_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pki_ca_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_ca_server_packets',`
gen_require(`
type pki_ca_server_packet_t;
')
allow $1 pki_ca_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_ca_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_ca_server_packets',`
gen_require(`
type pki_ca_server_packet_t;
')
dontaudit $1 pki_ca_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_ca_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_ca_server_packets',`
gen_require(`
type pki_ca_server_packet_t;
')
allow $1 pki_ca_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_ca_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_ca_server_packets',`
gen_require(`
type pki_ca_server_packet_t;
')
dontaudit $1 pki_ca_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_ca_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_ca_server_packets',`
corenet_send_pki_ca_server_packets($1)
corenet_receive_pki_ca_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_ca_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_ca_server_packets',`
corenet_dontaudit_send_pki_ca_server_packets($1)
corenet_dontaudit_receive_pki_ca_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_ca_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_ca_server_packets',`
gen_require(`
type pki_ca_server_packet_t;
')
allow $1 pki_ca_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pki_kra_port',`
gen_require(`
type pki_kra_port_t;
')
allow $1 pki_kra_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pki_kra_port',`
gen_require(`
type pki_kra_port_t;
')
allow $1 pki_kra_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pki_kra_port',`
gen_require(`
type pki_kra_port_t;
')
dontaudit $1 pki_kra_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pki_kra_port',`
gen_require(`
type pki_kra_port_t;
')
allow $1 pki_kra_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pki_kra_port',`
gen_require(`
type pki_kra_port_t;
')
dontaudit $1 pki_kra_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pki_kra_port',`
corenet_udp_send_pki_kra_port($1)
corenet_udp_receive_pki_kra_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pki_kra_port',`
corenet_dontaudit_udp_send_pki_kra_port($1)
corenet_dontaudit_udp_receive_pki_kra_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pki_kra_port',`
gen_require(`
type pki_kra_port_t;
')
allow $1 pki_kra_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pki_kra_port',`
gen_require(`
type pki_kra_port_t;
')
allow $1 pki_kra_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pki_kra_port',`
gen_require(`
type pki_kra_port_t;
')
allow $1 pki_kra_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pki_kra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_kra_client_packets',`
gen_require(`
type pki_kra_client_packet_t;
')
allow $1 pki_kra_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_kra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_kra_client_packets',`
gen_require(`
type pki_kra_client_packet_t;
')
dontaudit $1 pki_kra_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_kra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_kra_client_packets',`
gen_require(`
type pki_kra_client_packet_t;
')
allow $1 pki_kra_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_kra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_kra_client_packets',`
gen_require(`
type pki_kra_client_packet_t;
')
dontaudit $1 pki_kra_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_kra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_kra_client_packets',`
corenet_send_pki_kra_client_packets($1)
corenet_receive_pki_kra_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_kra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_kra_client_packets',`
corenet_dontaudit_send_pki_kra_client_packets($1)
corenet_dontaudit_receive_pki_kra_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_kra_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_kra_client_packets',`
gen_require(`
type pki_kra_client_packet_t;
')
allow $1 pki_kra_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pki_kra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_kra_server_packets',`
gen_require(`
type pki_kra_server_packet_t;
')
allow $1 pki_kra_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_kra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_kra_server_packets',`
gen_require(`
type pki_kra_server_packet_t;
')
dontaudit $1 pki_kra_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_kra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_kra_server_packets',`
gen_require(`
type pki_kra_server_packet_t;
')
allow $1 pki_kra_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_kra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_kra_server_packets',`
gen_require(`
type pki_kra_server_packet_t;
')
dontaudit $1 pki_kra_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_kra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_kra_server_packets',`
corenet_send_pki_kra_server_packets($1)
corenet_receive_pki_kra_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_kra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_kra_server_packets',`
corenet_dontaudit_send_pki_kra_server_packets($1)
corenet_dontaudit_receive_pki_kra_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_kra_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_kra_server_packets',`
gen_require(`
type pki_kra_server_packet_t;
')
allow $1 pki_kra_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pki_ocsp_port',`
gen_require(`
type pki_ocsp_port_t;
')
allow $1 pki_ocsp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pki_ocsp_port',`
gen_require(`
type pki_ocsp_port_t;
')
allow $1 pki_ocsp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pki_ocsp_port',`
gen_require(`
type pki_ocsp_port_t;
')
dontaudit $1 pki_ocsp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pki_ocsp_port',`
gen_require(`
type pki_ocsp_port_t;
')
allow $1 pki_ocsp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pki_ocsp_port',`
gen_require(`
type pki_ocsp_port_t;
')
dontaudit $1 pki_ocsp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pki_ocsp_port',`
corenet_udp_send_pki_ocsp_port($1)
corenet_udp_receive_pki_ocsp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pki_ocsp_port',`
corenet_dontaudit_udp_send_pki_ocsp_port($1)
corenet_dontaudit_udp_receive_pki_ocsp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pki_ocsp_port',`
gen_require(`
type pki_ocsp_port_t;
')
allow $1 pki_ocsp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pki_ocsp_port',`
gen_require(`
type pki_ocsp_port_t;
')
allow $1 pki_ocsp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pki_ocsp_port',`
gen_require(`
type pki_ocsp_port_t;
')
allow $1 pki_ocsp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pki_ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_ocsp_client_packets',`
gen_require(`
type pki_ocsp_client_packet_t;
')
allow $1 pki_ocsp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_ocsp_client_packets',`
gen_require(`
type pki_ocsp_client_packet_t;
')
dontaudit $1 pki_ocsp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_ocsp_client_packets',`
gen_require(`
type pki_ocsp_client_packet_t;
')
allow $1 pki_ocsp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_ocsp_client_packets',`
gen_require(`
type pki_ocsp_client_packet_t;
')
dontaudit $1 pki_ocsp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_ocsp_client_packets',`
corenet_send_pki_ocsp_client_packets($1)
corenet_receive_pki_ocsp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_ocsp_client_packets',`
corenet_dontaudit_send_pki_ocsp_client_packets($1)
corenet_dontaudit_receive_pki_ocsp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_ocsp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_ocsp_client_packets',`
gen_require(`
type pki_ocsp_client_packet_t;
')
allow $1 pki_ocsp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pki_ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_ocsp_server_packets',`
gen_require(`
type pki_ocsp_server_packet_t;
')
allow $1 pki_ocsp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_ocsp_server_packets',`
gen_require(`
type pki_ocsp_server_packet_t;
')
dontaudit $1 pki_ocsp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_ocsp_server_packets',`
gen_require(`
type pki_ocsp_server_packet_t;
')
allow $1 pki_ocsp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_ocsp_server_packets',`
gen_require(`
type pki_ocsp_server_packet_t;
')
dontaudit $1 pki_ocsp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_ocsp_server_packets',`
corenet_send_pki_ocsp_server_packets($1)
corenet_receive_pki_ocsp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_ocsp_server_packets',`
corenet_dontaudit_send_pki_ocsp_server_packets($1)
corenet_dontaudit_receive_pki_ocsp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_ocsp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_ocsp_server_packets',`
gen_require(`
type pki_ocsp_server_packet_t;
')
allow $1 pki_ocsp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pki_tks_port',`
gen_require(`
type pki_tks_port_t;
')
allow $1 pki_tks_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pki_tks_port',`
gen_require(`
type pki_tks_port_t;
')
allow $1 pki_tks_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pki_tks_port',`
gen_require(`
type pki_tks_port_t;
')
dontaudit $1 pki_tks_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pki_tks_port',`
gen_require(`
type pki_tks_port_t;
')
allow $1 pki_tks_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pki_tks_port',`
gen_require(`
type pki_tks_port_t;
')
dontaudit $1 pki_tks_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pki_tks_port',`
corenet_udp_send_pki_tks_port($1)
corenet_udp_receive_pki_tks_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pki_tks_port',`
corenet_dontaudit_udp_send_pki_tks_port($1)
corenet_dontaudit_udp_receive_pki_tks_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pki_tks_port',`
gen_require(`
type pki_tks_port_t;
')
allow $1 pki_tks_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pki_tks_port',`
gen_require(`
type pki_tks_port_t;
')
allow $1 pki_tks_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pki_tks_port',`
gen_require(`
type pki_tks_port_t;
')
allow $1 pki_tks_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pki_tks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_tks_client_packets',`
gen_require(`
type pki_tks_client_packet_t;
')
allow $1 pki_tks_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_tks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_tks_client_packets',`
gen_require(`
type pki_tks_client_packet_t;
')
dontaudit $1 pki_tks_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_tks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_tks_client_packets',`
gen_require(`
type pki_tks_client_packet_t;
')
allow $1 pki_tks_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_tks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_tks_client_packets',`
gen_require(`
type pki_tks_client_packet_t;
')
dontaudit $1 pki_tks_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_tks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_tks_client_packets',`
corenet_send_pki_tks_client_packets($1)
corenet_receive_pki_tks_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_tks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_tks_client_packets',`
corenet_dontaudit_send_pki_tks_client_packets($1)
corenet_dontaudit_receive_pki_tks_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_tks_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_tks_client_packets',`
gen_require(`
type pki_tks_client_packet_t;
')
allow $1 pki_tks_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pki_tks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_tks_server_packets',`
gen_require(`
type pki_tks_server_packet_t;
')
allow $1 pki_tks_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_tks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_tks_server_packets',`
gen_require(`
type pki_tks_server_packet_t;
')
dontaudit $1 pki_tks_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_tks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_tks_server_packets',`
gen_require(`
type pki_tks_server_packet_t;
')
allow $1 pki_tks_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_tks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_tks_server_packets',`
gen_require(`
type pki_tks_server_packet_t;
')
dontaudit $1 pki_tks_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_tks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_tks_server_packets',`
corenet_send_pki_tks_server_packets($1)
corenet_receive_pki_tks_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_tks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_tks_server_packets',`
corenet_dontaudit_send_pki_tks_server_packets($1)
corenet_dontaudit_receive_pki_tks_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_tks_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_tks_server_packets',`
gen_require(`
type pki_tks_server_packet_t;
')
allow $1 pki_tks_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pki_ra_port',`
gen_require(`
type pki_ra_port_t;
')
allow $1 pki_ra_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pki_ra_port',`
gen_require(`
type pki_ra_port_t;
')
allow $1 pki_ra_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pki_ra_port',`
gen_require(`
type pki_ra_port_t;
')
dontaudit $1 pki_ra_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pki_ra_port',`
gen_require(`
type pki_ra_port_t;
')
allow $1 pki_ra_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pki_ra_port',`
gen_require(`
type pki_ra_port_t;
')
dontaudit $1 pki_ra_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pki_ra_port',`
corenet_udp_send_pki_ra_port($1)
corenet_udp_receive_pki_ra_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pki_ra_port',`
corenet_dontaudit_udp_send_pki_ra_port($1)
corenet_dontaudit_udp_receive_pki_ra_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pki_ra_port',`
gen_require(`
type pki_ra_port_t;
')
allow $1 pki_ra_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pki_ra_port',`
gen_require(`
type pki_ra_port_t;
')
allow $1 pki_ra_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pki_ra_port',`
gen_require(`
type pki_ra_port_t;
')
allow $1 pki_ra_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pki_ra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_ra_client_packets',`
gen_require(`
type pki_ra_client_packet_t;
')
allow $1 pki_ra_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_ra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_ra_client_packets',`
gen_require(`
type pki_ra_client_packet_t;
')
dontaudit $1 pki_ra_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_ra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_ra_client_packets',`
gen_require(`
type pki_ra_client_packet_t;
')
allow $1 pki_ra_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_ra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_ra_client_packets',`
gen_require(`
type pki_ra_client_packet_t;
')
dontaudit $1 pki_ra_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_ra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_ra_client_packets',`
corenet_send_pki_ra_client_packets($1)
corenet_receive_pki_ra_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_ra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_ra_client_packets',`
corenet_dontaudit_send_pki_ra_client_packets($1)
corenet_dontaudit_receive_pki_ra_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_ra_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_ra_client_packets',`
gen_require(`
type pki_ra_client_packet_t;
')
allow $1 pki_ra_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pki_ra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_ra_server_packets',`
gen_require(`
type pki_ra_server_packet_t;
')
allow $1 pki_ra_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_ra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_ra_server_packets',`
gen_require(`
type pki_ra_server_packet_t;
')
dontaudit $1 pki_ra_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_ra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_ra_server_packets',`
gen_require(`
type pki_ra_server_packet_t;
')
allow $1 pki_ra_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_ra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_ra_server_packets',`
gen_require(`
type pki_ra_server_packet_t;
')
dontaudit $1 pki_ra_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_ra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_ra_server_packets',`
corenet_send_pki_ra_server_packets($1)
corenet_receive_pki_ra_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_ra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_ra_server_packets',`
corenet_dontaudit_send_pki_ra_server_packets($1)
corenet_dontaudit_receive_pki_ra_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_ra_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_ra_server_packets',`
gen_require(`
type pki_ra_server_packet_t;
')
allow $1 pki_ra_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pki_tps_port',`
gen_require(`
type pki_tps_port_t;
')
allow $1 pki_tps_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pki_tps_port',`
gen_require(`
type pki_tps_port_t;
')
allow $1 pki_tps_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pki_tps_port',`
gen_require(`
type pki_tps_port_t;
')
dontaudit $1 pki_tps_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pki_tps_port',`
gen_require(`
type pki_tps_port_t;
')
allow $1 pki_tps_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pki_tps_port',`
gen_require(`
type pki_tps_port_t;
')
dontaudit $1 pki_tps_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pki_tps_port',`
corenet_udp_send_pki_tps_port($1)
corenet_udp_receive_pki_tps_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pki_tps_port',`
corenet_dontaudit_udp_send_pki_tps_port($1)
corenet_dontaudit_udp_receive_pki_tps_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pki_tps_port',`
gen_require(`
type pki_tps_port_t;
')
allow $1 pki_tps_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pki_tps_port',`
gen_require(`
type pki_tps_port_t;
')
allow $1 pki_tps_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pki_tps_port',`
gen_require(`
type pki_tps_port_t;
')
allow $1 pki_tps_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pki_tps_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_tps_client_packets',`
gen_require(`
type pki_tps_client_packet_t;
')
allow $1 pki_tps_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_tps_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_tps_client_packets',`
gen_require(`
type pki_tps_client_packet_t;
')
dontaudit $1 pki_tps_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_tps_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_tps_client_packets',`
gen_require(`
type pki_tps_client_packet_t;
')
allow $1 pki_tps_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_tps_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_tps_client_packets',`
gen_require(`
type pki_tps_client_packet_t;
')
dontaudit $1 pki_tps_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_tps_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_tps_client_packets',`
corenet_send_pki_tps_client_packets($1)
corenet_receive_pki_tps_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_tps_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_tps_client_packets',`
corenet_dontaudit_send_pki_tps_client_packets($1)
corenet_dontaudit_receive_pki_tps_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_tps_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_tps_client_packets',`
gen_require(`
type pki_tps_client_packet_t;
')
allow $1 pki_tps_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pki_tps_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_tps_server_packets',`
gen_require(`
type pki_tps_server_packet_t;
')
allow $1 pki_tps_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_tps_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_tps_server_packets',`
gen_require(`
type pki_tps_server_packet_t;
')
dontaudit $1 pki_tps_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_tps_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_tps_server_packets',`
gen_require(`
type pki_tps_server_packet_t;
')
allow $1 pki_tps_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_tps_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_tps_server_packets',`
gen_require(`
type pki_tps_server_packet_t;
')
dontaudit $1 pki_tps_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_tps_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_tps_server_packets',`
corenet_send_pki_tps_server_packets($1)
corenet_receive_pki_tps_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_tps_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_tps_server_packets',`
corenet_dontaudit_send_pki_tps_server_packets($1)
corenet_dontaudit_receive_pki_tps_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_tps_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_tps_server_packets',`
gen_require(`
type pki_tps_server_packet_t;
')
allow $1 pki_tps_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pop_port',`
gen_require(`
type pop_port_t;
')
allow $1 pop_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pop_port',`
gen_require(`
type pop_port_t;
')
allow $1 pop_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pop_port',`
gen_require(`
type pop_port_t;
')
dontaudit $1 pop_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pop_port',`
gen_require(`
type pop_port_t;
')
allow $1 pop_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pop_port',`
gen_require(`
type pop_port_t;
')
dontaudit $1 pop_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pop_port',`
corenet_udp_send_pop_port($1)
corenet_udp_receive_pop_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pop_port',`
corenet_dontaudit_udp_send_pop_port($1)
corenet_dontaudit_udp_receive_pop_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pop_port',`
gen_require(`
type pop_port_t;
')
allow $1 pop_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pop_port',`
gen_require(`
type pop_port_t;
')
allow $1 pop_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pop_port',`
gen_require(`
type pop_port_t;
')
allow $1 pop_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pop_client_packets',`
gen_require(`
type pop_client_packet_t;
')
allow $1 pop_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pop_client_packets',`
gen_require(`
type pop_client_packet_t;
')
dontaudit $1 pop_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pop_client_packets',`
gen_require(`
type pop_client_packet_t;
')
allow $1 pop_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pop_client_packets',`
gen_require(`
type pop_client_packet_t;
')
dontaudit $1 pop_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pop_client_packets',`
corenet_send_pop_client_packets($1)
corenet_receive_pop_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pop_client_packets',`
corenet_dontaudit_send_pop_client_packets($1)
corenet_dontaudit_receive_pop_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pop_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pop_client_packets',`
gen_require(`
type pop_client_packet_t;
')
allow $1 pop_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pop_server_packets',`
gen_require(`
type pop_server_packet_t;
')
allow $1 pop_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pop_server_packets',`
gen_require(`
type pop_server_packet_t;
')
dontaudit $1 pop_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pop_server_packets',`
gen_require(`
type pop_server_packet_t;
')
allow $1 pop_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pop_server_packets',`
gen_require(`
type pop_server_packet_t;
')
dontaudit $1 pop_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pop_server_packets',`
corenet_send_pop_server_packets($1)
corenet_receive_pop_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pop_server_packets',`
corenet_dontaudit_send_pop_server_packets($1)
corenet_dontaudit_receive_pop_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pop_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pop_server_packets',`
gen_require(`
type pop_server_packet_t;
')
allow $1 pop_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_portmap_port',`
gen_require(`
type portmap_port_t;
')
allow $1 portmap_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_portmap_port',`
gen_require(`
type portmap_port_t;
')
allow $1 portmap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_portmap_port',`
gen_require(`
type portmap_port_t;
')
dontaudit $1 portmap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_portmap_port',`
gen_require(`
type portmap_port_t;
')
allow $1 portmap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_portmap_port',`
gen_require(`
type portmap_port_t;
')
dontaudit $1 portmap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_portmap_port',`
corenet_udp_send_portmap_port($1)
corenet_udp_receive_portmap_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_portmap_port',`
corenet_dontaudit_udp_send_portmap_port($1)
corenet_dontaudit_udp_receive_portmap_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_portmap_port',`
gen_require(`
type portmap_port_t;
')
allow $1 portmap_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_portmap_port',`
gen_require(`
type portmap_port_t;
')
allow $1 portmap_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_portmap_port',`
gen_require(`
type portmap_port_t;
')
allow $1 portmap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send portmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_portmap_client_packets',`
gen_require(`
type portmap_client_packet_t;
')
allow $1 portmap_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send portmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_portmap_client_packets',`
gen_require(`
type portmap_client_packet_t;
')
dontaudit $1 portmap_client_packet_t:packet send;
')
########################################
## <summary>
## Receive portmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_portmap_client_packets',`
gen_require(`
type portmap_client_packet_t;
')
allow $1 portmap_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive portmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_portmap_client_packets',`
gen_require(`
type portmap_client_packet_t;
')
dontaudit $1 portmap_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive portmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_portmap_client_packets',`
corenet_send_portmap_client_packets($1)
corenet_receive_portmap_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive portmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_portmap_client_packets',`
corenet_dontaudit_send_portmap_client_packets($1)
corenet_dontaudit_receive_portmap_client_packets($1)
')
########################################
## <summary>
## Relabel packets to portmap_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_portmap_client_packets',`
gen_require(`
type portmap_client_packet_t;
')
allow $1 portmap_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send portmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_portmap_server_packets',`
gen_require(`
type portmap_server_packet_t;
')
allow $1 portmap_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send portmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_portmap_server_packets',`
gen_require(`
type portmap_server_packet_t;
')
dontaudit $1 portmap_server_packet_t:packet send;
')
########################################
## <summary>
## Receive portmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_portmap_server_packets',`
gen_require(`
type portmap_server_packet_t;
')
allow $1 portmap_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive portmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_portmap_server_packets',`
gen_require(`
type portmap_server_packet_t;
')
dontaudit $1 portmap_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive portmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_portmap_server_packets',`
corenet_send_portmap_server_packets($1)
corenet_receive_portmap_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive portmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_portmap_server_packets',`
corenet_dontaudit_send_portmap_server_packets($1)
corenet_dontaudit_receive_portmap_server_packets($1)
')
########################################
## <summary>
## Relabel packets to portmap_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_portmap_server_packets',`
gen_require(`
type portmap_server_packet_t;
')
allow $1 portmap_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_postfix_policyd_port',`
gen_require(`
type postfix_policyd_port_t;
')
allow $1 postfix_policyd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_postfix_policyd_port',`
gen_require(`
type postfix_policyd_port_t;
')
allow $1 postfix_policyd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_postfix_policyd_port',`
gen_require(`
type postfix_policyd_port_t;
')
dontaudit $1 postfix_policyd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_postfix_policyd_port',`
gen_require(`
type postfix_policyd_port_t;
')
allow $1 postfix_policyd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_postfix_policyd_port',`
gen_require(`
type postfix_policyd_port_t;
')
dontaudit $1 postfix_policyd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_postfix_policyd_port',`
corenet_udp_send_postfix_policyd_port($1)
corenet_udp_receive_postfix_policyd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_postfix_policyd_port',`
corenet_dontaudit_udp_send_postfix_policyd_port($1)
corenet_dontaudit_udp_receive_postfix_policyd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_postfix_policyd_port',`
gen_require(`
type postfix_policyd_port_t;
')
allow $1 postfix_policyd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_postfix_policyd_port',`
gen_require(`
type postfix_policyd_port_t;
')
allow $1 postfix_policyd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_postfix_policyd_port',`
gen_require(`
type postfix_policyd_port_t;
')
allow $1 postfix_policyd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send postfix_policyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_postfix_policyd_client_packets',`
gen_require(`
type postfix_policyd_client_packet_t;
')
allow $1 postfix_policyd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send postfix_policyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_postfix_policyd_client_packets',`
gen_require(`
type postfix_policyd_client_packet_t;
')
dontaudit $1 postfix_policyd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive postfix_policyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_postfix_policyd_client_packets',`
gen_require(`
type postfix_policyd_client_packet_t;
')
allow $1 postfix_policyd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive postfix_policyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_postfix_policyd_client_packets',`
gen_require(`
type postfix_policyd_client_packet_t;
')
dontaudit $1 postfix_policyd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive postfix_policyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_postfix_policyd_client_packets',`
corenet_send_postfix_policyd_client_packets($1)
corenet_receive_postfix_policyd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive postfix_policyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_postfix_policyd_client_packets',`
corenet_dontaudit_send_postfix_policyd_client_packets($1)
corenet_dontaudit_receive_postfix_policyd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to postfix_policyd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_postfix_policyd_client_packets',`
gen_require(`
type postfix_policyd_client_packet_t;
')
allow $1 postfix_policyd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send postfix_policyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_postfix_policyd_server_packets',`
gen_require(`
type postfix_policyd_server_packet_t;
')
allow $1 postfix_policyd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send postfix_policyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_postfix_policyd_server_packets',`
gen_require(`
type postfix_policyd_server_packet_t;
')
dontaudit $1 postfix_policyd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive postfix_policyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_postfix_policyd_server_packets',`
gen_require(`
type postfix_policyd_server_packet_t;
')
allow $1 postfix_policyd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive postfix_policyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_postfix_policyd_server_packets',`
gen_require(`
type postfix_policyd_server_packet_t;
')
dontaudit $1 postfix_policyd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive postfix_policyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_postfix_policyd_server_packets',`
corenet_send_postfix_policyd_server_packets($1)
corenet_receive_postfix_policyd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive postfix_policyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_postfix_policyd_server_packets',`
corenet_dontaudit_send_postfix_policyd_server_packets($1)
corenet_dontaudit_receive_postfix_policyd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to postfix_policyd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_postfix_policyd_server_packets',`
gen_require(`
type postfix_policyd_server_packet_t;
')
allow $1 postfix_policyd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_postgresql_port',`
gen_require(`
type postgresql_port_t;
')
allow $1 postgresql_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_postgresql_port',`
gen_require(`
type postgresql_port_t;
')
allow $1 postgresql_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_postgresql_port',`
gen_require(`
type postgresql_port_t;
')
dontaudit $1 postgresql_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_postgresql_port',`
gen_require(`
type postgresql_port_t;
')
allow $1 postgresql_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_postgresql_port',`
gen_require(`
type postgresql_port_t;
')
dontaudit $1 postgresql_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_postgresql_port',`
corenet_udp_send_postgresql_port($1)
corenet_udp_receive_postgresql_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_postgresql_port',`
corenet_dontaudit_udp_send_postgresql_port($1)
corenet_dontaudit_udp_receive_postgresql_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_postgresql_port',`
gen_require(`
type postgresql_port_t;
')
allow $1 postgresql_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_postgresql_port',`
gen_require(`
type postgresql_port_t;
')
allow $1 postgresql_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_postgresql_port',`
gen_require(`
type postgresql_port_t;
')
allow $1 postgresql_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send postgresql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_postgresql_client_packets',`
gen_require(`
type postgresql_client_packet_t;
')
allow $1 postgresql_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send postgresql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_postgresql_client_packets',`
gen_require(`
type postgresql_client_packet_t;
')
dontaudit $1 postgresql_client_packet_t:packet send;
')
########################################
## <summary>
## Receive postgresql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_postgresql_client_packets',`
gen_require(`
type postgresql_client_packet_t;
')
allow $1 postgresql_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive postgresql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_postgresql_client_packets',`
gen_require(`
type postgresql_client_packet_t;
')
dontaudit $1 postgresql_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive postgresql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_postgresql_client_packets',`
corenet_send_postgresql_client_packets($1)
corenet_receive_postgresql_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive postgresql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_postgresql_client_packets',`
corenet_dontaudit_send_postgresql_client_packets($1)
corenet_dontaudit_receive_postgresql_client_packets($1)
')
########################################
## <summary>
## Relabel packets to postgresql_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_postgresql_client_packets',`
gen_require(`
type postgresql_client_packet_t;
')
allow $1 postgresql_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send postgresql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_postgresql_server_packets',`
gen_require(`
type postgresql_server_packet_t;
')
allow $1 postgresql_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send postgresql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_postgresql_server_packets',`
gen_require(`
type postgresql_server_packet_t;
')
dontaudit $1 postgresql_server_packet_t:packet send;
')
########################################
## <summary>
## Receive postgresql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_postgresql_server_packets',`
gen_require(`
type postgresql_server_packet_t;
')
allow $1 postgresql_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive postgresql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_postgresql_server_packets',`
gen_require(`
type postgresql_server_packet_t;
')
dontaudit $1 postgresql_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive postgresql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_postgresql_server_packets',`
corenet_send_postgresql_server_packets($1)
corenet_receive_postgresql_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive postgresql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_postgresql_server_packets',`
corenet_dontaudit_send_postgresql_server_packets($1)
corenet_dontaudit_receive_postgresql_server_packets($1)
')
########################################
## <summary>
## Relabel packets to postgresql_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_postgresql_server_packets',`
gen_require(`
type postgresql_server_packet_t;
')
allow $1 postgresql_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_postgrey_port',`
gen_require(`
type postgrey_port_t;
')
allow $1 postgrey_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_postgrey_port',`
gen_require(`
type postgrey_port_t;
')
allow $1 postgrey_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_postgrey_port',`
gen_require(`
type postgrey_port_t;
')
dontaudit $1 postgrey_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_postgrey_port',`
gen_require(`
type postgrey_port_t;
')
allow $1 postgrey_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_postgrey_port',`
gen_require(`
type postgrey_port_t;
')
dontaudit $1 postgrey_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_postgrey_port',`
corenet_udp_send_postgrey_port($1)
corenet_udp_receive_postgrey_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_postgrey_port',`
corenet_dontaudit_udp_send_postgrey_port($1)
corenet_dontaudit_udp_receive_postgrey_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_postgrey_port',`
gen_require(`
type postgrey_port_t;
')
allow $1 postgrey_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_postgrey_port',`
gen_require(`
type postgrey_port_t;
')
allow $1 postgrey_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_postgrey_port',`
gen_require(`
type postgrey_port_t;
')
allow $1 postgrey_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send postgrey_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_postgrey_client_packets',`
gen_require(`
type postgrey_client_packet_t;
')
allow $1 postgrey_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send postgrey_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_postgrey_client_packets',`
gen_require(`
type postgrey_client_packet_t;
')
dontaudit $1 postgrey_client_packet_t:packet send;
')
########################################
## <summary>
## Receive postgrey_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_postgrey_client_packets',`
gen_require(`
type postgrey_client_packet_t;
')
allow $1 postgrey_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive postgrey_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_postgrey_client_packets',`
gen_require(`
type postgrey_client_packet_t;
')
dontaudit $1 postgrey_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive postgrey_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_postgrey_client_packets',`
corenet_send_postgrey_client_packets($1)
corenet_receive_postgrey_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive postgrey_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_postgrey_client_packets',`
corenet_dontaudit_send_postgrey_client_packets($1)
corenet_dontaudit_receive_postgrey_client_packets($1)
')
########################################
