| Current File : //proc/self/root/kunden/usr/share/selinux/devel/include/kernel/corenetwork.if |
#
# This is a generated file! Instead of modifying this file, the
# corenetwork.if.in or corenetwork.if.m4 file should be modified.
#
## <summary>Policy controlling access to network objects</summary>
## <required val="true">
## Contains the initial SIDs for network objects.
## </required>
########################################
## <summary>
## Define type to be a network port type
## </summary>
## <desc>
## <p>
## Define type to be a network port type
## </p>
## <p>
## This is for supporting third party modules and its
## use is not allowed in upstream reference policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Type to be used for network ports.
## </summary>
## </param>
#
interface(`corenet_port',`
gen_require(`
attribute port_type;
')
typeattribute $1 port_type;
')
########################################
## <summary>
## Define network type to be a reserved port (lt 1024)
## </summary>
## <desc>
## <p>
## Define network type to be a reserved port (lt 1024)
## </p>
## <p>
## This is for supporting third party modules and its
## use is not allowed in upstream reference policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Type to be used for network ports.
## </summary>
## </param>
#
interface(`corenet_reserved_port',`
gen_require(`
attribute reserved_port_type;
')
typeattribute $1 reserved_port_type;
corenet_port($1)
')
########################################
## <summary>
## Define network type to be a rpc port ( 512 lt PORT lt 1024)
## </summary>
## <desc>
## <p>
## Define network type to be a rpc port ( 512 lt PORT lt 1024)
## </p>
## <p>
## This is for supporting third party modules and its
## use is not allowed in upstream reference policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Type to be used for network ports.
## </summary>
## </param>
#
interface(`corenet_rpc_port',`
gen_require(`
attribute rpc_port_type;
')
typeattribute $1 rpc_port_type;
corenet_port($1)
')
########################################
## <summary>
## Define type to be a network node type
## </summary>
## <desc>
## <p>
## Define type to be a network node type
## </p>
## <p>
## This is for supporting third party modules and its
## use is not allowed in upstream reference policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Type to be used for network nodes.
## </summary>
## </param>
#
interface(`corenet_node',`
gen_require(`
attribute node_type;
')
typeattribute $1 node_type;
')
########################################
## <summary>
## Define type to be a network packet type
## </summary>
## <desc>
## <p>
## Define type to be a network packet type
## </p>
## <p>
## This is for supporting third party modules and its
## use is not allowed in upstream reference policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Type to be used for a network packet.
## </summary>
## </param>
#
interface(`corenet_packet',`
gen_require(`
attribute packet_type;
')
typeattribute $1 packet_type;
')
########################################
## <summary>
## Define type to be a network client packet type
## </summary>
## <desc>
## <p>
## Define type to be a network client packet type
## </p>
## <p>
## This is for supporting third party modules and its
## use is not allowed in upstream reference policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Type to be used for a network client packet.
## </summary>
## </param>
#
interface(`corenet_client_packet',`
gen_require(`
attribute packet_type, client_packet_type;
')
typeattribute $1 client_packet_type, packet_type;
')
########################################
## <summary>
## Define type to be a network server packet type
## </summary>
## <desc>
## <p>
## Define type to be a network server packet type
## </p>
## <p>
## This is for supporting third party modules and its
## use is not allowed in upstream reference policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Type to be used for a network server packet.
## </summary>
## </param>
#
interface(`corenet_server_packet',`
gen_require(`
attribute packet_type, server_packet_type;
')
typeattribute $1 server_packet_type, packet_type;
')
########################################
## <summary>
## Make the specified type usable
## for labeled ipsec.
## </summary>
## <param name="domain">
## <summary>
## Type to be used for labeled ipsec.
## </summary>
## </param>
#
interface(`corenet_spd_type',`
gen_require(`
attribute ipsec_spd_type;
')
typeattribute $1 ipsec_spd_type;
')
########################################
## <summary>
## Send and receive TCP network traffic on generic interfaces.
## </summary>
## <desc>
## <p>
## Allow the specified domain to send and receive TCP network
## traffic on generic network interfaces.
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_tcp_sendrecv_generic_node()</li>
## <li>corenet_tcp_sendrecv_all_ports()</li>
## <li>corenet_tcp_connect_all_ports()</li>
## </ul>
## <p>
## Example client being able to connect to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:tcp_socket create_stream_socket_perms;
## corenet_tcp_sendrecv_generic_if(myclient_t)
## corenet_tcp_sendrecv_generic_node(myclient_t)
## corenet_tcp_sendrecv_all_ports(myclient_t)
## corenet_tcp_connect_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_generic_if',`
gen_require(`
type netif_t;
')
allow $1 netif_t:netif { tcp_send tcp_recv egress ingress };
')
########################################
## <summary>
## Send UDP network traffic on generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_send_generic_if',`
gen_require(`
type netif_t;
')
allow $1 netif_t:netif { udp_send egress };
')
########################################
## <summary>
## Dontaudit attempts to send UDP network traffic
## on generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_send_generic_if',`
gen_require(`
type netif_t;
')
dontaudit $1 netif_t:netif { udp_send egress };
')
########################################
## <summary>
## Receive UDP network traffic on generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_receive_generic_if',`
gen_require(`
type netif_t;
')
allow $1 netif_t:netif { udp_recv ingress };
')
########################################
## <summary>
## Do not audit attempts to receive UDP network
## traffic on generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_receive_generic_if',`
gen_require(`
type netif_t;
')
dontaudit $1 netif_t:netif { udp_recv ingress };
')
########################################
## <summary>
## Send and receive UDP network traffic on generic interfaces.
## </summary>
## <desc>
## <p>
## Allow the specified domain to send and receive UDP network
## traffic on generic network interfaces.
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_udp_sendrecv_generic_node()</li>
## <li>corenet_udp_sendrecv_all_ports()</li>
## </ul>
## <p>
## Example client being able to send to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:udp_socket create_socket_perms;
## corenet_udp_sendrecv_generic_if(myclient_t)
## corenet_udp_sendrecv_generic_node(myclient_t)
## corenet_udp_sendrecv_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_generic_if',`
corenet_udp_send_generic_if($1)
corenet_udp_receive_generic_if($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive UDP network
## traffic on generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_sendrecv_generic_if',`
corenet_dontaudit_udp_send_generic_if($1)
corenet_dontaudit_udp_receive_generic_if($1)
')
########################################
## <summary>
## Send raw IP packets on generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_raw_send_generic_if',`
gen_require(`
type netif_t;
')
allow $1 netif_t:netif { rawip_send egress };
')
########################################
## <summary>
## Receive raw IP packets on generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_raw_receive_generic_if',`
gen_require(`
type netif_t;
')
allow $1 netif_t:netif { rawip_recv ingress };
')
########################################
## <summary>
## Send and receive raw IP packets on generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_raw_sendrecv_generic_if',`
corenet_raw_send_generic_if($1)
corenet_raw_receive_generic_if($1)
')
########################################
## <summary>
## Allow outgoing network traffic on the generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## The peer label of the outgoing network traffic.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_out_generic_if',`
gen_require(`
type netif_t;
')
allow $1 netif_t:netif egress;
')
########################################
## <summary>
## Allow incoming traffic on the generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## The peer label of the incoming network traffic.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_in_generic_if',`
gen_require(`
type netif_t;
')
allow $1 netif_t:netif ingress;
')
########################################
## <summary>
## Allow incoming and outgoing network traffic on the generic interfaces.
## </summary>
## <param name="domain">
## <summary>
## The peer label of the network traffic.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_inout_generic_if',`
corenet_in_generic_if($1)
corenet_out_generic_if($1)
')
########################################
## <summary>
## Send and receive TCP network traffic on all interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_sendrecv_all_if',`
gen_require(`
attribute netif_type;
')
allow $1 netif_type:netif { tcp_send tcp_recv egress ingress };
')
########################################
## <summary>
## Send UDP network traffic on all interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_send_all_if',`
gen_require(`
attribute netif_type;
')
allow $1 netif_type:netif { udp_send egress };
')
########################################
## <summary>
## Receive UDP network traffic on all interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_receive_all_if',`
gen_require(`
attribute netif_type;
')
allow $1 netif_type:netif { udp_recv ingress };
')
########################################
## <summary>
## Send and receive UDP network traffic on all interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_sendrecv_all_if',`
corenet_udp_send_all_if($1)
corenet_udp_receive_all_if($1)
')
########################################
## <summary>
## Send raw IP packets on all interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_raw_send_all_if',`
gen_require(`
attribute netif_type;
')
allow $1 netif_type:netif { rawip_send egress };
')
########################################
## <summary>
## Send and receive SCTP network traffic on generic nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sctp_sendrecv_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:node { sendto recvfrom };
')
########################################
## <summary>
## Receive raw IP packets on all interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_raw_receive_all_if',`
gen_require(`
attribute netif_type;
')
allow $1 netif_type:netif { rawip_recv ingress };
')
########################################
## <summary>
## Send and receive raw IP packets on all interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_raw_sendrecv_all_if',`
corenet_raw_send_all_if($1)
corenet_raw_receive_all_if($1)
')
########################################
## <summary>
## Send and receive DCCP network traffic on generic nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_sendrecv_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:node { dccp_send dccp_recv sendto recvfrom };
')
########################################
## <summary>
## Send and receive TCP network traffic on generic nodes.
## </summary>
## <desc>
## <p>
## Allow the specified domain to send and receive TCP network
## traffic to/from generic network nodes (hostnames/networks).
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_tcp_sendrecv_generic_if()</li>
## <li>corenet_tcp_sendrecv_all_ports()</li>
## <li>corenet_tcp_connect_all_ports()</li>
## </ul>
## <p>
## Example client being able to connect to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:tcp_socket create_stream_socket_perms;
## corenet_tcp_sendrecv_generic_if(myclient_t)
## corenet_tcp_sendrecv_generic_node(myclient_t)
## corenet_tcp_sendrecv_all_ports(myclient_t)
## corenet_tcp_connect_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:node { tcp_send tcp_recv sendto recvfrom };
')
########################################
## <summary>
## Send UDP network traffic on generic nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_send_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:node { udp_send sendto };
')
########################################
## <summary>
## Receive UDP network traffic on generic nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_receive_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:node { udp_recv recvfrom };
')
########################################
## <summary>
## Send and receive UDP network traffic on generic nodes.
## </summary>
## <desc>
## <p>
## Allow the specified domain to send and receive UDP network
## traffic to/from generic network nodes (hostnames/networks).
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_udp_sendrecv_generic_if()</li>
## <li>corenet_udp_sendrecv_all_ports()</li>
## </ul>
## <p>
## Example client being able to send to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:udp_socket create_socket_perms;
## corenet_udp_sendrecv_generic_if(myclient_t)
## corenet_udp_sendrecv_generic_node(myclient_t)
## corenet_udp_sendrecv_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_generic_node',`
corenet_udp_send_generic_node($1)
corenet_udp_receive_generic_node($1)
')
########################################
## <summary>
## Send raw IP packets on generic nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_raw_send_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:node { rawip_send sendto };
')
########################################
## <summary>
## Receive raw IP packets on generic nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_raw_receive_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:node { rawip_recv recvfrom };
')
########################################
## <summary>
## Send and receive raw IP packets on generic nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_raw_sendrecv_generic_node',`
corenet_raw_send_generic_node($1)
corenet_raw_receive_generic_node($1)
')
########################################
## <summary>
## Bind DCCP sockets to generic nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_bind_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:dccp_socket node_bind;
')
########################################
## <summary>
## Bind SCTP sockets to generic nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sctp_bind_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:sctp_socket node_bind;
')
########################################
## <summary>
## Bind ICMP sockets to generic nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_icmp_bind_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:icmp_socket node_bind;
')
########################################
## <summary>
## Bind TCP sockets to generic nodes.
## </summary>
## <desc>
## <p>
## Bind TCP sockets to generic nodes. This is
## necessary for binding a socket so it
## can be used for servers to listen
## for incoming connections.
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>corenet_udp_bind_generic_node()</li>
## </ul>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="1"/>
#
interface(`corenet_tcp_bind_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:tcp_socket node_bind;
')
########################################
## <summary>
## Bind UDP sockets to generic nodes.
## </summary>
## <desc>
## <p>
## Bind UDP sockets to generic nodes. This is
## necessary for binding a socket so it
## can be used for servers to listen
## for incoming connections.
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>corenet_tcp_bind_generic_node()</li>
## </ul>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="1"/>
#
interface(`corenet_udp_bind_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:udp_socket node_bind;
')
########################################
## <summary>
## Dontaudit attempts to bind TCP sockets to generic nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="read" weight="1"/>
#
interface(`corenet_dontaudit_tcp_bind_generic_node',`
gen_require(`
type node_t;
')
dontaudit $1 node_t:tcp_socket node_bind;
')
########################################
## <summary>
## Dontaudit attempts to bind UDP sockets to generic nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="read" weight="1"/>
#
interface(`corenet_dontaudit_udp_bind_generic_node',`
gen_require(`
type node_t;
')
dontaudit $1 node_t:udp_socket node_bind;
')
########################################
## <summary>
## Bind raw sockets to genric nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
# rawip_socket node_bind does not make much sense.
# cjp: vmware hits this too
interface(`corenet_raw_bind_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:rawip_socket node_bind;
')
########################################
## <summary>
## Allow outgoing network traffic to generic nodes.
## </summary>
## <param name="domain">
## <summary>
## The peer label of the outgoing network traffic.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_out_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:node sendto;
')
########################################
## <summary>
## Allow incoming network traffic from generic nodes.
## </summary>
## <param name="domain">
## <summary>
## The peer label of the incoming network traffic.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_in_generic_node',`
gen_require(`
type node_t;
')
allow $1 node_t:node recvfrom;
')
########################################
## <summary>
## Allow incoming and outgoing network traffic with generic nodes.
## </summary>
## <param name="domain">
## <summary>
## The peer label of the network traffic.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_inout_generic_node',`
corenet_in_generic_node($1)
corenet_out_generic_node($1)
')
########################################
## <summary>
## Send and receive DCCP network traffic on all nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_sendrecv_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:node { dccp_send dccp_recv sendto recvfrom };
')
########################################
## <summary>
## Send and receive TCP network traffic on all nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_sendrecv_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:node { tcp_send tcp_recv sendto recvfrom };
')
########################################
## <summary>
## Send UDP network traffic on all nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_send_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:node { udp_send sendto };
')
########################################
## <summary>
## Do not audit attempts to send UDP network
## traffic on any nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_send_all_nodes',`
gen_require(`
attribute node_type;
')
dontaudit $1 node_type:node { udp_send sendto };
')
########################################
## <summary>
## Send and receive SCTP network traffic on all nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sctp_sendrecv_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:node { sendto recvfrom };
')
########################################
## <summary>
## Receive UDP network traffic on all nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_receive_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:node { udp_recv recvfrom };
')
########################################
## <summary>
## Do not audit attempts to receive UDP
## network traffic on all nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_receive_all_nodes',`
gen_require(`
attribute node_type;
')
dontaudit $1 node_type:node { udp_recv recvfrom };
')
########################################
## <summary>
## Send and receive UDP network traffic on all nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_sendrecv_all_nodes',`
corenet_udp_send_all_nodes($1)
corenet_udp_receive_all_nodes($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive UDP
## network traffic on any nodes nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_sendrecv_all_nodes',`
corenet_dontaudit_udp_send_all_nodes($1)
corenet_dontaudit_udp_receive_all_nodes($1)
')
########################################
## <summary>
## Send raw IP packets on all nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_raw_send_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:node { rawip_send sendto };
')
########################################
## <summary>
## Receive raw IP packets on all nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_raw_receive_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:node { rawip_recv recvfrom };
')
########################################
## <summary>
## Send and receive raw IP packets on all nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_raw_sendrecv_all_nodes',`
corenet_raw_send_all_nodes($1)
corenet_raw_receive_all_nodes($1)
')
########################################
## <summary>
## Bind DCCP sockets to all nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_bind_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:dccp_socket node_bind;
')
########################################
## <summary>
## Bind TCP sockets to all nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_bind_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:tcp_socket node_bind;
')
########################################
## <summary>
## Bind UDP sockets to all nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_bind_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:udp_socket node_bind;
')