## <summary>
## Relabel packets to postgrey_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_postgrey_client_packets',`
gen_require(`
type postgrey_client_packet_t;
')
allow $1 postgrey_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send postgrey_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_postgrey_server_packets',`
gen_require(`
type postgrey_server_packet_t;
')
allow $1 postgrey_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send postgrey_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_postgrey_server_packets',`
gen_require(`
type postgrey_server_packet_t;
')
dontaudit $1 postgrey_server_packet_t:packet send;
')
########################################
## <summary>
## Receive postgrey_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_postgrey_server_packets',`
gen_require(`
type postgrey_server_packet_t;
')
allow $1 postgrey_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive postgrey_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_postgrey_server_packets',`
gen_require(`
type postgrey_server_packet_t;
')
dontaudit $1 postgrey_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive postgrey_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_postgrey_server_packets',`
corenet_send_postgrey_server_packets($1)
corenet_receive_postgrey_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive postgrey_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_postgrey_server_packets',`
corenet_dontaudit_send_postgrey_server_packets($1)
corenet_dontaudit_receive_postgrey_server_packets($1)
')
########################################
## <summary>
## Relabel packets to postgrey_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_postgrey_server_packets',`
gen_require(`
type postgrey_server_packet_t;
')
allow $1 postgrey_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_prelude_port',`
gen_require(`
type prelude_port_t;
')
allow $1 prelude_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_prelude_port',`
gen_require(`
type prelude_port_t;
')
allow $1 prelude_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_prelude_port',`
gen_require(`
type prelude_port_t;
')
dontaudit $1 prelude_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_prelude_port',`
gen_require(`
type prelude_port_t;
')
allow $1 prelude_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_prelude_port',`
gen_require(`
type prelude_port_t;
')
dontaudit $1 prelude_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_prelude_port',`
corenet_udp_send_prelude_port($1)
corenet_udp_receive_prelude_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_prelude_port',`
corenet_dontaudit_udp_send_prelude_port($1)
corenet_dontaudit_udp_receive_prelude_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_prelude_port',`
gen_require(`
type prelude_port_t;
')
allow $1 prelude_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_prelude_port',`
gen_require(`
type prelude_port_t;
')
allow $1 prelude_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_prelude_port',`
gen_require(`
type prelude_port_t;
')
allow $1 prelude_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send prelude_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_prelude_client_packets',`
gen_require(`
type prelude_client_packet_t;
')
allow $1 prelude_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send prelude_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_prelude_client_packets',`
gen_require(`
type prelude_client_packet_t;
')
dontaudit $1 prelude_client_packet_t:packet send;
')
########################################
## <summary>
## Receive prelude_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_prelude_client_packets',`
gen_require(`
type prelude_client_packet_t;
')
allow $1 prelude_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive prelude_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_prelude_client_packets',`
gen_require(`
type prelude_client_packet_t;
')
dontaudit $1 prelude_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive prelude_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_prelude_client_packets',`
corenet_send_prelude_client_packets($1)
corenet_receive_prelude_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive prelude_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_prelude_client_packets',`
corenet_dontaudit_send_prelude_client_packets($1)
corenet_dontaudit_receive_prelude_client_packets($1)
')
########################################
## <summary>
## Relabel packets to prelude_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_prelude_client_packets',`
gen_require(`
type prelude_client_packet_t;
')
allow $1 prelude_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send prelude_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_prelude_server_packets',`
gen_require(`
type prelude_server_packet_t;
')
allow $1 prelude_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send prelude_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_prelude_server_packets',`
gen_require(`
type prelude_server_packet_t;
')
dontaudit $1 prelude_server_packet_t:packet send;
')
########################################
## <summary>
## Receive prelude_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_prelude_server_packets',`
gen_require(`
type prelude_server_packet_t;
')
allow $1 prelude_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive prelude_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_prelude_server_packets',`
gen_require(`
type prelude_server_packet_t;
')
dontaudit $1 prelude_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive prelude_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_prelude_server_packets',`
corenet_send_prelude_server_packets($1)
corenet_receive_prelude_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive prelude_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_prelude_server_packets',`
corenet_dontaudit_send_prelude_server_packets($1)
corenet_dontaudit_receive_prelude_server_packets($1)
')
########################################
## <summary>
## Relabel packets to prelude_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_prelude_server_packets',`
gen_require(`
type prelude_server_packet_t;
')
allow $1 prelude_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_presence_port',`
gen_require(`
type presence_port_t;
')
allow $1 presence_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_presence_port',`
gen_require(`
type presence_port_t;
')
allow $1 presence_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_presence_port',`
gen_require(`
type presence_port_t;
')
dontaudit $1 presence_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_presence_port',`
gen_require(`
type presence_port_t;
')
allow $1 presence_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_presence_port',`
gen_require(`
type presence_port_t;
')
dontaudit $1 presence_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_presence_port',`
corenet_udp_send_presence_port($1)
corenet_udp_receive_presence_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_presence_port',`
corenet_dontaudit_udp_send_presence_port($1)
corenet_dontaudit_udp_receive_presence_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_presence_port',`
gen_require(`
type presence_port_t;
')
allow $1 presence_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_presence_port',`
gen_require(`
type presence_port_t;
')
allow $1 presence_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_presence_port',`
gen_require(`
type presence_port_t;
')
allow $1 presence_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send presence_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_presence_client_packets',`
gen_require(`
type presence_client_packet_t;
')
allow $1 presence_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send presence_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_presence_client_packets',`
gen_require(`
type presence_client_packet_t;
')
dontaudit $1 presence_client_packet_t:packet send;
')
########################################
## <summary>
## Receive presence_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_presence_client_packets',`
gen_require(`
type presence_client_packet_t;
')
allow $1 presence_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive presence_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_presence_client_packets',`
gen_require(`
type presence_client_packet_t;
')
dontaudit $1 presence_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive presence_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_presence_client_packets',`
corenet_send_presence_client_packets($1)
corenet_receive_presence_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive presence_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_presence_client_packets',`
corenet_dontaudit_send_presence_client_packets($1)
corenet_dontaudit_receive_presence_client_packets($1)
')
########################################
## <summary>
## Relabel packets to presence_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_presence_client_packets',`
gen_require(`
type presence_client_packet_t;
')
allow $1 presence_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send presence_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_presence_server_packets',`
gen_require(`
type presence_server_packet_t;
')
allow $1 presence_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send presence_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_presence_server_packets',`
gen_require(`
type presence_server_packet_t;
')
dontaudit $1 presence_server_packet_t:packet send;
')
########################################
## <summary>
## Receive presence_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_presence_server_packets',`
gen_require(`
type presence_server_packet_t;
')
allow $1 presence_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive presence_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_presence_server_packets',`
gen_require(`
type presence_server_packet_t;
')
dontaudit $1 presence_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive presence_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_presence_server_packets',`
corenet_send_presence_server_packets($1)
corenet_receive_presence_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive presence_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_presence_server_packets',`
corenet_dontaudit_send_presence_server_packets($1)
corenet_dontaudit_receive_presence_server_packets($1)
')
########################################
## <summary>
## Relabel packets to presence_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_presence_server_packets',`
gen_require(`
type presence_server_packet_t;
')
allow $1 presence_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_preupgrade_port',`
gen_require(`
type preupgrade_port_t;
')
allow $1 preupgrade_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_preupgrade_port',`
gen_require(`
type preupgrade_port_t;
')
allow $1 preupgrade_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_preupgrade_port',`
gen_require(`
type preupgrade_port_t;
')
dontaudit $1 preupgrade_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_preupgrade_port',`
gen_require(`
type preupgrade_port_t;
')
allow $1 preupgrade_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_preupgrade_port',`
gen_require(`
type preupgrade_port_t;
')
dontaudit $1 preupgrade_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_preupgrade_port',`
corenet_udp_send_preupgrade_port($1)
corenet_udp_receive_preupgrade_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_preupgrade_port',`
corenet_dontaudit_udp_send_preupgrade_port($1)
corenet_dontaudit_udp_receive_preupgrade_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_preupgrade_port',`
gen_require(`
type preupgrade_port_t;
')
allow $1 preupgrade_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_preupgrade_port',`
gen_require(`
type preupgrade_port_t;
')
allow $1 preupgrade_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_preupgrade_port',`
gen_require(`
type preupgrade_port_t;
')
allow $1 preupgrade_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send preupgrade_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_preupgrade_client_packets',`
gen_require(`
type preupgrade_client_packet_t;
')
allow $1 preupgrade_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send preupgrade_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_preupgrade_client_packets',`
gen_require(`
type preupgrade_client_packet_t;
')
dontaudit $1 preupgrade_client_packet_t:packet send;
')
########################################
## <summary>
## Receive preupgrade_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_preupgrade_client_packets',`
gen_require(`
type preupgrade_client_packet_t;
')
allow $1 preupgrade_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive preupgrade_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_preupgrade_client_packets',`
gen_require(`
type preupgrade_client_packet_t;
')
dontaudit $1 preupgrade_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive preupgrade_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_preupgrade_client_packets',`
corenet_send_preupgrade_client_packets($1)
corenet_receive_preupgrade_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive preupgrade_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_preupgrade_client_packets',`
corenet_dontaudit_send_preupgrade_client_packets($1)
corenet_dontaudit_receive_preupgrade_client_packets($1)
')
########################################
## <summary>
## Relabel packets to preupgrade_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_preupgrade_client_packets',`
gen_require(`
type preupgrade_client_packet_t;
')
allow $1 preupgrade_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send preupgrade_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_preupgrade_server_packets',`
gen_require(`
type preupgrade_server_packet_t;
')
allow $1 preupgrade_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send preupgrade_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_preupgrade_server_packets',`
gen_require(`
type preupgrade_server_packet_t;
')
dontaudit $1 preupgrade_server_packet_t:packet send;
')
########################################
## <summary>
## Receive preupgrade_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_preupgrade_server_packets',`
gen_require(`
type preupgrade_server_packet_t;
')
allow $1 preupgrade_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive preupgrade_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_preupgrade_server_packets',`
gen_require(`
type preupgrade_server_packet_t;
')
dontaudit $1 preupgrade_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive preupgrade_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_preupgrade_server_packets',`
corenet_send_preupgrade_server_packets($1)
corenet_receive_preupgrade_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive preupgrade_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_preupgrade_server_packets',`
corenet_dontaudit_send_preupgrade_server_packets($1)
corenet_dontaudit_receive_preupgrade_server_packets($1)
')
########################################
## <summary>
## Relabel packets to preupgrade_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_preupgrade_server_packets',`
gen_require(`
type preupgrade_server_packet_t;
')
allow $1 preupgrade_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_printer_port',`
gen_require(`
type printer_port_t;
')
allow $1 printer_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_printer_port',`
gen_require(`
type printer_port_t;
')
allow $1 printer_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_printer_port',`
gen_require(`
type printer_port_t;
')
dontaudit $1 printer_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_printer_port',`
gen_require(`
type printer_port_t;
')
allow $1 printer_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_printer_port',`
gen_require(`
type printer_port_t;
')
dontaudit $1 printer_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_printer_port',`
corenet_udp_send_printer_port($1)
corenet_udp_receive_printer_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_printer_port',`
corenet_dontaudit_udp_send_printer_port($1)
corenet_dontaudit_udp_receive_printer_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_printer_port',`
gen_require(`
type printer_port_t;
')
allow $1 printer_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_printer_port',`
gen_require(`
type printer_port_t;
')
allow $1 printer_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_printer_port',`
gen_require(`
type printer_port_t;
')
allow $1 printer_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send printer_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_printer_client_packets',`
gen_require(`
type printer_client_packet_t;
')
allow $1 printer_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send printer_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_printer_client_packets',`
gen_require(`
type printer_client_packet_t;
')
dontaudit $1 printer_client_packet_t:packet send;
')
########################################
## <summary>
## Receive printer_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_printer_client_packets',`
gen_require(`
type printer_client_packet_t;
')
allow $1 printer_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive printer_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_printer_client_packets',`
gen_require(`
type printer_client_packet_t;
')
dontaudit $1 printer_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive printer_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_printer_client_packets',`
corenet_send_printer_client_packets($1)
corenet_receive_printer_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive printer_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_printer_client_packets',`
corenet_dontaudit_send_printer_client_packets($1)
corenet_dontaudit_receive_printer_client_packets($1)
')
########################################
## <summary>
## Relabel packets to printer_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_printer_client_packets',`
gen_require(`
type printer_client_packet_t;
')
allow $1 printer_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send printer_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_printer_server_packets',`
gen_require(`
type printer_server_packet_t;
')
allow $1 printer_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send printer_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_printer_server_packets',`
gen_require(`
type printer_server_packet_t;
')
dontaudit $1 printer_server_packet_t:packet send;
')
########################################
## <summary>
## Receive printer_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_printer_server_packets',`
gen_require(`
type printer_server_packet_t;
')
allow $1 printer_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive printer_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_printer_server_packets',`
gen_require(`
type printer_server_packet_t;
')
dontaudit $1 printer_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive printer_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_printer_server_packets',`
corenet_send_printer_server_packets($1)
corenet_receive_printer_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive printer_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_printer_server_packets',`
corenet_dontaudit_send_printer_server_packets($1)
corenet_dontaudit_receive_printer_server_packets($1)
')
########################################
## <summary>
## Relabel packets to printer_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_printer_server_packets',`
gen_require(`
type printer_server_packet_t;
')
allow $1 printer_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ptal_port',`
gen_require(`
type ptal_port_t;
')
allow $1 ptal_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ptal_port',`
gen_require(`
type ptal_port_t;
')
allow $1 ptal_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ptal_port',`
gen_require(`
type ptal_port_t;
')
dontaudit $1 ptal_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ptal_port',`
gen_require(`
type ptal_port_t;
')
allow $1 ptal_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ptal_port',`
gen_require(`
type ptal_port_t;
')
dontaudit $1 ptal_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ptal_port',`
corenet_udp_send_ptal_port($1)
corenet_udp_receive_ptal_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ptal_port',`
corenet_dontaudit_udp_send_ptal_port($1)
corenet_dontaudit_udp_receive_ptal_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ptal_port',`
gen_require(`
type ptal_port_t;
')
allow $1 ptal_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ptal_port',`
gen_require(`
type ptal_port_t;
')
allow $1 ptal_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ptal_port',`
gen_require(`
type ptal_port_t;
')
allow $1 ptal_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ptal_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ptal_client_packets',`
gen_require(`
type ptal_client_packet_t;
')
allow $1 ptal_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ptal_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ptal_client_packets',`
gen_require(`
type ptal_client_packet_t;
')
dontaudit $1 ptal_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ptal_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ptal_client_packets',`
gen_require(`
type ptal_client_packet_t;
')
allow $1 ptal_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ptal_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ptal_client_packets',`
gen_require(`
type ptal_client_packet_t;
')
dontaudit $1 ptal_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ptal_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ptal_client_packets',`
corenet_send_ptal_client_packets($1)
corenet_receive_ptal_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ptal_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ptal_client_packets',`
corenet_dontaudit_send_ptal_client_packets($1)
corenet_dontaudit_receive_ptal_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ptal_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ptal_client_packets',`
gen_require(`
type ptal_client_packet_t;
')
allow $1 ptal_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ptal_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ptal_server_packets',`
gen_require(`
type ptal_server_packet_t;
')
allow $1 ptal_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ptal_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ptal_server_packets',`
gen_require(`
type ptal_server_packet_t;
')
dontaudit $1 ptal_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ptal_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ptal_server_packets',`
gen_require(`
type ptal_server_packet_t;
')
allow $1 ptal_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ptal_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ptal_server_packets',`
gen_require(`
type ptal_server_packet_t;
')
dontaudit $1 ptal_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ptal_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ptal_server_packets',`
corenet_send_ptal_server_packets($1)
corenet_receive_ptal_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ptal_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ptal_server_packets',`
corenet_dontaudit_send_ptal_server_packets($1)
corenet_dontaudit_receive_ptal_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ptal_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ptal_server_packets',`
gen_require(`
type ptal_server_packet_t;
')
allow $1 ptal_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pulseaudio_port',`
gen_require(`
type pulseaudio_port_t;
')
allow $1 pulseaudio_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pulseaudio_port',`
gen_require(`
type pulseaudio_port_t;
')
allow $1 pulseaudio_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pulseaudio_port',`
gen_require(`
type pulseaudio_port_t;
')
dontaudit $1 pulseaudio_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pulseaudio_port',`
gen_require(`
type pulseaudio_port_t;
')
allow $1 pulseaudio_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pulseaudio_port',`
gen_require(`
type pulseaudio_port_t;
')
dontaudit $1 pulseaudio_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pulseaudio_port',`
corenet_udp_send_pulseaudio_port($1)
corenet_udp_receive_pulseaudio_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pulseaudio_port',`
corenet_dontaudit_udp_send_pulseaudio_port($1)
corenet_dontaudit_udp_receive_pulseaudio_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pulseaudio_port',`
gen_require(`
type pulseaudio_port_t;
')
allow $1 pulseaudio_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pulseaudio_port',`
gen_require(`
type pulseaudio_port_t;
')
allow $1 pulseaudio_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pulseaudio_port',`
gen_require(`
type pulseaudio_port_t;
')
allow $1 pulseaudio_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pulseaudio_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pulseaudio_client_packets',`
gen_require(`
type pulseaudio_client_packet_t;
')
allow $1 pulseaudio_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pulseaudio_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pulseaudio_client_packets',`
gen_require(`
type pulseaudio_client_packet_t;
')
dontaudit $1 pulseaudio_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pulseaudio_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pulseaudio_client_packets',`
gen_require(`
type pulseaudio_client_packet_t;
')
allow $1 pulseaudio_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pulseaudio_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pulseaudio_client_packets',`
gen_require(`
type pulseaudio_client_packet_t;
')
dontaudit $1 pulseaudio_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pulseaudio_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pulseaudio_client_packets',`
corenet_send_pulseaudio_client_packets($1)
corenet_receive_pulseaudio_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pulseaudio_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pulseaudio_client_packets',`
corenet_dontaudit_send_pulseaudio_client_packets($1)
corenet_dontaudit_receive_pulseaudio_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pulseaudio_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pulseaudio_client_packets',`
gen_require(`
type pulseaudio_client_packet_t;
')
allow $1 pulseaudio_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pulseaudio_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pulseaudio_server_packets',`
gen_require(`
type pulseaudio_server_packet_t;
')
allow $1 pulseaudio_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pulseaudio_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pulseaudio_server_packets',`
gen_require(`
type pulseaudio_server_packet_t;
')
dontaudit $1 pulseaudio_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pulseaudio_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pulseaudio_server_packets',`
gen_require(`
type pulseaudio_server_packet_t;
')
allow $1 pulseaudio_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pulseaudio_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pulseaudio_server_packets',`
gen_require(`
type pulseaudio_server_packet_t;
')
dontaudit $1 pulseaudio_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pulseaudio_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pulseaudio_server_packets',`
corenet_send_pulseaudio_server_packets($1)
corenet_receive_pulseaudio_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pulseaudio_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pulseaudio_server_packets',`
corenet_dontaudit_send_pulseaudio_server_packets($1)
corenet_dontaudit_receive_pulseaudio_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pulseaudio_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pulseaudio_server_packets',`
gen_require(`
type pulseaudio_server_packet_t;
')
allow $1 pulseaudio_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_puppet_port',`
gen_require(`
type puppet_port_t;
')
allow $1 puppet_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_puppet_port',`
gen_require(`
type puppet_port_t;
')
allow $1 puppet_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_puppet_port',`
gen_require(`
type puppet_port_t;
')
dontaudit $1 puppet_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_puppet_port',`
gen_require(`
type puppet_port_t;
')
allow $1 puppet_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_puppet_port',`
gen_require(`
type puppet_port_t;
')
dontaudit $1 puppet_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_puppet_port',`
corenet_udp_send_puppet_port($1)
corenet_udp_receive_puppet_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_puppet_port',`
corenet_dontaudit_udp_send_puppet_port($1)
corenet_dontaudit_udp_receive_puppet_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_puppet_port',`
gen_require(`
type puppet_port_t;
')
allow $1 puppet_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_puppet_port',`
gen_require(`
type puppet_port_t;
')
allow $1 puppet_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_puppet_port',`
gen_require(`
type puppet_port_t;
')
allow $1 puppet_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send puppet_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_puppet_client_packets',`
gen_require(`
type puppet_client_packet_t;
')
allow $1 puppet_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send puppet_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_puppet_client_packets',`
gen_require(`
type puppet_client_packet_t;
')
dontaudit $1 puppet_client_packet_t:packet send;
')
########################################
## <summary>
## Receive puppet_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_puppet_client_packets',`
gen_require(`
type puppet_client_packet_t;
')
allow $1 puppet_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive puppet_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_puppet_client_packets',`
gen_require(`
type puppet_client_packet_t;
')
dontaudit $1 puppet_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive puppet_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_puppet_client_packets',`
corenet_send_puppet_client_packets($1)
corenet_receive_puppet_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive puppet_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_puppet_client_packets',`
corenet_dontaudit_send_puppet_client_packets($1)
corenet_dontaudit_receive_puppet_client_packets($1)
')
########################################
## <summary>
## Relabel packets to puppet_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_puppet_client_packets',`
gen_require(`
type puppet_client_packet_t;
')
allow $1 puppet_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send puppet_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_puppet_server_packets',`
gen_require(`
type puppet_server_packet_t;
')
allow $1 puppet_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send puppet_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_puppet_server_packets',`
gen_require(`
type puppet_server_packet_t;
')
dontaudit $1 puppet_server_packet_t:packet send;
')
########################################
## <summary>
## Receive puppet_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_puppet_server_packets',`
gen_require(`
type puppet_server_packet_t;
')
allow $1 puppet_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive puppet_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_puppet_server_packets',`
gen_require(`
type puppet_server_packet_t;
')
dontaudit $1 puppet_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive puppet_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_puppet_server_packets',`
corenet_send_puppet_server_packets($1)
corenet_receive_puppet_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive puppet_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_puppet_server_packets',`
corenet_dontaudit_send_puppet_server_packets($1)
corenet_dontaudit_receive_puppet_server_packets($1)
')
########################################
## <summary>
## Relabel packets to puppet_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_puppet_server_packets',`
gen_require(`
type puppet_server_packet_t;
')
allow $1 puppet_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pxe_port',`
gen_require(`
type pxe_port_t;
')
allow $1 pxe_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pxe_port',`
gen_require(`
type pxe_port_t;
')
allow $1 pxe_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pxe_port',`
gen_require(`
type pxe_port_t;
')
dontaudit $1 pxe_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pxe_port',`
gen_require(`
type pxe_port_t;
')
allow $1 pxe_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pxe_port',`
gen_require(`
type pxe_port_t;
')
dontaudit $1 pxe_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pxe_port',`
corenet_udp_send_pxe_port($1)
corenet_udp_receive_pxe_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pxe_port',`
corenet_dontaudit_udp_send_pxe_port($1)
corenet_dontaudit_udp_receive_pxe_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pxe_port',`
gen_require(`
type pxe_port_t;
')
allow $1 pxe_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pxe_port',`
gen_require(`
type pxe_port_t;
')
allow $1 pxe_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pxe_port',`
gen_require(`
type pxe_port_t;
')
allow $1 pxe_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pxe_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pxe_client_packets',`
gen_require(`
type pxe_client_packet_t;
')
allow $1 pxe_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pxe_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pxe_client_packets',`
gen_require(`
type pxe_client_packet_t;
')
dontaudit $1 pxe_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pxe_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pxe_client_packets',`
gen_require(`
type pxe_client_packet_t;
')
allow $1 pxe_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pxe_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pxe_client_packets',`
gen_require(`
type pxe_client_packet_t;
')
dontaudit $1 pxe_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pxe_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pxe_client_packets',`
corenet_send_pxe_client_packets($1)
corenet_receive_pxe_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pxe_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pxe_client_packets',`
corenet_dontaudit_send_pxe_client_packets($1)
corenet_dontaudit_receive_pxe_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pxe_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pxe_client_packets',`
gen_require(`
type pxe_client_packet_t;
')
allow $1 pxe_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pxe_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pxe_server_packets',`
gen_require(`
type pxe_server_packet_t;
')
allow $1 pxe_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pxe_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pxe_server_packets',`
gen_require(`
type pxe_server_packet_t;
')
dontaudit $1 pxe_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pxe_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pxe_server_packets',`
gen_require(`
type pxe_server_packet_t;
')
allow $1 pxe_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pxe_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pxe_server_packets',`
gen_require(`
type pxe_server_packet_t;
')
dontaudit $1 pxe_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pxe_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pxe_server_packets',`
corenet_send_pxe_server_packets($1)
corenet_receive_pxe_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pxe_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pxe_server_packets',`
corenet_dontaudit_send_pxe_server_packets($1)
corenet_dontaudit_receive_pxe_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pxe_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pxe_server_packets',`
gen_require(`
type pxe_server_packet_t;
')
allow $1 pxe_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pyzor_port',`
gen_require(`
type pyzor_port_t;
')
allow $1 pyzor_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pyzor_port',`
gen_require(`
type pyzor_port_t;
')
allow $1 pyzor_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pyzor_port',`
gen_require(`
type pyzor_port_t;
')
dontaudit $1 pyzor_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pyzor_port',`
gen_require(`
type pyzor_port_t;
')
allow $1 pyzor_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pyzor_port',`
gen_require(`
type pyzor_port_t;
')
dontaudit $1 pyzor_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pyzor_port',`
corenet_udp_send_pyzor_port($1)
corenet_udp_receive_pyzor_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pyzor_port',`
corenet_dontaudit_udp_send_pyzor_port($1)
corenet_dontaudit_udp_receive_pyzor_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pyzor_port',`
gen_require(`
type pyzor_port_t;
')
allow $1 pyzor_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pyzor_port',`
gen_require(`
type pyzor_port_t;
')
allow $1 pyzor_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pyzor_port',`
gen_require(`
type pyzor_port_t;
')
allow $1 pyzor_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pyzor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pyzor_client_packets',`
gen_require(`
type pyzor_client_packet_t;
')
allow $1 pyzor_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pyzor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pyzor_client_packets',`
gen_require(`
type pyzor_client_packet_t;
')
dontaudit $1 pyzor_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pyzor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pyzor_client_packets',`
gen_require(`
type pyzor_client_packet_t;
')
allow $1 pyzor_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pyzor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pyzor_client_packets',`
gen_require(`
type pyzor_client_packet_t;
')
dontaudit $1 pyzor_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pyzor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pyzor_client_packets',`
corenet_send_pyzor_client_packets($1)
corenet_receive_pyzor_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pyzor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pyzor_client_packets',`
corenet_dontaudit_send_pyzor_client_packets($1)
corenet_dontaudit_receive_pyzor_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pyzor_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pyzor_client_packets',`
gen_require(`
type pyzor_client_packet_t;
')
allow $1 pyzor_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pyzor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pyzor_server_packets',`
gen_require(`
type pyzor_server_packet_t;
')
allow $1 pyzor_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pyzor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pyzor_server_packets',`
gen_require(`
type pyzor_server_packet_t;
')
dontaudit $1 pyzor_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pyzor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pyzor_server_packets',`
gen_require(`
type pyzor_server_packet_t;
')
allow $1 pyzor_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pyzor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pyzor_server_packets',`
gen_require(`
type pyzor_server_packet_t;
')
dontaudit $1 pyzor_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pyzor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pyzor_server_packets',`
corenet_send_pyzor_server_packets($1)
corenet_receive_pyzor_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pyzor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pyzor_server_packets',`
corenet_dontaudit_send_pyzor_server_packets($1)
corenet_dontaudit_receive_pyzor_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pyzor_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pyzor_server_packets',`
gen_require(`
type pyzor_server_packet_t;
')
allow $1 pyzor_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_neutron_port',`
gen_require(`
type neutron_port_t;
')
allow $1 neutron_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_neutron_port',`
gen_require(`
type neutron_port_t;
')
allow $1 neutron_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_neutron_port',`
gen_require(`
type neutron_port_t;
')
dontaudit $1 neutron_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_neutron_port',`
gen_require(`
type neutron_port_t;
')
allow $1 neutron_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_neutron_port',`
gen_require(`
type neutron_port_t;
')
dontaudit $1 neutron_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_neutron_port',`
corenet_udp_send_neutron_port($1)
corenet_udp_receive_neutron_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_neutron_port',`
corenet_dontaudit_udp_send_neutron_port($1)
corenet_dontaudit_udp_receive_neutron_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_neutron_port',`
gen_require(`
type neutron_port_t;
')
allow $1 neutron_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_neutron_port',`
gen_require(`
type neutron_port_t;
')
allow $1 neutron_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_neutron_port',`
gen_require(`
type neutron_port_t;
')
allow $1 neutron_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send neutron_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_neutron_client_packets',`
gen_require(`
type neutron_client_packet_t;
')
allow $1 neutron_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send neutron_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_neutron_client_packets',`
gen_require(`
type neutron_client_packet_t;
')
dontaudit $1 neutron_client_packet_t:packet send;
')
########################################
## <summary>
## Receive neutron_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_neutron_client_packets',`
gen_require(`
type neutron_client_packet_t;
')
allow $1 neutron_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive neutron_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_neutron_client_packets',`
gen_require(`
type neutron_client_packet_t;
')
dontaudit $1 neutron_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive neutron_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_neutron_client_packets',`
corenet_send_neutron_client_packets($1)
corenet_receive_neutron_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive neutron_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_neutron_client_packets',`
corenet_dontaudit_send_neutron_client_packets($1)
corenet_dontaudit_receive_neutron_client_packets($1)
')
########################################
## <summary>
## Relabel packets to neutron_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_neutron_client_packets',`
gen_require(`
type neutron_client_packet_t;
')
allow $1 neutron_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send neutron_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_neutron_server_packets',`
gen_require(`
type neutron_server_packet_t;
')
allow $1 neutron_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send neutron_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_neutron_server_packets',`
gen_require(`
type neutron_server_packet_t;
')
dontaudit $1 neutron_server_packet_t:packet send;
')
########################################
## <summary>
## Receive neutron_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_neutron_server_packets',`
gen_require(`
type neutron_server_packet_t;
')
allow $1 neutron_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive neutron_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_neutron_server_packets',`
gen_require(`
type neutron_server_packet_t;
')
dontaudit $1 neutron_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive neutron_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_neutron_server_packets',`
corenet_send_neutron_server_packets($1)
corenet_receive_neutron_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive neutron_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_neutron_server_packets',`
corenet_dontaudit_send_neutron_server_packets($1)
corenet_dontaudit_receive_neutron_server_packets($1)
')
########################################
## <summary>
## Relabel packets to neutron_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_neutron_server_packets',`
gen_require(`
type neutron_server_packet_t;
')
allow $1 neutron_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_radacct_port',`
gen_require(`
type radacct_port_t;
')
allow $1 radacct_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_radacct_port',`
gen_require(`
type radacct_port_t;
')
allow $1 radacct_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_radacct_port',`
gen_require(`
type radacct_port_t;
')
dontaudit $1 radacct_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_radacct_port',`
gen_require(`
type radacct_port_t;
')
allow $1 radacct_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_radacct_port',`
gen_require(`
type radacct_port_t;
')
dontaudit $1 radacct_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_radacct_port',`
corenet_udp_send_radacct_port($1)
corenet_udp_receive_radacct_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_radacct_port',`
corenet_dontaudit_udp_send_radacct_port($1)
corenet_dontaudit_udp_receive_radacct_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_radacct_port',`
gen_require(`
type radacct_port_t;
')
allow $1 radacct_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_radacct_port',`
gen_require(`
type radacct_port_t;
')
allow $1 radacct_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_radacct_port',`
gen_require(`
type radacct_port_t;
')
allow $1 radacct_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send radacct_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_radacct_client_packets',`
gen_require(`
type radacct_client_packet_t;
')
allow $1 radacct_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send radacct_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_radacct_client_packets',`
gen_require(`
type radacct_client_packet_t;
')
dontaudit $1 radacct_client_packet_t:packet send;
')
########################################
## <summary>
## Receive radacct_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_radacct_client_packets',`
gen_require(`
type radacct_client_packet_t;
')
allow $1 radacct_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive radacct_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_radacct_client_packets',`
gen_require(`
type radacct_client_packet_t;
')
dontaudit $1 radacct_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive radacct_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_radacct_client_packets',`
corenet_send_radacct_client_packets($1)
corenet_receive_radacct_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive radacct_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_radacct_client_packets',`
corenet_dontaudit_send_radacct_client_packets($1)
corenet_dontaudit_receive_radacct_client_packets($1)
')
########################################
## <summary>
## Relabel packets to radacct_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_radacct_client_packets',`
gen_require(`
type radacct_client_packet_t;
')
allow $1 radacct_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send radacct_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_radacct_server_packets',`
gen_require(`
type radacct_server_packet_t;
')
allow $1 radacct_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send radacct_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_radacct_server_packets',`
gen_require(`
type radacct_server_packet_t;
')
dontaudit $1 radacct_server_packet_t:packet send;
')
########################################
## <summary>
## Receive radacct_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_radacct_server_packets',`
gen_require(`
type radacct_server_packet_t;
')
allow $1 radacct_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive radacct_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_radacct_server_packets',`
gen_require(`
type radacct_server_packet_t;
')
dontaudit $1 radacct_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive radacct_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_radacct_server_packets',`
corenet_send_radacct_server_packets($1)
corenet_receive_radacct_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive radacct_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_radacct_server_packets',`
corenet_dontaudit_send_radacct_server_packets($1)
corenet_dontaudit_receive_radacct_server_packets($1)
')
########################################
## <summary>
## Relabel packets to radacct_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_radacct_server_packets',`
gen_require(`
type radacct_server_packet_t;
')
allow $1 radacct_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_radius_port',`
gen_require(`
type radius_port_t;
')
allow $1 radius_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_radius_port',`
gen_require(`
type radius_port_t;
')
allow $1 radius_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_radius_port',`
gen_require(`
type radius_port_t;
')
dontaudit $1 radius_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_radius_port',`
gen_require(`
type radius_port_t;
')
allow $1 radius_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_radius_port',`
gen_require(`
type radius_port_t;
')
dontaudit $1 radius_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_radius_port',`
corenet_udp_send_radius_port($1)
corenet_udp_receive_radius_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_radius_port',`
corenet_dontaudit_udp_send_radius_port($1)
corenet_dontaudit_udp_receive_radius_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_radius_port',`
gen_require(`
type radius_port_t;
')
allow $1 radius_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_radius_port',`
gen_require(`
type radius_port_t;
')
allow $1 radius_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_radius_port',`
gen_require(`
type radius_port_t;
')
allow $1 radius_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send radius_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_radius_client_packets',`
gen_require(`
type radius_client_packet_t;
')
allow $1 radius_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send radius_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_radius_client_packets',`
gen_require(`
type radius_client_packet_t;
')
dontaudit $1 radius_client_packet_t:packet send;
')
########################################
## <summary>
## Receive radius_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_radius_client_packets',`
gen_require(`
type radius_client_packet_t;
')
allow $1 radius_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive radius_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_radius_client_packets',`
gen_require(`
type radius_client_packet_t;
')
dontaudit $1 radius_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive radius_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_radius_client_packets',`
corenet_send_radius_client_packets($1)
corenet_receive_radius_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive radius_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_radius_client_packets',`
corenet_dontaudit_send_radius_client_packets($1)
corenet_dontaudit_receive_radius_client_packets($1)
')
########################################
## <summary>
## Relabel packets to radius_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_radius_client_packets',`
gen_require(`
type radius_client_packet_t;
')
allow $1 radius_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send radius_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_radius_server_packets',`
gen_require(`
type radius_server_packet_t;
')
allow $1 radius_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send radius_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_radius_server_packets',`
gen_require(`
type radius_server_packet_t;
')
dontaudit $1 radius_server_packet_t:packet send;
')
########################################
## <summary>
## Receive radius_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_radius_server_packets',`
gen_require(`
type radius_server_packet_t;
')
allow $1 radius_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive radius_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_radius_server_packets',`
gen_require(`
type radius_server_packet_t;
')
dontaudit $1 radius_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive radius_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_radius_server_packets',`
corenet_send_radius_server_packets($1)
corenet_receive_radius_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive radius_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_radius_server_packets',`
corenet_dontaudit_send_radius_server_packets($1)
corenet_dontaudit_receive_radius_server_packets($1)
')
########################################
## <summary>
## Relabel packets to radius_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_radius_server_packets',`
gen_require(`
type radius_server_packet_t;
')
allow $1 radius_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_radsec_port',`
gen_require(`
type radsec_port_t;
')
allow $1 radsec_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_radsec_port',`
gen_require(`
type radsec_port_t;
')
allow $1 radsec_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_radsec_port',`
gen_require(`
type radsec_port_t;
')
dontaudit $1 radsec_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_radsec_port',`
gen_require(`
type radsec_port_t;
')
allow $1 radsec_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_radsec_port',`
gen_require(`
type radsec_port_t;
')
dontaudit $1 radsec_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_radsec_port',`
corenet_udp_send_radsec_port($1)
corenet_udp_receive_radsec_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_radsec_port',`
corenet_dontaudit_udp_send_radsec_port($1)
corenet_dontaudit_udp_receive_radsec_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_radsec_port',`
gen_require(`
type radsec_port_t;
')
allow $1 radsec_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_radsec_port',`
gen_require(`
type radsec_port_t;
')
allow $1 radsec_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_radsec_port',`
gen_require(`
type radsec_port_t;
')
allow $1 radsec_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send radsec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_radsec_client_packets',`
gen_require(`
type radsec_client_packet_t;
')
allow $1 radsec_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send radsec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_radsec_client_packets',`
gen_require(`
type radsec_client_packet_t;
')
dontaudit $1 radsec_client_packet_t:packet send;
')
########################################
## <summary>
## Receive radsec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_radsec_client_packets',`
gen_require(`
type radsec_client_packet_t;
')
allow $1 radsec_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive radsec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_radsec_client_packets',`
gen_require(`
type radsec_client_packet_t;
')
dontaudit $1 radsec_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive radsec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_radsec_client_packets',`
corenet_send_radsec_client_packets($1)
corenet_receive_radsec_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive radsec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_radsec_client_packets',`
corenet_dontaudit_send_radsec_client_packets($1)
corenet_dontaudit_receive_radsec_client_packets($1)
')
########################################
## <summary>
## Relabel packets to radsec_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_radsec_client_packets',`
gen_require(`
type radsec_client_packet_t;
')
allow $1 radsec_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send radsec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_radsec_server_packets',`
gen_require(`
type radsec_server_packet_t;
')
allow $1 radsec_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send radsec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_radsec_server_packets',`
gen_require(`
type radsec_server_packet_t;
')
dontaudit $1 radsec_server_packet_t:packet send;
')
########################################
## <summary>
## Receive radsec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_radsec_server_packets',`
gen_require(`
type radsec_server_packet_t;
')
allow $1 radsec_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive radsec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_radsec_server_packets',`
gen_require(`
type radsec_server_packet_t;
')
dontaudit $1 radsec_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive radsec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_radsec_server_packets',`
corenet_send_radsec_server_packets($1)
corenet_receive_radsec_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive radsec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_radsec_server_packets',`
corenet_dontaudit_send_radsec_server_packets($1)
corenet_dontaudit_receive_radsec_server_packets($1)
')
########################################
## <summary>
## Relabel packets to radsec_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_radsec_server_packets',`
gen_require(`
type radsec_server_packet_t;
')
allow $1 radsec_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_razor_port',`
gen_require(`
type razor_port_t;
')
allow $1 razor_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_razor_port',`
gen_require(`
type razor_port_t;
')
allow $1 razor_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_razor_port',`
gen_require(`
type razor_port_t;
')
dontaudit $1 razor_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_razor_port',`
gen_require(`
type razor_port_t;
')
allow $1 razor_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_razor_port',`
gen_require(`
type razor_port_t;
')
dontaudit $1 razor_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_razor_port',`
corenet_udp_send_razor_port($1)
corenet_udp_receive_razor_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_razor_port',`
corenet_dontaudit_udp_send_razor_port($1)
corenet_dontaudit_udp_receive_razor_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_razor_port',`
gen_require(`
type razor_port_t;
')
allow $1 razor_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_razor_port',`
gen_require(`
type razor_port_t;
')
allow $1 razor_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_razor_port',`
gen_require(`
type razor_port_t;
')
allow $1 razor_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send razor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_razor_client_packets',`
gen_require(`
type razor_client_packet_t;
')
allow $1 razor_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send razor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_razor_client_packets',`
gen_require(`
type razor_client_packet_t;
')
dontaudit $1 razor_client_packet_t:packet send;
')
########################################
## <summary>
## Receive razor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_razor_client_packets',`
gen_require(`
type razor_client_packet_t;
')
allow $1 razor_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive razor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_razor_client_packets',`
gen_require(`
type razor_client_packet_t;
')
dontaudit $1 razor_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive razor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_razor_client_packets',`
corenet_send_razor_client_packets($1)
corenet_receive_razor_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive razor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_razor_client_packets',`
corenet_dontaudit_send_razor_client_packets($1)
corenet_dontaudit_receive_razor_client_packets($1)
')
########################################
## <summary>
## Relabel packets to razor_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_razor_client_packets',`
gen_require(`
type razor_client_packet_t;
')
allow $1 razor_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send razor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_razor_server_packets',`
gen_require(`
type razor_server_packet_t;
')
allow $1 razor_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send razor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_razor_server_packets',`
gen_require(`
type razor_server_packet_t;
')
dontaudit $1 razor_server_packet_t:packet send;
')
########################################
## <summary>
## Receive razor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_razor_server_packets',`
gen_require(`
type razor_server_packet_t;
')
allow $1 razor_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive razor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_razor_server_packets',`
gen_require(`
type razor_server_packet_t;
')
dontaudit $1 razor_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive razor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_razor_server_packets',`
corenet_send_razor_server_packets($1)
corenet_receive_razor_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive razor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_razor_server_packets',`
corenet_dontaudit_send_razor_server_packets($1)
corenet_dontaudit_receive_razor_server_packets($1)
')
########################################
## <summary>
## Relabel packets to razor_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_razor_server_packets',`
gen_require(`
type razor_server_packet_t;
')
allow $1 razor_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_repository_port',`
gen_require(`
type repository_port_t;
')
allow $1 repository_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_repository_port',`
gen_require(`
type repository_port_t;
')
allow $1 repository_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_repository_port',`
gen_require(`
type repository_port_t;
')
dontaudit $1 repository_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_repository_port',`
gen_require(`
type repository_port_t;
')
allow $1 repository_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_repository_port',`
gen_require(`
type repository_port_t;
')
dontaudit $1 repository_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_repository_port',`
corenet_udp_send_repository_port($1)
corenet_udp_receive_repository_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_repository_port',`
corenet_dontaudit_udp_send_repository_port($1)
corenet_dontaudit_udp_receive_repository_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_repository_port',`
gen_require(`
type repository_port_t;
')
allow $1 repository_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_repository_port',`
gen_require(`
type repository_port_t;
')
allow $1 repository_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_repository_port',`
gen_require(`
type repository_port_t;
')
allow $1 repository_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send repository_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_repository_client_packets',`
gen_require(`
type repository_client_packet_t;
')
allow $1 repository_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send repository_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_repository_client_packets',`
gen_require(`
type repository_client_packet_t;
')
dontaudit $1 repository_client_packet_t:packet send;
')
########################################
## <summary>
## Receive repository_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_repository_client_packets',`
gen_require(`
type repository_client_packet_t;
')
allow $1 repository_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive repository_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_repository_client_packets',`
gen_require(`
type repository_client_packet_t;
')
dontaudit $1 repository_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive repository_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_repository_client_packets',`
corenet_send_repository_client_packets($1)
corenet_receive_repository_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive repository_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_repository_client_packets',`
corenet_dontaudit_send_repository_client_packets($1)
corenet_dontaudit_receive_repository_client_packets($1)
')
########################################
## <summary>
## Relabel packets to repository_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_repository_client_packets',`
gen_require(`
type repository_client_packet_t;
')
allow $1 repository_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send repository_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_repository_server_packets',`
gen_require(`
type repository_server_packet_t;
')
allow $1 repository_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send repository_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_repository_server_packets',`
gen_require(`
type repository_server_packet_t;
')
dontaudit $1 repository_server_packet_t:packet send;
')
########################################
## <summary>
## Receive repository_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_repository_server_packets',`
gen_require(`
type repository_server_packet_t;
')
allow $1 repository_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive repository_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_repository_server_packets',`
gen_require(`
type repository_server_packet_t;
')
dontaudit $1 repository_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive repository_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_repository_server_packets',`
corenet_send_repository_server_packets($1)
corenet_receive_repository_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive repository_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_repository_server_packets',`
corenet_dontaudit_send_repository_server_packets($1)
corenet_dontaudit_receive_repository_server_packets($1)
')
########################################
## <summary>
## Relabel packets to repository_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_repository_server_packets',`
gen_require(`
type repository_server_packet_t;
')
allow $1 repository_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ricci_port',`
gen_require(`
type ricci_port_t;
')
allow $1 ricci_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ricci_port',`
gen_require(`
type ricci_port_t;
')
allow $1 ricci_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ricci_port',`
gen_require(`
type ricci_port_t;
')
dontaudit $1 ricci_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ricci_port',`
gen_require(`
type ricci_port_t;
')
allow $1 ricci_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ricci_port',`
gen_require(`
type ricci_port_t;
')
dontaudit $1 ricci_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ricci_port',`
corenet_udp_send_ricci_port($1)
corenet_udp_receive_ricci_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ricci_port',`
corenet_dontaudit_udp_send_ricci_port($1)
corenet_dontaudit_udp_receive_ricci_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ricci_port',`
gen_require(`
type ricci_port_t;
')
allow $1 ricci_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ricci_port',`
gen_require(`
type ricci_port_t;
')
allow $1 ricci_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ricci_port',`
gen_require(`
type ricci_port_t;
')
allow $1 ricci_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ricci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ricci_client_packets',`
gen_require(`
type ricci_client_packet_t;
')
allow $1 ricci_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ricci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ricci_client_packets',`
gen_require(`
type ricci_client_packet_t;
')
dontaudit $1 ricci_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ricci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ricci_client_packets',`
gen_require(`
type ricci_client_packet_t;
')
allow $1 ricci_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ricci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ricci_client_packets',`
gen_require(`
type ricci_client_packet_t;
')
dontaudit $1 ricci_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ricci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ricci_client_packets',`
corenet_send_ricci_client_packets($1)
corenet_receive_ricci_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ricci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ricci_client_packets',`
corenet_dontaudit_send_ricci_client_packets($1)
corenet_dontaudit_receive_ricci_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ricci_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ricci_client_packets',`
gen_require(`
type ricci_client_packet_t;
')
allow $1 ricci_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ricci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ricci_server_packets',`
gen_require(`
type ricci_server_packet_t;
')
allow $1 ricci_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ricci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ricci_server_packets',`
gen_require(`
type ricci_server_packet_t;
')
dontaudit $1 ricci_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ricci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ricci_server_packets',`
gen_require(`
type ricci_server_packet_t;
')
allow $1 ricci_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ricci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ricci_server_packets',`
gen_require(`
type ricci_server_packet_t;
')
dontaudit $1 ricci_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ricci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ricci_server_packets',`
corenet_send_ricci_server_packets($1)
corenet_receive_ricci_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ricci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ricci_server_packets',`
corenet_dontaudit_send_ricci_server_packets($1)
corenet_dontaudit_receive_ricci_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ricci_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ricci_server_packets',`
gen_require(`
type ricci_server_packet_t;
')
allow $1 ricci_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ricci_modcluster_port',`
gen_require(`
type ricci_modcluster_port_t;
')
allow $1 ricci_modcluster_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ricci_modcluster_port',`
gen_require(`
type ricci_modcluster_port_t;
')
allow $1 ricci_modcluster_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ricci_modcluster_port',`
gen_require(`
type ricci_modcluster_port_t;
')
dontaudit $1 ricci_modcluster_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ricci_modcluster_port',`
gen_require(`
type ricci_modcluster_port_t;
')
allow $1 ricci_modcluster_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ricci_modcluster_port',`
gen_require(`
type ricci_modcluster_port_t;
')
dontaudit $1 ricci_modcluster_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ricci_modcluster_port',`
corenet_udp_send_ricci_modcluster_port($1)
corenet_udp_receive_ricci_modcluster_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ricci_modcluster_port',`
corenet_dontaudit_udp_send_ricci_modcluster_port($1)
corenet_dontaudit_udp_receive_ricci_modcluster_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ricci_modcluster_port',`
gen_require(`
type ricci_modcluster_port_t;
')
allow $1 ricci_modcluster_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ricci_modcluster_port',`
gen_require(`
type ricci_modcluster_port_t;
')
allow $1 ricci_modcluster_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ricci_modcluster_port',`
gen_require(`
type ricci_modcluster_port_t;
')
allow $1 ricci_modcluster_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ricci_modcluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ricci_modcluster_client_packets',`
gen_require(`
type ricci_modcluster_client_packet_t;
')
allow $1 ricci_modcluster_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ricci_modcluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ricci_modcluster_client_packets',`
gen_require(`
type ricci_modcluster_client_packet_t;
')
dontaudit $1 ricci_modcluster_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ricci_modcluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ricci_modcluster_client_packets',`
gen_require(`
type ricci_modcluster_client_packet_t;
')
allow $1 ricci_modcluster_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ricci_modcluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ricci_modcluster_client_packets',`
gen_require(`
type ricci_modcluster_client_packet_t;
')
dontaudit $1 ricci_modcluster_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ricci_modcluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ricci_modcluster_client_packets',`
corenet_send_ricci_modcluster_client_packets($1)
corenet_receive_ricci_modcluster_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ricci_modcluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ricci_modcluster_client_packets',`
corenet_dontaudit_send_ricci_modcluster_client_packets($1)
corenet_dontaudit_receive_ricci_modcluster_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ricci_modcluster_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ricci_modcluster_client_packets',`
gen_require(`
type ricci_modcluster_client_packet_t;
')
allow $1 ricci_modcluster_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ricci_modcluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ricci_modcluster_server_packets',`
gen_require(`
type ricci_modcluster_server_packet_t;
')
allow $1 ricci_modcluster_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ricci_modcluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ricci_modcluster_server_packets',`
gen_require(`
type ricci_modcluster_server_packet_t;
')
dontaudit $1 ricci_modcluster_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ricci_modcluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ricci_modcluster_server_packets',`
gen_require(`
type ricci_modcluster_server_packet_t;
')
allow $1 ricci_modcluster_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ricci_modcluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ricci_modcluster_server_packets',`
gen_require(`
type ricci_modcluster_server_packet_t;
')
dontaudit $1 ricci_modcluster_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ricci_modcluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ricci_modcluster_server_packets',`
corenet_send_ricci_modcluster_server_packets($1)
corenet_receive_ricci_modcluster_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ricci_modcluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ricci_modcluster_server_packets',`
corenet_dontaudit_send_ricci_modcluster_server_packets($1)
corenet_dontaudit_receive_ricci_modcluster_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ricci_modcluster_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ricci_modcluster_server_packets',`
gen_require(`
type ricci_modcluster_server_packet_t;
')
allow $1 ricci_modcluster_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_rlogind_port',`
gen_require(`
type rlogind_port_t;
')
allow $1 rlogind_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_rlogind_port',`
gen_require(`
type rlogind_port_t;
')
allow $1 rlogind_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_rlogind_port',`
gen_require(`
type rlogind_port_t;
')
dontaudit $1 rlogind_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_rlogind_port',`
gen_require(`
type rlogind_port_t;
')
allow $1 rlogind_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_rlogind_port',`
gen_require(`
type rlogind_port_t;
')
dontaudit $1 rlogind_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_rlogind_port',`
corenet_udp_send_rlogind_port($1)
corenet_udp_receive_rlogind_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_rlogind_port',`
corenet_dontaudit_udp_send_rlogind_port($1)
corenet_dontaudit_udp_receive_rlogind_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_rlogind_port',`
gen_require(`
type rlogind_port_t;
')
allow $1 rlogind_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_rlogind_port',`
gen_require(`
type rlogind_port_t;
')
allow $1 rlogind_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_rlogind_port',`
gen_require(`
type rlogind_port_t;
')
allow $1 rlogind_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send rlogind_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rlogind_client_packets',`
gen_require(`
type rlogind_client_packet_t;
')
allow $1 rlogind_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rlogind_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rlogind_client_packets',`
gen_require(`
type rlogind_client_packet_t;
')
dontaudit $1 rlogind_client_packet_t:packet send;
')
########################################
## <summary>
## Receive rlogind_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rlogind_client_packets',`
gen_require(`
type rlogind_client_packet_t;
')
allow $1 rlogind_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rlogind_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rlogind_client_packets',`
gen_require(`
type rlogind_client_packet_t;
')
dontaudit $1 rlogind_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rlogind_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rlogind_client_packets',`
corenet_send_rlogind_client_packets($1)
corenet_receive_rlogind_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rlogind_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rlogind_client_packets',`
corenet_dontaudit_send_rlogind_client_packets($1)
corenet_dontaudit_receive_rlogind_client_packets($1)
')
########################################
## <summary>
## Relabel packets to rlogind_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rlogind_client_packets',`
gen_require(`
type rlogind_client_packet_t;
')
allow $1 rlogind_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send rlogind_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rlogind_server_packets',`
gen_require(`
type rlogind_server_packet_t;
')
allow $1 rlogind_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rlogind_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rlogind_server_packets',`
gen_require(`
type rlogind_server_packet_t;
')
dontaudit $1 rlogind_server_packet_t:packet send;
')
########################################
## <summary>
## Receive rlogind_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rlogind_server_packets',`
gen_require(`
type rlogind_server_packet_t;
')
allow $1 rlogind_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rlogind_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rlogind_server_packets',`
gen_require(`
type rlogind_server_packet_t;
')
dontaudit $1 rlogind_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rlogind_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rlogind_server_packets',`
corenet_send_rlogind_server_packets($1)
corenet_receive_rlogind_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rlogind_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rlogind_server_packets',`
corenet_dontaudit_send_rlogind_server_packets($1)
corenet_dontaudit_receive_rlogind_server_packets($1)
')
########################################
## <summary>
## Relabel packets to rlogind_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rlogind_server_packets',`
gen_require(`
type rlogind_server_packet_t;
')
allow $1 rlogind_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_rndc_port',`
gen_require(`
type rndc_port_t;
')
allow $1 rndc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_rndc_port',`
gen_require(`
type rndc_port_t;
')
allow $1 rndc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_rndc_port',`
gen_require(`
type rndc_port_t;
')
dontaudit $1 rndc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_rndc_port',`
gen_require(`
type rndc_port_t;
')
allow $1 rndc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_rndc_port',`
gen_require(`
type rndc_port_t;
')
dontaudit $1 rndc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_rndc_port',`
corenet_udp_send_rndc_port($1)
corenet_udp_receive_rndc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_rndc_port',`
corenet_dontaudit_udp_send_rndc_port($1)
corenet_dontaudit_udp_receive_rndc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_rndc_port',`
gen_require(`
type rndc_port_t;
')
allow $1 rndc_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_rndc_port',`
gen_require(`
type rndc_port_t;
')
allow $1 rndc_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_rndc_port',`
gen_require(`
type rndc_port_t;
')
allow $1 rndc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send rndc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rndc_client_packets',`
gen_require(`
type rndc_client_packet_t;
')
allow $1 rndc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rndc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rndc_client_packets',`
gen_require(`
type rndc_client_packet_t;
')
dontaudit $1 rndc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive rndc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rndc_client_packets',`
gen_require(`
type rndc_client_packet_t;
')
allow $1 rndc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rndc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rndc_client_packets',`
gen_require(`
type rndc_client_packet_t;
')
dontaudit $1 rndc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rndc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rndc_client_packets',`
corenet_send_rndc_client_packets($1)