########################################
## <summary>
## Bind raw sockets to all nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
# rawip_socket node_bind does not make much sense.
# cjp: vmware hits this too
interface(`corenet_raw_bind_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:rawip_socket node_bind;
')
########################################
## <summary>
## Send and receive DCCP network traffic on generic ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_sendrecv_generic_port',`
gen_require(`
type port_t, unreserved_port_t, ephemeral_port_t;
')
allow $1 { port_t unreserved_port_t ephemeral_port_t }:dccp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send and receive TCP network traffic on generic ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_sendrecv_generic_port',`
gen_require(`
type port_t, unreserved_port_t, ephemeral_port_t;
')
allow $1 { port_t unreserved_port_t ephemeral_port_t }:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Do not audit attempts to send and
## receive DCCP network traffic on
## generic ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_dccp_sendrecv_generic_port',`
gen_require(`
type port_t, unreserved_port_t, ephemeral_port_t;
')
dontaudit $1 { port_t unreserved_port_t ephemeral_port_t }:dccp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Bind SCTP sockets to all nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sctp_bind_all_nodes',`
gen_require(`
attribute node_type;
')
allow $1 node_type:sctp_socket node_bind;
')
########################################
## <summary>
## Do not audit send and receive TCP network traffic on generic ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_sendrecv_generic_port',`
gen_require(`
type port_t, unreserved_port_t, ephemeral_port_t;
')
dontaudit $1 { port_t unreserved_port_t ephemeral_port_t }:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP network traffic on generic ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_send_generic_port',`
gen_require(`
type port_t, unreserved_port_t, ephemeral_port_t;
')
allow $1 { port_t unreserved_port_t ephemeral_port_t }:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP network traffic on generic ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_receive_generic_port',`
gen_require(`
type port_t, unreserved_port_t, ephemeral_port_t;
')
allow $1 { port_t unreserved_port_t ephemeral_port_t }:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP network traffic on generic ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_sendrecv_generic_port',`
corenet_udp_send_generic_port($1)
corenet_udp_receive_generic_port($1)
')
########################################
## <summary>
## Bind DCCP sockets to generic ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_bind_generic_port',`
gen_require(`
type port_t, unreserved_port_t, ephemeral_port_t;
attribute defined_port_type;
')
allow $1 { port_t unreserved_port_t ephemeral_port_t }:dccp_socket name_bind;
dontaudit $1 defined_port_type:dccp_socket name_bind;
')
########################################
## <summary>
## Bind TCP sockets to generic ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_bind_generic_port',`
gen_require(`
type port_t, unreserved_port_t, ephemeral_port_t;
attribute defined_port_type;
')
allow $1 { port_t unreserved_port_t ephemeral_port_t }:tcp_socket name_bind;
dontaudit $1 defined_port_type:tcp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to bind DCCP
## sockets to generic ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_dccp_bind_generic_port',`
gen_require(`
type port_t, unreserved_port_t, ephemeral_port_t;
')
dontaudit $1 { port_t unreserved_port_t ephemeral_port_t }:dccp_socket name_bind;
')
########################################
## <summary>
## Do not audit bind TCP sockets to generic ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_bind_generic_port',`
gen_require(`
type port_t, unreserved_port_t, ephemeral_port_t;
')
dontaudit $1 { port_t unreserved_port_t ephemeral_port_t }:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to generic ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_bind_generic_port',`
gen_require(`
type port_t, unreserved_port_t, ephemeral_port_t;
attribute defined_port_type;
')
allow $1 { port_t unreserved_port_t ephemeral_port_t }:udp_socket name_bind;
dontaudit $1 defined_port_type:udp_socket name_bind;
')
########################################
## <summary>
## Connect DCCP sockets to generic ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_connect_generic_port',`
gen_require(`
type port_t, unreserved_port_t,ephemeral_port_t;
')
allow $1 { port_t unreserved_port_t ephemeral_port_t }:dccp_socket name_connect;
')
########################################
## <summary>
## Connect TCP sockets to generic ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_generic_port',`
gen_require(`
type port_t, unreserved_port_t, ephemeral_port_t;
')
allow $1 { port_t unreserved_port_t ephemeral_port_t }:tcp_socket name_connect;
')
########################################
## <summary>
## Send and receive DCCP network traffic on all ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_sendrecv_all_ports',`
gen_require(`
attribute port_type;
')
allow $1 port_type:dccp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send and receive TCP network traffic on all ports.
## </summary>
## <desc>
## <p>
## Send and receive TCP network traffic on all ports.
## Related interfaces:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_tcp_sendrecv_generic_if()</li>
## <li>corenet_tcp_sendrecv_generic_node()</li>
## <li>corenet_tcp_connect_all_ports()</li>
## <li>corenet_tcp_bind_all_ports()</li>
## </ul>
## <p>
## Example client being able to connect to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:tcp_socket create_stream_socket_perms;
## corenet_tcp_sendrecv_generic_if(myclient_t)
## corenet_tcp_sendrecv_generic_node(myclient_t)
## corenet_tcp_sendrecv_all_ports(myclient_t)
## corenet_tcp_connect_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_all_ports',`
gen_require(`
attribute port_type;
')
allow $1 port_type:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP network traffic on all ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_send_all_ports',`
gen_require(`
attribute port_type;
')
allow $1 port_type:udp_socket send_msg;
')
########################################
## <summary>
## Bind rawip sockets to unreserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_rawip_bind_unreserved_port',`
gen_require(`
type unreserved_port_t;
')
allow $1 unreserved_port_t:rawip_socket name_bind;
')
########################################
## <summary>
## Bind SCTP sockets to generic ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sctp_bind_generic_port',`
gen_require(`
type port_t, unreserved_port_t, ephemeral_port_t;
attribute defined_port_type;
')
allow $1 { port_t unreserved_port_t ephemeral_port_t }:sctp_socket name_bind;
dontaudit $1 defined_port_type:sctp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to bind SCTP
## sockets to generic ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_sctp_bind_generic_port',`
gen_require(`
type port_t, unreserved_port_t, ephemeral_port_t;
')
dontaudit $1 { port_t unreserved_port_t ephemeral_port_t }:sctp_socket name_bind;
')
########################################
## <summary>
## Do not audit attepts to bind SCTP sockets to any ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_sctp_bind_all_ports',`
gen_require(`
attribute port_type;
')
dontaudit $1 port_type:sctp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to connect SCTP sockets
## to all ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_sctp_connect_all_ports',`
gen_require(`
attribute port_type;
')
dontaudit $1 port_type:sctp_socket name_connect;
')
########################################
## <summary>
## Connect SCTP sockets to all ports > 1024.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sctp_connect_all_unreserved_ports',`
gen_require(`
attribute unreserved_port_type;
')
allow $1 unreserved_port_type:sctp_socket name_connect;
')
########################################
## <summary>
## Connect SCTP sockets to all ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sctp_connect_all_ports',`
gen_require(`
attribute port_type;
')
allow $1 port_type:sctp_socket name_connect;
')
########################################
## <summary>
## Bind SCTP sockets to all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sctp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
allow $1 reserved_port_type:sctp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Receive UDP network traffic on all ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_receive_all_ports',`
gen_require(`
attribute port_type;
')
allow $1 port_type:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP network traffic on all ports.
## </summary>
## <desc>
## <p>
## Send and receive UDP network traffic on all ports.
## Related interfaces:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_udp_sendrecv_generic_if()</li>
## <li>corenet_udp_sendrecv_generic_node()</li>
## <li>corenet_udp_bind_all_ports()</li>
## </ul>
## <p>
## Example client being able to send to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:udp_socket create_socket_perms;
## corenet_udp_sendrecv_generic_if(myclient_t)
## corenet_udp_sendrecv_generic_node(myclient_t)
## corenet_udp_sendrecv_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_all_ports',`
corenet_udp_send_all_ports($1)
corenet_udp_receive_all_ports($1)
')
########################################
## <summary>
## Bind DCCP sockets to all ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_bind_all_ports',`
gen_require(`
attribute port_type;
')
allow $1 port_type:dccp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind TCP sockets to all ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_bind_all_ports',`
gen_require(`
attribute port_type;
')
allow $1 port_type:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attepts to bind DCCP sockets to any ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_dccp_bind_all_ports',`
gen_require(`
attribute port_type;
')
dontaudit $1 port_type:dccp_socket name_bind;
')
########################################
## <summary>
## Do not audit attepts to bind TCP sockets to any ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_bind_all_ports',`
gen_require(`
attribute port_type;
')
dontaudit $1 port_type:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to all ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_bind_all_ports',`
gen_require(`
attribute port_type;
')
allow $1 port_type:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Connect SCTP sockets to generic ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sctp_connect_generic_port',`
gen_require(`
type port_t, unreserved_port_t,ephemeral_port_t;
')
allow $1 { port_t unreserved_port_t ephemeral_port_t }:sctp_socket name_connect;
')
########################################
## <summary>
## Do not audit attepts to bind UDP sockets to any ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_bind_all_ports',`
gen_require(`
attribute port_type;
')
dontaudit $1 port_type:udp_socket name_bind;
')
########################################
## <summary>
## Connect DCCP sockets to all ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_connect_all_ports',`
gen_require(`
attribute port_type;
')
allow $1 port_type:dccp_socket name_connect;
')
########################################
## <summary>
## Connect TCP sockets to all ports.
## </summary>
## <desc>
## <p>
## Connect TCP sockets to all ports
## </p>
## <p>
## Related interfaces:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_tcp_sendrecv_generic_if()</li>
## <li>corenet_tcp_sendrecv_generic_node()</li>
## <li>corenet_tcp_sendrecv_all_ports()</li>
## <li>corenet_tcp_bind_all_ports()</li>
## </ul>
## <p>
## Example client being able to connect to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:tcp_socket create_stream_socket_perms;
## corenet_tcp_sendrecv_generic_if(myclient_t)
## corenet_tcp_sendrecv_generic_node(myclient_t)
## corenet_tcp_sendrecv_all_ports(myclient_t)
## corenet_tcp_connect_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="1"/>
#
interface(`corenet_tcp_connect_all_ports',`
gen_require(`
attribute port_type;
')
allow $1 port_type:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to connect DCCP sockets
## to all ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_dccp_connect_all_ports',`
gen_require(`
attribute port_type;
')
dontaudit $1 port_type:dccp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to connect TCP sockets
## to all ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_all_ports',`
gen_require(`
attribute port_type;
')
dontaudit $1 port_type:tcp_socket name_connect;
')
########################################
## <summary>
## Send and receive DCCP network traffic on generic reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_sendrecv_reserved_port',`
gen_require(`
type reserved_port_t;
')
allow $1 reserved_port_t:dccp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send and receive TCP network traffic on generic reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_sendrecv_reserved_port',`
gen_require(`
type reserved_port_t;
')
allow $1 reserved_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP network traffic on generic reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_send_reserved_port',`
gen_require(`
type reserved_port_t;
')
allow $1 reserved_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP network traffic on generic reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_receive_reserved_port',`
gen_require(`
type reserved_port_t;
')
allow $1 reserved_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP network traffic on generic reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_sendrecv_reserved_port',`
corenet_udp_send_reserved_port($1)
corenet_udp_receive_reserved_port($1)
')
########################################
## <summary>
## Bind DCCP sockets to generic reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_bind_reserved_port',`
gen_require(`
type reserved_port_t;
')
allow $1 reserved_port_t:dccp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind TCP sockets to generic reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_bind_reserved_port',`
gen_require(`
type reserved_port_t;
')
allow $1 reserved_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind SCTP sockets to all ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sctp_bind_all_ports',`
gen_require(`
attribute port_type;
')
allow $1 port_type:sctp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to generic reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_bind_reserved_port',`
gen_require(`
type reserved_port_t;
')
allow $1 reserved_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Connect DCCP sockets to generic reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_connect_reserved_port',`
gen_require(`
type reserved_port_t;
')
allow $1 reserved_port_t:dccp_socket name_connect;
')
########################################
## <summary>
## Connect TCP sockets to generic reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_reserved_port',`
gen_require(`
type reserved_port_t;
')
allow $1 reserved_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send and receive DCCP network traffic on all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_sendrecv_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
allow $1 reserved_port_type:dccp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send and receive TCP network traffic on all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_sendrecv_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
allow $1 reserved_port_type:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP network traffic on all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_send_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
allow $1 reserved_port_type:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP network traffic on all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_receive_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
allow $1 reserved_port_type:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP network traffic on all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_sendrecv_all_reserved_ports',`
corenet_udp_send_all_reserved_ports($1)
corenet_udp_receive_all_reserved_ports($1)
')
########################################
## <summary>
## Bind DCCP sockets to all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
allow $1 reserved_port_type:dccp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind TCP sockets to all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
allow $1 reserved_port_type:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to bind DCCP sockets to all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_dccp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
dontaudit $1 reserved_port_type:dccp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to bind TCP sockets to all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
dontaudit $1 reserved_port_type:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
allow $1 reserved_port_type:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to bind UDP sockets to all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
dontaudit $1 reserved_port_type:udp_socket name_bind;
')
########################################
## <summary>
## Bind DCCP sockets to all ports > 1024.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_bind_all_unreserved_ports',`
gen_require(`
attribute unreserved_port_type;
')
allow $1 unreserved_port_type:dccp_socket name_bind;
')
########################################
## <summary>
## Bind TCP sockets to all ports > 1024.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_bind_all_unreserved_ports',`
gen_require(`
attribute unreserved_port_type;
')
allow $1 unreserved_port_type:tcp_socket name_bind;
')
########################################
## <summary>
## Bind TCP sockets to all ports > 1024.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_bind_unreserved_ports',`
gen_require(`
attribute unreserved_port_type;
')
allow $1 unreserved_port_type:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to all ports > 1024.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_bind_all_unreserved_ports',`
gen_require(`
attribute unreserved_port_type;
')
allow $1 unreserved_port_type:udp_socket name_bind;
')
########################################
## <summary>
## Bind TCP sockets to all ports > 32768.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_bind_all_ephemeral_ports',`
gen_require(`
attribute ephemeral_port_type;
')
allow $1 ephemeral_port_type:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to all ports > 32768.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_bind_all_ephemeral_ports',`
gen_require(`
attribute ephemeral_port_type;
')
allow $1 ephemeral_port_type:udp_socket name_bind;
')
########################################
## <summary>
## Connect DCCP sockets to reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_connect_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
allow $1 reserved_port_type:dccp_socket name_connect;
')
########################################
## <summary>
## Connect TCP sockets to reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
allow $1 reserved_port_type:tcp_socket name_connect;
')
########################################
## <summary>
## Connect DCCP sockets to all ports > 1024.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_connect_all_unreserved_ports',`
gen_require(`
attribute unreserved_port_type;
')
allow $1 unreserved_port_type:dccp_socket name_connect;
')
#######################################
## <summary>
## Connect TCP sockets to ports > 1024.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_unreserved_ports',`
gen_require(`
type unreserved_port_t;
')
allow $1 unreserved_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Connect TCP sockets to all ports > 1024.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_all_unreserved_ports',`
gen_require(`
attribute unreserved_port_type;
')
allow $1 unreserved_port_type:tcp_socket name_connect;
')
########################################
## <summary>
## Connect TCP sockets to all ports > 32768.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_all_ephemeral_ports',`
gen_require(`
attribute ephemeral_port_type;
')
allow $1 ephemeral_port_type:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to connect DCCP sockets
## all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_dccp_connect_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
dontaudit $1 reserved_port_type:dccp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to connect TCP sockets
## all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
dontaudit $1 reserved_port_type:tcp_socket name_connect;
')
########################################
## <summary>
## Connect DCCP sockets to rpc ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_connect_all_rpc_ports',`
gen_require(`
attribute rpc_port_type;
')
allow $1 rpc_port_type:dccp_socket name_connect;
')
########################################
## <summary>
## Connect TCP sockets to rpc ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_all_rpc_ports',`
gen_require(`
attribute rpc_port_type;
')
allow $1 rpc_port_type:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to connect DCCP sockets
## all rpc ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_dccp_connect_all_rpc_ports',`
gen_require(`
attribute rpc_port_type;
')
dontaudit $1 rpc_port_type:dccp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to connect TCP sockets
## all rpc ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_all_rpc_ports',`
gen_require(`
attribute rpc_port_type;
')
dontaudit $1 rpc_port_type:tcp_socket name_connect;
')
########################################
## <summary>
## Read and write the TUN/TAP virtual network device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sctp_bind_reserved_port',`
gen_require(`
type reserved_port_t;
')
allow $1 reserved_port_t:sctp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## </summary>
## <param name="domain">
## <summary>
## The domain allowed access.
## </summary>
## </param>
#
interface(`corenet_rw_tun_tap_dev',`
gen_require(`
type tun_tap_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 tun_tap_device_t:chr_file rw_chr_file_perms;
')
########################################
## <summary>
## Relabel to and from the TUN/TAP virtual network device.
## </summary>
## <param name="domain">
## <summary>
## The domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabel_tun_tap_dev',`
gen_require(`
type tun_tap_device_t;
')
relabel_chr_files_pattern($1, tun_tap_device_t, tun_tap_device_t)
')
########################################
## <summary>
## Read and write inherited TUN/TAP virtual network device.
## </summary>
## <param name="domain">
## <summary>
## The domain allowed access.
## </summary>
## </param>
#
interface(`corenet_rw_inherited_tun_tap_dev',`
gen_require(`
type tun_tap_device_t;
')
allow $1 tun_tap_device_t:chr_file rw_inherited_chr_file_perms;
')
########################################
## <summary>
## Connect SCTP sockets to generic reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sctp_connect_reserved_port',`
gen_require(`
type reserved_port_t;
')
allow $1 reserved_port_t:sctp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to read or write the TUN/TAP
## virtual network device.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_rw_tun_tap_dev',`
gen_require(`
type tun_tap_device_t;
')
dontaudit $1 tun_tap_device_t:chr_file { read write };
')
########################################
## <summary>
## Getattr the point-to-point device.
## </summary>
## <param name="domain">
## <summary>
## The domain allowed access.
## </summary>
## </param>
#
interface(`corenet_getattr_ppp_dev',`
gen_require(`
type ppp_device_t;
')
allow $1 ppp_device_t:chr_file getattr;
')
########################################
## <summary>
## Read and write the point-to-point device.
## </summary>
## <param name="domain">
## <summary>
## The domain allowed access.
## </summary>
## </param>
#
interface(`corenet_rw_ppp_dev',`
gen_require(`
type ppp_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 ppp_device_t:chr_file rw_chr_file_perms;
')
########################################
## <summary>
## Bind DCCP sockets to all RPC ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_bind_all_rpc_ports',`
gen_require(`
attribute rpc_port_type;
')
allow $1 rpc_port_type:dccp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind TCP sockets to all RPC ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_bind_all_rpc_ports',`
gen_require(`
attribute rpc_port_type;
')
allow $1 rpc_port_type:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to bind DCCP sockets to all RPC ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_dccp_bind_all_rpc_ports',`
gen_require(`
attribute rpc_port_type;
')
dontaudit $1 rpc_port_type:dccp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to bind TCP sockets to all RPC ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_bind_all_rpc_ports',`
gen_require(`
attribute rpc_port_type;
')
dontaudit $1 rpc_port_type:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to all RPC ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_bind_all_rpc_ports',`
gen_require(`
attribute rpc_port_type;
')
allow $1 rpc_port_type:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to bind UDP sockets to all RPC ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_bind_all_rpc_ports',`
gen_require(`
attribute rpc_port_type;
')
dontaudit $1 rpc_port_type:udp_socket name_bind;
')
########################################
## <summary>
## Send and receive messages on a
## non-encrypted (no IPSEC) network
## session.
## </summary>
## <desc>
## <p>
## Send and receive messages on a
## non-encrypted (no IPSEC) network
## session. (Deprecated)
## </p>
## <p>
## The corenet_all_recvfrom_unlabeled() interface should be used instead
## of this one.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_non_ipsec_sendrecv',`
refpolicywarn(`$0($*) has been deprecated, use corenet_all_recvfrom_unlabeled() instead.')