corenet_receive_rndc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rndc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rndc_client_packets',`
corenet_dontaudit_send_rndc_client_packets($1)
corenet_dontaudit_receive_rndc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to rndc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rndc_client_packets',`
gen_require(`
type rndc_client_packet_t;
')
allow $1 rndc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send rndc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rndc_server_packets',`
gen_require(`
type rndc_server_packet_t;
')
allow $1 rndc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rndc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rndc_server_packets',`
gen_require(`
type rndc_server_packet_t;
')
dontaudit $1 rndc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive rndc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rndc_server_packets',`
gen_require(`
type rndc_server_packet_t;
')
allow $1 rndc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rndc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rndc_server_packets',`
gen_require(`
type rndc_server_packet_t;
')
dontaudit $1 rndc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rndc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rndc_server_packets',`
corenet_send_rndc_server_packets($1)
corenet_receive_rndc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rndc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rndc_server_packets',`
corenet_dontaudit_send_rndc_server_packets($1)
corenet_dontaudit_receive_rndc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to rndc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rndc_server_packets',`
gen_require(`
type rndc_server_packet_t;
')
allow $1 rndc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_router_port',`
gen_require(`
type router_port_t;
')
allow $1 router_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_router_port',`
gen_require(`
type router_port_t;
')
allow $1 router_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_router_port',`
gen_require(`
type router_port_t;
')
dontaudit $1 router_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_router_port',`
gen_require(`
type router_port_t;
')
allow $1 router_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_router_port',`
gen_require(`
type router_port_t;
')
dontaudit $1 router_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_router_port',`
corenet_udp_send_router_port($1)
corenet_udp_receive_router_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_router_port',`
corenet_dontaudit_udp_send_router_port($1)
corenet_dontaudit_udp_receive_router_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_router_port',`
gen_require(`
type router_port_t;
')
allow $1 router_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_router_port',`
gen_require(`
type router_port_t;
')
allow $1 router_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_router_port',`
gen_require(`
type router_port_t;
')
allow $1 router_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_router_client_packets',`
gen_require(`
type router_client_packet_t;
')
allow $1 router_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_router_client_packets',`
gen_require(`
type router_client_packet_t;
')
dontaudit $1 router_client_packet_t:packet send;
')
########################################
## <summary>
## Receive router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_router_client_packets',`
gen_require(`
type router_client_packet_t;
')
allow $1 router_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_router_client_packets',`
gen_require(`
type router_client_packet_t;
')
dontaudit $1 router_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_router_client_packets',`
corenet_send_router_client_packets($1)
corenet_receive_router_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_router_client_packets',`
corenet_dontaudit_send_router_client_packets($1)
corenet_dontaudit_receive_router_client_packets($1)
')
########################################
## <summary>
## Relabel packets to router_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_router_client_packets',`
gen_require(`
type router_client_packet_t;
')
allow $1 router_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_router_server_packets',`
gen_require(`
type router_server_packet_t;
')
allow $1 router_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_router_server_packets',`
gen_require(`
type router_server_packet_t;
')
dontaudit $1 router_server_packet_t:packet send;
')
########################################
## <summary>
## Receive router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_router_server_packets',`
gen_require(`
type router_server_packet_t;
')
allow $1 router_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_router_server_packets',`
gen_require(`
type router_server_packet_t;
')
dontaudit $1 router_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_router_server_packets',`
corenet_send_router_server_packets($1)
corenet_receive_router_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_router_server_packets',`
corenet_dontaudit_send_router_server_packets($1)
corenet_dontaudit_receive_router_server_packets($1)
')
########################################
## <summary>
## Relabel packets to router_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_router_server_packets',`
gen_require(`
type router_server_packet_t;
')
allow $1 router_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_rsh_port',`
gen_require(`
type rsh_port_t;
')
allow $1 rsh_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_rsh_port',`
gen_require(`
type rsh_port_t;
')
allow $1 rsh_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_rsh_port',`
gen_require(`
type rsh_port_t;
')
dontaudit $1 rsh_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_rsh_port',`
gen_require(`
type rsh_port_t;
')
allow $1 rsh_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_rsh_port',`
gen_require(`
type rsh_port_t;
')
dontaudit $1 rsh_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_rsh_port',`
corenet_udp_send_rsh_port($1)
corenet_udp_receive_rsh_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_rsh_port',`
corenet_dontaudit_udp_send_rsh_port($1)
corenet_dontaudit_udp_receive_rsh_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_rsh_port',`
gen_require(`
type rsh_port_t;
')
allow $1 rsh_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_rsh_port',`
gen_require(`
type rsh_port_t;
')
allow $1 rsh_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_rsh_port',`
gen_require(`
type rsh_port_t;
')
allow $1 rsh_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send rsh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rsh_client_packets',`
gen_require(`
type rsh_client_packet_t;
')
allow $1 rsh_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rsh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rsh_client_packets',`
gen_require(`
type rsh_client_packet_t;
')
dontaudit $1 rsh_client_packet_t:packet send;
')
########################################
## <summary>
## Receive rsh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rsh_client_packets',`
gen_require(`
type rsh_client_packet_t;
')
allow $1 rsh_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rsh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rsh_client_packets',`
gen_require(`
type rsh_client_packet_t;
')
dontaudit $1 rsh_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rsh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rsh_client_packets',`
corenet_send_rsh_client_packets($1)
corenet_receive_rsh_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rsh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rsh_client_packets',`
corenet_dontaudit_send_rsh_client_packets($1)
corenet_dontaudit_receive_rsh_client_packets($1)
')
########################################
## <summary>
## Relabel packets to rsh_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rsh_client_packets',`
gen_require(`
type rsh_client_packet_t;
')
allow $1 rsh_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send rsh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rsh_server_packets',`
gen_require(`
type rsh_server_packet_t;
')
allow $1 rsh_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rsh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rsh_server_packets',`
gen_require(`
type rsh_server_packet_t;
')
dontaudit $1 rsh_server_packet_t:packet send;
')
########################################
## <summary>
## Receive rsh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rsh_server_packets',`
gen_require(`
type rsh_server_packet_t;
')
allow $1 rsh_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rsh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rsh_server_packets',`
gen_require(`
type rsh_server_packet_t;
')
dontaudit $1 rsh_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rsh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rsh_server_packets',`
corenet_send_rsh_server_packets($1)
corenet_receive_rsh_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rsh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rsh_server_packets',`
corenet_dontaudit_send_rsh_server_packets($1)
corenet_dontaudit_receive_rsh_server_packets($1)
')
########################################
## <summary>
## Relabel packets to rsh_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rsh_server_packets',`
gen_require(`
type rsh_server_packet_t;
')
allow $1 rsh_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_rsync_port',`
gen_require(`
type rsync_port_t;
')
allow $1 rsync_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_rsync_port',`
gen_require(`
type rsync_port_t;
')
allow $1 rsync_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_rsync_port',`
gen_require(`
type rsync_port_t;
')
dontaudit $1 rsync_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_rsync_port',`
gen_require(`
type rsync_port_t;
')
allow $1 rsync_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_rsync_port',`
gen_require(`
type rsync_port_t;
')
dontaudit $1 rsync_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_rsync_port',`
corenet_udp_send_rsync_port($1)
corenet_udp_receive_rsync_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_rsync_port',`
corenet_dontaudit_udp_send_rsync_port($1)
corenet_dontaudit_udp_receive_rsync_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_rsync_port',`
gen_require(`
type rsync_port_t;
')
allow $1 rsync_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_rsync_port',`
gen_require(`
type rsync_port_t;
')
allow $1 rsync_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_rsync_port',`
gen_require(`
type rsync_port_t;
')
allow $1 rsync_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send rsync_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rsync_client_packets',`
gen_require(`
type rsync_client_packet_t;
')
allow $1 rsync_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rsync_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rsync_client_packets',`
gen_require(`
type rsync_client_packet_t;
')
dontaudit $1 rsync_client_packet_t:packet send;
')
########################################
## <summary>
## Receive rsync_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rsync_client_packets',`
gen_require(`
type rsync_client_packet_t;
')
allow $1 rsync_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rsync_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rsync_client_packets',`
gen_require(`
type rsync_client_packet_t;
')
dontaudit $1 rsync_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rsync_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rsync_client_packets',`
corenet_send_rsync_client_packets($1)
corenet_receive_rsync_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rsync_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rsync_client_packets',`
corenet_dontaudit_send_rsync_client_packets($1)
corenet_dontaudit_receive_rsync_client_packets($1)
')
########################################
## <summary>
## Relabel packets to rsync_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rsync_client_packets',`
gen_require(`
type rsync_client_packet_t;
')
allow $1 rsync_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send rsync_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rsync_server_packets',`
gen_require(`
type rsync_server_packet_t;
')
allow $1 rsync_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rsync_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rsync_server_packets',`
gen_require(`
type rsync_server_packet_t;
')
dontaudit $1 rsync_server_packet_t:packet send;
')
########################################
## <summary>
## Receive rsync_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rsync_server_packets',`
gen_require(`
type rsync_server_packet_t;
')
allow $1 rsync_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rsync_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rsync_server_packets',`
gen_require(`
type rsync_server_packet_t;
')
dontaudit $1 rsync_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rsync_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rsync_server_packets',`
corenet_send_rsync_server_packets($1)
corenet_receive_rsync_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rsync_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rsync_server_packets',`
corenet_dontaudit_send_rsync_server_packets($1)
corenet_dontaudit_receive_rsync_server_packets($1)
')
########################################
## <summary>
## Relabel packets to rsync_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rsync_server_packets',`
gen_require(`
type rsync_server_packet_t;
')
allow $1 rsync_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_rwho_port',`
gen_require(`
type rwho_port_t;
')
allow $1 rwho_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_rwho_port',`
gen_require(`
type rwho_port_t;
')
allow $1 rwho_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_rwho_port',`
gen_require(`
type rwho_port_t;
')
dontaudit $1 rwho_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_rwho_port',`
gen_require(`
type rwho_port_t;
')
allow $1 rwho_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_rwho_port',`
gen_require(`
type rwho_port_t;
')
dontaudit $1 rwho_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_rwho_port',`
corenet_udp_send_rwho_port($1)
corenet_udp_receive_rwho_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_rwho_port',`
corenet_dontaudit_udp_send_rwho_port($1)
corenet_dontaudit_udp_receive_rwho_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_rwho_port',`
gen_require(`
type rwho_port_t;
')
allow $1 rwho_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_rwho_port',`
gen_require(`
type rwho_port_t;
')
allow $1 rwho_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_rwho_port',`
gen_require(`
type rwho_port_t;
')
allow $1 rwho_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send rwho_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rwho_client_packets',`
gen_require(`
type rwho_client_packet_t;
')
allow $1 rwho_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rwho_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rwho_client_packets',`
gen_require(`
type rwho_client_packet_t;
')
dontaudit $1 rwho_client_packet_t:packet send;
')
########################################
## <summary>
## Receive rwho_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rwho_client_packets',`
gen_require(`
type rwho_client_packet_t;
')
allow $1 rwho_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rwho_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rwho_client_packets',`
gen_require(`
type rwho_client_packet_t;
')
dontaudit $1 rwho_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rwho_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rwho_client_packets',`
corenet_send_rwho_client_packets($1)
corenet_receive_rwho_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rwho_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rwho_client_packets',`
corenet_dontaudit_send_rwho_client_packets($1)
corenet_dontaudit_receive_rwho_client_packets($1)
')
########################################
## <summary>
## Relabel packets to rwho_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rwho_client_packets',`
gen_require(`
type rwho_client_packet_t;
')
allow $1 rwho_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send rwho_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rwho_server_packets',`
gen_require(`
type rwho_server_packet_t;
')
allow $1 rwho_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rwho_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rwho_server_packets',`
gen_require(`
type rwho_server_packet_t;
')
dontaudit $1 rwho_server_packet_t:packet send;
')
########################################
## <summary>
## Receive rwho_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rwho_server_packets',`
gen_require(`
type rwho_server_packet_t;
')
allow $1 rwho_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rwho_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rwho_server_packets',`
gen_require(`
type rwho_server_packet_t;
')
dontaudit $1 rwho_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rwho_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rwho_server_packets',`
corenet_send_rwho_server_packets($1)
corenet_receive_rwho_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rwho_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rwho_server_packets',`
corenet_dontaudit_send_rwho_server_packets($1)
corenet_dontaudit_receive_rwho_server_packets($1)
')
########################################
## <summary>
## Relabel packets to rwho_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rwho_server_packets',`
gen_require(`
type rwho_server_packet_t;
')
allow $1 rwho_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_sap_port',`
gen_require(`
type sap_port_t;
')
allow $1 sap_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_sap_port',`
gen_require(`
type sap_port_t;
')
allow $1 sap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_sap_port',`
gen_require(`
type sap_port_t;
')
dontaudit $1 sap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_sap_port',`
gen_require(`
type sap_port_t;
')
allow $1 sap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_sap_port',`
gen_require(`
type sap_port_t;
')
dontaudit $1 sap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_sap_port',`
corenet_udp_send_sap_port($1)
corenet_udp_receive_sap_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_sap_port',`
corenet_dontaudit_udp_send_sap_port($1)
corenet_dontaudit_udp_receive_sap_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_sap_port',`
gen_require(`
type sap_port_t;
')
allow $1 sap_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_sap_port',`
gen_require(`
type sap_port_t;
')
allow $1 sap_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_sap_port',`
gen_require(`
type sap_port_t;
')
allow $1 sap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send sap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sap_client_packets',`
gen_require(`
type sap_client_packet_t;
')
allow $1 sap_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sap_client_packets',`
gen_require(`
type sap_client_packet_t;
')
dontaudit $1 sap_client_packet_t:packet send;
')
########################################
## <summary>
## Receive sap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sap_client_packets',`
gen_require(`
type sap_client_packet_t;
')
allow $1 sap_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sap_client_packets',`
gen_require(`
type sap_client_packet_t;
')
dontaudit $1 sap_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sap_client_packets',`
corenet_send_sap_client_packets($1)
corenet_receive_sap_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sap_client_packets',`
corenet_dontaudit_send_sap_client_packets($1)
corenet_dontaudit_receive_sap_client_packets($1)
')
########################################
## <summary>
## Relabel packets to sap_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sap_client_packets',`
gen_require(`
type sap_client_packet_t;
')
allow $1 sap_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send sap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sap_server_packets',`
gen_require(`
type sap_server_packet_t;
')
allow $1 sap_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sap_server_packets',`
gen_require(`
type sap_server_packet_t;
')
dontaudit $1 sap_server_packet_t:packet send;
')
########################################
## <summary>
## Receive sap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sap_server_packets',`
gen_require(`
type sap_server_packet_t;
')
allow $1 sap_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sap_server_packets',`
gen_require(`
type sap_server_packet_t;
')
dontaudit $1 sap_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sap_server_packets',`
corenet_send_sap_server_packets($1)
corenet_receive_sap_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sap_server_packets',`
corenet_dontaudit_send_sap_server_packets($1)
corenet_dontaudit_receive_sap_server_packets($1)
')
########################################
## <summary>
## Relabel packets to sap_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sap_server_packets',`
gen_require(`
type sap_server_packet_t;
')
allow $1 sap_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_saphostctrl_port',`
gen_require(`
type saphostctrl_port_t;
')
allow $1 saphostctrl_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_saphostctrl_port',`
gen_require(`
type saphostctrl_port_t;
')
allow $1 saphostctrl_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_saphostctrl_port',`
gen_require(`
type saphostctrl_port_t;
')
dontaudit $1 saphostctrl_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_saphostctrl_port',`
gen_require(`
type saphostctrl_port_t;
')
allow $1 saphostctrl_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_saphostctrl_port',`
gen_require(`
type saphostctrl_port_t;
')
dontaudit $1 saphostctrl_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_saphostctrl_port',`
corenet_udp_send_saphostctrl_port($1)
corenet_udp_receive_saphostctrl_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_saphostctrl_port',`
corenet_dontaudit_udp_send_saphostctrl_port($1)
corenet_dontaudit_udp_receive_saphostctrl_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_saphostctrl_port',`
gen_require(`
type saphostctrl_port_t;
')
allow $1 saphostctrl_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_saphostctrl_port',`
gen_require(`
type saphostctrl_port_t;
')
allow $1 saphostctrl_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_saphostctrl_port',`
gen_require(`
type saphostctrl_port_t;
')
allow $1 saphostctrl_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send saphostctrl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_saphostctrl_client_packets',`
gen_require(`
type saphostctrl_client_packet_t;
')
allow $1 saphostctrl_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send saphostctrl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_saphostctrl_client_packets',`
gen_require(`
type saphostctrl_client_packet_t;
')
dontaudit $1 saphostctrl_client_packet_t:packet send;
')
########################################
## <summary>
## Receive saphostctrl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_saphostctrl_client_packets',`
gen_require(`
type saphostctrl_client_packet_t;
')
allow $1 saphostctrl_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive saphostctrl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_saphostctrl_client_packets',`
gen_require(`
type saphostctrl_client_packet_t;
')
dontaudit $1 saphostctrl_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive saphostctrl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_saphostctrl_client_packets',`
corenet_send_saphostctrl_client_packets($1)
corenet_receive_saphostctrl_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive saphostctrl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_saphostctrl_client_packets',`
corenet_dontaudit_send_saphostctrl_client_packets($1)
corenet_dontaudit_receive_saphostctrl_client_packets($1)
')
########################################
## <summary>
## Relabel packets to saphostctrl_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_saphostctrl_client_packets',`
gen_require(`
type saphostctrl_client_packet_t;
')
allow $1 saphostctrl_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send saphostctrl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_saphostctrl_server_packets',`
gen_require(`
type saphostctrl_server_packet_t;
')
allow $1 saphostctrl_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send saphostctrl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_saphostctrl_server_packets',`
gen_require(`
type saphostctrl_server_packet_t;
')
dontaudit $1 saphostctrl_server_packet_t:packet send;
')
########################################
## <summary>
## Receive saphostctrl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_saphostctrl_server_packets',`
gen_require(`
type saphostctrl_server_packet_t;
')
allow $1 saphostctrl_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive saphostctrl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_saphostctrl_server_packets',`
gen_require(`
type saphostctrl_server_packet_t;
')
dontaudit $1 saphostctrl_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive saphostctrl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_saphostctrl_server_packets',`
corenet_send_saphostctrl_server_packets($1)
corenet_receive_saphostctrl_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive saphostctrl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_saphostctrl_server_packets',`
corenet_dontaudit_send_saphostctrl_server_packets($1)
corenet_dontaudit_receive_saphostctrl_server_packets($1)
')
########################################
## <summary>
## Relabel packets to saphostctrl_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_saphostctrl_server_packets',`
gen_require(`
type saphostctrl_server_packet_t;
')
allow $1 saphostctrl_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_sieve_port',`
gen_require(`
type sieve_port_t;
')
allow $1 sieve_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_sieve_port',`
gen_require(`
type sieve_port_t;
')
allow $1 sieve_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_sieve_port',`
gen_require(`
type sieve_port_t;
')
dontaudit $1 sieve_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_sieve_port',`
gen_require(`
type sieve_port_t;
')
allow $1 sieve_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_sieve_port',`
gen_require(`
type sieve_port_t;
')
dontaudit $1 sieve_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_sieve_port',`
corenet_udp_send_sieve_port($1)
corenet_udp_receive_sieve_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_sieve_port',`
corenet_dontaudit_udp_send_sieve_port($1)
corenet_dontaudit_udp_receive_sieve_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_sieve_port',`
gen_require(`
type sieve_port_t;
')
allow $1 sieve_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_sieve_port',`
gen_require(`
type sieve_port_t;
')
allow $1 sieve_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_sieve_port',`
gen_require(`
type sieve_port_t;
')
allow $1 sieve_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send sieve_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sieve_client_packets',`
gen_require(`
type sieve_client_packet_t;
')
allow $1 sieve_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sieve_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sieve_client_packets',`
gen_require(`
type sieve_client_packet_t;
')
dontaudit $1 sieve_client_packet_t:packet send;
')
########################################
## <summary>
## Receive sieve_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sieve_client_packets',`
gen_require(`
type sieve_client_packet_t;
')
allow $1 sieve_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sieve_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sieve_client_packets',`
gen_require(`
type sieve_client_packet_t;
')
dontaudit $1 sieve_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sieve_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sieve_client_packets',`
corenet_send_sieve_client_packets($1)
corenet_receive_sieve_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sieve_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sieve_client_packets',`
corenet_dontaudit_send_sieve_client_packets($1)
corenet_dontaudit_receive_sieve_client_packets($1)
')
########################################
## <summary>
## Relabel packets to sieve_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sieve_client_packets',`
gen_require(`
type sieve_client_packet_t;
')
allow $1 sieve_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send sieve_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sieve_server_packets',`
gen_require(`
type sieve_server_packet_t;
')
allow $1 sieve_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sieve_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sieve_server_packets',`
gen_require(`
type sieve_server_packet_t;
')
dontaudit $1 sieve_server_packet_t:packet send;
')
########################################
## <summary>
## Receive sieve_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sieve_server_packets',`
gen_require(`
type sieve_server_packet_t;
')
allow $1 sieve_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sieve_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sieve_server_packets',`
gen_require(`
type sieve_server_packet_t;
')
dontaudit $1 sieve_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sieve_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sieve_server_packets',`
corenet_send_sieve_server_packets($1)
corenet_receive_sieve_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sieve_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sieve_server_packets',`
corenet_dontaudit_send_sieve_server_packets($1)
corenet_dontaudit_receive_sieve_server_packets($1)
')
########################################
## <summary>
## Relabel packets to sieve_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sieve_server_packets',`
gen_require(`
type sieve_server_packet_t;
')
allow $1 sieve_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_sip_port',`
gen_require(`
type sip_port_t;
')
allow $1 sip_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_sip_port',`
gen_require(`
type sip_port_t;
')
allow $1 sip_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_sip_port',`
gen_require(`
type sip_port_t;
')
dontaudit $1 sip_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_sip_port',`
gen_require(`
type sip_port_t;
')
allow $1 sip_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_sip_port',`
gen_require(`
type sip_port_t;
')
dontaudit $1 sip_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_sip_port',`
corenet_udp_send_sip_port($1)
corenet_udp_receive_sip_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_sip_port',`
corenet_dontaudit_udp_send_sip_port($1)
corenet_dontaudit_udp_receive_sip_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_sip_port',`
gen_require(`
type sip_port_t;
')
allow $1 sip_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_sip_port',`
gen_require(`
type sip_port_t;
')
allow $1 sip_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_sip_port',`
gen_require(`
type sip_port_t;
')
allow $1 sip_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send sip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sip_client_packets',`
gen_require(`
type sip_client_packet_t;
')
allow $1 sip_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sip_client_packets',`
gen_require(`
type sip_client_packet_t;
')
dontaudit $1 sip_client_packet_t:packet send;
')
########################################
## <summary>
## Receive sip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sip_client_packets',`
gen_require(`
type sip_client_packet_t;
')
allow $1 sip_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sip_client_packets',`
gen_require(`
type sip_client_packet_t;
')
dontaudit $1 sip_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sip_client_packets',`
corenet_send_sip_client_packets($1)
corenet_receive_sip_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sip_client_packets',`
corenet_dontaudit_send_sip_client_packets($1)
corenet_dontaudit_receive_sip_client_packets($1)
')
########################################
## <summary>
## Relabel packets to sip_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sip_client_packets',`
gen_require(`
type sip_client_packet_t;
')
allow $1 sip_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send sip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sip_server_packets',`
gen_require(`
type sip_server_packet_t;
')
allow $1 sip_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sip_server_packets',`
gen_require(`
type sip_server_packet_t;
')
dontaudit $1 sip_server_packet_t:packet send;
')
########################################
## <summary>
## Receive sip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sip_server_packets',`
gen_require(`
type sip_server_packet_t;
')
allow $1 sip_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sip_server_packets',`
gen_require(`
type sip_server_packet_t;
')
dontaudit $1 sip_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sip_server_packets',`
corenet_send_sip_server_packets($1)
corenet_receive_sip_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sip_server_packets',`
corenet_dontaudit_send_sip_server_packets($1)
corenet_dontaudit_receive_sip_server_packets($1)
')
########################################
## <summary>
## Relabel packets to sip_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sip_server_packets',`
gen_require(`
type sip_server_packet_t;
')
allow $1 sip_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_sixxsconfig_port',`
gen_require(`
type sixxsconfig_port_t;
')
allow $1 sixxsconfig_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_sixxsconfig_port',`
gen_require(`
type sixxsconfig_port_t;
')
allow $1 sixxsconfig_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_sixxsconfig_port',`
gen_require(`
type sixxsconfig_port_t;
')
dontaudit $1 sixxsconfig_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_sixxsconfig_port',`
gen_require(`
type sixxsconfig_port_t;
')
allow $1 sixxsconfig_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_sixxsconfig_port',`
gen_require(`
type sixxsconfig_port_t;
')
dontaudit $1 sixxsconfig_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_sixxsconfig_port',`
corenet_udp_send_sixxsconfig_port($1)
corenet_udp_receive_sixxsconfig_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_sixxsconfig_port',`
corenet_dontaudit_udp_send_sixxsconfig_port($1)
corenet_dontaudit_udp_receive_sixxsconfig_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_sixxsconfig_port',`
gen_require(`
type sixxsconfig_port_t;
')
allow $1 sixxsconfig_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_sixxsconfig_port',`
gen_require(`
type sixxsconfig_port_t;
')
allow $1 sixxsconfig_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_sixxsconfig_port',`
gen_require(`
type sixxsconfig_port_t;
')
allow $1 sixxsconfig_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send sixxsconfig_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sixxsconfig_client_packets',`
gen_require(`
type sixxsconfig_client_packet_t;
')
allow $1 sixxsconfig_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sixxsconfig_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sixxsconfig_client_packets',`
gen_require(`
type sixxsconfig_client_packet_t;
')
dontaudit $1 sixxsconfig_client_packet_t:packet send;
')
########################################
## <summary>
## Receive sixxsconfig_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sixxsconfig_client_packets',`
gen_require(`
type sixxsconfig_client_packet_t;
')
allow $1 sixxsconfig_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sixxsconfig_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sixxsconfig_client_packets',`
gen_require(`
type sixxsconfig_client_packet_t;
')
dontaudit $1 sixxsconfig_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sixxsconfig_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sixxsconfig_client_packets',`
corenet_send_sixxsconfig_client_packets($1)
corenet_receive_sixxsconfig_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sixxsconfig_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sixxsconfig_client_packets',`
corenet_dontaudit_send_sixxsconfig_client_packets($1)
corenet_dontaudit_receive_sixxsconfig_client_packets($1)
')
########################################
## <summary>
## Relabel packets to sixxsconfig_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sixxsconfig_client_packets',`
gen_require(`
type sixxsconfig_client_packet_t;
')
allow $1 sixxsconfig_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send sixxsconfig_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sixxsconfig_server_packets',`
gen_require(`
type sixxsconfig_server_packet_t;
')
allow $1 sixxsconfig_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sixxsconfig_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sixxsconfig_server_packets',`
gen_require(`
type sixxsconfig_server_packet_t;
')
dontaudit $1 sixxsconfig_server_packet_t:packet send;
')
########################################
## <summary>
## Receive sixxsconfig_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sixxsconfig_server_packets',`
gen_require(`
type sixxsconfig_server_packet_t;
')
allow $1 sixxsconfig_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sixxsconfig_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sixxsconfig_server_packets',`
gen_require(`
type sixxsconfig_server_packet_t;
')
dontaudit $1 sixxsconfig_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sixxsconfig_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sixxsconfig_server_packets',`
corenet_send_sixxsconfig_server_packets($1)
corenet_receive_sixxsconfig_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sixxsconfig_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sixxsconfig_server_packets',`
corenet_dontaudit_send_sixxsconfig_server_packets($1)
corenet_dontaudit_receive_sixxsconfig_server_packets($1)
')
########################################
## <summary>
## Relabel packets to sixxsconfig_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sixxsconfig_server_packets',`
gen_require(`
type sixxsconfig_server_packet_t;
')
allow $1 sixxsconfig_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_smbd_port',`
gen_require(`
type smbd_port_t;
')
allow $1 smbd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_smbd_port',`
gen_require(`
type smbd_port_t;
')
allow $1 smbd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_smbd_port',`
gen_require(`
type smbd_port_t;
')
dontaudit $1 smbd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_smbd_port',`
gen_require(`
type smbd_port_t;
')
allow $1 smbd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_smbd_port',`
gen_require(`
type smbd_port_t;
')
dontaudit $1 smbd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_smbd_port',`
corenet_udp_send_smbd_port($1)
corenet_udp_receive_smbd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_smbd_port',`
corenet_dontaudit_udp_send_smbd_port($1)
corenet_dontaudit_udp_receive_smbd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_smbd_port',`
gen_require(`
type smbd_port_t;
')
allow $1 smbd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_smbd_port',`
gen_require(`
type smbd_port_t;
')
allow $1 smbd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_smbd_port',`
gen_require(`
type smbd_port_t;
')
allow $1 smbd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send smbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_smbd_client_packets',`
gen_require(`
type smbd_client_packet_t;
')
allow $1 smbd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send smbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_smbd_client_packets',`
gen_require(`
type smbd_client_packet_t;
')
dontaudit $1 smbd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive smbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_smbd_client_packets',`
gen_require(`
type smbd_client_packet_t;
')
allow $1 smbd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive smbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_smbd_client_packets',`
gen_require(`
type smbd_client_packet_t;
')
dontaudit $1 smbd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive smbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_smbd_client_packets',`
corenet_send_smbd_client_packets($1)
corenet_receive_smbd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive smbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_smbd_client_packets',`
corenet_dontaudit_send_smbd_client_packets($1)
corenet_dontaudit_receive_smbd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to smbd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_smbd_client_packets',`
gen_require(`
type smbd_client_packet_t;
')
allow $1 smbd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send smbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_smbd_server_packets',`
gen_require(`
type smbd_server_packet_t;
')
allow $1 smbd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send smbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_smbd_server_packets',`
gen_require(`
type smbd_server_packet_t;
')
dontaudit $1 smbd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive smbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_smbd_server_packets',`
gen_require(`
type smbd_server_packet_t;
')
allow $1 smbd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive smbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_smbd_server_packets',`
gen_require(`
type smbd_server_packet_t;
')
dontaudit $1 smbd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive smbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_smbd_server_packets',`
corenet_send_smbd_server_packets($1)
corenet_receive_smbd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive smbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_smbd_server_packets',`
corenet_dontaudit_send_smbd_server_packets($1)
corenet_dontaudit_receive_smbd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to smbd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_smbd_server_packets',`
gen_require(`
type smbd_server_packet_t;
')
allow $1 smbd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_smtp_port',`
gen_require(`
type smtp_port_t;
')
allow $1 smtp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_smtp_port',`
gen_require(`
type smtp_port_t;
')
allow $1 smtp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_smtp_port',`
gen_require(`
type smtp_port_t;
')
dontaudit $1 smtp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_smtp_port',`
gen_require(`
type smtp_port_t;
')
allow $1 smtp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_smtp_port',`
gen_require(`
type smtp_port_t;
')
dontaudit $1 smtp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_smtp_port',`
corenet_udp_send_smtp_port($1)
corenet_udp_receive_smtp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_smtp_port',`
corenet_dontaudit_udp_send_smtp_port($1)
corenet_dontaudit_udp_receive_smtp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_smtp_port',`
gen_require(`
type smtp_port_t;
')
allow $1 smtp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_smtp_port',`
gen_require(`
type smtp_port_t;
')
allow $1 smtp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_smtp_port',`
gen_require(`
type smtp_port_t;
')
allow $1 smtp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send smtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_smtp_client_packets',`
gen_require(`
type smtp_client_packet_t;
')
allow $1 smtp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send smtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_smtp_client_packets',`
gen_require(`
type smtp_client_packet_t;
')
dontaudit $1 smtp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive smtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_smtp_client_packets',`
gen_require(`
type smtp_client_packet_t;
')
allow $1 smtp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive smtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_smtp_client_packets',`
gen_require(`
type smtp_client_packet_t;
')
dontaudit $1 smtp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive smtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_smtp_client_packets',`
corenet_send_smtp_client_packets($1)
corenet_receive_smtp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive smtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_smtp_client_packets',`
corenet_dontaudit_send_smtp_client_packets($1)
corenet_dontaudit_receive_smtp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to smtp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_smtp_client_packets',`
gen_require(`
type smtp_client_packet_t;
')
allow $1 smtp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send smtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_smtp_server_packets',`
gen_require(`
type smtp_server_packet_t;
')
allow $1 smtp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send smtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_smtp_server_packets',`
gen_require(`
type smtp_server_packet_t;
')
dontaudit $1 smtp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive smtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_smtp_server_packets',`
gen_require(`
type smtp_server_packet_t;
')
allow $1 smtp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive smtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_smtp_server_packets',`
gen_require(`
type smtp_server_packet_t;
')
dontaudit $1 smtp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive smtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_smtp_server_packets',`
corenet_send_smtp_server_packets($1)
corenet_receive_smtp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive smtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_smtp_server_packets',`
corenet_dontaudit_send_smtp_server_packets($1)
corenet_dontaudit_receive_smtp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to smtp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_smtp_server_packets',`
gen_require(`
type smtp_server_packet_t;
')
allow $1 smtp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_snmp_port',`
gen_require(`
type snmp_port_t;
')
allow $1 snmp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_snmp_port',`
gen_require(`
type snmp_port_t;
')
allow $1 snmp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_snmp_port',`
gen_require(`
type snmp_port_t;
')
dontaudit $1 snmp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_snmp_port',`
gen_require(`
type snmp_port_t;
')
allow $1 snmp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_snmp_port',`
gen_require(`
type snmp_port_t;
')
dontaudit $1 snmp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_snmp_port',`
corenet_udp_send_snmp_port($1)
corenet_udp_receive_snmp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_snmp_port',`
corenet_dontaudit_udp_send_snmp_port($1)
corenet_dontaudit_udp_receive_snmp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_snmp_port',`
gen_require(`
type snmp_port_t;
')
allow $1 snmp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_snmp_port',`
gen_require(`
type snmp_port_t;
')
allow $1 snmp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_snmp_port',`
gen_require(`
type snmp_port_t;
')
allow $1 snmp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send snmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_snmp_client_packets',`
gen_require(`
type snmp_client_packet_t;
')
allow $1 snmp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send snmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_snmp_client_packets',`
gen_require(`
type snmp_client_packet_t;
')
dontaudit $1 snmp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive snmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_snmp_client_packets',`
gen_require(`
type snmp_client_packet_t;
')
allow $1 snmp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive snmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_snmp_client_packets',`
gen_require(`
type snmp_client_packet_t;
')
dontaudit $1 snmp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive snmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_snmp_client_packets',`
corenet_send_snmp_client_packets($1)
corenet_receive_snmp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive snmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_snmp_client_packets',`
corenet_dontaudit_send_snmp_client_packets($1)
corenet_dontaudit_receive_snmp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to snmp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_snmp_client_packets',`
gen_require(`
type snmp_client_packet_t;
')
allow $1 snmp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send snmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_snmp_server_packets',`
gen_require(`
type snmp_server_packet_t;
')
allow $1 snmp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send snmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_snmp_server_packets',`
gen_require(`
type snmp_server_packet_t;
')
dontaudit $1 snmp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive snmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_snmp_server_packets',`
gen_require(`
type snmp_server_packet_t;
')
allow $1 snmp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive snmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_snmp_server_packets',`
gen_require(`
type snmp_server_packet_t;
')
dontaudit $1 snmp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive snmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_snmp_server_packets',`
corenet_send_snmp_server_packets($1)
corenet_receive_snmp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive snmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_snmp_server_packets',`
corenet_dontaudit_send_snmp_server_packets($1)
corenet_dontaudit_receive_snmp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to snmp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_snmp_server_packets',`
gen_require(`
type snmp_server_packet_t;
')
allow $1 snmp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_soundd_port',`
gen_require(`
type soundd_port_t;
')
allow $1 soundd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_soundd_port',`
gen_require(`
type soundd_port_t;
')
allow $1 soundd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_soundd_port',`
gen_require(`
type soundd_port_t;
')
dontaudit $1 soundd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_soundd_port',`
gen_require(`
type soundd_port_t;
')
allow $1 soundd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_soundd_port',`
gen_require(`
type soundd_port_t;
')
dontaudit $1 soundd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_soundd_port',`
corenet_udp_send_soundd_port($1)
corenet_udp_receive_soundd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_soundd_port',`
corenet_dontaudit_udp_send_soundd_port($1)
corenet_dontaudit_udp_receive_soundd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_soundd_port',`
gen_require(`
type soundd_port_t;
')
allow $1 soundd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_soundd_port',`
gen_require(`
type soundd_port_t;
')
allow $1 soundd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_soundd_port',`
gen_require(`
type soundd_port_t;
')
allow $1 soundd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send soundd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_soundd_client_packets',`
gen_require(`
type soundd_client_packet_t;
')
allow $1 soundd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send soundd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_soundd_client_packets',`
gen_require(`
type soundd_client_packet_t;
')
dontaudit $1 soundd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive soundd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_soundd_client_packets',`
gen_require(`
type soundd_client_packet_t;
')
allow $1 soundd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive soundd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_soundd_client_packets',`
gen_require(`
type soundd_client_packet_t;
')
dontaudit $1 soundd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive soundd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_soundd_client_packets',`
corenet_send_soundd_client_packets($1)
corenet_receive_soundd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive soundd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_soundd_client_packets',`
corenet_dontaudit_send_soundd_client_packets($1)
corenet_dontaudit_receive_soundd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to soundd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_soundd_client_packets',`
gen_require(`
type soundd_client_packet_t;
')
allow $1 soundd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send soundd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_soundd_server_packets',`
gen_require(`
type soundd_server_packet_t;
')
allow $1 soundd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send soundd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_soundd_server_packets',`
gen_require(`
type soundd_server_packet_t;
')
dontaudit $1 soundd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive soundd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_soundd_server_packets',`
gen_require(`
type soundd_server_packet_t;
')
allow $1 soundd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive soundd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_soundd_server_packets',`
gen_require(`
type soundd_server_packet_t;
')
dontaudit $1 soundd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive soundd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_soundd_server_packets',`
corenet_send_soundd_server_packets($1)
corenet_receive_soundd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive soundd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_soundd_server_packets',`
corenet_dontaudit_send_soundd_server_packets($1)
corenet_dontaudit_receive_soundd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to soundd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_soundd_server_packets',`
gen_require(`
type soundd_server_packet_t;
')
allow $1 soundd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_spamd_port',`
gen_require(`
type spamd_port_t;
')
allow $1 spamd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_spamd_port',`
gen_require(`
type spamd_port_t;
')
allow $1 spamd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_spamd_port',`
gen_require(`
type spamd_port_t;
')
dontaudit $1 spamd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_spamd_port',`
gen_require(`
type spamd_port_t;
')
allow $1 spamd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_spamd_port',`
gen_require(`
type spamd_port_t;
')
dontaudit $1 spamd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_spamd_port',`
corenet_udp_send_spamd_port($1)
corenet_udp_receive_spamd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_spamd_port',`
corenet_dontaudit_udp_send_spamd_port($1)
corenet_dontaudit_udp_receive_spamd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_spamd_port',`
gen_require(`
type spamd_port_t;
')
allow $1 spamd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_spamd_port',`
gen_require(`
type spamd_port_t;
')
allow $1 spamd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_spamd_port',`
gen_require(`
type spamd_port_t;
')
allow $1 spamd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send spamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_spamd_client_packets',`
gen_require(`
type spamd_client_packet_t;
')
allow $1 spamd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send spamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_spamd_client_packets',`
gen_require(`
type spamd_client_packet_t;
')
dontaudit $1 spamd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive spamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_spamd_client_packets',`
gen_require(`
type spamd_client_packet_t;
')
allow $1 spamd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive spamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_spamd_client_packets',`
gen_require(`
type spamd_client_packet_t;
')
dontaudit $1 spamd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive spamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_spamd_client_packets',`
corenet_send_spamd_client_packets($1)
corenet_receive_spamd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive spamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_spamd_client_packets',`
corenet_dontaudit_send_spamd_client_packets($1)
corenet_dontaudit_receive_spamd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to spamd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_spamd_client_packets',`
gen_require(`
type spamd_client_packet_t;
')
allow $1 spamd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send spamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_spamd_server_packets',`
gen_require(`
type spamd_server_packet_t;
')
allow $1 spamd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send spamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_spamd_server_packets',`
gen_require(`
type spamd_server_packet_t;
')
dontaudit $1 spamd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive spamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_spamd_server_packets',`
gen_require(`
type spamd_server_packet_t;
')
allow $1 spamd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive spamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_spamd_server_packets',`
gen_require(`
type spamd_server_packet_t;
')
dontaudit $1 spamd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive spamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_spamd_server_packets',`
corenet_send_spamd_server_packets($1)
corenet_receive_spamd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive spamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_spamd_server_packets',`
corenet_dontaudit_send_spamd_server_packets($1)
corenet_dontaudit_receive_spamd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to spamd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_spamd_server_packets',`
gen_require(`
type spamd_server_packet_t;
')
allow $1 spamd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_speech_port',`
gen_require(`
type speech_port_t;
')
allow $1 speech_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_speech_port',`
gen_require(`
type speech_port_t;
')
allow $1 speech_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_speech_port',`
gen_require(`
type speech_port_t;
')
dontaudit $1 speech_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_speech_port',`
gen_require(`
type speech_port_t;
')
allow $1 speech_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_speech_port',`
gen_require(`
type speech_port_t;
')
dontaudit $1 speech_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_speech_port',`
corenet_udp_send_speech_port($1)
corenet_udp_receive_speech_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_speech_port',`
corenet_dontaudit_udp_send_speech_port($1)
corenet_dontaudit_udp_receive_speech_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_speech_port',`
gen_require(`
type speech_port_t;
')
allow $1 speech_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_speech_port',`
gen_require(`
type speech_port_t;
')
allow $1 speech_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_speech_port',`
gen_require(`
type speech_port_t;
')
allow $1 speech_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send speech_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_speech_client_packets',`
gen_require(`
type speech_client_packet_t;
')
allow $1 speech_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send speech_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_speech_client_packets',`
gen_require(`
type speech_client_packet_t;
')
dontaudit $1 speech_client_packet_t:packet send;
')
########################################
## <summary>
## Receive speech_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_speech_client_packets',`
gen_require(`
type speech_client_packet_t;
')
allow $1 speech_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive speech_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_speech_client_packets',`
gen_require(`
type speech_client_packet_t;
')
dontaudit $1 speech_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive speech_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_speech_client_packets',`
corenet_send_speech_client_packets($1)
corenet_receive_speech_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive speech_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_speech_client_packets',`
corenet_dontaudit_send_speech_client_packets($1)
corenet_dontaudit_receive_speech_client_packets($1)
')
########################################
## <summary>
## Relabel packets to speech_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_speech_client_packets',`
gen_require(`
type speech_client_packet_t;
')
allow $1 speech_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send speech_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_speech_server_packets',`
gen_require(`
type speech_server_packet_t;
')
allow $1 speech_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send speech_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_speech_server_packets',`
gen_require(`
type speech_server_packet_t;
')
dontaudit $1 speech_server_packet_t:packet send;
')
########################################
## <summary>
## Receive speech_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_speech_server_packets',`
gen_require(`
type speech_server_packet_t;
')
allow $1 speech_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive speech_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_speech_server_packets',`
gen_require(`
type speech_server_packet_t;
')
dontaudit $1 speech_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive speech_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_speech_server_packets',`
corenet_send_speech_server_packets($1)
corenet_receive_speech_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive speech_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_speech_server_packets',`
corenet_dontaudit_send_speech_server_packets($1)
corenet_dontaudit_receive_speech_server_packets($1)
')
########################################
## <summary>
## Relabel packets to speech_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_speech_server_packets',`
gen_require(`
type speech_server_packet_t;
')
allow $1 speech_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_squid_port',`
gen_require(`
type squid_port_t;
')
allow $1 squid_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_squid_port',`
gen_require(`
type squid_port_t;
')
allow $1 squid_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_squid_port',`
gen_require(`
type squid_port_t;
')
dontaudit $1 squid_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_squid_port',`
gen_require(`
type squid_port_t;
')
allow $1 squid_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_squid_port',`
gen_require(`
type squid_port_t;
')
dontaudit $1 squid_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_squid_port',`
corenet_udp_send_squid_port($1)
corenet_udp_receive_squid_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_squid_port',`
corenet_dontaudit_udp_send_squid_port($1)
corenet_dontaudit_udp_receive_squid_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_squid_port',`
gen_require(`
type squid_port_t;
')
allow $1 squid_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_squid_port',`
gen_require(`
type squid_port_t;
')
allow $1 squid_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_squid_port',`
gen_require(`
type squid_port_t;
')
allow $1 squid_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send squid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_squid_client_packets',`
gen_require(`
type squid_client_packet_t;
')
allow $1 squid_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send squid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_squid_client_packets',`
gen_require(`
type squid_client_packet_t;
')
dontaudit $1 squid_client_packet_t:packet send;
')
########################################
## <summary>
## Receive squid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_squid_client_packets',`
gen_require(`
type squid_client_packet_t;
')
allow $1 squid_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive squid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_squid_client_packets',`
gen_require(`
type squid_client_packet_t;
')
dontaudit $1 squid_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive squid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_squid_client_packets',`
corenet_send_squid_client_packets($1)
corenet_receive_squid_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive squid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_squid_client_packets',`
corenet_dontaudit_send_squid_client_packets($1)
corenet_dontaudit_receive_squid_client_packets($1)
')
########################################
## <summary>
## Relabel packets to squid_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_squid_client_packets',`
gen_require(`
type squid_client_packet_t;
')
allow $1 squid_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send squid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_squid_server_packets',`
gen_require(`
type squid_server_packet_t;
')
allow $1 squid_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send squid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_squid_server_packets',`
gen_require(`
type squid_server_packet_t;
')
dontaudit $1 squid_server_packet_t:packet send;
')
########################################
## <summary>
## Receive squid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_squid_server_packets',`
gen_require(`
type squid_server_packet_t;
')
allow $1 squid_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive squid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_squid_server_packets',`
gen_require(`
type squid_server_packet_t;
')
dontaudit $1 squid_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive squid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_squid_server_packets',`
corenet_send_squid_server_packets($1)
corenet_receive_squid_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive squid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_squid_server_packets',`
corenet_dontaudit_send_squid_server_packets($1)
corenet_dontaudit_receive_squid_server_packets($1)
')
########################################
## <summary>
## Relabel packets to squid_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_squid_server_packets',`
gen_require(`
type squid_server_packet_t;
')
allow $1 squid_server_packet_t:packet relabelto;
')
# snmp and htcp
########################################
## <summary>
## Send and receive TCP traffic on the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ssh_port',`
gen_require(`
type ssh_port_t;
')
allow $1 ssh_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ssh_port',`
gen_require(`
type ssh_port_t;
')
allow $1 ssh_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ssh_port',`
gen_require(`
type ssh_port_t;
')
dontaudit $1 ssh_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ssh_port',`
gen_require(`
type ssh_port_t;
')
allow $1 ssh_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ssh_port',`
gen_require(`
type ssh_port_t;
')
dontaudit $1 ssh_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ssh_port',`
corenet_udp_send_ssh_port($1)
corenet_udp_receive_ssh_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ssh_port',`
corenet_dontaudit_udp_send_ssh_port($1)
corenet_dontaudit_udp_receive_ssh_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ssh_port',`
gen_require(`
type ssh_port_t;
')
allow $1 ssh_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ssh_port',`
gen_require(`
type ssh_port_t;
')
allow $1 ssh_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ssh_port',`
gen_require(`
type ssh_port_t;
')
allow $1 ssh_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ssh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ssh_client_packets',`
gen_require(`
type ssh_client_packet_t;
')
allow $1 ssh_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ssh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ssh_client_packets',`
gen_require(`
type ssh_client_packet_t;
')
dontaudit $1 ssh_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ssh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ssh_client_packets',`
gen_require(`
type ssh_client_packet_t;
')
allow $1 ssh_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ssh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ssh_client_packets',`
gen_require(`
type ssh_client_packet_t;
')
dontaudit $1 ssh_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ssh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ssh_client_packets',`
corenet_send_ssh_client_packets($1)
corenet_receive_ssh_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ssh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ssh_client_packets',`
corenet_dontaudit_send_ssh_client_packets($1)
corenet_dontaudit_receive_ssh_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ssh_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ssh_client_packets',`
gen_require(`
type ssh_client_packet_t;
')
allow $1 ssh_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ssh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ssh_server_packets',`
gen_require(`
type ssh_server_packet_t;
')
allow $1 ssh_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ssh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ssh_server_packets',`
gen_require(`
type ssh_server_packet_t;
')
dontaudit $1 ssh_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ssh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ssh_server_packets',`
gen_require(`
type ssh_server_packet_t;
')
allow $1 ssh_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ssh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ssh_server_packets',`
gen_require(`
type ssh_server_packet_t;
')
dontaudit $1 ssh_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ssh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ssh_server_packets',`
corenet_send_ssh_server_packets($1)
corenet_receive_ssh_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ssh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ssh_server_packets',`
corenet_dontaudit_send_ssh_server_packets($1)
corenet_dontaudit_receive_ssh_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ssh_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ssh_server_packets',`
gen_require(`
type ssh_server_packet_t;
')
allow $1 ssh_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_streaming_port',`
gen_require(`
type streaming_port_t;
')
allow $1 streaming_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_streaming_port',`
gen_require(`
type streaming_port_t;
')
allow $1 streaming_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_streaming_port',`
gen_require(`
type streaming_port_t;
')
dontaudit $1 streaming_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_streaming_port',`
gen_require(`
type streaming_port_t;
')
allow $1 streaming_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_streaming_port',`
gen_require(`
type streaming_port_t;
')
dontaudit $1 streaming_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_streaming_port',`
corenet_udp_send_streaming_port($1)
corenet_udp_receive_streaming_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_streaming_port',`
corenet_dontaudit_udp_send_streaming_port($1)
corenet_dontaudit_udp_receive_streaming_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_streaming_port',`
gen_require(`
type streaming_port_t;
')
allow $1 streaming_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_streaming_port',`
gen_require(`
type streaming_port_t;
')
allow $1 streaming_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_streaming_port',`
gen_require(`
type streaming_port_t;
')
allow $1 streaming_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send streaming_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_streaming_client_packets',`
gen_require(`
type streaming_client_packet_t;
')
allow $1 streaming_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send streaming_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_streaming_client_packets',`
gen_require(`
type streaming_client_packet_t;
')
dontaudit $1 streaming_client_packet_t:packet send;
')
########################################
## <summary>
## Receive streaming_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_streaming_client_packets',`
gen_require(`
type streaming_client_packet_t;
')
allow $1 streaming_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive streaming_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_streaming_client_packets',`
gen_require(`
type streaming_client_packet_t;
')
dontaudit $1 streaming_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive streaming_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_streaming_client_packets',`
corenet_send_streaming_client_packets($1)
corenet_receive_streaming_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive streaming_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_streaming_client_packets',`
corenet_dontaudit_send_streaming_client_packets($1)
corenet_dontaudit_receive_streaming_client_packets($1)
')
########################################
## <summary>
## Relabel packets to streaming_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_streaming_client_packets',`
gen_require(`
type streaming_client_packet_t;
')
allow $1 streaming_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send streaming_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_streaming_server_packets',`
gen_require(`
type streaming_server_packet_t;
')
allow $1 streaming_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send streaming_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_streaming_server_packets',`
gen_require(`
type streaming_server_packet_t;
')
dontaudit $1 streaming_server_packet_t:packet send;
')
########################################
## <summary>
## Receive streaming_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_streaming_server_packets',`
gen_require(`
type streaming_server_packet_t;
')
allow $1 streaming_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive streaming_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_streaming_server_packets',`
gen_require(`
type streaming_server_packet_t;
')
dontaudit $1 streaming_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive streaming_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_streaming_server_packets',`
corenet_send_streaming_server_packets($1)
corenet_receive_streaming_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive streaming_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_streaming_server_packets',`
corenet_dontaudit_send_streaming_server_packets($1)
corenet_dontaudit_receive_streaming_server_packets($1)
')
########################################
## <summary>
## Relabel packets to streaming_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_streaming_server_packets',`
gen_require(`
type streaming_server_packet_t;
')
allow $1 streaming_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_svn_port',`
gen_require(`
type svn_port_t;
')
allow $1 svn_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_svn_port',`
gen_require(`
type svn_port_t;
')
allow $1 svn_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_svn_port',`
gen_require(`
type svn_port_t;
')
dontaudit $1 svn_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_svn_port',`
gen_require(`
type svn_port_t;
')
allow $1 svn_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_svn_port',`
gen_require(`
type svn_port_t;
')
dontaudit $1 svn_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_svn_port',`
corenet_udp_send_svn_port($1)
corenet_udp_receive_svn_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_svn_port',`
corenet_dontaudit_udp_send_svn_port($1)
corenet_dontaudit_udp_receive_svn_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_svn_port',`
gen_require(`
type svn_port_t;
')
allow $1 svn_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_svn_port',`
gen_require(`
type svn_port_t;
')
allow $1 svn_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_svn_port',`
gen_require(`
type svn_port_t;
')
allow $1 svn_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send svn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_svn_client_packets',`
gen_require(`
type svn_client_packet_t;
')
allow $1 svn_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send svn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_svn_client_packets',`
gen_require(`
type svn_client_packet_t;
')
dontaudit $1 svn_client_packet_t:packet send;
')
########################################
## <summary>
## Receive svn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_svn_client_packets',`
gen_require(`
type svn_client_packet_t;
')
allow $1 svn_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive svn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_svn_client_packets',`
gen_require(`
type svn_client_packet_t;
')
dontaudit $1 svn_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive svn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_svn_client_packets',`
corenet_send_svn_client_packets($1)
corenet_receive_svn_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive svn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_svn_client_packets',`
corenet_dontaudit_send_svn_client_packets($1)
corenet_dontaudit_receive_svn_client_packets($1)
')
########################################
## <summary>
## Relabel packets to svn_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_svn_client_packets',`
gen_require(`
type svn_client_packet_t;
')
allow $1 svn_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send svn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_svn_server_packets',`
gen_require(`
type svn_server_packet_t;
')
allow $1 svn_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send svn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_svn_server_packets',`
gen_require(`
type svn_server_packet_t;
')
dontaudit $1 svn_server_packet_t:packet send;
')
########################################
## <summary>
## Receive svn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_svn_server_packets',`
gen_require(`
type svn_server_packet_t;
')
allow $1 svn_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive svn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_svn_server_packets',`
gen_require(`
type svn_server_packet_t;
')
dontaudit $1 svn_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive svn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_svn_server_packets',`
corenet_send_svn_server_packets($1)
corenet_receive_svn_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive svn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_svn_server_packets',`
corenet_dontaudit_send_svn_server_packets($1)
corenet_dontaudit_receive_svn_server_packets($1)
')
########################################
## <summary>
## Relabel packets to svn_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_svn_server_packets',`
gen_require(`
type svn_server_packet_t;
')
allow $1 svn_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_swat_port',`
gen_require(`
type swat_port_t;
')
allow $1 swat_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_swat_port',`
gen_require(`
type swat_port_t;
')
allow $1 swat_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_swat_port',`
gen_require(`
type swat_port_t;
')
dontaudit $1 swat_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_swat_port',`
gen_require(`
type swat_port_t;
')
allow $1 swat_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_swat_port',`
gen_require(`
type swat_port_t;
')
dontaudit $1 swat_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_swat_port',`
corenet_udp_send_swat_port($1)
corenet_udp_receive_swat_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_swat_port',`
corenet_dontaudit_udp_send_swat_port($1)
corenet_dontaudit_udp_receive_swat_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_swat_port',`
gen_require(`
type swat_port_t;
')
allow $1 swat_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_swat_port',`
gen_require(`
type swat_port_t;
')
allow $1 swat_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_swat_port',`
gen_require(`
type swat_port_t;
')
allow $1 swat_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send swat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_swat_client_packets',`
gen_require(`
type swat_client_packet_t;
')
allow $1 swat_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send swat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_swat_client_packets',`
gen_require(`
type swat_client_packet_t;
')
dontaudit $1 swat_client_packet_t:packet send;
')
########################################
## <summary>
## Receive swat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_swat_client_packets',`
gen_require(`
type swat_client_packet_t;
')
allow $1 swat_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive swat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_swat_client_packets',`
gen_require(`
type swat_client_packet_t;
')
dontaudit $1 swat_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive swat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_swat_client_packets',`
corenet_send_swat_client_packets($1)
corenet_receive_swat_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive swat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_swat_client_packets',`