corenet_all_recvfrom_unlabeled($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## messages on a non-encrypted (no IPSEC) network
## session.
## </summary>
## <desc>
## <p>
## Do not audit attempts to send and receive
## messages on a non-encrypted (no IPSEC) network
## session.
## </p>
## <p>
## The corenet_dontaudit_all_recvfrom_unlabeled() interface should be
## used instead of this one.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_non_ipsec_sendrecv',`
refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_all_recvfrom_unlabeled() instead.')
corenet_dontaudit_all_recvfrom_unlabeled($1)
')
########################################
## <summary>
## Receive TCP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_recv_netlabel',`
refpolicywarn(`$0($*) has been deprecated, use corenet_tcp_recvfrom_netlabel() instead.')
corenet_tcp_recvfrom_netlabel($1)
')
########################################
## <summary>
## Receive DCCP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_recvfrom_netlabel',`
gen_require(`
type netlabel_peer_t;
')
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:dccp_socket recvfrom;
')
########################################
## <summary>
## Receive TCP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_recvfrom_netlabel',`
gen_require(`
type netlabel_peer_t;
')
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:tcp_socket recvfrom;
')
########################################
## <summary>
## Receive DCCP packets from an unlabled connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dccp_recvfrom_unlabeled',`
gen_require(`
attribute corenet_unlabeled_type;
')
kernel_dccp_recvfrom_unlabeled($1)
kernel_recvfrom_unlabeled_peer($1)
typeattribute $1 corenet_unlabeled_type;
# XXX - at some point the oubound/send access check will be removed
# but for right now we need to keep this in place so as not to break
# older systems
kernel_sendrecv_unlabeled_association($1)
')
########################################
## <summary>
## Do not audit attempts to bind SCTP sockets to all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_sctp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
dontaudit $1 reserved_port_type:sctp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to receive TCP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_recv_netlabel',`
refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_tcp_recvfrom_netlabel() instead.')
corenet_dontaudit_tcp_recvfrom_netlabel($1)
')
########################################
## <summary>
## Do not audit attempts to receive DCCP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_dccp_recvfrom_netlabel',`
gen_require(`
type netlabel_peer_t;
')
dontaudit $1 netlabel_peer_t:peer recv;
dontaudit $1 netlabel_peer_t:dccp_socket recvfrom;
')
########################################
## <summary>
## Do not audit attempts to receive TCP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_recvfrom_netlabel',`
gen_require(`
type netlabel_peer_t;
')
dontaudit $1 netlabel_peer_t:peer recv;
dontaudit $1 netlabel_peer_t:tcp_socket recvfrom;
')
########################################
## <summary>
## Do not audit attempts to receive DCCP packets from an unlabeled
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_dccp_recvfrom_unlabeled',`
kernel_dontaudit_dccp_recvfrom_unlabeled($1)
kernel_dontaudit_recvfrom_unlabeled_peer($1)
# XXX - at some point the oubound/send access check will be removed
# but for right now we need to keep this in place so as not to break
# older systems
kernel_dontaudit_sendrecv_unlabeled_association($1)
')
########################################
## <summary>
## Do not audit attempts to receive TCP packets from an unlabeled
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_recvfrom_unlabeled',`
kernel_dontaudit_tcp_recvfrom_unlabeled($1)
kernel_dontaudit_recvfrom_unlabeled_peer($1)
# XXX - at some point the oubound/send access check will be removed
# but for right now we need to keep this in place so as not to break
# older systems
kernel_dontaudit_sendrecv_unlabeled_association($1)
')
########################################
## <summary>
## Receive UDP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_recv_netlabel',`
refpolicywarn(`$0($*) has been deprecated, use corenet_udp_recvfrom_netlabel() instead.')
corenet_udp_recvfrom_netlabel($1)
')
########################################
## <summary>
## Receive UDP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_recvfrom_netlabel',`
gen_require(`
type netlabel_peer_t;
')
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:udp_socket recvfrom;
')
########################################
## <summary>
## Receive UDP packets from an unlabeled connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_udp_recvfrom_unlabeled',`
kernel_udp_recvfrom_unlabeled($1)
kernel_recvfrom_unlabeled_peer($1)
# XXX - at some point the oubound/send access check will be removed
# but for right now we need to keep this in place so as not to break
# older systems
kernel_sendrecv_unlabeled_association($1)
')
########################################
## <summary>
## Bind SCTP sockets to all ports > 1024.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sctp_bind_all_unreserved_ports',`
gen_require(`
attribute unreserved_port_type;
')
allow $1 unreserved_port_type:sctp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to receive UDP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_recv_netlabel',`
refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_udp_recvfrom_netlabel($1) instead.')
corenet_dontaudit_udp_recvfrom_netlabel($1)
')
########################################
## <summary>
## Do not audit attempts to receive UDP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_recvfrom_netlabel',`
gen_require(`
type netlabel_peer_t;
')
dontaudit $1 netlabel_peer_t:peer recv;
dontaudit $1 netlabel_peer_t:udp_socket recvfrom;
')
########################################
## <summary>
## Do not audit attempts to receive UDP packets from an unlabeled
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_udp_recvfrom_unlabeled',`
kernel_dontaudit_udp_recvfrom_unlabeled($1)
kernel_dontaudit_recvfrom_unlabeled_peer($1)
# XXX - at some point the oubound/send access check will be removed
# but for right now we need to keep this in place so as not to break
# older systems
kernel_dontaudit_sendrecv_unlabeled_association($1)
')
########################################
## <summary>
## Receive Raw IP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_raw_recv_netlabel',`
refpolicywarn(`$0($*) has been deprecated, use corenet_raw_recvfrom_netlabel() instead.')
corenet_raw_recvfrom_netlabel($1)
')
########################################
## <summary>
## Receive Raw IP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_raw_recvfrom_netlabel',`
gen_require(`
type netlabel_peer_t;
')
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:rawip_socket recvfrom;
')
########################################
## <summary>
## Receive Raw IP packets from an unlabeled connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_raw_recvfrom_unlabeled',`
kernel_raw_recvfrom_unlabeled($1)
kernel_recvfrom_unlabeled_peer($1)
# XXX - at some point the oubound/send access check will be removed
# but for right now we need to keep this in place so as not to break
# older systems
kernel_sendrecv_unlabeled_association($1)
')
########################################
## <summary>
## Do not audit attempts to receive Raw IP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_raw_recv_netlabel',`
refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_raw_recvfrom_netlabel() instead.')
corenet_dontaudit_raw_recvfrom_netlabel($1)
')
########################################
## <summary>
## Do not audit attempts to receive Raw IP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_raw_recvfrom_netlabel',`
gen_require(`
type netlabel_peer_t;
')
dontaudit $1 netlabel_peer_t:peer recv;
dontaudit $1 netlabel_peer_t:rawip_socket recvfrom;
')
########################################
## <summary>
## Connect SCTP sockets to reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sctp_connect_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
allow $1 reserved_port_type:sctp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to receive Raw IP packets from an unlabeled
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_raw_recvfrom_unlabeled',`
kernel_dontaudit_raw_recvfrom_unlabeled($1)
kernel_dontaudit_recvfrom_unlabeled_peer($1)
# XXX - at some point the oubound/send access check will be removed
# but for right now we need to keep this in place so as not to break
# older systems
kernel_dontaudit_sendrecv_unlabeled_association($1)
')
########################################
## <summary>
## Receive packets from an unlabeled connection.
## </summary>
## <desc>
## <p>
## Allow the specified domain to receive packets from an
## unlabeled connection. On machines that do not utilize
## labeled networking, this will be required on all
## networking domains. On machines tha do utilize
## labeled networking, this will be required for any
## networking domain that is allowed to receive
## network traffic that does not have a label.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_all_recvfrom_unlabeled',`
gen_require(`
attribute corenet_unlabeled_type;
')
typeattribute $1 corenet_unlabeled_type;
')
########################################
## <summary>
## Receive packets from a NetLabel connection.
## </summary>
## <desc>
## <p>
## Allow the specified domain to receive NetLabel
## network traffic, which utilizes the Commercial IP
## Security Option (CIPSO) to set the MLS level
## of the network packets. This is required for
## all networking domains that receive NetLabel
## network traffic.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_all_recvfrom_netlabel',`
gen_require(`
attribute netlabel_peer_type;
')
typeattribute $1 netlabel_peer_type;
')
########################################
## <summary>
## Enable unlabeled net packets
## </summary>
## <desc>
## <p>
## Allow unlabeled_packet_t to be used by all domains that use the network
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_enable_unlabeled_packets',`
gen_require(`
attribute corenet_unlabeled_type;
')
kernel_sendrecv_unlabeled_association(corenet_unlabeled_type)
')
########################################
## <summary>
## Do not audit attempts to receive packets from an unlabeled connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_all_recvfrom_unlabeled',`
kernel_dontaudit_dccp_recvfrom_unlabeled($1)
kernel_dontaudit_tcp_recvfrom_unlabeled($1)
kernel_dontaudit_udp_recvfrom_unlabeled($1)
kernel_dontaudit_raw_recvfrom_unlabeled($1)
kernel_dontaudit_recvfrom_unlabeled_peer($1)
# XXX - at some point the oubound/send access check will be removed
# but for right now we need to keep this in place so as not to break
# older systems
kernel_dontaudit_sendrecv_unlabeled_association($1)
')
########################################
## <summary>
## Do not audit attempts to connect SCTP sockets
## all reserved ports.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_sctp_connect_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
')
dontaudit $1 reserved_port_type:sctp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to receive packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`corenet_dontaudit_all_recvfrom_netlabel',`
gen_require(`
type netlabel_peer_t;
')
dontaudit $1 netlabel_peer_t:peer recv;
dontaudit $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket dccp_socket } recvfrom;
')
########################################
## <summary>
## Rules for receiving labeled DCCP packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="peer_domain">
## <summary>
## Peer domain.
## </summary>
## </param>
#
interface(`corenet_dccp_recvfrom_labeled',`
allow { $1 $2 } self:association sendto;
allow $1 $2:{ association dccp_socket } recvfrom;
allow $2 $1:{ association dccp_socket } recvfrom;
allow $1 $2:peer recv;
allow $2 $1:peer recv;
# allow receiving packets from MLS-only peers using NetLabel
corenet_dccp_recvfrom_netlabel($1)
corenet_dccp_recvfrom_netlabel($2)
')
########################################
## <summary>
## Rules for receiving labeled TCP packets.
## </summary>
## <desc>
## <p>
## Rules for receiving labeled TCP packets.
## </p>
## <p>
## Due to the nature of TCP, this is bidirectional.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="peer_domain">
## <summary>
## Peer domain.
## </summary>
## </param>
#
interface(`corenet_tcp_recvfrom_labeled',`
allow { $1 $2 } self:association sendto;
allow $1 $2:{ association tcp_socket } recvfrom;
allow $2 $1:{ association tcp_socket } recvfrom;
allow $1 $2:peer recv;
allow $2 $1:peer recv;
# allow receiving packets from MLS-only peers using NetLabel
corenet_tcp_recvfrom_netlabel($1)
corenet_tcp_recvfrom_netlabel($2)
')
########################################
## <summary>
## Rules for receiving labeled UDP packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="peer_domain">
## <summary>
## Peer domain.
## </summary>
## </param>
#
interface(`corenet_udp_recvfrom_labeled',`
allow $2 self:association sendto;
allow $1 $2:{ association udp_socket } recvfrom;
allow $1 $2:peer recv;
# allow receiving packets from MLS-only peers using NetLabel
corenet_udp_recvfrom_netlabel($1)
')
########################################
## <summary>
## Rules for receiving labeled raw IP packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="peer_domain">
## <summary>
## Peer domain.
## </summary>
## </param>
#
interface(`corenet_raw_recvfrom_labeled',`
allow $2 self:association sendto;
allow $1 $2:{ association rawip_socket } recvfrom;
allow $1 $2:peer recv;
# allow receiving packets from MLS-only peers using NetLabel
corenet_raw_recvfrom_netlabel($1)
')
########################################
## <summary>
## Rules for receiving labeled packets via TCP, UDP and raw IP.
## </summary>
## <desc>
## <p>
## Rules for receiving labeled packets via TCP, UDP and raw IP.
## </p>
## <p>
## Due to the nature of TCP, the rules (for TCP
## networking only) are bidirectional.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="peer_domain">
## <summary>
## Peer domain.
## </summary>
## </param>
#
interface(`corenet_all_recvfrom_labeled',`
corenet_sctp_recvfrom_labeled($1, $2)
corenet_tcp_recvfrom_labeled($1, $2)
corenet_udp_recvfrom_labeled($1, $2)
corenet_raw_recvfrom_labeled($1, $2)
')
########################################
## <summary>
## Make the specified type usable
## for labeled ipsec.
## </summary>
## <param name="domain">
## <summary>
## Type to be used for labeled ipsec.
## </summary>
## </param>
#
interface(`corenet_setcontext_all_spds',`
gen_require(`
attribute ipsec_spd_type;
')
allow $1 ipsec_spd_type:association setcontext;
')
########################################
## <summary>
## Send generic client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_send_generic_client_packets',`
gen_require(`
type client_packet_t;
')
allow $1 client_packet_t:packet send;
')
########################################
## <summary>
## Receive generic client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_receive_generic_client_packets',`
gen_require(`
type client_packet_t;
')
allow $1 client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive generic client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sendrecv_generic_client_packets',`
corenet_send_generic_client_packets($1)
corenet_receive_generic_client_packets($1)
')
########################################
## <summary>
## Relabel packets to the generic client packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_generic_client_packets',`
gen_require(`
type client_packet_t;
')
allow $1 client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send generic server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_send_generic_server_packets',`
gen_require(`
type server_packet_t;
')
allow $1 server_packet_t:packet send;
')
########################################
## <summary>
## Receive generic server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_receive_generic_server_packets',`
gen_require(`
type server_packet_t;
')
allow $1 server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive generic server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sendrecv_generic_server_packets',`
corenet_send_generic_server_packets($1)
corenet_receive_generic_server_packets($1)
')
########################################
## <summary>
## Relabel packets to the generic server packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_generic_server_packets',`
gen_require(`
type server_packet_t;
')
allow $1 server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive unlabeled packets.
## </summary>
## <desc>
## <p>
## Send and receive unlabeled packets.
## These packets do not match any netfilter
## SECMARK rules.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sendrecv_unlabeled_packets',`
kernel_sendrecv_unlabeled_packets($1)
')
########################################
## <summary>
## Send all client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_send_all_client_packets',`
gen_require(`
attribute client_packet_type;
')
allow $1 client_packet_type:packet send;
')
########################################
## <summary>
## Receive all client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_receive_all_client_packets',`
gen_require(`
attribute client_packet_type;
')
allow $1 client_packet_type:packet recv;
')
########################################
## <summary>
## Send and receive all client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sendrecv_all_client_packets',`
corenet_send_all_client_packets($1)
corenet_receive_all_client_packets($1)
')
########################################
## <summary>
## Relabel packets to any client packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_all_client_packets',`
gen_require(`
attribute client_packet_type;
')
allow $1 client_packet_type:packet relabelto;
')
########################################
## <summary>
## Send all server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_send_all_server_packets',`
gen_require(`
attribute server_packet_type;
')
allow $1 server_packet_type:packet send;
')
########################################
## <summary>
## Receive SCTP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sctp_recvfrom_netlabel',`
gen_require(`
type netlabel_peer_t;
')
allow $1 netlabel_peer_t:peer recv;
')
########################################
## <summary>
## Receive all server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_receive_all_server_packets',`
gen_require(`
attribute server_packet_type;
')
allow $1 server_packet_type:packet recv;
')
########################################
## <summary>
## Send and receive all server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sendrecv_all_server_packets',`
corenet_send_all_server_packets($1)
corenet_receive_all_server_packets($1)
')
########################################
## <summary>
## Relabel packets to any server packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_all_server_packets',`
gen_require(`
attribute server_packet_type;
')
allow $1 server_packet_type:packet relabelto;
')
########################################
## <summary>
## Receive SCTP packets from an unlabled connection.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sctp_recvfrom_unlabeled',`
gen_require(`
attribute corenet_unlabeled_type;
')
kernel_recvfrom_unlabeled_peer($1)
typeattribute $1 corenet_unlabeled_type;
kernel_sendrecv_unlabeled_association($1)
')
########################################
## <summary>
## Send all packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_send_all_packets',`
gen_require(`
attribute packet_type;
')
allow $1 packet_type:packet send;
')
########################################
## <summary>
## Receive all packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_receive_all_packets',`
gen_require(`
attribute packet_type;
')
allow $1 packet_type:packet recv;
')
########################################
## <summary>
## Send and receive all packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sendrecv_all_packets',`
corenet_send_all_packets($1)
corenet_receive_all_packets($1)
')
########################################
## <summary>
## Relabel packets to any packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_all_packets',`
gen_require(`
attribute packet_type;
')
allow $1 packet_type:packet relabelto;
')
########################################
## <summary>
## Unconfined access to network objects.
## </summary>
## <param name="domain">
## <summary>
## The domain allowed access.
## </summary>
## </param>
#
interface(`corenet_unconfined',`
gen_require(`
attribute corenet_unconfined_type;
')
typeattribute $1 corenet_unconfined_type;
')
########################################
## <summary>
## Dontaudit bind tcp sockets to defined ports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_bind_all_defined_ports',`
gen_require(`
attribute defined_port_type;
')
dontaudit $1 defined_port_type:tcp_socket name_bind;
')
########################################
## <summary>
## Create all network named devices with the correct label
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_filetrans_all_named_dev',`
gen_require(`
type tun_tap_device_t;
type ppp_device_t;
')
dev_filetrans($1, tun_tap_device_t, chr_file, "tap0")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap1")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap2")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap3")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap4")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap5")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap6")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap7")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap8")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap9")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap10")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap11")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap12")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap13")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap14")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap15")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap16")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap17")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap18")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap19")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap20")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap21")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap22")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap23")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap24")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap25")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap26")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap27")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap28")
dev_filetrans($1, tun_tap_device_t, chr_file, "tap29")
dev_filetrans($1, ppp_device_t, chr_file, "ppp")
')
########################################
## <summary>
## Define type to be an infiniband pkey type
## </summary>
## <desc>
## <p>
## Define type to be an infiniband pkey type
## </p>
## <p>
## This is for supporting third party modules and its
## use is not allowed in upstream reference policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Type to be used for infiniband pkeys.
## </summary>
## </param>
#
interface(`corenet_ib_pkey',`
gen_require(`
attribute ibpkey_type;
')
typeattribute $1 ibpkey_type;
')
########################################
## <summary>
## Access unlabeled infiniband pkeys.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_ib_access_unlabeled_pkeys',`
kernel_ib_access_unlabeled_pkeys($1)
')
########################################
## <summary>
## Access all labeled infiniband pkeys.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_ib_access_all_pkeys',`
gen_require(`
attribute ibpkey_type;
')
allow $1 ibpkey_type:infiniband_pkey access;
')
########################################
## <summary>
## Define type to be an infiniband endport
## </summary>
## <desc>
## <p>
## Define type to be an infiniband endport
## </p>
## <p>
## This is for supporting third party modules and its
## use is not allowed in upstream reference policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Type to be used for infiniband endports.
## </summary>
## </param>
#
interface(`corenet_ib_endport',`
gen_require(`
attribute ibendport_type;
')
typeattribute $1 ibendport_type;
')
########################################
## <summary>
## Manage subnets on all labeled Infiniband endports
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_ib_manage_subnet_all_endports',`
gen_require(`
attribute ibendport_type;
')
allow $1 ibendport_type:infiniband_endport manage_subnet;
')
########################################
## <summary>
## Rules for receiving labeled SCTP packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="peer_domain">
## <summary>
## Peer domain.
## </summary>
## </param>
#
interface(`corenet_sctp_recvfrom_labeled',`
allow { $1 $2 } self:association sendto;
allow $1 $2:association recvfrom;
allow $2 $1:association recvfrom;
allow $1 $2:peer recv;
allow $2 $1:peer recv;
# allow receiving packets from MLS-only peers using NetLabel
corenet_sctp_recvfrom_netlabel($1)
corenet_sctp_recvfrom_netlabel($2)
')
########################################
## <summary>
## Manage subnet on all unlabeled Infiniband endports
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_ib_manage_subnet_unlabeled_endports',`
kernel_ib_manage_subnet_unlabeled_endports($1)
')
########################################
## <summary>
## Send and receive TCP traffic on the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_afs_bos_port',`
gen_require(`
type afs_bos_port_t;
')
allow $1 afs_bos_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_afs_bos_port',`
gen_require(`
type afs_bos_port_t;
')
allow $1 afs_bos_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_afs_bos_port',`
gen_require(`
type afs_bos_port_t;
')
dontaudit $1 afs_bos_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_afs_bos_port',`
gen_require(`
type afs_bos_port_t;
')
allow $1 afs_bos_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_afs_bos_port',`
gen_require(`
type afs_bos_port_t;
')
dontaudit $1 afs_bos_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_afs_bos_port',`
corenet_udp_send_afs_bos_port($1)
corenet_udp_receive_afs_bos_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_afs_bos_port',`
corenet_dontaudit_udp_send_afs_bos_port($1)
corenet_dontaudit_udp_receive_afs_bos_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_afs_bos_port',`
gen_require(`
type afs_bos_port_t;
')
allow $1 afs_bos_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_afs_bos_port',`
gen_require(`
type afs_bos_port_t;
')
allow $1 afs_bos_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_afs_bos_port',`
gen_require(`
type afs_bos_port_t;
')
dontaudit $1 afs_bos_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_afs_bos_port',`
gen_require(`
type afs_bos_port_t;
')
allow $1 afs_bos_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to afs_bos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_afs_bos_port',`
gen_require(`
type afs_bos_port_t;
')
dontaudit $1 afs_bos_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send afs_bos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_bos_client_packets',`
gen_require(`
type afs_bos_client_packet_t;
')
allow $1 afs_bos_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_bos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_bos_client_packets',`
gen_require(`
type afs_bos_client_packet_t;
')
dontaudit $1 afs_bos_client_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_bos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_bos_client_packets',`
gen_require(`
type afs_bos_client_packet_t;
')
allow $1 afs_bos_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_bos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_bos_client_packets',`
gen_require(`
type afs_bos_client_packet_t;
')
dontaudit $1 afs_bos_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_bos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_bos_client_packets',`
corenet_send_afs_bos_client_packets($1)
corenet_receive_afs_bos_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_bos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_bos_client_packets',`
corenet_dontaudit_send_afs_bos_client_packets($1)
corenet_dontaudit_receive_afs_bos_client_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_bos_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_bos_client_packets',`
gen_require(`
type afs_bos_client_packet_t;
')
allow $1 afs_bos_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send afs_bos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_bos_server_packets',`
gen_require(`
type afs_bos_server_packet_t;
')
allow $1 afs_bos_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_bos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_bos_server_packets',`
gen_require(`
type afs_bos_server_packet_t;
')
dontaudit $1 afs_bos_server_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_bos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_bos_server_packets',`
gen_require(`
type afs_bos_server_packet_t;
')
allow $1 afs_bos_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_bos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_bos_server_packets',`
gen_require(`
type afs_bos_server_packet_t;
')
dontaudit $1 afs_bos_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_bos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_bos_server_packets',`
corenet_send_afs_bos_server_packets($1)
corenet_receive_afs_bos_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_bos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_bos_server_packets',`
corenet_dontaudit_send_afs_bos_server_packets($1)
corenet_dontaudit_receive_afs_bos_server_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_bos_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_bos_server_packets',`
gen_require(`
type afs_bos_server_packet_t;
')
allow $1 afs_bos_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_afs_fs_port',`
gen_require(`
type afs_fs_port_t;
')
allow $1 afs_fs_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_afs_fs_port',`
gen_require(`
type afs_fs_port_t;
')
allow $1 afs_fs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_afs_fs_port',`
gen_require(`
type afs_fs_port_t;
')
dontaudit $1 afs_fs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_afs_fs_port',`
gen_require(`
type afs_fs_port_t;
')
allow $1 afs_fs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_afs_fs_port',`
gen_require(`
type afs_fs_port_t;
')
dontaudit $1 afs_fs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_afs_fs_port',`
corenet_udp_send_afs_fs_port($1)
corenet_udp_receive_afs_fs_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_afs_fs_port',`
corenet_dontaudit_udp_send_afs_fs_port($1)
corenet_dontaudit_udp_receive_afs_fs_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_afs_fs_port',`
gen_require(`
type afs_fs_port_t;
')
allow $1 afs_fs_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_afs_fs_port',`
gen_require(`
type afs_fs_port_t;
')
allow $1 afs_fs_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_afs_fs_port',`
gen_require(`
type afs_fs_port_t;
')
dontaudit $1 afs_fs_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_afs_fs_port',`
gen_require(`
type afs_fs_port_t;
')
allow $1 afs_fs_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to afs_fs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_afs_fs_port',`
gen_require(`
type afs_fs_port_t;
')
dontaudit $1 afs_fs_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send afs_fs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_fs_client_packets',`
gen_require(`
type afs_fs_client_packet_t;
')
allow $1 afs_fs_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_fs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_fs_client_packets',`
gen_require(`
type afs_fs_client_packet_t;
')
dontaudit $1 afs_fs_client_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_fs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_fs_client_packets',`
gen_require(`
type afs_fs_client_packet_t;
')
allow $1 afs_fs_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_fs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_fs_client_packets',`
gen_require(`
type afs_fs_client_packet_t;
')
dontaudit $1 afs_fs_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_fs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_fs_client_packets',`
corenet_send_afs_fs_client_packets($1)
corenet_receive_afs_fs_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_fs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_fs_client_packets',`
corenet_dontaudit_send_afs_fs_client_packets($1)
corenet_dontaudit_receive_afs_fs_client_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_fs_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_fs_client_packets',`
gen_require(`
type afs_fs_client_packet_t;
')
allow $1 afs_fs_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send afs_fs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_fs_server_packets',`
gen_require(`
type afs_fs_server_packet_t;
')
allow $1 afs_fs_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_fs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_fs_server_packets',`
gen_require(`
type afs_fs_server_packet_t;
')
dontaudit $1 afs_fs_server_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_fs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_fs_server_packets',`
gen_require(`
type afs_fs_server_packet_t;
')
allow $1 afs_fs_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_fs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_fs_server_packets',`
gen_require(`
type afs_fs_server_packet_t;
')
dontaudit $1 afs_fs_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_fs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_fs_server_packets',`
corenet_send_afs_fs_server_packets($1)
corenet_receive_afs_fs_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_fs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_fs_server_packets',`
corenet_dontaudit_send_afs_fs_server_packets($1)
corenet_dontaudit_receive_afs_fs_server_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_fs_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_fs_server_packets',`
gen_require(`
type afs_fs_server_packet_t;
')
allow $1 afs_fs_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_afs_ka_port',`
gen_require(`
type afs_ka_port_t;
')
allow $1 afs_ka_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_afs_ka_port',`
gen_require(`
type afs_ka_port_t;
')
allow $1 afs_ka_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_afs_ka_port',`
gen_require(`
type afs_ka_port_t;
')
dontaudit $1 afs_ka_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_afs_ka_port',`
gen_require(`
type afs_ka_port_t;
')
allow $1 afs_ka_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_afs_ka_port',`
gen_require(`
type afs_ka_port_t;
')
dontaudit $1 afs_ka_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_afs_ka_port',`
corenet_udp_send_afs_ka_port($1)
corenet_udp_receive_afs_ka_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_afs_ka_port',`
corenet_dontaudit_udp_send_afs_ka_port($1)
corenet_dontaudit_udp_receive_afs_ka_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_afs_ka_port',`
gen_require(`
type afs_ka_port_t;
')
allow $1 afs_ka_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_afs_ka_port',`
gen_require(`
type afs_ka_port_t;
')
allow $1 afs_ka_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_afs_ka_port',`
gen_require(`
type afs_ka_port_t;
')
dontaudit $1 afs_ka_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_afs_ka_port',`
gen_require(`
type afs_ka_port_t;
')
allow $1 afs_ka_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to afs_ka port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_afs_ka_port',`
gen_require(`
type afs_ka_port_t;
')
dontaudit $1 afs_ka_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send afs_ka_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_ka_client_packets',`
gen_require(`
type afs_ka_client_packet_t;
')
allow $1 afs_ka_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_ka_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_ka_client_packets',`
gen_require(`
type afs_ka_client_packet_t;
')
dontaudit $1 afs_ka_client_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_ka_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_ka_client_packets',`
gen_require(`
type afs_ka_client_packet_t;
')
allow $1 afs_ka_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_ka_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_ka_client_packets',`
gen_require(`
type afs_ka_client_packet_t;
')
dontaudit $1 afs_ka_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_ka_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_ka_client_packets',`
corenet_send_afs_ka_client_packets($1)
corenet_receive_afs_ka_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_ka_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_ka_client_packets',`
corenet_dontaudit_send_afs_ka_client_packets($1)
corenet_dontaudit_receive_afs_ka_client_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_ka_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_ka_client_packets',`
gen_require(`
type afs_ka_client_packet_t;
')
allow $1 afs_ka_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send afs_ka_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_ka_server_packets',`
gen_require(`
type afs_ka_server_packet_t;
')
allow $1 afs_ka_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_ka_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_ka_server_packets',`
gen_require(`
type afs_ka_server_packet_t;
')
dontaudit $1 afs_ka_server_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_ka_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_ka_server_packets',`
gen_require(`
type afs_ka_server_packet_t;
')
allow $1 afs_ka_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_ka_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_ka_server_packets',`
gen_require(`
type afs_ka_server_packet_t;
')
dontaudit $1 afs_ka_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_ka_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_ka_server_packets',`
corenet_send_afs_ka_server_packets($1)
corenet_receive_afs_ka_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_ka_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_ka_server_packets',`
corenet_dontaudit_send_afs_ka_server_packets($1)
corenet_dontaudit_receive_afs_ka_server_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_ka_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_ka_server_packets',`
gen_require(`
type afs_ka_server_packet_t;
')
allow $1 afs_ka_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_afs_pt_port',`
gen_require(`
type afs_pt_port_t;
')
allow $1 afs_pt_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_afs_pt_port',`
gen_require(`
type afs_pt_port_t;
')
allow $1 afs_pt_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_afs_pt_port',`
gen_require(`
type afs_pt_port_t;
')
dontaudit $1 afs_pt_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_afs_pt_port',`
gen_require(`
type afs_pt_port_t;
')
allow $1 afs_pt_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_afs_pt_port',`
gen_require(`
type afs_pt_port_t;
')
dontaudit $1 afs_pt_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_afs_pt_port',`
corenet_udp_send_afs_pt_port($1)
corenet_udp_receive_afs_pt_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_afs_pt_port',`
corenet_dontaudit_udp_send_afs_pt_port($1)
corenet_dontaudit_udp_receive_afs_pt_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_afs_pt_port',`
gen_require(`
type afs_pt_port_t;
')
allow $1 afs_pt_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_afs_pt_port',`
gen_require(`
type afs_pt_port_t;
')
allow $1 afs_pt_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_afs_pt_port',`
gen_require(`
type afs_pt_port_t;
')
dontaudit $1 afs_pt_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_afs_pt_port',`
gen_require(`
type afs_pt_port_t;
')
allow $1 afs_pt_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to afs_pt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_afs_pt_port',`
gen_require(`
type afs_pt_port_t;
')
dontaudit $1 afs_pt_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send afs_pt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_pt_client_packets',`
gen_require(`
type afs_pt_client_packet_t;
')
allow $1 afs_pt_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_pt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_pt_client_packets',`