corenet_dontaudit_send_swat_client_packets($1)
corenet_dontaudit_receive_swat_client_packets($1)
')
########################################
## <summary>
## Relabel packets to swat_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_swat_client_packets',`
gen_require(`
type swat_client_packet_t;
')
allow $1 swat_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send swat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_swat_server_packets',`
gen_require(`
type swat_server_packet_t;
')
allow $1 swat_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send swat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_swat_server_packets',`
gen_require(`
type swat_server_packet_t;
')
dontaudit $1 swat_server_packet_t:packet send;
')
########################################
## <summary>
## Receive swat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_swat_server_packets',`
gen_require(`
type swat_server_packet_t;
')
allow $1 swat_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive swat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_swat_server_packets',`
gen_require(`
type swat_server_packet_t;
')
dontaudit $1 swat_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive swat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_swat_server_packets',`
corenet_send_swat_server_packets($1)
corenet_receive_swat_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive swat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_swat_server_packets',`
corenet_dontaudit_send_swat_server_packets($1)
corenet_dontaudit_receive_swat_server_packets($1)
')
########################################
## <summary>
## Relabel packets to swat_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_swat_server_packets',`
gen_require(`
type swat_server_packet_t;
')
allow $1 swat_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the sype port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_sype_port',`
gen_require(`
type sype_port_t;
')
allow $1 sype_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the sype port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_sype_port',`
gen_require(`
type sype_port_t;
')
allow $1 sype_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the sype port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_sype_port',`
gen_require(`
type sype_port_t;
')
dontaudit $1 sype_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the sype port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_sype_port',`
gen_require(`
type sype_port_t;
')
allow $1 sype_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the sype port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_sype_port',`
gen_require(`
type sype_port_t;
')
dontaudit $1 sype_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the sype port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_sype_port',`
corenet_udp_send_sype_port($1)
corenet_udp_receive_sype_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the sype port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_sype_port',`
corenet_dontaudit_udp_send_sype_port($1)
corenet_dontaudit_udp_receive_sype_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the sype port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_sype_port',`
gen_require(`
type sype_port_t;
')
allow $1 sype_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the sype port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_sype_port',`
gen_require(`
type sype_port_t;
')
allow $1 sype_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the sype port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_sype_port',`
gen_require(`
type sype_port_t;
')
allow $1 sype_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send sype_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sype_client_packets',`
gen_require(`
type sype_client_packet_t;
')
allow $1 sype_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sype_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sype_client_packets',`
gen_require(`
type sype_client_packet_t;
')
dontaudit $1 sype_client_packet_t:packet send;
')
########################################
## <summary>
## Receive sype_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sype_client_packets',`
gen_require(`
type sype_client_packet_t;
')
allow $1 sype_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sype_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sype_client_packets',`
gen_require(`
type sype_client_packet_t;
')
dontaudit $1 sype_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sype_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sype_client_packets',`
corenet_send_sype_client_packets($1)
corenet_receive_sype_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sype_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sype_client_packets',`
corenet_dontaudit_send_sype_client_packets($1)
corenet_dontaudit_receive_sype_client_packets($1)
')
########################################
## <summary>
## Relabel packets to sype_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sype_client_packets',`
gen_require(`
type sype_client_packet_t;
')
allow $1 sype_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send sype_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sype_server_packets',`
gen_require(`
type sype_server_packet_t;
')
allow $1 sype_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sype_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sype_server_packets',`
gen_require(`
type sype_server_packet_t;
')
dontaudit $1 sype_server_packet_t:packet send;
')
########################################
## <summary>
## Receive sype_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sype_server_packets',`
gen_require(`
type sype_server_packet_t;
')
allow $1 sype_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sype_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sype_server_packets',`
gen_require(`
type sype_server_packet_t;
')
dontaudit $1 sype_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sype_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sype_server_packets',`
corenet_send_sype_server_packets($1)
corenet_receive_sype_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sype_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sype_server_packets',`
corenet_dontaudit_send_sype_server_packets($1)
corenet_dontaudit_receive_sype_server_packets($1)
')
########################################
## <summary>
## Relabel packets to sype_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sype_server_packets',`
gen_require(`
type sype_server_packet_t;
')
allow $1 sype_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_syslogd_port',`
gen_require(`
type syslogd_port_t;
')
allow $1 syslogd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_syslogd_port',`
gen_require(`
type syslogd_port_t;
')
allow $1 syslogd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_syslogd_port',`
gen_require(`
type syslogd_port_t;
')
dontaudit $1 syslogd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_syslogd_port',`
gen_require(`
type syslogd_port_t;
')
allow $1 syslogd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_syslogd_port',`
gen_require(`
type syslogd_port_t;
')
dontaudit $1 syslogd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_syslogd_port',`
corenet_udp_send_syslogd_port($1)
corenet_udp_receive_syslogd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_syslogd_port',`
corenet_dontaudit_udp_send_syslogd_port($1)
corenet_dontaudit_udp_receive_syslogd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_syslogd_port',`
gen_require(`
type syslogd_port_t;
')
allow $1 syslogd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_syslogd_port',`
gen_require(`
type syslogd_port_t;
')
allow $1 syslogd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_syslogd_port',`
gen_require(`
type syslogd_port_t;
')
allow $1 syslogd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send syslogd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_syslogd_client_packets',`
gen_require(`
type syslogd_client_packet_t;
')
allow $1 syslogd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send syslogd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_syslogd_client_packets',`
gen_require(`
type syslogd_client_packet_t;
')
dontaudit $1 syslogd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive syslogd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_syslogd_client_packets',`
gen_require(`
type syslogd_client_packet_t;
')
allow $1 syslogd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive syslogd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_syslogd_client_packets',`
gen_require(`
type syslogd_client_packet_t;
')
dontaudit $1 syslogd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive syslogd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_syslogd_client_packets',`
corenet_send_syslogd_client_packets($1)
corenet_receive_syslogd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive syslogd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_syslogd_client_packets',`
corenet_dontaudit_send_syslogd_client_packets($1)
corenet_dontaudit_receive_syslogd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to syslogd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_syslogd_client_packets',`
gen_require(`
type syslogd_client_packet_t;
')
allow $1 syslogd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send syslogd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_syslogd_server_packets',`
gen_require(`
type syslogd_server_packet_t;
')
allow $1 syslogd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send syslogd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_syslogd_server_packets',`
gen_require(`
type syslogd_server_packet_t;
')
dontaudit $1 syslogd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive syslogd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_syslogd_server_packets',`
gen_require(`
type syslogd_server_packet_t;
')
allow $1 syslogd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive syslogd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_syslogd_server_packets',`
gen_require(`
type syslogd_server_packet_t;
')
dontaudit $1 syslogd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive syslogd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_syslogd_server_packets',`
corenet_send_syslogd_server_packets($1)
corenet_receive_syslogd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive syslogd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_syslogd_server_packets',`
corenet_dontaudit_send_syslogd_server_packets($1)
corenet_dontaudit_receive_syslogd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to syslogd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_syslogd_server_packets',`
gen_require(`
type syslogd_server_packet_t;
')
allow $1 syslogd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_telnetd_port',`
gen_require(`
type telnetd_port_t;
')
allow $1 telnetd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_telnetd_port',`
gen_require(`
type telnetd_port_t;
')
allow $1 telnetd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_telnetd_port',`
gen_require(`
type telnetd_port_t;
')
dontaudit $1 telnetd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_telnetd_port',`
gen_require(`
type telnetd_port_t;
')
allow $1 telnetd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_telnetd_port',`
gen_require(`
type telnetd_port_t;
')
dontaudit $1 telnetd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_telnetd_port',`
corenet_udp_send_telnetd_port($1)
corenet_udp_receive_telnetd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_telnetd_port',`
corenet_dontaudit_udp_send_telnetd_port($1)
corenet_dontaudit_udp_receive_telnetd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_telnetd_port',`
gen_require(`
type telnetd_port_t;
')
allow $1 telnetd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_telnetd_port',`
gen_require(`
type telnetd_port_t;
')
allow $1 telnetd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_telnetd_port',`
gen_require(`
type telnetd_port_t;
')
allow $1 telnetd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send telnetd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_telnetd_client_packets',`
gen_require(`
type telnetd_client_packet_t;
')
allow $1 telnetd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send telnetd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_telnetd_client_packets',`
gen_require(`
type telnetd_client_packet_t;
')
dontaudit $1 telnetd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive telnetd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_telnetd_client_packets',`
gen_require(`
type telnetd_client_packet_t;
')
allow $1 telnetd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive telnetd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_telnetd_client_packets',`
gen_require(`
type telnetd_client_packet_t;
')
dontaudit $1 telnetd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive telnetd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_telnetd_client_packets',`
corenet_send_telnetd_client_packets($1)
corenet_receive_telnetd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive telnetd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_telnetd_client_packets',`
corenet_dontaudit_send_telnetd_client_packets($1)
corenet_dontaudit_receive_telnetd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to telnetd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_telnetd_client_packets',`
gen_require(`
type telnetd_client_packet_t;
')
allow $1 telnetd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send telnetd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_telnetd_server_packets',`
gen_require(`
type telnetd_server_packet_t;
')
allow $1 telnetd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send telnetd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_telnetd_server_packets',`
gen_require(`
type telnetd_server_packet_t;
')
dontaudit $1 telnetd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive telnetd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_telnetd_server_packets',`
gen_require(`
type telnetd_server_packet_t;
')
allow $1 telnetd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive telnetd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_telnetd_server_packets',`
gen_require(`
type telnetd_server_packet_t;
')
dontaudit $1 telnetd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive telnetd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_telnetd_server_packets',`
corenet_send_telnetd_server_packets($1)
corenet_receive_telnetd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive telnetd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_telnetd_server_packets',`
corenet_dontaudit_send_telnetd_server_packets($1)
corenet_dontaudit_receive_telnetd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to telnetd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_telnetd_server_packets',`
gen_require(`
type telnetd_server_packet_t;
')
allow $1 telnetd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_tftp_port',`
gen_require(`
type tftp_port_t;
')
allow $1 tftp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_tftp_port',`
gen_require(`
type tftp_port_t;
')
allow $1 tftp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_tftp_port',`
gen_require(`
type tftp_port_t;
')
dontaudit $1 tftp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_tftp_port',`
gen_require(`
type tftp_port_t;
')
allow $1 tftp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_tftp_port',`
gen_require(`
type tftp_port_t;
')
dontaudit $1 tftp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_tftp_port',`
corenet_udp_send_tftp_port($1)
corenet_udp_receive_tftp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_tftp_port',`
corenet_dontaudit_udp_send_tftp_port($1)
corenet_dontaudit_udp_receive_tftp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_tftp_port',`
gen_require(`
type tftp_port_t;
')
allow $1 tftp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_tftp_port',`
gen_require(`
type tftp_port_t;
')
allow $1 tftp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_tftp_port',`
gen_require(`
type tftp_port_t;
')
allow $1 tftp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send tftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_tftp_client_packets',`
gen_require(`
type tftp_client_packet_t;
')
allow $1 tftp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send tftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_tftp_client_packets',`
gen_require(`
type tftp_client_packet_t;
')
dontaudit $1 tftp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive tftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_tftp_client_packets',`
gen_require(`
type tftp_client_packet_t;
')
allow $1 tftp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive tftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_tftp_client_packets',`
gen_require(`
type tftp_client_packet_t;
')
dontaudit $1 tftp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive tftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_tftp_client_packets',`
corenet_send_tftp_client_packets($1)
corenet_receive_tftp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive tftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_tftp_client_packets',`
corenet_dontaudit_send_tftp_client_packets($1)
corenet_dontaudit_receive_tftp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to tftp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_tftp_client_packets',`
gen_require(`
type tftp_client_packet_t;
')
allow $1 tftp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send tftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_tftp_server_packets',`
gen_require(`
type tftp_server_packet_t;
')
allow $1 tftp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send tftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_tftp_server_packets',`
gen_require(`
type tftp_server_packet_t;
')
dontaudit $1 tftp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive tftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_tftp_server_packets',`
gen_require(`
type tftp_server_packet_t;
')
allow $1 tftp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive tftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_tftp_server_packets',`
gen_require(`
type tftp_server_packet_t;
')
dontaudit $1 tftp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive tftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_tftp_server_packets',`
corenet_send_tftp_server_packets($1)
corenet_receive_tftp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive tftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_tftp_server_packets',`
corenet_dontaudit_send_tftp_server_packets($1)
corenet_dontaudit_receive_tftp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to tftp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_tftp_server_packets',`
gen_require(`
type tftp_server_packet_t;
')
allow $1 tftp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_tor_port',`
gen_require(`
type tor_port_t;
')
allow $1 tor_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_tor_port',`
gen_require(`
type tor_port_t;
')
allow $1 tor_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_tor_port',`
gen_require(`
type tor_port_t;
')
dontaudit $1 tor_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_tor_port',`
gen_require(`
type tor_port_t;
')
allow $1 tor_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_tor_port',`
gen_require(`
type tor_port_t;
')
dontaudit $1 tor_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_tor_port',`
corenet_udp_send_tor_port($1)
corenet_udp_receive_tor_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_tor_port',`
corenet_dontaudit_udp_send_tor_port($1)
corenet_dontaudit_udp_receive_tor_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_tor_port',`
gen_require(`
type tor_port_t;
')
allow $1 tor_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_tor_port',`
gen_require(`
type tor_port_t;
')
allow $1 tor_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_tor_port',`
gen_require(`
type tor_port_t;
')
allow $1 tor_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send tor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_tor_client_packets',`
gen_require(`
type tor_client_packet_t;
')
allow $1 tor_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send tor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_tor_client_packets',`
gen_require(`
type tor_client_packet_t;
')
dontaudit $1 tor_client_packet_t:packet send;
')
########################################
## <summary>
## Receive tor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_tor_client_packets',`
gen_require(`
type tor_client_packet_t;
')
allow $1 tor_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive tor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_tor_client_packets',`
gen_require(`
type tor_client_packet_t;
')
dontaudit $1 tor_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive tor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_tor_client_packets',`
corenet_send_tor_client_packets($1)
corenet_receive_tor_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive tor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_tor_client_packets',`
corenet_dontaudit_send_tor_client_packets($1)
corenet_dontaudit_receive_tor_client_packets($1)
')
########################################
## <summary>
## Relabel packets to tor_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_tor_client_packets',`
gen_require(`
type tor_client_packet_t;
')
allow $1 tor_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send tor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_tor_server_packets',`
gen_require(`
type tor_server_packet_t;
')
allow $1 tor_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send tor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_tor_server_packets',`
gen_require(`
type tor_server_packet_t;
')
dontaudit $1 tor_server_packet_t:packet send;
')
########################################
## <summary>
## Receive tor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_tor_server_packets',`
gen_require(`
type tor_server_packet_t;
')
allow $1 tor_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive tor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_tor_server_packets',`
gen_require(`
type tor_server_packet_t;
')
dontaudit $1 tor_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive tor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_tor_server_packets',`
corenet_send_tor_server_packets($1)
corenet_receive_tor_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive tor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_tor_server_packets',`
corenet_dontaudit_send_tor_server_packets($1)
corenet_dontaudit_receive_tor_server_packets($1)
')
########################################
## <summary>
## Relabel packets to tor_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_tor_server_packets',`
gen_require(`
type tor_server_packet_t;
')
allow $1 tor_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the tor_socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_tor_socks_port',`
gen_require(`
type tor_socks_port_t;
')
allow $1 tor_socks_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the tor_socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_tor_socks_port',`
gen_require(`
type tor_socks_port_t;
')
allow $1 tor_socks_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the tor_socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_tor_socks_port',`
gen_require(`
type tor_socks_port_t;
')
dontaudit $1 tor_socks_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the tor_socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_tor_socks_port',`
gen_require(`
type tor_socks_port_t;
')
allow $1 tor_socks_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the tor_socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_tor_socks_port',`
gen_require(`
type tor_socks_port_t;
')
dontaudit $1 tor_socks_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the tor_socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_tor_socks_port',`
corenet_udp_send_tor_socks_port($1)
corenet_udp_receive_tor_socks_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the tor_socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_tor_socks_port',`
corenet_dontaudit_udp_send_tor_socks_port($1)
corenet_dontaudit_udp_receive_tor_socks_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the tor_socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_tor_socks_port',`
gen_require(`
type tor_socks_port_t;
')
allow $1 tor_socks_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the tor_socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_tor_socks_port',`
gen_require(`
type tor_socks_port_t;
')
allow $1 tor_socks_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the tor_socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_tor_socks_port',`
gen_require(`
type tor_socks_port_t;
')
allow $1 tor_socks_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send tor_socks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_tor_socks_client_packets',`
gen_require(`
type tor_socks_client_packet_t;
')
allow $1 tor_socks_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send tor_socks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_tor_socks_client_packets',`
gen_require(`
type tor_socks_client_packet_t;
')
dontaudit $1 tor_socks_client_packet_t:packet send;
')
########################################
## <summary>
## Receive tor_socks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_tor_socks_client_packets',`
gen_require(`
type tor_socks_client_packet_t;
')
allow $1 tor_socks_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive tor_socks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_tor_socks_client_packets',`
gen_require(`
type tor_socks_client_packet_t;
')
dontaudit $1 tor_socks_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive tor_socks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_tor_socks_client_packets',`
corenet_send_tor_socks_client_packets($1)
corenet_receive_tor_socks_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive tor_socks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_tor_socks_client_packets',`
corenet_dontaudit_send_tor_socks_client_packets($1)
corenet_dontaudit_receive_tor_socks_client_packets($1)
')
########################################
## <summary>
## Relabel packets to tor_socks_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_tor_socks_client_packets',`
gen_require(`
type tor_socks_client_packet_t;
')
allow $1 tor_socks_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send tor_socks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_tor_socks_server_packets',`
gen_require(`
type tor_socks_server_packet_t;
')
allow $1 tor_socks_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send tor_socks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_tor_socks_server_packets',`
gen_require(`
type tor_socks_server_packet_t;
')
dontaudit $1 tor_socks_server_packet_t:packet send;
')
########################################
## <summary>
## Receive tor_socks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_tor_socks_server_packets',`
gen_require(`
type tor_socks_server_packet_t;
')
allow $1 tor_socks_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive tor_socks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_tor_socks_server_packets',`
gen_require(`
type tor_socks_server_packet_t;
')
dontaudit $1 tor_socks_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive tor_socks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_tor_socks_server_packets',`
corenet_send_tor_socks_server_packets($1)
corenet_receive_tor_socks_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive tor_socks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_tor_socks_server_packets',`
corenet_dontaudit_send_tor_socks_server_packets($1)
corenet_dontaudit_receive_tor_socks_server_packets($1)
')
########################################
## <summary>
## Relabel packets to tor_socks_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_tor_socks_server_packets',`
gen_require(`
type tor_socks_server_packet_t;
')
allow $1 tor_socks_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_traceroute_port',`
gen_require(`
type traceroute_port_t;
')
allow $1 traceroute_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_traceroute_port',`
gen_require(`
type traceroute_port_t;
')
allow $1 traceroute_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_traceroute_port',`
gen_require(`
type traceroute_port_t;
')
dontaudit $1 traceroute_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_traceroute_port',`
gen_require(`
type traceroute_port_t;
')
allow $1 traceroute_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_traceroute_port',`
gen_require(`
type traceroute_port_t;
')
dontaudit $1 traceroute_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_traceroute_port',`
corenet_udp_send_traceroute_port($1)
corenet_udp_receive_traceroute_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_traceroute_port',`
corenet_dontaudit_udp_send_traceroute_port($1)
corenet_dontaudit_udp_receive_traceroute_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_traceroute_port',`
gen_require(`
type traceroute_port_t;
')
allow $1 traceroute_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_traceroute_port',`
gen_require(`
type traceroute_port_t;
')
allow $1 traceroute_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_traceroute_port',`
gen_require(`
type traceroute_port_t;
')
allow $1 traceroute_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send traceroute_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_traceroute_client_packets',`
gen_require(`
type traceroute_client_packet_t;
')
allow $1 traceroute_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send traceroute_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_traceroute_client_packets',`
gen_require(`
type traceroute_client_packet_t;
')
dontaudit $1 traceroute_client_packet_t:packet send;
')
########################################
## <summary>
## Receive traceroute_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_traceroute_client_packets',`
gen_require(`
type traceroute_client_packet_t;
')
allow $1 traceroute_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive traceroute_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_traceroute_client_packets',`
gen_require(`
type traceroute_client_packet_t;
')
dontaudit $1 traceroute_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive traceroute_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_traceroute_client_packets',`
corenet_send_traceroute_client_packets($1)
corenet_receive_traceroute_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive traceroute_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_traceroute_client_packets',`
corenet_dontaudit_send_traceroute_client_packets($1)
corenet_dontaudit_receive_traceroute_client_packets($1)
')
########################################
## <summary>
## Relabel packets to traceroute_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_traceroute_client_packets',`
gen_require(`
type traceroute_client_packet_t;
')
allow $1 traceroute_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send traceroute_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_traceroute_server_packets',`
gen_require(`
type traceroute_server_packet_t;
')
allow $1 traceroute_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send traceroute_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_traceroute_server_packets',`
gen_require(`
type traceroute_server_packet_t;
')
dontaudit $1 traceroute_server_packet_t:packet send;
')
########################################
## <summary>
## Receive traceroute_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_traceroute_server_packets',`
gen_require(`
type traceroute_server_packet_t;
')
allow $1 traceroute_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive traceroute_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_traceroute_server_packets',`
gen_require(`
type traceroute_server_packet_t;
')
dontaudit $1 traceroute_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive traceroute_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_traceroute_server_packets',`
corenet_send_traceroute_server_packets($1)
corenet_receive_traceroute_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive traceroute_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_traceroute_server_packets',`
corenet_dontaudit_send_traceroute_server_packets($1)
corenet_dontaudit_receive_traceroute_server_packets($1)
')
########################################
## <summary>
## Relabel packets to traceroute_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_traceroute_server_packets',`
gen_require(`
type traceroute_server_packet_t;
')
allow $1 traceroute_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_transproxy_port',`
gen_require(`
type transproxy_port_t;
')
allow $1 transproxy_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_transproxy_port',`
gen_require(`
type transproxy_port_t;
')
allow $1 transproxy_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_transproxy_port',`
gen_require(`
type transproxy_port_t;
')
dontaudit $1 transproxy_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_transproxy_port',`
gen_require(`
type transproxy_port_t;
')
allow $1 transproxy_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_transproxy_port',`
gen_require(`
type transproxy_port_t;
')
dontaudit $1 transproxy_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_transproxy_port',`
corenet_udp_send_transproxy_port($1)
corenet_udp_receive_transproxy_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_transproxy_port',`
corenet_dontaudit_udp_send_transproxy_port($1)
corenet_dontaudit_udp_receive_transproxy_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_transproxy_port',`
gen_require(`
type transproxy_port_t;
')
allow $1 transproxy_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_transproxy_port',`
gen_require(`
type transproxy_port_t;
')
allow $1 transproxy_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_transproxy_port',`
gen_require(`
type transproxy_port_t;
')
allow $1 transproxy_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send transproxy_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_transproxy_client_packets',`
gen_require(`
type transproxy_client_packet_t;
')
allow $1 transproxy_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send transproxy_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_transproxy_client_packets',`
gen_require(`
type transproxy_client_packet_t;
')
dontaudit $1 transproxy_client_packet_t:packet send;
')
########################################
## <summary>
## Receive transproxy_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_transproxy_client_packets',`
gen_require(`
type transproxy_client_packet_t;
')
allow $1 transproxy_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive transproxy_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_transproxy_client_packets',`
gen_require(`
type transproxy_client_packet_t;
')
dontaudit $1 transproxy_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive transproxy_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_transproxy_client_packets',`
corenet_send_transproxy_client_packets($1)
corenet_receive_transproxy_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive transproxy_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_transproxy_client_packets',`
corenet_dontaudit_send_transproxy_client_packets($1)
corenet_dontaudit_receive_transproxy_client_packets($1)
')
########################################
## <summary>
## Relabel packets to transproxy_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_transproxy_client_packets',`
gen_require(`
type transproxy_client_packet_t;
')
allow $1 transproxy_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send transproxy_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_transproxy_server_packets',`
gen_require(`
type transproxy_server_packet_t;
')
allow $1 transproxy_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send transproxy_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_transproxy_server_packets',`
gen_require(`
type transproxy_server_packet_t;
')
dontaudit $1 transproxy_server_packet_t:packet send;
')
########################################
## <summary>
## Receive transproxy_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_transproxy_server_packets',`
gen_require(`
type transproxy_server_packet_t;
')
allow $1 transproxy_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive transproxy_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_transproxy_server_packets',`
gen_require(`
type transproxy_server_packet_t;
')
dontaudit $1 transproxy_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive transproxy_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_transproxy_server_packets',`
corenet_send_transproxy_server_packets($1)
corenet_receive_transproxy_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive transproxy_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_transproxy_server_packets',`
corenet_dontaudit_send_transproxy_server_packets($1)
corenet_dontaudit_receive_transproxy_server_packets($1)
')
########################################
## <summary>
## Relabel packets to transproxy_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_transproxy_server_packets',`
gen_require(`
type transproxy_server_packet_t;
')
allow $1 transproxy_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ups_port',`
gen_require(`
type ups_port_t;
')
allow $1 ups_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ups_port',`
gen_require(`
type ups_port_t;
')
allow $1 ups_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ups_port',`
gen_require(`
type ups_port_t;
')
dontaudit $1 ups_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ups_port',`
gen_require(`
type ups_port_t;
')
allow $1 ups_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ups_port',`
gen_require(`
type ups_port_t;
')
dontaudit $1 ups_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ups_port',`
corenet_udp_send_ups_port($1)
corenet_udp_receive_ups_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ups_port',`
corenet_dontaudit_udp_send_ups_port($1)
corenet_dontaudit_udp_receive_ups_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ups_port',`
gen_require(`
type ups_port_t;
')
allow $1 ups_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ups_port',`
gen_require(`
type ups_port_t;
')
allow $1 ups_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ups_port',`
gen_require(`
type ups_port_t;
')
allow $1 ups_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ups_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ups_client_packets',`
gen_require(`
type ups_client_packet_t;
')
allow $1 ups_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ups_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ups_client_packets',`
gen_require(`
type ups_client_packet_t;
')
dontaudit $1 ups_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ups_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ups_client_packets',`
gen_require(`
type ups_client_packet_t;
')
allow $1 ups_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ups_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ups_client_packets',`
gen_require(`
type ups_client_packet_t;
')
dontaudit $1 ups_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ups_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ups_client_packets',`
corenet_send_ups_client_packets($1)
corenet_receive_ups_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ups_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ups_client_packets',`
corenet_dontaudit_send_ups_client_packets($1)
corenet_dontaudit_receive_ups_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ups_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ups_client_packets',`
gen_require(`
type ups_client_packet_t;
')
allow $1 ups_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ups_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ups_server_packets',`
gen_require(`
type ups_server_packet_t;
')
allow $1 ups_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ups_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ups_server_packets',`
gen_require(`
type ups_server_packet_t;
')
dontaudit $1 ups_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ups_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ups_server_packets',`
gen_require(`
type ups_server_packet_t;
')
allow $1 ups_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ups_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ups_server_packets',`
gen_require(`
type ups_server_packet_t;
')
dontaudit $1 ups_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ups_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ups_server_packets',`
corenet_send_ups_server_packets($1)