gen_require(`
type afs_pt_client_packet_t;
')
dontaudit $1 afs_pt_client_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_pt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_pt_client_packets',`
gen_require(`
type afs_pt_client_packet_t;
')
allow $1 afs_pt_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_pt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_pt_client_packets',`
gen_require(`
type afs_pt_client_packet_t;
')
dontaudit $1 afs_pt_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_pt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_pt_client_packets',`
corenet_send_afs_pt_client_packets($1)
corenet_receive_afs_pt_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_pt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_pt_client_packets',`
corenet_dontaudit_send_afs_pt_client_packets($1)
corenet_dontaudit_receive_afs_pt_client_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_pt_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_pt_client_packets',`
gen_require(`
type afs_pt_client_packet_t;
')
allow $1 afs_pt_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send afs_pt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_pt_server_packets',`
gen_require(`
type afs_pt_server_packet_t;
')
allow $1 afs_pt_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_pt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_pt_server_packets',`
gen_require(`
type afs_pt_server_packet_t;
')
dontaudit $1 afs_pt_server_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_pt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_pt_server_packets',`
gen_require(`
type afs_pt_server_packet_t;
')
allow $1 afs_pt_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_pt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_pt_server_packets',`
gen_require(`
type afs_pt_server_packet_t;
')
dontaudit $1 afs_pt_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_pt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_pt_server_packets',`
corenet_send_afs_pt_server_packets($1)
corenet_receive_afs_pt_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_pt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_pt_server_packets',`
corenet_dontaudit_send_afs_pt_server_packets($1)
corenet_dontaudit_receive_afs_pt_server_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_pt_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_pt_server_packets',`
gen_require(`
type afs_pt_server_packet_t;
')
allow $1 afs_pt_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_afs_vl_port',`
gen_require(`
type afs_vl_port_t;
')
allow $1 afs_vl_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_afs_vl_port',`
gen_require(`
type afs_vl_port_t;
')
allow $1 afs_vl_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_afs_vl_port',`
gen_require(`
type afs_vl_port_t;
')
dontaudit $1 afs_vl_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_afs_vl_port',`
gen_require(`
type afs_vl_port_t;
')
allow $1 afs_vl_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_afs_vl_port',`
gen_require(`
type afs_vl_port_t;
')
dontaudit $1 afs_vl_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_afs_vl_port',`
corenet_udp_send_afs_vl_port($1)
corenet_udp_receive_afs_vl_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_afs_vl_port',`
corenet_dontaudit_udp_send_afs_vl_port($1)
corenet_dontaudit_udp_receive_afs_vl_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_afs_vl_port',`
gen_require(`
type afs_vl_port_t;
')
allow $1 afs_vl_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_afs_vl_port',`
gen_require(`
type afs_vl_port_t;
')
allow $1 afs_vl_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_afs_vl_port',`
gen_require(`
type afs_vl_port_t;
')
dontaudit $1 afs_vl_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_afs_vl_port',`
gen_require(`
type afs_vl_port_t;
')
allow $1 afs_vl_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to afs_vl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_afs_vl_port',`
gen_require(`
type afs_vl_port_t;
')
dontaudit $1 afs_vl_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send afs_vl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_vl_client_packets',`
gen_require(`
type afs_vl_client_packet_t;
')
allow $1 afs_vl_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_vl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_vl_client_packets',`
gen_require(`
type afs_vl_client_packet_t;
')
dontaudit $1 afs_vl_client_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_vl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_vl_client_packets',`
gen_require(`
type afs_vl_client_packet_t;
')
allow $1 afs_vl_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_vl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_vl_client_packets',`
gen_require(`
type afs_vl_client_packet_t;
')
dontaudit $1 afs_vl_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_vl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_vl_client_packets',`
corenet_send_afs_vl_client_packets($1)
corenet_receive_afs_vl_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_vl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_vl_client_packets',`
corenet_dontaudit_send_afs_vl_client_packets($1)
corenet_dontaudit_receive_afs_vl_client_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_vl_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_vl_client_packets',`
gen_require(`
type afs_vl_client_packet_t;
')
allow $1 afs_vl_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send afs_vl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs_vl_server_packets',`
gen_require(`
type afs_vl_server_packet_t;
')
allow $1 afs_vl_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs_vl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs_vl_server_packets',`
gen_require(`
type afs_vl_server_packet_t;
')
dontaudit $1 afs_vl_server_packet_t:packet send;
')
########################################
## <summary>
## Receive afs_vl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs_vl_server_packets',`
gen_require(`
type afs_vl_server_packet_t;
')
allow $1 afs_vl_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs_vl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs_vl_server_packets',`
gen_require(`
type afs_vl_server_packet_t;
')
dontaudit $1 afs_vl_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs_vl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs_vl_server_packets',`
corenet_send_afs_vl_server_packets($1)
corenet_receive_afs_vl_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs_vl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs_vl_server_packets',`
corenet_dontaudit_send_afs_vl_server_packets($1)
corenet_dontaudit_receive_afs_vl_server_packets($1)
')
########################################
## <summary>
## Relabel packets to afs_vl_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs_vl_server_packets',`
gen_require(`
type afs_vl_server_packet_t;
')
allow $1 afs_vl_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the afs3_callback port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_afs3_callback_port',`
gen_require(`
type afs3_callback_port_t;
')
allow $1 afs3_callback_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the afs3_callback port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_afs3_callback_port',`
gen_require(`
type afs3_callback_port_t;
')
allow $1 afs3_callback_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the afs3_callback port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_afs3_callback_port',`
gen_require(`
type afs3_callback_port_t;
')
dontaudit $1 afs3_callback_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the afs3_callback port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_afs3_callback_port',`
gen_require(`
type afs3_callback_port_t;
')
allow $1 afs3_callback_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the afs3_callback port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_afs3_callback_port',`
gen_require(`
type afs3_callback_port_t;
')
dontaudit $1 afs3_callback_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the afs3_callback port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_afs3_callback_port',`
corenet_udp_send_afs3_callback_port($1)
corenet_udp_receive_afs3_callback_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the afs3_callback port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_afs3_callback_port',`
corenet_dontaudit_udp_send_afs3_callback_port($1)
corenet_dontaudit_udp_receive_afs3_callback_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the afs3_callback port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_afs3_callback_port',`
gen_require(`
type afs3_callback_port_t;
')
allow $1 afs3_callback_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the afs3_callback port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_afs3_callback_port',`
gen_require(`
type afs3_callback_port_t;
')
allow $1 afs3_callback_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to afs3_callback port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_afs3_callback_port',`
gen_require(`
type afs3_callback_port_t;
')
dontaudit $1 afs3_callback_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the afs3_callback port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_afs3_callback_port',`
gen_require(`
type afs3_callback_port_t;
')
allow $1 afs3_callback_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to afs3_callback port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_afs3_callback_port',`
gen_require(`
type afs3_callback_port_t;
')
dontaudit $1 afs3_callback_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send afs3_callback_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs3_callback_client_packets',`
gen_require(`
type afs3_callback_client_packet_t;
')
allow $1 afs3_callback_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs3_callback_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs3_callback_client_packets',`
gen_require(`
type afs3_callback_client_packet_t;
')
dontaudit $1 afs3_callback_client_packet_t:packet send;
')
########################################
## <summary>
## Receive afs3_callback_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs3_callback_client_packets',`
gen_require(`
type afs3_callback_client_packet_t;
')
allow $1 afs3_callback_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs3_callback_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs3_callback_client_packets',`
gen_require(`
type afs3_callback_client_packet_t;
')
dontaudit $1 afs3_callback_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs3_callback_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs3_callback_client_packets',`
corenet_send_afs3_callback_client_packets($1)
corenet_receive_afs3_callback_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs3_callback_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs3_callback_client_packets',`
corenet_dontaudit_send_afs3_callback_client_packets($1)
corenet_dontaudit_receive_afs3_callback_client_packets($1)
')
########################################
## <summary>
## Relabel packets to afs3_callback_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs3_callback_client_packets',`
gen_require(`
type afs3_callback_client_packet_t;
')
allow $1 afs3_callback_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send afs3_callback_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_afs3_callback_server_packets',`
gen_require(`
type afs3_callback_server_packet_t;
')
allow $1 afs3_callback_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send afs3_callback_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_afs3_callback_server_packets',`
gen_require(`
type afs3_callback_server_packet_t;
')
dontaudit $1 afs3_callback_server_packet_t:packet send;
')
########################################
## <summary>
## Receive afs3_callback_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_afs3_callback_server_packets',`
gen_require(`
type afs3_callback_server_packet_t;
')
allow $1 afs3_callback_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive afs3_callback_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_afs3_callback_server_packets',`
gen_require(`
type afs3_callback_server_packet_t;
')
dontaudit $1 afs3_callback_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive afs3_callback_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_afs3_callback_server_packets',`
corenet_send_afs3_callback_server_packets($1)
corenet_receive_afs3_callback_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive afs3_callback_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_afs3_callback_server_packets',`
corenet_dontaudit_send_afs3_callback_server_packets($1)
corenet_dontaudit_receive_afs3_callback_server_packets($1)
')
########################################
## <summary>
## Relabel packets to afs3_callback_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_afs3_callback_server_packets',`
gen_require(`
type afs3_callback_server_packet_t;
')
allow $1 afs3_callback_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_agentx_port',`
gen_require(`
type agentx_port_t;
')
allow $1 agentx_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_agentx_port',`
gen_require(`
type agentx_port_t;
')
allow $1 agentx_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_agentx_port',`
gen_require(`
type agentx_port_t;
')
dontaudit $1 agentx_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_agentx_port',`
gen_require(`
type agentx_port_t;
')
allow $1 agentx_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_agentx_port',`
gen_require(`
type agentx_port_t;
')
dontaudit $1 agentx_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_agentx_port',`
corenet_udp_send_agentx_port($1)
corenet_udp_receive_agentx_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_agentx_port',`
corenet_dontaudit_udp_send_agentx_port($1)
corenet_dontaudit_udp_receive_agentx_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_agentx_port',`
gen_require(`
type agentx_port_t;
')
allow $1 agentx_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_agentx_port',`
gen_require(`
type agentx_port_t;
')
allow $1 agentx_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_agentx_port',`
gen_require(`
type agentx_port_t;
')
dontaudit $1 agentx_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_agentx_port',`
gen_require(`
type agentx_port_t;
')
allow $1 agentx_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to agentx port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_agentx_port',`
gen_require(`
type agentx_port_t;
')
dontaudit $1 agentx_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send agentx_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_agentx_client_packets',`
gen_require(`
type agentx_client_packet_t;
')
allow $1 agentx_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send agentx_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_agentx_client_packets',`
gen_require(`
type agentx_client_packet_t;
')
dontaudit $1 agentx_client_packet_t:packet send;
')
########################################
## <summary>
## Receive agentx_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_agentx_client_packets',`
gen_require(`
type agentx_client_packet_t;
')
allow $1 agentx_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive agentx_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_agentx_client_packets',`
gen_require(`
type agentx_client_packet_t;
')
dontaudit $1 agentx_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive agentx_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_agentx_client_packets',`
corenet_send_agentx_client_packets($1)
corenet_receive_agentx_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive agentx_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_agentx_client_packets',`
corenet_dontaudit_send_agentx_client_packets($1)
corenet_dontaudit_receive_agentx_client_packets($1)
')
########################################
## <summary>
## Relabel packets to agentx_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_agentx_client_packets',`
gen_require(`
type agentx_client_packet_t;
')
allow $1 agentx_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send agentx_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_agentx_server_packets',`
gen_require(`
type agentx_server_packet_t;
')
allow $1 agentx_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send agentx_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_agentx_server_packets',`
gen_require(`
type agentx_server_packet_t;
')
dontaudit $1 agentx_server_packet_t:packet send;
')
########################################
## <summary>
## Receive agentx_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_agentx_server_packets',`
gen_require(`
type agentx_server_packet_t;
')
allow $1 agentx_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive agentx_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_agentx_server_packets',`
gen_require(`
type agentx_server_packet_t;
')
dontaudit $1 agentx_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive agentx_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_agentx_server_packets',`
corenet_send_agentx_server_packets($1)
corenet_receive_agentx_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive agentx_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_agentx_server_packets',`
corenet_dontaudit_send_agentx_server_packets($1)
corenet_dontaudit_receive_agentx_server_packets($1)
')
########################################
## <summary>
## Relabel packets to agentx_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_agentx_server_packets',`
gen_require(`
type agentx_server_packet_t;
')
allow $1 agentx_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_amanda_port',`
gen_require(`
type amanda_port_t;
')
allow $1 amanda_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_amanda_port',`
gen_require(`
type amanda_port_t;
')
allow $1 amanda_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_amanda_port',`
gen_require(`
type amanda_port_t;
')
dontaudit $1 amanda_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_amanda_port',`
gen_require(`
type amanda_port_t;
')
allow $1 amanda_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_amanda_port',`
gen_require(`
type amanda_port_t;
')
dontaudit $1 amanda_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_amanda_port',`
corenet_udp_send_amanda_port($1)
corenet_udp_receive_amanda_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_amanda_port',`
corenet_dontaudit_udp_send_amanda_port($1)
corenet_dontaudit_udp_receive_amanda_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_amanda_port',`
gen_require(`
type amanda_port_t;
')
allow $1 amanda_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_amanda_port',`
gen_require(`
type amanda_port_t;
')
allow $1 amanda_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_amanda_port',`
gen_require(`
type amanda_port_t;
')
dontaudit $1 amanda_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_amanda_port',`
gen_require(`
type amanda_port_t;
')
allow $1 amanda_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to amanda port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_amanda_port',`
gen_require(`
type amanda_port_t;
')
dontaudit $1 amanda_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send amanda_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_amanda_client_packets',`
gen_require(`
type amanda_client_packet_t;
')
allow $1 amanda_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send amanda_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_amanda_client_packets',`
gen_require(`
type amanda_client_packet_t;
')
dontaudit $1 amanda_client_packet_t:packet send;
')
########################################
## <summary>
## Receive amanda_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_amanda_client_packets',`
gen_require(`
type amanda_client_packet_t;
')
allow $1 amanda_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive amanda_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_amanda_client_packets',`
gen_require(`
type amanda_client_packet_t;
')
dontaudit $1 amanda_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive amanda_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_amanda_client_packets',`
corenet_send_amanda_client_packets($1)
corenet_receive_amanda_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive amanda_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_amanda_client_packets',`
corenet_dontaudit_send_amanda_client_packets($1)
corenet_dontaudit_receive_amanda_client_packets($1)
')
########################################
## <summary>
## Relabel packets to amanda_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_amanda_client_packets',`
gen_require(`
type amanda_client_packet_t;
')
allow $1 amanda_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send amanda_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_amanda_server_packets',`
gen_require(`
type amanda_server_packet_t;
')
allow $1 amanda_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send amanda_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_amanda_server_packets',`
gen_require(`
type amanda_server_packet_t;
')
dontaudit $1 amanda_server_packet_t:packet send;
')
########################################
## <summary>
## Receive amanda_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_amanda_server_packets',`
gen_require(`
type amanda_server_packet_t;
')
allow $1 amanda_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive amanda_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_amanda_server_packets',`
gen_require(`
type amanda_server_packet_t;
')
dontaudit $1 amanda_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive amanda_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_amanda_server_packets',`
corenet_send_amanda_server_packets($1)
corenet_receive_amanda_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive amanda_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_amanda_server_packets',`
corenet_dontaudit_send_amanda_server_packets($1)
corenet_dontaudit_receive_amanda_server_packets($1)
')
########################################
## <summary>
## Relabel packets to amanda_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_amanda_server_packets',`
gen_require(`
type amanda_server_packet_t;
')
allow $1 amanda_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_amavisd_recv_port',`
gen_require(`
type amavisd_recv_port_t;
')
allow $1 amavisd_recv_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_amavisd_recv_port',`
gen_require(`
type amavisd_recv_port_t;
')
allow $1 amavisd_recv_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_amavisd_recv_port',`
gen_require(`
type amavisd_recv_port_t;
')
dontaudit $1 amavisd_recv_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_amavisd_recv_port',`
gen_require(`
type amavisd_recv_port_t;
')
allow $1 amavisd_recv_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_amavisd_recv_port',`
gen_require(`
type amavisd_recv_port_t;
')
dontaudit $1 amavisd_recv_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_amavisd_recv_port',`
corenet_udp_send_amavisd_recv_port($1)
corenet_udp_receive_amavisd_recv_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_amavisd_recv_port',`
corenet_dontaudit_udp_send_amavisd_recv_port($1)
corenet_dontaudit_udp_receive_amavisd_recv_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_amavisd_recv_port',`
gen_require(`
type amavisd_recv_port_t;
')
allow $1 amavisd_recv_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_amavisd_recv_port',`
gen_require(`
type amavisd_recv_port_t;
')
allow $1 amavisd_recv_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_amavisd_recv_port',`
gen_require(`
type amavisd_recv_port_t;
')
dontaudit $1 amavisd_recv_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_amavisd_recv_port',`
gen_require(`
type amavisd_recv_port_t;
')
allow $1 amavisd_recv_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to amavisd_recv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_amavisd_recv_port',`
gen_require(`
type amavisd_recv_port_t;
')