corenet_receive_ups_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ups_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ups_server_packets',`
corenet_dontaudit_send_ups_server_packets($1)
corenet_dontaudit_receive_ups_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ups_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ups_server_packets',`
gen_require(`
type ups_server_packet_t;
')
allow $1 ups_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_uucpd_port',`
gen_require(`
type uucpd_port_t;
')
allow $1 uucpd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_uucpd_port',`
gen_require(`
type uucpd_port_t;
')
allow $1 uucpd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_uucpd_port',`
gen_require(`
type uucpd_port_t;
')
dontaudit $1 uucpd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_uucpd_port',`
gen_require(`
type uucpd_port_t;
')
allow $1 uucpd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_uucpd_port',`
gen_require(`
type uucpd_port_t;
')
dontaudit $1 uucpd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_uucpd_port',`
corenet_udp_send_uucpd_port($1)
corenet_udp_receive_uucpd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_uucpd_port',`
corenet_dontaudit_udp_send_uucpd_port($1)
corenet_dontaudit_udp_receive_uucpd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_uucpd_port',`
gen_require(`
type uucpd_port_t;
')
allow $1 uucpd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_uucpd_port',`
gen_require(`
type uucpd_port_t;
')
allow $1 uucpd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_uucpd_port',`
gen_require(`
type uucpd_port_t;
')
allow $1 uucpd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send uucpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_uucpd_client_packets',`
gen_require(`
type uucpd_client_packet_t;
')
allow $1 uucpd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send uucpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_uucpd_client_packets',`
gen_require(`
type uucpd_client_packet_t;
')
dontaudit $1 uucpd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive uucpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_uucpd_client_packets',`
gen_require(`
type uucpd_client_packet_t;
')
allow $1 uucpd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive uucpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_uucpd_client_packets',`
gen_require(`
type uucpd_client_packet_t;
')
dontaudit $1 uucpd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive uucpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_uucpd_client_packets',`
corenet_send_uucpd_client_packets($1)
corenet_receive_uucpd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive uucpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_uucpd_client_packets',`
corenet_dontaudit_send_uucpd_client_packets($1)
corenet_dontaudit_receive_uucpd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to uucpd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_uucpd_client_packets',`
gen_require(`
type uucpd_client_packet_t;
')
allow $1 uucpd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send uucpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_uucpd_server_packets',`
gen_require(`
type uucpd_server_packet_t;
')
allow $1 uucpd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send uucpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_uucpd_server_packets',`
gen_require(`
type uucpd_server_packet_t;
')
dontaudit $1 uucpd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive uucpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_uucpd_server_packets',`
gen_require(`
type uucpd_server_packet_t;
')
allow $1 uucpd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive uucpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_uucpd_server_packets',`
gen_require(`
type uucpd_server_packet_t;
')
dontaudit $1 uucpd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive uucpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_uucpd_server_packets',`
corenet_send_uucpd_server_packets($1)
corenet_receive_uucpd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive uucpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_uucpd_server_packets',`
corenet_dontaudit_send_uucpd_server_packets($1)
corenet_dontaudit_receive_uucpd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to uucpd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_uucpd_server_packets',`
gen_require(`
type uucpd_server_packet_t;
')
allow $1 uucpd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_varnishd_port',`
gen_require(`
type varnishd_port_t;
')
allow $1 varnishd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_varnishd_port',`
gen_require(`
type varnishd_port_t;
')
allow $1 varnishd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_varnishd_port',`
gen_require(`
type varnishd_port_t;
')
dontaudit $1 varnishd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_varnishd_port',`
gen_require(`
type varnishd_port_t;
')
allow $1 varnishd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_varnishd_port',`
gen_require(`
type varnishd_port_t;
')
dontaudit $1 varnishd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_varnishd_port',`
corenet_udp_send_varnishd_port($1)
corenet_udp_receive_varnishd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_varnishd_port',`
corenet_dontaudit_udp_send_varnishd_port($1)
corenet_dontaudit_udp_receive_varnishd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_varnishd_port',`
gen_require(`
type varnishd_port_t;
')
allow $1 varnishd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_varnishd_port',`
gen_require(`
type varnishd_port_t;
')
allow $1 varnishd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_varnishd_port',`
gen_require(`
type varnishd_port_t;
')
allow $1 varnishd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send varnishd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_varnishd_client_packets',`
gen_require(`
type varnishd_client_packet_t;
')
allow $1 varnishd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send varnishd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_varnishd_client_packets',`
gen_require(`
type varnishd_client_packet_t;
')
dontaudit $1 varnishd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive varnishd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_varnishd_client_packets',`
gen_require(`
type varnishd_client_packet_t;
')
allow $1 varnishd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive varnishd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_varnishd_client_packets',`
gen_require(`
type varnishd_client_packet_t;
')
dontaudit $1 varnishd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive varnishd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_varnishd_client_packets',`
corenet_send_varnishd_client_packets($1)
corenet_receive_varnishd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive varnishd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_varnishd_client_packets',`
corenet_dontaudit_send_varnishd_client_packets($1)
corenet_dontaudit_receive_varnishd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to varnishd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_varnishd_client_packets',`
gen_require(`
type varnishd_client_packet_t;
')
allow $1 varnishd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send varnishd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_varnishd_server_packets',`
gen_require(`
type varnishd_server_packet_t;
')
allow $1 varnishd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send varnishd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_varnishd_server_packets',`
gen_require(`
type varnishd_server_packet_t;
')
dontaudit $1 varnishd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive varnishd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_varnishd_server_packets',`
gen_require(`
type varnishd_server_packet_t;
')
allow $1 varnishd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive varnishd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_varnishd_server_packets',`
gen_require(`
type varnishd_server_packet_t;
')
dontaudit $1 varnishd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive varnishd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_varnishd_server_packets',`
corenet_send_varnishd_server_packets($1)
corenet_receive_varnishd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive varnishd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_varnishd_server_packets',`
corenet_dontaudit_send_varnishd_server_packets($1)
corenet_dontaudit_receive_varnishd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to varnishd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_varnishd_server_packets',`
gen_require(`
type varnishd_server_packet_t;
')
allow $1 varnishd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_virt_port',`
gen_require(`
type virt_port_t;
')
allow $1 virt_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_virt_port',`
gen_require(`
type virt_port_t;
')
allow $1 virt_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_virt_port',`
gen_require(`
type virt_port_t;
')
dontaudit $1 virt_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_virt_port',`
gen_require(`
type virt_port_t;
')
allow $1 virt_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_virt_port',`
gen_require(`
type virt_port_t;
')
dontaudit $1 virt_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_virt_port',`
corenet_udp_send_virt_port($1)
corenet_udp_receive_virt_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_virt_port',`
corenet_dontaudit_udp_send_virt_port($1)
corenet_dontaudit_udp_receive_virt_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_virt_port',`
gen_require(`
type virt_port_t;
')
allow $1 virt_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_virt_port',`
gen_require(`
type virt_port_t;
')
allow $1 virt_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_virt_port',`
gen_require(`
type virt_port_t;
')
allow $1 virt_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send virt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_virt_client_packets',`
gen_require(`
type virt_client_packet_t;
')
allow $1 virt_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send virt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_virt_client_packets',`
gen_require(`
type virt_client_packet_t;
')
dontaudit $1 virt_client_packet_t:packet send;
')
########################################
## <summary>
## Receive virt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_virt_client_packets',`
gen_require(`
type virt_client_packet_t;
')
allow $1 virt_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive virt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_virt_client_packets',`
gen_require(`
type virt_client_packet_t;
')
dontaudit $1 virt_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive virt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_virt_client_packets',`
corenet_send_virt_client_packets($1)
corenet_receive_virt_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive virt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_virt_client_packets',`
corenet_dontaudit_send_virt_client_packets($1)
corenet_dontaudit_receive_virt_client_packets($1)
')
########################################
## <summary>
## Relabel packets to virt_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_virt_client_packets',`
gen_require(`
type virt_client_packet_t;
')
allow $1 virt_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send virt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_virt_server_packets',`
gen_require(`
type virt_server_packet_t;
')
allow $1 virt_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send virt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_virt_server_packets',`
gen_require(`
type virt_server_packet_t;
')
dontaudit $1 virt_server_packet_t:packet send;
')
########################################
## <summary>
## Receive virt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_virt_server_packets',`
gen_require(`
type virt_server_packet_t;
')
allow $1 virt_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive virt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_virt_server_packets',`
gen_require(`
type virt_server_packet_t;
')
dontaudit $1 virt_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive virt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_virt_server_packets',`
corenet_send_virt_server_packets($1)
corenet_receive_virt_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive virt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_virt_server_packets',`
corenet_dontaudit_send_virt_server_packets($1)
corenet_dontaudit_receive_virt_server_packets($1)
')
########################################
## <summary>
## Relabel packets to virt_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_virt_server_packets',`
gen_require(`
type virt_server_packet_t;
')
allow $1 virt_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_virt_migration_port',`
gen_require(`
type virt_migration_port_t;
')
allow $1 virt_migration_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_virt_migration_port',`
gen_require(`
type virt_migration_port_t;
')
allow $1 virt_migration_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_virt_migration_port',`
gen_require(`
type virt_migration_port_t;
')
dontaudit $1 virt_migration_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_virt_migration_port',`
gen_require(`
type virt_migration_port_t;
')
allow $1 virt_migration_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_virt_migration_port',`
gen_require(`
type virt_migration_port_t;
')
dontaudit $1 virt_migration_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_virt_migration_port',`
corenet_udp_send_virt_migration_port($1)
corenet_udp_receive_virt_migration_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_virt_migration_port',`
corenet_dontaudit_udp_send_virt_migration_port($1)
corenet_dontaudit_udp_receive_virt_migration_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_virt_migration_port',`
gen_require(`
type virt_migration_port_t;
')
allow $1 virt_migration_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_virt_migration_port',`
gen_require(`
type virt_migration_port_t;
')
allow $1 virt_migration_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_virt_migration_port',`
gen_require(`
type virt_migration_port_t;
')
allow $1 virt_migration_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send virt_migration_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_virt_migration_client_packets',`
gen_require(`
type virt_migration_client_packet_t;
')
allow $1 virt_migration_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send virt_migration_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_virt_migration_client_packets',`
gen_require(`
type virt_migration_client_packet_t;
')
dontaudit $1 virt_migration_client_packet_t:packet send;
')
########################################
## <summary>
## Receive virt_migration_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_virt_migration_client_packets',`
gen_require(`
type virt_migration_client_packet_t;
')
allow $1 virt_migration_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive virt_migration_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_virt_migration_client_packets',`
gen_require(`
type virt_migration_client_packet_t;
')
dontaudit $1 virt_migration_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive virt_migration_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_virt_migration_client_packets',`
corenet_send_virt_migration_client_packets($1)
corenet_receive_virt_migration_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive virt_migration_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_virt_migration_client_packets',`
corenet_dontaudit_send_virt_migration_client_packets($1)
corenet_dontaudit_receive_virt_migration_client_packets($1)
')
########################################
## <summary>
## Relabel packets to virt_migration_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_virt_migration_client_packets',`
gen_require(`
type virt_migration_client_packet_t;
')
allow $1 virt_migration_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send virt_migration_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_virt_migration_server_packets',`
gen_require(`
type virt_migration_server_packet_t;
')
allow $1 virt_migration_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send virt_migration_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_virt_migration_server_packets',`
gen_require(`
type virt_migration_server_packet_t;
')
dontaudit $1 virt_migration_server_packet_t:packet send;
')
########################################
## <summary>
## Receive virt_migration_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_virt_migration_server_packets',`
gen_require(`
type virt_migration_server_packet_t;
')
allow $1 virt_migration_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive virt_migration_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_virt_migration_server_packets',`
gen_require(`
type virt_migration_server_packet_t;
')
dontaudit $1 virt_migration_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive virt_migration_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_virt_migration_server_packets',`
corenet_send_virt_migration_server_packets($1)
corenet_receive_virt_migration_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive virt_migration_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_virt_migration_server_packets',`
corenet_dontaudit_send_virt_migration_server_packets($1)
corenet_dontaudit_receive_virt_migration_server_packets($1)
')
########################################
## <summary>
## Relabel packets to virt_migration_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_virt_migration_server_packets',`
gen_require(`
type virt_migration_server_packet_t;
')
allow $1 virt_migration_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_vnc_port',`
gen_require(`
type vnc_port_t;
')
allow $1 vnc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_vnc_port',`
gen_require(`
type vnc_port_t;
')
allow $1 vnc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_vnc_port',`
gen_require(`
type vnc_port_t;
')
dontaudit $1 vnc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_vnc_port',`
gen_require(`
type vnc_port_t;
')
allow $1 vnc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_vnc_port',`
gen_require(`
type vnc_port_t;
')
dontaudit $1 vnc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_vnc_port',`
corenet_udp_send_vnc_port($1)
corenet_udp_receive_vnc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_vnc_port',`
corenet_dontaudit_udp_send_vnc_port($1)
corenet_dontaudit_udp_receive_vnc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_vnc_port',`
gen_require(`
type vnc_port_t;
')
allow $1 vnc_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_vnc_port',`
gen_require(`
type vnc_port_t;
')
allow $1 vnc_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_vnc_port',`
gen_require(`
type vnc_port_t;
')
allow $1 vnc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send vnc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_vnc_client_packets',`
gen_require(`
type vnc_client_packet_t;
')
allow $1 vnc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send vnc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_vnc_client_packets',`
gen_require(`
type vnc_client_packet_t;
')
dontaudit $1 vnc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive vnc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_vnc_client_packets',`
gen_require(`
type vnc_client_packet_t;
')
allow $1 vnc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive vnc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_vnc_client_packets',`
gen_require(`
type vnc_client_packet_t;
')
dontaudit $1 vnc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive vnc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_vnc_client_packets',`
corenet_send_vnc_client_packets($1)
corenet_receive_vnc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive vnc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_vnc_client_packets',`
corenet_dontaudit_send_vnc_client_packets($1)
corenet_dontaudit_receive_vnc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to vnc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_vnc_client_packets',`
gen_require(`
type vnc_client_packet_t;
')
allow $1 vnc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send vnc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_vnc_server_packets',`
gen_require(`
type vnc_server_packet_t;
')
allow $1 vnc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send vnc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_vnc_server_packets',`
gen_require(`
type vnc_server_packet_t;
')
dontaudit $1 vnc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive vnc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_vnc_server_packets',`
gen_require(`
type vnc_server_packet_t;
')
allow $1 vnc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive vnc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_vnc_server_packets',`
gen_require(`
type vnc_server_packet_t;
')
dontaudit $1 vnc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive vnc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_vnc_server_packets',`
corenet_send_vnc_server_packets($1)
corenet_receive_vnc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive vnc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_vnc_server_packets',`
corenet_dontaudit_send_vnc_server_packets($1)
corenet_dontaudit_receive_vnc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to vnc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_vnc_server_packets',`
gen_require(`
type vnc_server_packet_t;
')
allow $1 vnc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_wccp_port',`
gen_require(`
type wccp_port_t;
')
allow $1 wccp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_wccp_port',`
gen_require(`
type wccp_port_t;
')
allow $1 wccp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_wccp_port',`
gen_require(`
type wccp_port_t;
')
dontaudit $1 wccp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_wccp_port',`
gen_require(`
type wccp_port_t;
')
allow $1 wccp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_wccp_port',`
gen_require(`
type wccp_port_t;
')
dontaudit $1 wccp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_wccp_port',`
corenet_udp_send_wccp_port($1)
corenet_udp_receive_wccp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_wccp_port',`
corenet_dontaudit_udp_send_wccp_port($1)
corenet_dontaudit_udp_receive_wccp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_wccp_port',`
gen_require(`
type wccp_port_t;
')
allow $1 wccp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_wccp_port',`
gen_require(`
type wccp_port_t;
')
allow $1 wccp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_wccp_port',`
gen_require(`
type wccp_port_t;
')
allow $1 wccp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send wccp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_wccp_client_packets',`
gen_require(`
type wccp_client_packet_t;
')
allow $1 wccp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send wccp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_wccp_client_packets',`
gen_require(`
type wccp_client_packet_t;
')
dontaudit $1 wccp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive wccp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_wccp_client_packets',`
gen_require(`
type wccp_client_packet_t;
')
allow $1 wccp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive wccp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_wccp_client_packets',`
gen_require(`
type wccp_client_packet_t;
')
dontaudit $1 wccp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive wccp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_wccp_client_packets',`
corenet_send_wccp_client_packets($1)
corenet_receive_wccp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive wccp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_wccp_client_packets',`
corenet_dontaudit_send_wccp_client_packets($1)
corenet_dontaudit_receive_wccp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to wccp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_wccp_client_packets',`
gen_require(`
type wccp_client_packet_t;
')
allow $1 wccp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send wccp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_wccp_server_packets',`
gen_require(`
type wccp_server_packet_t;
')
allow $1 wccp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send wccp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_wccp_server_packets',`
gen_require(`
type wccp_server_packet_t;
')
dontaudit $1 wccp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive wccp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_wccp_server_packets',`
gen_require(`
type wccp_server_packet_t;
')
allow $1 wccp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive wccp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_wccp_server_packets',`
gen_require(`
type wccp_server_packet_t;
')
dontaudit $1 wccp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive wccp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_wccp_server_packets',`
corenet_send_wccp_server_packets($1)
corenet_receive_wccp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive wccp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_wccp_server_packets',`
corenet_dontaudit_send_wccp_server_packets($1)
corenet_dontaudit_receive_wccp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to wccp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_wccp_server_packets',`
gen_require(`
type wccp_server_packet_t;
')
allow $1 wccp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_websm_port',`
gen_require(`
type websm_port_t;
')
allow $1 websm_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_websm_port',`
gen_require(`
type websm_port_t;
')
allow $1 websm_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_websm_port',`
gen_require(`
type websm_port_t;
')
dontaudit $1 websm_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_websm_port',`
gen_require(`
type websm_port_t;
')
allow $1 websm_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_websm_port',`
gen_require(`
type websm_port_t;
')
dontaudit $1 websm_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_websm_port',`
corenet_udp_send_websm_port($1)
corenet_udp_receive_websm_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_websm_port',`
corenet_dontaudit_udp_send_websm_port($1)
corenet_dontaudit_udp_receive_websm_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_websm_port',`
gen_require(`
type websm_port_t;
')
allow $1 websm_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_websm_port',`
gen_require(`
type websm_port_t;
')
allow $1 websm_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_websm_port',`
gen_require(`
type websm_port_t;
')
allow $1 websm_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send websm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_websm_client_packets',`
gen_require(`
type websm_client_packet_t;
')
allow $1 websm_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send websm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_websm_client_packets',`
gen_require(`
type websm_client_packet_t;
')
dontaudit $1 websm_client_packet_t:packet send;
')
########################################
## <summary>
## Receive websm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_websm_client_packets',`
gen_require(`
type websm_client_packet_t;
')
allow $1 websm_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive websm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_websm_client_packets',`
gen_require(`
type websm_client_packet_t;
')
dontaudit $1 websm_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive websm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_websm_client_packets',`
corenet_send_websm_client_packets($1)
corenet_receive_websm_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive websm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_websm_client_packets',`
corenet_dontaudit_send_websm_client_packets($1)
corenet_dontaudit_receive_websm_client_packets($1)
')
########################################
## <summary>
## Relabel packets to websm_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_websm_client_packets',`
gen_require(`
type websm_client_packet_t;
')
allow $1 websm_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send websm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_websm_server_packets',`
gen_require(`
type websm_server_packet_t;
')
allow $1 websm_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send websm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_websm_server_packets',`
gen_require(`
type websm_server_packet_t;
')
dontaudit $1 websm_server_packet_t:packet send;
')
########################################
## <summary>
## Receive websm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_websm_server_packets',`
gen_require(`
type websm_server_packet_t;
')
allow $1 websm_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive websm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_websm_server_packets',`
gen_require(`
type websm_server_packet_t;
')
dontaudit $1 websm_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive websm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_websm_server_packets',`
corenet_send_websm_server_packets($1)
corenet_receive_websm_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive websm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_websm_server_packets',`
corenet_dontaudit_send_websm_server_packets($1)
corenet_dontaudit_receive_websm_server_packets($1)
')
########################################
## <summary>
## Relabel packets to websm_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_websm_server_packets',`
gen_require(`
type websm_server_packet_t;
')
allow $1 websm_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_whois_port',`
gen_require(`
type whois_port_t;
')
allow $1 whois_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_whois_port',`
gen_require(`
type whois_port_t;
')
allow $1 whois_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_whois_port',`
gen_require(`
type whois_port_t;
')
dontaudit $1 whois_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_whois_port',`
gen_require(`
type whois_port_t;
')
allow $1 whois_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_whois_port',`
gen_require(`
type whois_port_t;
')
dontaudit $1 whois_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_whois_port',`
corenet_udp_send_whois_port($1)
corenet_udp_receive_whois_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_whois_port',`
corenet_dontaudit_udp_send_whois_port($1)
corenet_dontaudit_udp_receive_whois_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_whois_port',`
gen_require(`
type whois_port_t;
')
allow $1 whois_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_whois_port',`
gen_require(`
type whois_port_t;
')
allow $1 whois_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_whois_port',`
gen_require(`
type whois_port_t;
')
allow $1 whois_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send whois_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_whois_client_packets',`
gen_require(`
type whois_client_packet_t;
')
allow $1 whois_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send whois_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_whois_client_packets',`
gen_require(`
type whois_client_packet_t;
')
dontaudit $1 whois_client_packet_t:packet send;
')
########################################
## <summary>
## Receive whois_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_whois_client_packets',`
gen_require(`
type whois_client_packet_t;
')
allow $1 whois_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive whois_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_whois_client_packets',`
gen_require(`
type whois_client_packet_t;
')
dontaudit $1 whois_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive whois_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_whois_client_packets',`
corenet_send_whois_client_packets($1)
corenet_receive_whois_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive whois_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_whois_client_packets',`
corenet_dontaudit_send_whois_client_packets($1)
corenet_dontaudit_receive_whois_client_packets($1)
')
########################################
## <summary>
## Relabel packets to whois_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_whois_client_packets',`
gen_require(`
type whois_client_packet_t;
')
allow $1 whois_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send whois_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_whois_server_packets',`
gen_require(`
type whois_server_packet_t;
')
allow $1 whois_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send whois_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_whois_server_packets',`
gen_require(`
type whois_server_packet_t;
')
dontaudit $1 whois_server_packet_t:packet send;
')
########################################
## <summary>
## Receive whois_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_whois_server_packets',`
gen_require(`
type whois_server_packet_t;
')
allow $1 whois_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive whois_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_whois_server_packets',`
gen_require(`
type whois_server_packet_t;
')
dontaudit $1 whois_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive whois_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_whois_server_packets',`
corenet_send_whois_server_packets($1)
corenet_receive_whois_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive whois_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_whois_server_packets',`
corenet_dontaudit_send_whois_server_packets($1)
corenet_dontaudit_receive_whois_server_packets($1)
')
########################################
## <summary>
## Relabel packets to whois_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_whois_server_packets',`
gen_require(`
type whois_server_packet_t;
')
allow $1 whois_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_winshadow_port',`
gen_require(`
type winshadow_port_t;
')
allow $1 winshadow_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_winshadow_port',`
gen_require(`
type winshadow_port_t;
')
allow $1 winshadow_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_winshadow_port',`
gen_require(`
type winshadow_port_t;
')
dontaudit $1 winshadow_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_winshadow_port',`
gen_require(`
type winshadow_port_t;
')
allow $1 winshadow_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_winshadow_port',`
gen_require(`
type winshadow_port_t;
')
dontaudit $1 winshadow_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_winshadow_port',`
corenet_udp_send_winshadow_port($1)
corenet_udp_receive_winshadow_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_winshadow_port',`
corenet_dontaudit_udp_send_winshadow_port($1)
corenet_dontaudit_udp_receive_winshadow_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_winshadow_port',`
gen_require(`
type winshadow_port_t;
')
allow $1 winshadow_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_winshadow_port',`
gen_require(`
type winshadow_port_t;
')
allow $1 winshadow_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_winshadow_port',`
gen_require(`
type winshadow_port_t;
')
allow $1 winshadow_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send winshadow_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_winshadow_client_packets',`
gen_require(`
type winshadow_client_packet_t;
')
allow $1 winshadow_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send winshadow_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_winshadow_client_packets',`
gen_require(`
type winshadow_client_packet_t;
')
dontaudit $1 winshadow_client_packet_t:packet send;
')
########################################
## <summary>
## Receive winshadow_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_winshadow_client_packets',`
gen_require(`
type winshadow_client_packet_t;
')
allow $1 winshadow_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive winshadow_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_winshadow_client_packets',`
gen_require(`
type winshadow_client_packet_t;
')
dontaudit $1 winshadow_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive winshadow_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_winshadow_client_packets',`
corenet_send_winshadow_client_packets($1)
corenet_receive_winshadow_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive winshadow_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_winshadow_client_packets',`
corenet_dontaudit_send_winshadow_client_packets($1)
corenet_dontaudit_receive_winshadow_client_packets($1)
')
########################################
## <summary>
## Relabel packets to winshadow_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_winshadow_client_packets',`
gen_require(`
type winshadow_client_packet_t;
')
allow $1 winshadow_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send winshadow_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_winshadow_server_packets',`
gen_require(`
type winshadow_server_packet_t;
')
allow $1 winshadow_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send winshadow_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_winshadow_server_packets',`
gen_require(`
type winshadow_server_packet_t;
')
dontaudit $1 winshadow_server_packet_t:packet send;
')
########################################
## <summary>
## Receive winshadow_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_winshadow_server_packets',`
gen_require(`
type winshadow_server_packet_t;
')
allow $1 winshadow_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive winshadow_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_winshadow_server_packets',`
gen_require(`
type winshadow_server_packet_t;
')
dontaudit $1 winshadow_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive winshadow_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_winshadow_server_packets',`
corenet_send_winshadow_server_packets($1)
corenet_receive_winshadow_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive winshadow_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_winshadow_server_packets',`
corenet_dontaudit_send_winshadow_server_packets($1)
corenet_dontaudit_receive_winshadow_server_packets($1)
')
########################################
## <summary>
## Relabel packets to winshadow_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_winshadow_server_packets',`
gen_require(`
type winshadow_server_packet_t;
')
allow $1 winshadow_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_xdmcp_port',`
gen_require(`
type xdmcp_port_t;
')
allow $1 xdmcp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_xdmcp_port',`
gen_require(`
type xdmcp_port_t;
')
allow $1 xdmcp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_xdmcp_port',`
gen_require(`
type xdmcp_port_t;
')
dontaudit $1 xdmcp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_xdmcp_port',`
gen_require(`
type xdmcp_port_t;
')
allow $1 xdmcp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_xdmcp_port',`
gen_require(`
type xdmcp_port_t;
')
dontaudit $1 xdmcp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_xdmcp_port',`
corenet_udp_send_xdmcp_port($1)
corenet_udp_receive_xdmcp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_xdmcp_port',`
corenet_dontaudit_udp_send_xdmcp_port($1)
corenet_dontaudit_udp_receive_xdmcp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_xdmcp_port',`
gen_require(`
type xdmcp_port_t;
')
allow $1 xdmcp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_xdmcp_port',`
gen_require(`
type xdmcp_port_t;
')
allow $1 xdmcp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_xdmcp_port',`
gen_require(`
type xdmcp_port_t;
')
allow $1 xdmcp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send xdmcp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xdmcp_client_packets',`
gen_require(`
type xdmcp_client_packet_t;
')
allow $1 xdmcp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xdmcp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xdmcp_client_packets',`
gen_require(`
type xdmcp_client_packet_t;
')
dontaudit $1 xdmcp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive xdmcp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xdmcp_client_packets',`
gen_require(`
type xdmcp_client_packet_t;
')
allow $1 xdmcp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xdmcp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xdmcp_client_packets',`
gen_require(`
type xdmcp_client_packet_t;
')
dontaudit $1 xdmcp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xdmcp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xdmcp_client_packets',`
corenet_send_xdmcp_client_packets($1)