dontaudit $1 amavisd_recv_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send amavisd_recv_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_amavisd_recv_client_packets',`
gen_require(`
type amavisd_recv_client_packet_t;
')
allow $1 amavisd_recv_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send amavisd_recv_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_amavisd_recv_client_packets',`
gen_require(`
type amavisd_recv_client_packet_t;
')
dontaudit $1 amavisd_recv_client_packet_t:packet send;
')
########################################
## <summary>
## Receive amavisd_recv_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_amavisd_recv_client_packets',`
gen_require(`
type amavisd_recv_client_packet_t;
')
allow $1 amavisd_recv_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive amavisd_recv_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_amavisd_recv_client_packets',`
gen_require(`
type amavisd_recv_client_packet_t;
')
dontaudit $1 amavisd_recv_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive amavisd_recv_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_amavisd_recv_client_packets',`
corenet_send_amavisd_recv_client_packets($1)
corenet_receive_amavisd_recv_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive amavisd_recv_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_amavisd_recv_client_packets',`
corenet_dontaudit_send_amavisd_recv_client_packets($1)
corenet_dontaudit_receive_amavisd_recv_client_packets($1)
')
########################################
## <summary>
## Relabel packets to amavisd_recv_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_amavisd_recv_client_packets',`
gen_require(`
type amavisd_recv_client_packet_t;
')
allow $1 amavisd_recv_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send amavisd_recv_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_amavisd_recv_server_packets',`
gen_require(`
type amavisd_recv_server_packet_t;
')
allow $1 amavisd_recv_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send amavisd_recv_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_amavisd_recv_server_packets',`
gen_require(`
type amavisd_recv_server_packet_t;
')
dontaudit $1 amavisd_recv_server_packet_t:packet send;
')
########################################
## <summary>
## Receive amavisd_recv_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_amavisd_recv_server_packets',`
gen_require(`
type amavisd_recv_server_packet_t;
')
allow $1 amavisd_recv_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive amavisd_recv_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_amavisd_recv_server_packets',`
gen_require(`
type amavisd_recv_server_packet_t;
')
dontaudit $1 amavisd_recv_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive amavisd_recv_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_amavisd_recv_server_packets',`
corenet_send_amavisd_recv_server_packets($1)
corenet_receive_amavisd_recv_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive amavisd_recv_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_amavisd_recv_server_packets',`
corenet_dontaudit_send_amavisd_recv_server_packets($1)
corenet_dontaudit_receive_amavisd_recv_server_packets($1)
')
########################################
## <summary>
## Relabel packets to amavisd_recv_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_amavisd_recv_server_packets',`
gen_require(`
type amavisd_recv_server_packet_t;
')
allow $1 amavisd_recv_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_amavisd_send_port',`
gen_require(`
type amavisd_send_port_t;
')
allow $1 amavisd_send_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_amavisd_send_port',`
gen_require(`
type amavisd_send_port_t;
')
allow $1 amavisd_send_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_amavisd_send_port',`
gen_require(`
type amavisd_send_port_t;
')
dontaudit $1 amavisd_send_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_amavisd_send_port',`
gen_require(`
type amavisd_send_port_t;
')
allow $1 amavisd_send_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_amavisd_send_port',`
gen_require(`
type amavisd_send_port_t;
')
dontaudit $1 amavisd_send_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_amavisd_send_port',`
corenet_udp_send_amavisd_send_port($1)
corenet_udp_receive_amavisd_send_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_amavisd_send_port',`
corenet_dontaudit_udp_send_amavisd_send_port($1)
corenet_dontaudit_udp_receive_amavisd_send_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_amavisd_send_port',`
gen_require(`
type amavisd_send_port_t;
')
allow $1 amavisd_send_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_amavisd_send_port',`
gen_require(`
type amavisd_send_port_t;
')
allow $1 amavisd_send_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_amavisd_send_port',`
gen_require(`
type amavisd_send_port_t;
')
dontaudit $1 amavisd_send_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_amavisd_send_port',`
gen_require(`
type amavisd_send_port_t;
')
allow $1 amavisd_send_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to amavisd_send port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_amavisd_send_port',`
gen_require(`
type amavisd_send_port_t;
')
dontaudit $1 amavisd_send_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send amavisd_send_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_amavisd_send_client_packets',`
gen_require(`
type amavisd_send_client_packet_t;
')
allow $1 amavisd_send_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send amavisd_send_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_amavisd_send_client_packets',`
gen_require(`
type amavisd_send_client_packet_t;
')
dontaudit $1 amavisd_send_client_packet_t:packet send;
')
########################################
## <summary>
## Receive amavisd_send_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_amavisd_send_client_packets',`
gen_require(`
type amavisd_send_client_packet_t;
')
allow $1 amavisd_send_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive amavisd_send_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_amavisd_send_client_packets',`
gen_require(`
type amavisd_send_client_packet_t;
')
dontaudit $1 amavisd_send_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive amavisd_send_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_amavisd_send_client_packets',`
corenet_send_amavisd_send_client_packets($1)
corenet_receive_amavisd_send_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive amavisd_send_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_amavisd_send_client_packets',`
corenet_dontaudit_send_amavisd_send_client_packets($1)
corenet_dontaudit_receive_amavisd_send_client_packets($1)
')
########################################
## <summary>
## Relabel packets to amavisd_send_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_amavisd_send_client_packets',`
gen_require(`
type amavisd_send_client_packet_t;
')
allow $1 amavisd_send_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send amavisd_send_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_amavisd_send_server_packets',`
gen_require(`
type amavisd_send_server_packet_t;
')
allow $1 amavisd_send_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send amavisd_send_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_amavisd_send_server_packets',`
gen_require(`
type amavisd_send_server_packet_t;
')
dontaudit $1 amavisd_send_server_packet_t:packet send;
')
########################################
## <summary>
## Receive amavisd_send_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_amavisd_send_server_packets',`
gen_require(`
type amavisd_send_server_packet_t;
')
allow $1 amavisd_send_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive amavisd_send_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_amavisd_send_server_packets',`
gen_require(`
type amavisd_send_server_packet_t;
')
dontaudit $1 amavisd_send_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive amavisd_send_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_amavisd_send_server_packets',`
corenet_send_amavisd_send_server_packets($1)
corenet_receive_amavisd_send_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive amavisd_send_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_amavisd_send_server_packets',`
corenet_dontaudit_send_amavisd_send_server_packets($1)
corenet_dontaudit_receive_amavisd_send_server_packets($1)
')
########################################
## <summary>
## Relabel packets to amavisd_send_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_amavisd_send_server_packets',`
gen_require(`
type amavisd_send_server_packet_t;
')
allow $1 amavisd_send_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_amqp_port',`
gen_require(`
type amqp_port_t;
')
allow $1 amqp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_amqp_port',`
gen_require(`
type amqp_port_t;
')
allow $1 amqp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_amqp_port',`
gen_require(`
type amqp_port_t;
')
dontaudit $1 amqp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_amqp_port',`
gen_require(`
type amqp_port_t;
')
allow $1 amqp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_amqp_port',`
gen_require(`
type amqp_port_t;
')
dontaudit $1 amqp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_amqp_port',`
corenet_udp_send_amqp_port($1)
corenet_udp_receive_amqp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_amqp_port',`
corenet_dontaudit_udp_send_amqp_port($1)
corenet_dontaudit_udp_receive_amqp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_amqp_port',`
gen_require(`
type amqp_port_t;
')
allow $1 amqp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_amqp_port',`
gen_require(`
type amqp_port_t;
')
allow $1 amqp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_amqp_port',`
gen_require(`
type amqp_port_t;
')
dontaudit $1 amqp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_amqp_port',`
gen_require(`
type amqp_port_t;
')
allow $1 amqp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to amqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_amqp_port',`
gen_require(`
type amqp_port_t;
')
dontaudit $1 amqp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send amqp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_amqp_client_packets',`
gen_require(`
type amqp_client_packet_t;
')
allow $1 amqp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send amqp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_amqp_client_packets',`
gen_require(`
type amqp_client_packet_t;
')
dontaudit $1 amqp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive amqp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_amqp_client_packets',`
gen_require(`
type amqp_client_packet_t;
')
allow $1 amqp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive amqp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_amqp_client_packets',`
gen_require(`
type amqp_client_packet_t;
')
dontaudit $1 amqp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive amqp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_amqp_client_packets',`
corenet_send_amqp_client_packets($1)
corenet_receive_amqp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive amqp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_amqp_client_packets',`
corenet_dontaudit_send_amqp_client_packets($1)
corenet_dontaudit_receive_amqp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to amqp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_amqp_client_packets',`
gen_require(`
type amqp_client_packet_t;
')
allow $1 amqp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send amqp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_amqp_server_packets',`
gen_require(`
type amqp_server_packet_t;
')
allow $1 amqp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send amqp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_amqp_server_packets',`
gen_require(`
type amqp_server_packet_t;
')
dontaudit $1 amqp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive amqp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_amqp_server_packets',`
gen_require(`
type amqp_server_packet_t;
')
allow $1 amqp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive amqp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_amqp_server_packets',`
gen_require(`
type amqp_server_packet_t;
')
dontaudit $1 amqp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive amqp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_amqp_server_packets',`
corenet_send_amqp_server_packets($1)
corenet_receive_amqp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive amqp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_amqp_server_packets',`
corenet_dontaudit_send_amqp_server_packets($1)
corenet_dontaudit_receive_amqp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to amqp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_amqp_server_packets',`
gen_require(`
type amqp_server_packet_t;
')
allow $1 amqp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_aol_port',`
gen_require(`
type aol_port_t;
')
allow $1 aol_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_aol_port',`
gen_require(`
type aol_port_t;
')
allow $1 aol_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_aol_port',`
gen_require(`
type aol_port_t;
')
dontaudit $1 aol_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_aol_port',`
gen_require(`
type aol_port_t;
')
allow $1 aol_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_aol_port',`
gen_require(`
type aol_port_t;
')
dontaudit $1 aol_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_aol_port',`
corenet_udp_send_aol_port($1)
corenet_udp_receive_aol_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_aol_port',`
corenet_dontaudit_udp_send_aol_port($1)
corenet_dontaudit_udp_receive_aol_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_aol_port',`
gen_require(`
type aol_port_t;
')
allow $1 aol_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_aol_port',`
gen_require(`
type aol_port_t;
')
allow $1 aol_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_aol_port',`
gen_require(`
type aol_port_t;
')
dontaudit $1 aol_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_aol_port',`
gen_require(`
type aol_port_t;
')
allow $1 aol_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to aol port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_aol_port',`
gen_require(`
type aol_port_t;
')
dontaudit $1 aol_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send aol_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_aol_client_packets',`
gen_require(`
type aol_client_packet_t;
')
allow $1 aol_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send aol_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_aol_client_packets',`
gen_require(`
type aol_client_packet_t;
')
dontaudit $1 aol_client_packet_t:packet send;
')
########################################
## <summary>
## Receive aol_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_aol_client_packets',`
gen_require(`
type aol_client_packet_t;
')
allow $1 aol_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive aol_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_aol_client_packets',`
gen_require(`
type aol_client_packet_t;
')
dontaudit $1 aol_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive aol_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_aol_client_packets',`
corenet_send_aol_client_packets($1)
corenet_receive_aol_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive aol_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_aol_client_packets',`
corenet_dontaudit_send_aol_client_packets($1)
corenet_dontaudit_receive_aol_client_packets($1)
')
########################################
## <summary>
## Relabel packets to aol_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_aol_client_packets',`
gen_require(`
type aol_client_packet_t;
')
allow $1 aol_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send aol_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_aol_server_packets',`
gen_require(`
type aol_server_packet_t;
')
allow $1 aol_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send aol_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_aol_server_packets',`
gen_require(`
type aol_server_packet_t;
')
dontaudit $1 aol_server_packet_t:packet send;
')
########################################
## <summary>
## Receive aol_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_aol_server_packets',`
gen_require(`
type aol_server_packet_t;
')
allow $1 aol_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive aol_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_aol_server_packets',`
gen_require(`
type aol_server_packet_t;
')
dontaudit $1 aol_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive aol_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_aol_server_packets',`
corenet_send_aol_server_packets($1)
corenet_receive_aol_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive aol_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_aol_server_packets',`
corenet_dontaudit_send_aol_server_packets($1)
corenet_dontaudit_receive_aol_server_packets($1)
')
########################################
## <summary>
## Relabel packets to aol_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_aol_server_packets',`
gen_require(`
type aol_server_packet_t;
')
allow $1 aol_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_apc_port',`
gen_require(`
type apc_port_t;
')
allow $1 apc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_apc_port',`
gen_require(`
type apc_port_t;
')
allow $1 apc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_apc_port',`
gen_require(`
type apc_port_t;
')
dontaudit $1 apc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_apc_port',`
gen_require(`
type apc_port_t;
')
allow $1 apc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_apc_port',`
gen_require(`
type apc_port_t;
')
dontaudit $1 apc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_apc_port',`
corenet_udp_send_apc_port($1)
corenet_udp_receive_apc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_apc_port',`
corenet_dontaudit_udp_send_apc_port($1)
corenet_dontaudit_udp_receive_apc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_apc_port',`
gen_require(`
type apc_port_t;
')
allow $1 apc_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_apc_port',`
gen_require(`
type apc_port_t;
')
allow $1 apc_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_apc_port',`
gen_require(`
type apc_port_t;
')
dontaudit $1 apc_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_apc_port',`
gen_require(`
type apc_port_t;
')
allow $1 apc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to apc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_apc_port',`
gen_require(`
type apc_port_t;
')
dontaudit $1 apc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send apc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_apc_client_packets',`
gen_require(`
type apc_client_packet_t;
')
allow $1 apc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send apc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_apc_client_packets',`
gen_require(`
type apc_client_packet_t;
')
dontaudit $1 apc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive apc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_apc_client_packets',`
gen_require(`
type apc_client_packet_t;
')
allow $1 apc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive apc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_apc_client_packets',`
gen_require(`
type apc_client_packet_t;
')
dontaudit $1 apc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive apc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_apc_client_packets',`
corenet_send_apc_client_packets($1)
corenet_receive_apc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive apc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_apc_client_packets',`
corenet_dontaudit_send_apc_client_packets($1)
corenet_dontaudit_receive_apc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to apc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_apc_client_packets',`
gen_require(`
type apc_client_packet_t;
')
allow $1 apc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send apc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_apc_server_packets',`
gen_require(`
type apc_server_packet_t;
')
allow $1 apc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send apc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_apc_server_packets',`
gen_require(`
type apc_server_packet_t;
')
dontaudit $1 apc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive apc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_apc_server_packets',`
gen_require(`
type apc_server_packet_t;
')
allow $1 apc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive apc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_apc_server_packets',`
gen_require(`
type apc_server_packet_t;
')
dontaudit $1 apc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive apc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_apc_server_packets',`
corenet_send_apc_server_packets($1)
corenet_receive_apc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive apc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_apc_server_packets',`
corenet_dontaudit_send_apc_server_packets($1)
corenet_dontaudit_receive_apc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to apc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_apc_server_packets',`
gen_require(`
type apc_server_packet_t;
')
allow $1 apc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_apcupsd_port',`
gen_require(`
type apcupsd_port_t;
')
allow $1 apcupsd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_apcupsd_port',`
gen_require(`
type apcupsd_port_t;
')
allow $1 apcupsd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_apcupsd_port',`
gen_require(`
type apcupsd_port_t;
')
dontaudit $1 apcupsd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_apcupsd_port',`
gen_require(`
type apcupsd_port_t;
')
allow $1 apcupsd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_apcupsd_port',`
gen_require(`
type apcupsd_port_t;
')
dontaudit $1 apcupsd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_apcupsd_port',`
corenet_udp_send_apcupsd_port($1)
corenet_udp_receive_apcupsd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_apcupsd_port',`
corenet_dontaudit_udp_send_apcupsd_port($1)
corenet_dontaudit_udp_receive_apcupsd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_apcupsd_port',`
gen_require(`
type apcupsd_port_t;
')
allow $1 apcupsd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_apcupsd_port',`
gen_require(`
type apcupsd_port_t;
')
allow $1 apcupsd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_apcupsd_port',`
gen_require(`
type apcupsd_port_t;
')
dontaudit $1 apcupsd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_apcupsd_port',`
gen_require(`
type apcupsd_port_t;
')
allow $1 apcupsd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to apcupsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_apcupsd_port',`
gen_require(`
type apcupsd_port_t;
')
dontaudit $1 apcupsd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send apcupsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_apcupsd_client_packets',`
gen_require(`
type apcupsd_client_packet_t;
')
allow $1 apcupsd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send apcupsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_apcupsd_client_packets',`
gen_require(`
type apcupsd_client_packet_t;
')
dontaudit $1 apcupsd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive apcupsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_apcupsd_client_packets',`
gen_require(`
type apcupsd_client_packet_t;
')
allow $1 apcupsd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive apcupsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_apcupsd_client_packets',`
gen_require(`
type apcupsd_client_packet_t;
')
dontaudit $1 apcupsd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive apcupsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_apcupsd_client_packets',`
corenet_send_apcupsd_client_packets($1)