corenet_receive_xdmcp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xdmcp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xdmcp_client_packets',`
corenet_dontaudit_send_xdmcp_client_packets($1)
corenet_dontaudit_receive_xdmcp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to xdmcp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xdmcp_client_packets',`
gen_require(`
type xdmcp_client_packet_t;
')
allow $1 xdmcp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send xdmcp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xdmcp_server_packets',`
gen_require(`
type xdmcp_server_packet_t;
')
allow $1 xdmcp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xdmcp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xdmcp_server_packets',`
gen_require(`
type xdmcp_server_packet_t;
')
dontaudit $1 xdmcp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive xdmcp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xdmcp_server_packets',`
gen_require(`
type xdmcp_server_packet_t;
')
allow $1 xdmcp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xdmcp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xdmcp_server_packets',`
gen_require(`
type xdmcp_server_packet_t;
')
dontaudit $1 xdmcp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xdmcp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xdmcp_server_packets',`
corenet_send_xdmcp_server_packets($1)
corenet_receive_xdmcp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xdmcp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xdmcp_server_packets',`
corenet_dontaudit_send_xdmcp_server_packets($1)
corenet_dontaudit_receive_xdmcp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to xdmcp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xdmcp_server_packets',`
gen_require(`
type xdmcp_server_packet_t;
')
allow $1 xdmcp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_xen_port',`
gen_require(`
type xen_port_t;
')
allow $1 xen_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_xen_port',`
gen_require(`
type xen_port_t;
')
allow $1 xen_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_xen_port',`
gen_require(`
type xen_port_t;
')
dontaudit $1 xen_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_xen_port',`
gen_require(`
type xen_port_t;
')
allow $1 xen_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_xen_port',`
gen_require(`
type xen_port_t;
')
dontaudit $1 xen_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_xen_port',`
corenet_udp_send_xen_port($1)
corenet_udp_receive_xen_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_xen_port',`
corenet_dontaudit_udp_send_xen_port($1)
corenet_dontaudit_udp_receive_xen_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_xen_port',`
gen_require(`
type xen_port_t;
')
allow $1 xen_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_xen_port',`
gen_require(`
type xen_port_t;
')
allow $1 xen_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_xen_port',`
gen_require(`
type xen_port_t;
')
allow $1 xen_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send xen_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xen_client_packets',`
gen_require(`
type xen_client_packet_t;
')
allow $1 xen_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xen_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xen_client_packets',`
gen_require(`
type xen_client_packet_t;
')
dontaudit $1 xen_client_packet_t:packet send;
')
########################################
## <summary>
## Receive xen_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xen_client_packets',`
gen_require(`
type xen_client_packet_t;
')
allow $1 xen_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xen_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xen_client_packets',`
gen_require(`
type xen_client_packet_t;
')
dontaudit $1 xen_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xen_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xen_client_packets',`
corenet_send_xen_client_packets($1)
corenet_receive_xen_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xen_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xen_client_packets',`
corenet_dontaudit_send_xen_client_packets($1)
corenet_dontaudit_receive_xen_client_packets($1)
')
########################################
## <summary>
## Relabel packets to xen_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xen_client_packets',`
gen_require(`
type xen_client_packet_t;
')
allow $1 xen_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send xen_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xen_server_packets',`
gen_require(`
type xen_server_packet_t;
')
allow $1 xen_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xen_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xen_server_packets',`
gen_require(`
type xen_server_packet_t;
')
dontaudit $1 xen_server_packet_t:packet send;
')
########################################
## <summary>
## Receive xen_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xen_server_packets',`
gen_require(`
type xen_server_packet_t;
')
allow $1 xen_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xen_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xen_server_packets',`
gen_require(`
type xen_server_packet_t;
')
dontaudit $1 xen_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xen_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xen_server_packets',`
corenet_send_xen_server_packets($1)
corenet_receive_xen_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xen_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xen_server_packets',`
corenet_dontaudit_send_xen_server_packets($1)
corenet_dontaudit_receive_xen_server_packets($1)
')
########################################
## <summary>
## Relabel packets to xen_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xen_server_packets',`
gen_require(`
type xen_server_packet_t;
')
allow $1 xen_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_xfs_port',`
gen_require(`
type xfs_port_t;
')
allow $1 xfs_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_xfs_port',`
gen_require(`
type xfs_port_t;
')
allow $1 xfs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_xfs_port',`
gen_require(`
type xfs_port_t;
')
dontaudit $1 xfs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_xfs_port',`
gen_require(`
type xfs_port_t;
')
allow $1 xfs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_xfs_port',`
gen_require(`
type xfs_port_t;
')
dontaudit $1 xfs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_xfs_port',`
corenet_udp_send_xfs_port($1)
corenet_udp_receive_xfs_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_xfs_port',`
corenet_dontaudit_udp_send_xfs_port($1)
corenet_dontaudit_udp_receive_xfs_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_xfs_port',`
gen_require(`
type xfs_port_t;
')
allow $1 xfs_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_xfs_port',`
gen_require(`
type xfs_port_t;
')
allow $1 xfs_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_xfs_port',`
gen_require(`
type xfs_port_t;
')
allow $1 xfs_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send xfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xfs_client_packets',`
gen_require(`
type xfs_client_packet_t;
')
allow $1 xfs_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xfs_client_packets',`
gen_require(`
type xfs_client_packet_t;
')
dontaudit $1 xfs_client_packet_t:packet send;
')
########################################
## <summary>
## Receive xfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xfs_client_packets',`
gen_require(`
type xfs_client_packet_t;
')
allow $1 xfs_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xfs_client_packets',`
gen_require(`
type xfs_client_packet_t;
')
dontaudit $1 xfs_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xfs_client_packets',`
corenet_send_xfs_client_packets($1)
corenet_receive_xfs_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xfs_client_packets',`
corenet_dontaudit_send_xfs_client_packets($1)
corenet_dontaudit_receive_xfs_client_packets($1)
')
########################################
## <summary>
## Relabel packets to xfs_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xfs_client_packets',`
gen_require(`
type xfs_client_packet_t;
')
allow $1 xfs_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send xfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xfs_server_packets',`
gen_require(`
type xfs_server_packet_t;
')
allow $1 xfs_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xfs_server_packets',`
gen_require(`
type xfs_server_packet_t;
')
dontaudit $1 xfs_server_packet_t:packet send;
')
########################################
## <summary>
## Receive xfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xfs_server_packets',`
gen_require(`
type xfs_server_packet_t;
')
allow $1 xfs_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xfs_server_packets',`
gen_require(`
type xfs_server_packet_t;
')
dontaudit $1 xfs_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xfs_server_packets',`
corenet_send_xfs_server_packets($1)
corenet_receive_xfs_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xfs_server_packets',`
corenet_dontaudit_send_xfs_server_packets($1)
corenet_dontaudit_receive_xfs_server_packets($1)
')
########################################
## <summary>
## Relabel packets to xfs_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xfs_server_packets',`
gen_require(`
type xfs_server_packet_t;
')
allow $1 xfs_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_xserver_port',`
gen_require(`
type xserver_port_t;
')
allow $1 xserver_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_xserver_port',`
gen_require(`
type xserver_port_t;
')
allow $1 xserver_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_xserver_port',`
gen_require(`
type xserver_port_t;
')
dontaudit $1 xserver_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_xserver_port',`
gen_require(`
type xserver_port_t;
')
allow $1 xserver_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_xserver_port',`
gen_require(`
type xserver_port_t;
')
dontaudit $1 xserver_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_xserver_port',`
corenet_udp_send_xserver_port($1)
corenet_udp_receive_xserver_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_xserver_port',`
corenet_dontaudit_udp_send_xserver_port($1)
corenet_dontaudit_udp_receive_xserver_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_xserver_port',`
gen_require(`
type xserver_port_t;
')
allow $1 xserver_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_xserver_port',`
gen_require(`
type xserver_port_t;
')
allow $1 xserver_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_xserver_port',`
gen_require(`
type xserver_port_t;
')
allow $1 xserver_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send xserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xserver_client_packets',`
gen_require(`
type xserver_client_packet_t;
')
allow $1 xserver_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xserver_client_packets',`
gen_require(`
type xserver_client_packet_t;
')
dontaudit $1 xserver_client_packet_t:packet send;
')
########################################
## <summary>
## Receive xserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xserver_client_packets',`
gen_require(`
type xserver_client_packet_t;
')
allow $1 xserver_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xserver_client_packets',`
gen_require(`
type xserver_client_packet_t;
')
dontaudit $1 xserver_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xserver_client_packets',`
corenet_send_xserver_client_packets($1)
corenet_receive_xserver_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xserver_client_packets',`
corenet_dontaudit_send_xserver_client_packets($1)
corenet_dontaudit_receive_xserver_client_packets($1)
')
########################################
## <summary>
## Relabel packets to xserver_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xserver_client_packets',`
gen_require(`
type xserver_client_packet_t;
')
allow $1 xserver_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send xserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xserver_server_packets',`
gen_require(`
type xserver_server_packet_t;
')
allow $1 xserver_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xserver_server_packets',`
gen_require(`
type xserver_server_packet_t;
')
dontaudit $1 xserver_server_packet_t:packet send;
')
########################################
## <summary>
## Receive xserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xserver_server_packets',`
gen_require(`
type xserver_server_packet_t;
')
allow $1 xserver_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xserver_server_packets',`
gen_require(`
type xserver_server_packet_t;
')
dontaudit $1 xserver_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xserver_server_packets',`
corenet_send_xserver_server_packets($1)
corenet_receive_xserver_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xserver_server_packets',`
corenet_dontaudit_send_xserver_server_packets($1)
corenet_dontaudit_receive_xserver_server_packets($1)
')
########################################
## <summary>
## Relabel packets to xserver_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xserver_server_packets',`
gen_require(`
type xserver_server_packet_t;
')
allow $1 xserver_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_zarafa_port',`
gen_require(`
type zarafa_port_t;
')
allow $1 zarafa_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_zarafa_port',`
gen_require(`
type zarafa_port_t;
')
allow $1 zarafa_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_zarafa_port',`
gen_require(`
type zarafa_port_t;
')
dontaudit $1 zarafa_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_zarafa_port',`
gen_require(`
type zarafa_port_t;
')
allow $1 zarafa_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_zarafa_port',`
gen_require(`
type zarafa_port_t;
')
dontaudit $1 zarafa_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_zarafa_port',`
corenet_udp_send_zarafa_port($1)
corenet_udp_receive_zarafa_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_zarafa_port',`
corenet_dontaudit_udp_send_zarafa_port($1)
corenet_dontaudit_udp_receive_zarafa_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_zarafa_port',`
gen_require(`
type zarafa_port_t;
')
allow $1 zarafa_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_zarafa_port',`
gen_require(`
type zarafa_port_t;
')
allow $1 zarafa_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_zarafa_port',`
gen_require(`
type zarafa_port_t;
')
allow $1 zarafa_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send zarafa_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zarafa_client_packets',`
gen_require(`
type zarafa_client_packet_t;
')
allow $1 zarafa_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zarafa_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zarafa_client_packets',`
gen_require(`
type zarafa_client_packet_t;
')
dontaudit $1 zarafa_client_packet_t:packet send;
')
########################################
## <summary>
## Receive zarafa_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zarafa_client_packets',`
gen_require(`
type zarafa_client_packet_t;
')
allow $1 zarafa_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zarafa_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zarafa_client_packets',`
gen_require(`
type zarafa_client_packet_t;
')
dontaudit $1 zarafa_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zarafa_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zarafa_client_packets',`
corenet_send_zarafa_client_packets($1)
corenet_receive_zarafa_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zarafa_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zarafa_client_packets',`
corenet_dontaudit_send_zarafa_client_packets($1)
corenet_dontaudit_receive_zarafa_client_packets($1)
')
########################################
## <summary>
## Relabel packets to zarafa_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zarafa_client_packets',`
gen_require(`
type zarafa_client_packet_t;
')
allow $1 zarafa_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send zarafa_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zarafa_server_packets',`
gen_require(`
type zarafa_server_packet_t;
')
allow $1 zarafa_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zarafa_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zarafa_server_packets',`
gen_require(`
type zarafa_server_packet_t;
')
dontaudit $1 zarafa_server_packet_t:packet send;
')
########################################
## <summary>
## Receive zarafa_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zarafa_server_packets',`
gen_require(`
type zarafa_server_packet_t;
')
allow $1 zarafa_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zarafa_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zarafa_server_packets',`
gen_require(`
type zarafa_server_packet_t;
')
dontaudit $1 zarafa_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zarafa_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zarafa_server_packets',`
corenet_send_zarafa_server_packets($1)
corenet_receive_zarafa_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zarafa_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zarafa_server_packets',`
corenet_dontaudit_send_zarafa_server_packets($1)
corenet_dontaudit_receive_zarafa_server_packets($1)
')
########################################
## <summary>
## Relabel packets to zarafa_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zarafa_server_packets',`
gen_require(`
type zarafa_server_packet_t;
')
allow $1 zarafa_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_zabbix_port',`
gen_require(`
type zabbix_port_t;
')
allow $1 zabbix_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_zabbix_port',`
gen_require(`
type zabbix_port_t;
')
allow $1 zabbix_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_zabbix_port',`
gen_require(`
type zabbix_port_t;
')
dontaudit $1 zabbix_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_zabbix_port',`
gen_require(`
type zabbix_port_t;
')
allow $1 zabbix_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_zabbix_port',`
gen_require(`
type zabbix_port_t;
')
dontaudit $1 zabbix_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_zabbix_port',`
corenet_udp_send_zabbix_port($1)
corenet_udp_receive_zabbix_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_zabbix_port',`
corenet_dontaudit_udp_send_zabbix_port($1)
corenet_dontaudit_udp_receive_zabbix_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_zabbix_port',`
gen_require(`
type zabbix_port_t;
')
allow $1 zabbix_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_zabbix_port',`
gen_require(`
type zabbix_port_t;
')
allow $1 zabbix_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_zabbix_port',`
gen_require(`
type zabbix_port_t;
')
allow $1 zabbix_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send zabbix_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zabbix_client_packets',`
gen_require(`
type zabbix_client_packet_t;
')
allow $1 zabbix_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zabbix_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zabbix_client_packets',`
gen_require(`
type zabbix_client_packet_t;
')
dontaudit $1 zabbix_client_packet_t:packet send;
')
########################################
## <summary>
## Receive zabbix_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zabbix_client_packets',`
gen_require(`
type zabbix_client_packet_t;
')
allow $1 zabbix_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zabbix_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zabbix_client_packets',`
gen_require(`
type zabbix_client_packet_t;
')
dontaudit $1 zabbix_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zabbix_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zabbix_client_packets',`
corenet_send_zabbix_client_packets($1)
corenet_receive_zabbix_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zabbix_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zabbix_client_packets',`
corenet_dontaudit_send_zabbix_client_packets($1)
corenet_dontaudit_receive_zabbix_client_packets($1)
')
########################################
## <summary>
## Relabel packets to zabbix_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zabbix_client_packets',`
gen_require(`
type zabbix_client_packet_t;
')
allow $1 zabbix_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send zabbix_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zabbix_server_packets',`
gen_require(`
type zabbix_server_packet_t;
')
allow $1 zabbix_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zabbix_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zabbix_server_packets',`
gen_require(`
type zabbix_server_packet_t;
')
dontaudit $1 zabbix_server_packet_t:packet send;
')
########################################
## <summary>
## Receive zabbix_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zabbix_server_packets',`
gen_require(`
type zabbix_server_packet_t;
')
allow $1 zabbix_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zabbix_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zabbix_server_packets',`
gen_require(`
type zabbix_server_packet_t;
')
dontaudit $1 zabbix_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zabbix_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zabbix_server_packets',`
corenet_send_zabbix_server_packets($1)
corenet_receive_zabbix_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zabbix_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zabbix_server_packets',`
corenet_dontaudit_send_zabbix_server_packets($1)
corenet_dontaudit_receive_zabbix_server_packets($1)
')
########################################
## <summary>
## Relabel packets to zabbix_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zabbix_server_packets',`
gen_require(`
type zabbix_server_packet_t;
')
allow $1 zabbix_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_zabbix_agent_port',`
gen_require(`
type zabbix_agent_port_t;
')
allow $1 zabbix_agent_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_zabbix_agent_port',`
gen_require(`
type zabbix_agent_port_t;
')
allow $1 zabbix_agent_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_zabbix_agent_port',`
gen_require(`
type zabbix_agent_port_t;
')
dontaudit $1 zabbix_agent_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_zabbix_agent_port',`
gen_require(`
type zabbix_agent_port_t;
')
allow $1 zabbix_agent_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_zabbix_agent_port',`
gen_require(`
type zabbix_agent_port_t;
')
dontaudit $1 zabbix_agent_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_zabbix_agent_port',`
corenet_udp_send_zabbix_agent_port($1)
corenet_udp_receive_zabbix_agent_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_zabbix_agent_port',`
corenet_dontaudit_udp_send_zabbix_agent_port($1)
corenet_dontaudit_udp_receive_zabbix_agent_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_zabbix_agent_port',`
gen_require(`
type zabbix_agent_port_t;
')
allow $1 zabbix_agent_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_zabbix_agent_port',`
gen_require(`
type zabbix_agent_port_t;
')
allow $1 zabbix_agent_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_zabbix_agent_port',`
gen_require(`
type zabbix_agent_port_t;
')
allow $1 zabbix_agent_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send zabbix_agent_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zabbix_agent_client_packets',`
gen_require(`
type zabbix_agent_client_packet_t;
')
allow $1 zabbix_agent_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zabbix_agent_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zabbix_agent_client_packets',`
gen_require(`
type zabbix_agent_client_packet_t;
')
dontaudit $1 zabbix_agent_client_packet_t:packet send;
')
########################################
## <summary>
## Receive zabbix_agent_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zabbix_agent_client_packets',`
gen_require(`
type zabbix_agent_client_packet_t;
')
allow $1 zabbix_agent_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zabbix_agent_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zabbix_agent_client_packets',`
gen_require(`
type zabbix_agent_client_packet_t;
')
dontaudit $1 zabbix_agent_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zabbix_agent_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zabbix_agent_client_packets',`
corenet_send_zabbix_agent_client_packets($1)
corenet_receive_zabbix_agent_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zabbix_agent_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zabbix_agent_client_packets',`
corenet_dontaudit_send_zabbix_agent_client_packets($1)
corenet_dontaudit_receive_zabbix_agent_client_packets($1)
')
########################################
## <summary>
## Relabel packets to zabbix_agent_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zabbix_agent_client_packets',`
gen_require(`
type zabbix_agent_client_packet_t;
')
allow $1 zabbix_agent_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send zabbix_agent_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zabbix_agent_server_packets',`
gen_require(`
type zabbix_agent_server_packet_t;
')
allow $1 zabbix_agent_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zabbix_agent_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zabbix_agent_server_packets',`
gen_require(`
type zabbix_agent_server_packet_t;
')
dontaudit $1 zabbix_agent_server_packet_t:packet send;
')
########################################
## <summary>
## Receive zabbix_agent_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zabbix_agent_server_packets',`
gen_require(`
type zabbix_agent_server_packet_t;
')
allow $1 zabbix_agent_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zabbix_agent_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zabbix_agent_server_packets',`
gen_require(`
type zabbix_agent_server_packet_t;
')
dontaudit $1 zabbix_agent_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zabbix_agent_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zabbix_agent_server_packets',`
corenet_send_zabbix_agent_server_packets($1)
corenet_receive_zabbix_agent_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zabbix_agent_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zabbix_agent_server_packets',`
corenet_dontaudit_send_zabbix_agent_server_packets($1)
corenet_dontaudit_receive_zabbix_agent_server_packets($1)
')
########################################
## <summary>
## Relabel packets to zabbix_agent_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zabbix_agent_server_packets',`
gen_require(`
type zabbix_agent_server_packet_t;
')
allow $1 zabbix_agent_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_zebra_port',`
gen_require(`
type zebra_port_t;
')
allow $1 zebra_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_zebra_port',`
gen_require(`
type zebra_port_t;
')
allow $1 zebra_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_zebra_port',`
gen_require(`
type zebra_port_t;
')
dontaudit $1 zebra_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_zebra_port',`
gen_require(`
type zebra_port_t;
')
allow $1 zebra_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_zebra_port',`
gen_require(`
type zebra_port_t;
')
dontaudit $1 zebra_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_zebra_port',`
corenet_udp_send_zebra_port($1)
corenet_udp_receive_zebra_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_zebra_port',`
corenet_dontaudit_udp_send_zebra_port($1)
corenet_dontaudit_udp_receive_zebra_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_zebra_port',`
gen_require(`
type zebra_port_t;
')
allow $1 zebra_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_zebra_port',`
gen_require(`
type zebra_port_t;
')
allow $1 zebra_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_zebra_port',`
gen_require(`
type zebra_port_t;
')
allow $1 zebra_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send zebra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zebra_client_packets',`
gen_require(`
type zebra_client_packet_t;
')
allow $1 zebra_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zebra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zebra_client_packets',`
gen_require(`
type zebra_client_packet_t;
')
dontaudit $1 zebra_client_packet_t:packet send;
')
########################################
## <summary>
## Receive zebra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zebra_client_packets',`
gen_require(`
type zebra_client_packet_t;
')
allow $1 zebra_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zebra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zebra_client_packets',`
gen_require(`
type zebra_client_packet_t;
')
dontaudit $1 zebra_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zebra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zebra_client_packets',`
corenet_send_zebra_client_packets($1)
corenet_receive_zebra_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zebra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zebra_client_packets',`
corenet_dontaudit_send_zebra_client_packets($1)
corenet_dontaudit_receive_zebra_client_packets($1)
')
########################################
## <summary>
## Relabel packets to zebra_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zebra_client_packets',`
gen_require(`
type zebra_client_packet_t;
')
allow $1 zebra_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send zebra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zebra_server_packets',`
gen_require(`
type zebra_server_packet_t;
')
allow $1 zebra_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zebra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zebra_server_packets',`
gen_require(`
type zebra_server_packet_t;
')
dontaudit $1 zebra_server_packet_t:packet send;
')
########################################
## <summary>
## Receive zebra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zebra_server_packets',`
gen_require(`
type zebra_server_packet_t;
')
allow $1 zebra_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zebra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zebra_server_packets',`
gen_require(`
type zebra_server_packet_t;
')
dontaudit $1 zebra_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zebra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zebra_server_packets',`
corenet_send_zebra_server_packets($1)
corenet_receive_zebra_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zebra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zebra_server_packets',`
corenet_dontaudit_send_zebra_server_packets($1)
corenet_dontaudit_receive_zebra_server_packets($1)
')
########################################
## <summary>
## Relabel packets to zebra_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zebra_server_packets',`
gen_require(`
type zebra_server_packet_t;
')
allow $1 zebra_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_zented_port',`
gen_require(`
type zented_port_t;
')
allow $1 zented_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_zented_port',`
gen_require(`
type zented_port_t;
')
allow $1 zented_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_zented_port',`
gen_require(`
type zented_port_t;
')
dontaudit $1 zented_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_zented_port',`
gen_require(`
type zented_port_t;
')
allow $1 zented_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_zented_port',`
gen_require(`
type zented_port_t;
')
dontaudit $1 zented_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_zented_port',`
corenet_udp_send_zented_port($1)
corenet_udp_receive_zented_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_zented_port',`
corenet_dontaudit_udp_send_zented_port($1)
corenet_dontaudit_udp_receive_zented_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_zented_port',`
gen_require(`
type zented_port_t;
')
allow $1 zented_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_zented_port',`
gen_require(`
type zented_port_t;
')
allow $1 zented_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_zented_port',`
gen_require(`
type zented_port_t;
')
allow $1 zented_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send zented_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zented_client_packets',`
gen_require(`
type zented_client_packet_t;
')
allow $1 zented_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zented_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zented_client_packets',`
gen_require(`
type zented_client_packet_t;
')
dontaudit $1 zented_client_packet_t:packet send;
')
########################################
## <summary>
## Receive zented_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zented_client_packets',`
gen_require(`
type zented_client_packet_t;
')
allow $1 zented_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zented_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zented_client_packets',`
gen_require(`
type zented_client_packet_t;
')
dontaudit $1 zented_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zented_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zented_client_packets',`
corenet_send_zented_client_packets($1)
corenet_receive_zented_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zented_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zented_client_packets',`
corenet_dontaudit_send_zented_client_packets($1)
corenet_dontaudit_receive_zented_client_packets($1)
')
########################################
## <summary>
## Relabel packets to zented_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zented_client_packets',`
gen_require(`
type zented_client_packet_t;
')
allow $1 zented_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send zented_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zented_server_packets',`
gen_require(`
type zented_server_packet_t;
')
allow $1 zented_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zented_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zented_server_packets',`
gen_require(`
type zented_server_packet_t;
')
dontaudit $1 zented_server_packet_t:packet send;
')
########################################
## <summary>
## Receive zented_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zented_server_packets',`
gen_require(`
type zented_server_packet_t;
')
allow $1 zented_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zented_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zented_server_packets',`
gen_require(`
type zented_server_packet_t;
')
dontaudit $1 zented_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zented_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zented_server_packets',`
corenet_send_zented_server_packets($1)
corenet_receive_zented_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zented_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zented_server_packets',`
corenet_dontaudit_send_zented_server_packets($1)
corenet_dontaudit_receive_zented_server_packets($1)
')
########################################
## <summary>
## Relabel packets to zented_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zented_server_packets',`
gen_require(`
type zented_server_packet_t;
')
allow $1 zented_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_zope_port',`
gen_require(`
type zope_port_t;
')
allow $1 zope_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_zope_port',`
gen_require(`
type zope_port_t;
')
allow $1 zope_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_zope_port',`
gen_require(`
type zope_port_t;
')
dontaudit $1 zope_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_zope_port',`
gen_require(`
type zope_port_t;
')
allow $1 zope_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_zope_port',`
gen_require(`
type zope_port_t;
')
dontaudit $1 zope_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_zope_port',`
corenet_udp_send_zope_port($1)
corenet_udp_receive_zope_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_zope_port',`
corenet_dontaudit_udp_send_zope_port($1)
corenet_dontaudit_udp_receive_zope_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_zope_port',`
gen_require(`
type zope_port_t;
')
allow $1 zope_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_zope_port',`
gen_require(`
type zope_port_t;
')
allow $1 zope_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_zope_port',`
gen_require(`
type zope_port_t;
')
allow $1 zope_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send zope_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zope_client_packets',`
gen_require(`
type zope_client_packet_t;
')
allow $1 zope_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zope_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zope_client_packets',`
gen_require(`
type zope_client_packet_t;
')
dontaudit $1 zope_client_packet_t:packet send;
')
########################################
## <summary>
## Receive zope_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zope_client_packets',`
gen_require(`
type zope_client_packet_t;
')
allow $1 zope_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zope_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zope_client_packets',`
gen_require(`
type zope_client_packet_t;
')
dontaudit $1 zope_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zope_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zope_client_packets',`
corenet_send_zope_client_packets($1)
corenet_receive_zope_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zope_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zope_client_packets',`
corenet_dontaudit_send_zope_client_packets($1)
corenet_dontaudit_receive_zope_client_packets($1)
')
########################################
## <summary>
## Relabel packets to zope_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zope_client_packets',`
gen_require(`
type zope_client_packet_t;
')
allow $1 zope_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send zope_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zope_server_packets',`
gen_require(`
type zope_server_packet_t;
')
allow $1 zope_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zope_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zope_server_packets',`
gen_require(`
type zope_server_packet_t;
')
dontaudit $1 zope_server_packet_t:packet send;
')
########################################
## <summary>
## Receive zope_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zope_server_packets',`
gen_require(`
type zope_server_packet_t;
')
allow $1 zope_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zope_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zope_server_packets',`
gen_require(`
type zope_server_packet_t;
')
dontaudit $1 zope_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zope_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zope_server_packets',`
corenet_send_zope_server_packets($1)
corenet_receive_zope_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zope_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zope_server_packets',`
corenet_dontaudit_send_zope_server_packets($1)
corenet_dontaudit_receive_zope_server_packets($1)
')
########################################
## <summary>
## Relabel packets to zope_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zope_server_packets',`
gen_require(`
type zope_server_packet_t;
')
allow $1 zope_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP network traffic on the lo interface.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_lo_if',`
gen_require(`
type lo_netif_t;
')
allow $1 lo_netif_t:netif { tcp_send tcp_recv egress ingress };
')
########################################
## <summary>
## Send UDP network traffic on the lo interface.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_lo_if',`
gen_require(`
type lo_netif_t;
')
allow $1 lo_netif_t:netif { udp_send egress };
')
########################################
## <summary>
## Receive UDP network traffic on the lo interface.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_lo_if',`
gen_require(`
type lo_netif_t;
')
allow $1 lo_netif_t:netif { udp_recv ingress };
')
########################################
## <summary>
## Send and receive UDP network traffic on the lo interface.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_lo_if',`
corenet_udp_send_lo_if($1)
corenet_udp_receive_lo_if($1)
')
########################################
## <summary>
## Send raw IP packets on the lo interface.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_raw_send_lo_if',`
gen_require(`
type lo_netif_t;
')
allow $1 lo_netif_t:netif { rawip_send egress };
')
########################################
## <summary>
## Receive raw IP packets on the lo interface.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_raw_receive_lo_if',`
gen_require(`
type lo_netif_t;
')
allow $1 lo_netif_t:netif { rawip_recv ingress };
')
########################################
## <summary>
## Send and receive raw IP packets on the lo interface.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_raw_sendrecv_lo_if',`
corenet_raw_send_lo_if($1)
corenet_raw_receive_lo_if($1)
')
y~or�5J�={Ee�u磝Qk���ᯘG{?+]ן?�wM3X�^歌>{7پK>on\jy�R�g/=fOr�oNVv~Y+�NGuÝHWyw[eQʨSb>�>}Gmx[o[<�{Ϯ_qF�vM����IENDB`