corenet_receive_apcupsd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive apcupsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_apcupsd_client_packets',`
corenet_dontaudit_send_apcupsd_client_packets($1)
corenet_dontaudit_receive_apcupsd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to apcupsd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_apcupsd_client_packets',`
gen_require(`
type apcupsd_client_packet_t;
')
allow $1 apcupsd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send apcupsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_apcupsd_server_packets',`
gen_require(`
type apcupsd_server_packet_t;
')
allow $1 apcupsd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send apcupsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_apcupsd_server_packets',`
gen_require(`
type apcupsd_server_packet_t;
')
dontaudit $1 apcupsd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive apcupsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_apcupsd_server_packets',`
gen_require(`
type apcupsd_server_packet_t;
')
allow $1 apcupsd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive apcupsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_apcupsd_server_packets',`
gen_require(`
type apcupsd_server_packet_t;
')
dontaudit $1 apcupsd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive apcupsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_apcupsd_server_packets',`
corenet_send_apcupsd_server_packets($1)
corenet_receive_apcupsd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive apcupsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_apcupsd_server_packets',`
corenet_dontaudit_send_apcupsd_server_packets($1)
corenet_dontaudit_receive_apcupsd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to apcupsd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_apcupsd_server_packets',`
gen_require(`
type apcupsd_server_packet_t;
')
allow $1 apcupsd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_apertus_ldp_port',`
gen_require(`
type apertus_ldp_port_t;
')
allow $1 apertus_ldp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_apertus_ldp_port',`
gen_require(`
type apertus_ldp_port_t;
')
allow $1 apertus_ldp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_apertus_ldp_port',`
gen_require(`
type apertus_ldp_port_t;
')
dontaudit $1 apertus_ldp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_apertus_ldp_port',`
gen_require(`
type apertus_ldp_port_t;
')
allow $1 apertus_ldp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_apertus_ldp_port',`
gen_require(`
type apertus_ldp_port_t;
')
dontaudit $1 apertus_ldp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_apertus_ldp_port',`
corenet_udp_send_apertus_ldp_port($1)
corenet_udp_receive_apertus_ldp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_apertus_ldp_port',`
corenet_dontaudit_udp_send_apertus_ldp_port($1)
corenet_dontaudit_udp_receive_apertus_ldp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_apertus_ldp_port',`
gen_require(`
type apertus_ldp_port_t;
')
allow $1 apertus_ldp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_apertus_ldp_port',`
gen_require(`
type apertus_ldp_port_t;
')
allow $1 apertus_ldp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_apertus_ldp_port',`
gen_require(`
type apertus_ldp_port_t;
')
dontaudit $1 apertus_ldp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_apertus_ldp_port',`
gen_require(`
type apertus_ldp_port_t;
')
allow $1 apertus_ldp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to apertus_ldp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_apertus_ldp_port',`
gen_require(`
type apertus_ldp_port_t;
')
dontaudit $1 apertus_ldp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send apertus_ldp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_apertus_ldp_client_packets',`
gen_require(`
type apertus_ldp_client_packet_t;
')
allow $1 apertus_ldp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send apertus_ldp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_apertus_ldp_client_packets',`
gen_require(`
type apertus_ldp_client_packet_t;
')
dontaudit $1 apertus_ldp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive apertus_ldp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_apertus_ldp_client_packets',`
gen_require(`
type apertus_ldp_client_packet_t;
')
allow $1 apertus_ldp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive apertus_ldp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_apertus_ldp_client_packets',`
gen_require(`
type apertus_ldp_client_packet_t;
')
dontaudit $1 apertus_ldp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive apertus_ldp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_apertus_ldp_client_packets',`
corenet_send_apertus_ldp_client_packets($1)
corenet_receive_apertus_ldp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive apertus_ldp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_apertus_ldp_client_packets',`
corenet_dontaudit_send_apertus_ldp_client_packets($1)
corenet_dontaudit_receive_apertus_ldp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to apertus_ldp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_apertus_ldp_client_packets',`
gen_require(`
type apertus_ldp_client_packet_t;
')
allow $1 apertus_ldp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send apertus_ldp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_apertus_ldp_server_packets',`
gen_require(`
type apertus_ldp_server_packet_t;
')
allow $1 apertus_ldp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send apertus_ldp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_apertus_ldp_server_packets',`
gen_require(`
type apertus_ldp_server_packet_t;
')
dontaudit $1 apertus_ldp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive apertus_ldp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_apertus_ldp_server_packets',`
gen_require(`
type apertus_ldp_server_packet_t;
')
allow $1 apertus_ldp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive apertus_ldp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_apertus_ldp_server_packets',`
gen_require(`
type apertus_ldp_server_packet_t;
')
dontaudit $1 apertus_ldp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive apertus_ldp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_apertus_ldp_server_packets',`
corenet_send_apertus_ldp_server_packets($1)
corenet_receive_apertus_ldp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive apertus_ldp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_apertus_ldp_server_packets',`
corenet_dontaudit_send_apertus_ldp_server_packets($1)
corenet_dontaudit_receive_apertus_ldp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to apertus_ldp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_apertus_ldp_server_packets',`
gen_require(`
type apertus_ldp_server_packet_t;
')
allow $1 apertus_ldp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the appswitch_emp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_appswitch_emp_port',`
gen_require(`
type appswitch_emp_port_t;
')
allow $1 appswitch_emp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the appswitch_emp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_appswitch_emp_port',`
gen_require(`
type appswitch_emp_port_t;
')
allow $1 appswitch_emp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the appswitch_emp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_appswitch_emp_port',`
gen_require(`
type appswitch_emp_port_t;
')
dontaudit $1 appswitch_emp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the appswitch_emp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_appswitch_emp_port',`
gen_require(`
type appswitch_emp_port_t;
')
allow $1 appswitch_emp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the appswitch_emp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_appswitch_emp_port',`
gen_require(`
type appswitch_emp_port_t;
')
dontaudit $1 appswitch_emp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the appswitch_emp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_appswitch_emp_port',`
corenet_udp_send_appswitch_emp_port($1)
corenet_udp_receive_appswitch_emp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the appswitch_emp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_appswitch_emp_port',`
corenet_dontaudit_udp_send_appswitch_emp_port($1)
corenet_dontaudit_udp_receive_appswitch_emp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the appswitch_emp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_appswitch_emp_port',`
gen_require(`
type appswitch_emp_port_t;
')
allow $1 appswitch_emp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the appswitch_emp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_appswitch_emp_port',`
gen_require(`
type appswitch_emp_port_t;
')
allow $1 appswitch_emp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to appswitch_emp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_appswitch_emp_port',`
gen_require(`
type appswitch_emp_port_t;
')
dontaudit $1 appswitch_emp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the appswitch_emp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_appswitch_emp_port',`
gen_require(`
type appswitch_emp_port_t;
')
allow $1 appswitch_emp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to appswitch_emp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_appswitch_emp_port',`
gen_require(`
type appswitch_emp_port_t;
')
dontaudit $1 appswitch_emp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send appswitch_emp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_appswitch_emp_client_packets',`
gen_require(`
type appswitch_emp_client_packet_t;
')
allow $1 appswitch_emp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send appswitch_emp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_appswitch_emp_client_packets',`
gen_require(`
type appswitch_emp_client_packet_t;
')
dontaudit $1 appswitch_emp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive appswitch_emp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_appswitch_emp_client_packets',`
gen_require(`
type appswitch_emp_client_packet_t;
')
allow $1 appswitch_emp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive appswitch_emp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_appswitch_emp_client_packets',`
gen_require(`
type appswitch_emp_client_packet_t;
')
dontaudit $1 appswitch_emp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive appswitch_emp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_appswitch_emp_client_packets',`
corenet_send_appswitch_emp_client_packets($1)
corenet_receive_appswitch_emp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive appswitch_emp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_appswitch_emp_client_packets',`
corenet_dontaudit_send_appswitch_emp_client_packets($1)
corenet_dontaudit_receive_appswitch_emp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to appswitch_emp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_appswitch_emp_client_packets',`
gen_require(`
type appswitch_emp_client_packet_t;
')
allow $1 appswitch_emp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send appswitch_emp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_appswitch_emp_server_packets',`
gen_require(`
type appswitch_emp_server_packet_t;
')
allow $1 appswitch_emp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send appswitch_emp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_appswitch_emp_server_packets',`
gen_require(`
type appswitch_emp_server_packet_t;
')
dontaudit $1 appswitch_emp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive appswitch_emp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_appswitch_emp_server_packets',`
gen_require(`
type appswitch_emp_server_packet_t;
')
allow $1 appswitch_emp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive appswitch_emp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_appswitch_emp_server_packets',`
gen_require(`
type appswitch_emp_server_packet_t;
')
dontaudit $1 appswitch_emp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive appswitch_emp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_appswitch_emp_server_packets',`
corenet_send_appswitch_emp_server_packets($1)
corenet_receive_appswitch_emp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive appswitch_emp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_appswitch_emp_server_packets',`
corenet_dontaudit_send_appswitch_emp_server_packets($1)
corenet_dontaudit_receive_appswitch_emp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to appswitch_emp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_appswitch_emp_server_packets',`
gen_require(`
type appswitch_emp_server_packet_t;
')
allow $1 appswitch_emp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_asterisk_port',`
gen_require(`
type asterisk_port_t;
')
allow $1 asterisk_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_asterisk_port',`
gen_require(`
type asterisk_port_t;
')
allow $1 asterisk_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_asterisk_port',`
gen_require(`
type asterisk_port_t;
')
dontaudit $1 asterisk_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_asterisk_port',`
gen_require(`
type asterisk_port_t;
')
allow $1 asterisk_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_asterisk_port',`
gen_require(`
type asterisk_port_t;
')
dontaudit $1 asterisk_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_asterisk_port',`
corenet_udp_send_asterisk_port($1)
corenet_udp_receive_asterisk_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_asterisk_port',`
corenet_dontaudit_udp_send_asterisk_port($1)
corenet_dontaudit_udp_receive_asterisk_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_asterisk_port',`
gen_require(`
type asterisk_port_t;
')
allow $1 asterisk_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_asterisk_port',`
gen_require(`
type asterisk_port_t;
')
allow $1 asterisk_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_asterisk_port',`
gen_require(`
type asterisk_port_t;
')
dontaudit $1 asterisk_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_asterisk_port',`
gen_require(`
type asterisk_port_t;
')
allow $1 asterisk_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to asterisk port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_asterisk_port',`
gen_require(`
type asterisk_port_t;
')
dontaudit $1 asterisk_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send asterisk_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_asterisk_client_packets',`
gen_require(`
type asterisk_client_packet_t;
')
allow $1 asterisk_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send asterisk_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_asterisk_client_packets',`
gen_require(`
type asterisk_client_packet_t;
')
dontaudit $1 asterisk_client_packet_t:packet send;
')
########################################
## <summary>
## Receive asterisk_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_asterisk_client_packets',`
gen_require(`
type asterisk_client_packet_t;
')
allow $1 asterisk_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive asterisk_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_asterisk_client_packets',`
gen_require(`
type asterisk_client_packet_t;
')
dontaudit $1 asterisk_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive asterisk_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_asterisk_client_packets',`
corenet_send_asterisk_client_packets($1)
corenet_receive_asterisk_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive asterisk_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_asterisk_client_packets',`
corenet_dontaudit_send_asterisk_client_packets($1)
corenet_dontaudit_receive_asterisk_client_packets($1)
')
########################################
## <summary>
## Relabel packets to asterisk_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_asterisk_client_packets',`
gen_require(`
type asterisk_client_packet_t;
')
allow $1 asterisk_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send asterisk_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_asterisk_server_packets',`
gen_require(`
type asterisk_server_packet_t;
')
allow $1 asterisk_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send asterisk_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_asterisk_server_packets',`
gen_require(`
type asterisk_server_packet_t;
')
dontaudit $1 asterisk_server_packet_t:packet send;
')
########################################
## <summary>
## Receive asterisk_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_asterisk_server_packets',`
gen_require(`
type asterisk_server_packet_t;
')
allow $1 asterisk_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive asterisk_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_asterisk_server_packets',`
gen_require(`
type asterisk_server_packet_t;
')
dontaudit $1 asterisk_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive asterisk_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_asterisk_server_packets',`
corenet_send_asterisk_server_packets($1)
corenet_receive_asterisk_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive asterisk_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_asterisk_server_packets',`
corenet_dontaudit_send_asterisk_server_packets($1)
corenet_dontaudit_receive_asterisk_server_packets($1)
')
########################################
## <summary>
## Relabel packets to asterisk_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_asterisk_server_packets',`
gen_require(`
type asterisk_server_packet_t;
')
allow $1 asterisk_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_audit_port',`
gen_require(`
type audit_port_t;
')
allow $1 audit_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_audit_port',`
gen_require(`
type audit_port_t;
')
allow $1 audit_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_audit_port',`
gen_require(`
type audit_port_t;
')
dontaudit $1 audit_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_audit_port',`
gen_require(`
type audit_port_t;
')
allow $1 audit_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_audit_port',`
gen_require(`
type audit_port_t;
')
dontaudit $1 audit_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_audit_port',`
corenet_udp_send_audit_port($1)
corenet_udp_receive_audit_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_audit_port',`
corenet_dontaudit_udp_send_audit_port($1)
corenet_dontaudit_udp_receive_audit_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_audit_port',`
gen_require(`
type audit_port_t;
')
allow $1 audit_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_audit_port',`
gen_require(`
type audit_port_t;
')
allow $1 audit_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_audit_port',`
gen_require(`
type audit_port_t;
')
dontaudit $1 audit_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_audit_port',`
gen_require(`
type audit_port_t;
')
allow $1 audit_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to audit port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_audit_port',`
gen_require(`
type audit_port_t;
')
dontaudit $1 audit_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send audit_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_audit_client_packets',`
gen_require(`
type audit_client_packet_t;
')
allow $1 audit_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send audit_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_audit_client_packets',`
gen_require(`
type audit_client_packet_t;
')
dontaudit $1 audit_client_packet_t:packet send;
')
########################################
## <summary>
## Receive audit_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_audit_client_packets',`
gen_require(`
type audit_client_packet_t;
')
allow $1 audit_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive audit_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_audit_client_packets',`
gen_require(`
type audit_client_packet_t;
')
dontaudit $1 audit_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive audit_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_audit_client_packets',`
corenet_send_audit_client_packets($1)
corenet_receive_audit_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive audit_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_audit_client_packets',`
corenet_dontaudit_send_audit_client_packets($1)
corenet_dontaudit_receive_audit_client_packets($1)
')
########################################
## <summary>
## Relabel packets to audit_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_audit_client_packets',`
gen_require(`
type audit_client_packet_t;
')
allow $1 audit_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send audit_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_audit_server_packets',`
gen_require(`
type audit_server_packet_t;
')
allow $1 audit_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send audit_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_audit_server_packets',`
gen_require(`
type audit_server_packet_t;
')
dontaudit $1 audit_server_packet_t:packet send;
')
########################################
## <summary>
## Receive audit_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_audit_server_packets',`
gen_require(`
type audit_server_packet_t;
')
allow $1 audit_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive audit_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_audit_server_packets',`
gen_require(`
type audit_server_packet_t;
')
dontaudit $1 audit_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive audit_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_audit_server_packets',`
corenet_send_audit_server_packets($1)
corenet_receive_audit_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive audit_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_audit_server_packets',`
corenet_dontaudit_send_audit_server_packets($1)
corenet_dontaudit_receive_audit_server_packets($1)
')
########################################
## <summary>
## Relabel packets to audit_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_audit_server_packets',`
gen_require(`
type audit_server_packet_t;
')
allow $1 audit_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_auth_port',`
gen_require(`
type auth_port_t;
')
allow $1 auth_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_auth_port',`
gen_require(`
type auth_port_t;
')
allow $1 auth_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_auth_port',`
gen_require(`
type auth_port_t;
')
dontaudit $1 auth_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_auth_port',`
gen_require(`
type auth_port_t;
')
allow $1 auth_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_auth_port',`
gen_require(`
type auth_port_t;
')
dontaudit $1 auth_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_auth_port',`
corenet_udp_send_auth_port($1)
corenet_udp_receive_auth_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_auth_port',`
corenet_dontaudit_udp_send_auth_port($1)
corenet_dontaudit_udp_receive_auth_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_auth_port',`
gen_require(`
type auth_port_t;
')
allow $1 auth_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_auth_port',`
gen_require(`
type auth_port_t;
')
allow $1 auth_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_auth_port',`
gen_require(`
type auth_port_t;
')
dontaudit $1 auth_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_auth_port',`
gen_require(`
type auth_port_t;
')
allow $1 auth_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to auth port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_auth_port',`
gen_require(`
type auth_port_t;
')
dontaudit $1 auth_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send auth_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_auth_client_packets',`
gen_require(`
type auth_client_packet_t;
')
allow $1 auth_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send auth_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_auth_client_packets',`
gen_require(`
type auth_client_packet_t;
')
dontaudit $1 auth_client_packet_t:packet send;
')
########################################
## <summary>
## Receive auth_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_auth_client_packets',`
gen_require(`
type auth_client_packet_t;
')
allow $1 auth_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive auth_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_auth_client_packets',`
gen_require(`
type auth_client_packet_t;
')
dontaudit $1 auth_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive auth_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_auth_client_packets',`
corenet_send_auth_client_packets($1)
corenet_receive_auth_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive auth_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_auth_client_packets',`
corenet_dontaudit_send_auth_client_packets($1)
corenet_dontaudit_receive_auth_client_packets($1)
')
########################################
## <summary>
## Relabel packets to auth_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_auth_client_packets',`
gen_require(`
type auth_client_packet_t;
')
allow $1 auth_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send auth_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_auth_server_packets',`
gen_require(`
type auth_server_packet_t;
')
allow $1 auth_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send auth_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_auth_server_packets',`
gen_require(`
type auth_server_packet_t;
')
dontaudit $1 auth_server_packet_t:packet send;
')
########################################
## <summary>
## Receive auth_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_auth_server_packets',`
gen_require(`
type auth_server_packet_t;
')
allow $1 auth_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive auth_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_auth_server_packets',`
gen_require(`
type auth_server_packet_t;
')
dontaudit $1 auth_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive auth_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_auth_server_packets',`
corenet_send_auth_server_packets($1)
corenet_receive_auth_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive auth_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_auth_server_packets',`
corenet_dontaudit_send_auth_server_packets($1)
corenet_dontaudit_receive_auth_server_packets($1)
')
########################################
## <summary>
## Relabel packets to auth_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_auth_server_packets',`
gen_require(`
type auth_server_packet_t;
')
allow $1 auth_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_bacula_port',`
gen_require(`
type bacula_port_t;
')
allow $1 bacula_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_bacula_port',`
gen_require(`
type bacula_port_t;
')
allow $1 bacula_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_bacula_port',`
gen_require(`
type bacula_port_t;
')
dontaudit $1 bacula_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_bacula_port',`
gen_require(`
type bacula_port_t;
')
allow $1 bacula_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_bacula_port',`
gen_require(`
type bacula_port_t;
')
dontaudit $1 bacula_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_bacula_port',`
corenet_udp_send_bacula_port($1)
corenet_udp_receive_bacula_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_bacula_port',`
corenet_dontaudit_udp_send_bacula_port($1)
corenet_dontaudit_udp_receive_bacula_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_bacula_port',`
gen_require(`
type bacula_port_t;
')
allow $1 bacula_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_bacula_port',`
gen_require(`
type bacula_port_t;
')
allow $1 bacula_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_bacula_port',`
gen_require(`
type bacula_port_t;
')
dontaudit $1 bacula_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_bacula_port',`
gen_require(`
type bacula_port_t;
')
allow $1 bacula_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to bacula port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_bacula_port',`
gen_require(`
type bacula_port_t;
')
dontaudit $1 bacula_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send bacula_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_bacula_client_packets',`
gen_require(`
type bacula_client_packet_t;
')
allow $1 bacula_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send bacula_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_bacula_client_packets',`
gen_require(`
type bacula_client_packet_t;
')
dontaudit $1 bacula_client_packet_t:packet send;
')
########################################
## <summary>
## Receive bacula_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_bacula_client_packets',`
gen_require(`
type bacula_client_packet_t;
')
allow $1 bacula_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive bacula_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_bacula_client_packets',`
gen_require(`
type bacula_client_packet_t;
')
dontaudit $1 bacula_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive bacula_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_bacula_client_packets',`
corenet_send_bacula_client_packets($1)
corenet_receive_bacula_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive bacula_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_bacula_client_packets',`
corenet_dontaudit_send_bacula_client_packets($1)
corenet_dontaudit_receive_bacula_client_packets($1)
')
########################################
## <summary>
## Relabel packets to bacula_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_bacula_client_packets',`
gen_require(`
type bacula_client_packet_t;
')
allow $1 bacula_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send bacula_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_bacula_server_packets',`
gen_require(`
type bacula_server_packet_t;
')
allow $1 bacula_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send bacula_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_bacula_server_packets',`
gen_require(`
type bacula_server_packet_t;
')
dontaudit $1 bacula_server_packet_t:packet send;
')
########################################
## <summary>
## Receive bacula_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_bacula_server_packets',`
gen_require(`
type bacula_server_packet_t;
')
allow $1 bacula_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive bacula_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_bacula_server_packets',`
gen_require(`
type bacula_server_packet_t;
')
dontaudit $1 bacula_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive bacula_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_bacula_server_packets',`
corenet_send_bacula_server_packets($1)
corenet_receive_bacula_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive bacula_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_bacula_server_packets',`
corenet_dontaudit_send_bacula_server_packets($1)
corenet_dontaudit_receive_bacula_server_packets($1)
')
########################################
## <summary>
## Relabel packets to bacula_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_bacula_server_packets',`
gen_require(`
type bacula_server_packet_t;
')
allow $1 bacula_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the babel port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_babel_port',`
gen_require(`
type babel_port_t;
')
allow $1 babel_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the babel port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_babel_port',`
gen_require(`
type babel_port_t;
')
allow $1 babel_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the babel port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_babel_port',`
gen_require(`
type babel_port_t;
')
dontaudit $1 babel_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the babel port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_babel_port',`
gen_require(`
type babel_port_t;
')
allow $1 babel_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the babel port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_babel_port',`
gen_require(`
type babel_port_t;
')
dontaudit $1 babel_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the babel port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_babel_port',`
corenet_udp_send_babel_port($1)
corenet_udp_receive_babel_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the babel port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_babel_port',`
corenet_dontaudit_udp_send_babel_port($1)
corenet_dontaudit_udp_receive_babel_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the babel port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_babel_port',`
gen_require(`
type babel_port_t;
')
allow $1 babel_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the babel port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_babel_port',`
gen_require(`
type babel_port_t;
')
allow $1 babel_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to babel port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_babel_port',`
gen_require(`
type babel_port_t;
')
dontaudit $1 babel_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the babel port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_babel_port',`
gen_require(`
type babel_port_t;
')
allow $1 babel_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to babel port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_babel_port',`
gen_require(`
type babel_port_t;
')
dontaudit $1 babel_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send babel_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_babel_client_packets',`
gen_require(`
type babel_client_packet_t;
')
allow $1 babel_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send babel_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_babel_client_packets',`
gen_require(`
type babel_client_packet_t;
')
dontaudit $1 babel_client_packet_t:packet send;
')
########################################
## <summary>
## Receive babel_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_babel_client_packets',`
gen_require(`
type babel_client_packet_t;
')
allow $1 babel_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive babel_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_babel_client_packets',`
gen_require(`
type babel_client_packet_t;
')
dontaudit $1 babel_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive babel_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_babel_client_packets',`
corenet_send_babel_client_packets($1)
corenet_receive_babel_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive babel_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_babel_client_packets',`
corenet_dontaudit_send_babel_client_packets($1)
corenet_dontaudit_receive_babel_client_packets($1)
')
########################################
## <summary>
## Relabel packets to babel_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_babel_client_packets',`
gen_require(`
type babel_client_packet_t;
')
allow $1 babel_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send babel_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_babel_server_packets',`
gen_require(`
type babel_server_packet_t;
')
allow $1 babel_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send babel_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_babel_server_packets',`
gen_require(`
type babel_server_packet_t;
')
dontaudit $1 babel_server_packet_t:packet send;
')
########################################
## <summary>
## Receive babel_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_babel_server_packets',`
gen_require(`
type babel_server_packet_t;
')
allow $1 babel_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive babel_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_babel_server_packets',`
gen_require(`
type babel_server_packet_t;
')
dontaudit $1 babel_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive babel_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_babel_server_packets',`
corenet_send_babel_server_packets($1)
corenet_receive_babel_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive babel_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_babel_server_packets',`
corenet_dontaudit_send_babel_server_packets($1)
corenet_dontaudit_receive_babel_server_packets($1)
')
########################################
## <summary>
## Relabel packets to babel_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_babel_server_packets',`
gen_require(`
type babel_server_packet_t;
')
allow $1 babel_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the bctp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_bctp_port',`
gen_require(`
type bctp_port_t;
')
allow $1 bctp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the bctp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_bctp_port',`
gen_require(`
type bctp_port_t;
')
allow $1 bctp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the bctp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_bctp_port',`
gen_require(`
type bctp_port_t;
')
dontaudit $1 bctp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the bctp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_bctp_port',`
gen_require(`
type bctp_port_t;
')
allow $1 bctp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the bctp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_bctp_port',`
gen_require(`
type bctp_port_t;
')
dontaudit $1 bctp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the bctp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_bctp_port',`
corenet_udp_send_bctp_port($1)
corenet_udp_receive_bctp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the bctp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_bctp_port',`
corenet_dontaudit_udp_send_bctp_port($1)
corenet_dontaudit_udp_receive_bctp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the bctp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_bctp_port',`
gen_require(`
type bctp_port_t;
')
allow $1 bctp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the bctp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_bctp_port',`
gen_require(`
type bctp_port_t;
')
allow $1 bctp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to bctp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_bctp_port',`
gen_require(`
type bctp_port_t;
')
dontaudit $1 bctp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the bctp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_bctp_port',`
gen_require(`
type bctp_port_t;
')
allow $1 bctp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to bctp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_bctp_port',`
gen_require(`
type bctp_port_t;
')
dontaudit $1 bctp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send bctp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_bctp_client_packets',`
gen_require(`
type bctp_client_packet_t;
')
allow $1 bctp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send bctp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_bctp_client_packets',`
gen_require(`
type bctp_client_packet_t;
')
dontaudit $1 bctp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive bctp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_bctp_client_packets',`
gen_require(`
type bctp_client_packet_t;
')
allow $1 bctp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive bctp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_bctp_client_packets',`
gen_require(`
type bctp_client_packet_t;
')
dontaudit $1 bctp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive bctp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_bctp_client_packets',`
corenet_send_bctp_client_packets($1)
corenet_receive_bctp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive bctp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_bctp_client_packets',`
corenet_dontaudit_send_bctp_client_packets($1)
corenet_dontaudit_receive_bctp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to bctp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_bctp_client_packets',`
gen_require(`
type bctp_client_packet_t;
')
allow $1 bctp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send bctp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_bctp_server_packets',`
gen_require(`
type bctp_server_packet_t;
')
allow $1 bctp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send bctp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_bctp_server_packets',`
gen_require(`
type bctp_server_packet_t;
')
dontaudit $1 bctp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive bctp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_bctp_server_packets',`
gen_require(`
type bctp_server_packet_t;
')
allow $1 bctp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive bctp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_bctp_server_packets',`
gen_require(`
type bctp_server_packet_t;
')
dontaudit $1 bctp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive bctp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_bctp_server_packets',`
corenet_send_bctp_server_packets($1)
corenet_receive_bctp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive bctp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_bctp_server_packets',`
corenet_dontaudit_send_bctp_server_packets($1)
corenet_dontaudit_receive_bctp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to bctp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_bctp_server_packets',`
gen_require(`
type bctp_server_packet_t;
')
allow $1 bctp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the bfd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_bfd_control_port',`
gen_require(`
type bfd_control_port_t;
')
allow $1 bfd_control_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the bfd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_bfd_control_port',`
gen_require(`
type bfd_control_port_t;
')
allow $1 bfd_control_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the bfd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_bfd_control_port',`
gen_require(`
type bfd_control_port_t;
')
dontaudit $1 bfd_control_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the bfd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_bfd_control_port',`
gen_require(`
type bfd_control_port_t;
')
allow $1 bfd_control_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the bfd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_bfd_control_port',`
gen_require(`
type bfd_control_port_t;
')
dontaudit $1 bfd_control_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the bfd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_bfd_control_port',`
corenet_udp_send_bfd_control_port($1)
corenet_udp_receive_bfd_control_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the bfd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_bfd_control_port',`
corenet_dontaudit_udp_send_bfd_control_port($1)
corenet_dontaudit_udp_receive_bfd_control_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the bfd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_bfd_control_port',`
gen_require(`
type bfd_control_port_t;
')
allow $1 bfd_control_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the bfd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_bfd_control_port',`
gen_require(`
type bfd_control_port_t;
')
allow $1 bfd_control_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to bfd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_bfd_control_port',`
gen_require(`
type bfd_control_port_t;
')
dontaudit $1 bfd_control_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the bfd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_bfd_control_port',`
gen_require(`
type bfd_control_port_t;
')
allow $1 bfd_control_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to bfd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_bfd_control_port',`
gen_require(`
type bfd_control_port_t;
')
dontaudit $1 bfd_control_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send bfd_control_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_bfd_control_client_packets',`
gen_require(`
type bfd_control_client_packet_t;
')
allow $1 bfd_control_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send bfd_control_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_bfd_control_client_packets',`
gen_require(`
type bfd_control_client_packet_t;
')
dontaudit $1 bfd_control_client_packet_t:packet send;
')
########################################
## <summary>
## Receive bfd_control_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_bfd_control_client_packets',`
gen_require(`
type bfd_control_client_packet_t;
')
allow $1 bfd_control_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive bfd_control_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_bfd_control_client_packets',`
gen_require(`
type bfd_control_client_packet_t;
')
dontaudit $1 bfd_control_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive bfd_control_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_bfd_control_client_packets',`
corenet_send_bfd_control_client_packets($1)
corenet_receive_bfd_control_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive bfd_control_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_bfd_control_client_packets',`
corenet_dontaudit_send_bfd_control_client_packets($1)
corenet_dontaudit_receive_bfd_control_client_packets($1)
')
########################################
## <summary>
## Relabel packets to bfd_control_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_bfd_control_client_packets',`
gen_require(`
type bfd_control_client_packet_t;
')
allow $1 bfd_control_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send bfd_control_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_bfd_control_server_packets',`
gen_require(`
type bfd_control_server_packet_t;
')
allow $1 bfd_control_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send bfd_control_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_bfd_control_server_packets',`
gen_require(`
type bfd_control_server_packet_t;
')
dontaudit $1 bfd_control_server_packet_t:packet send;
')
########################################
## <summary>
## Receive bfd_control_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_bfd_control_server_packets',`
gen_require(`
type bfd_control_server_packet_t;
')
allow $1 bfd_control_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive bfd_control_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_bfd_control_server_packets',`
gen_require(`
type bfd_control_server_packet_t;
')
dontaudit $1 bfd_control_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive bfd_control_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_bfd_control_server_packets',`
corenet_send_bfd_control_server_packets($1)
corenet_receive_bfd_control_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive bfd_control_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_bfd_control_server_packets',`
corenet_dontaudit_send_bfd_control_server_packets($1)
corenet_dontaudit_receive_bfd_control_server_packets($1)
')
########################################
## <summary>
## Relabel packets to bfd_control_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_bfd_control_server_packets',`
gen_require(`
type bfd_control_server_packet_t;
')
allow $1 bfd_control_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the bfd_echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_bfd_echo_port',`
gen_require(`
type bfd_echo_port_t;
')
allow $1 bfd_echo_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the bfd_echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_bfd_echo_port',`
gen_require(`
type bfd_echo_port_t;
')
allow $1 bfd_echo_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the bfd_echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_bfd_echo_port',`
gen_require(`
type bfd_echo_port_t;
')
dontaudit $1 bfd_echo_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the bfd_echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_bfd_echo_port',`
gen_require(`
type bfd_echo_port_t;
')
allow $1 bfd_echo_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the bfd_echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_bfd_echo_port',`
gen_require(`
type bfd_echo_port_t;
')
dontaudit $1 bfd_echo_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the bfd_echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_bfd_echo_port',`
corenet_udp_send_bfd_echo_port($1)
corenet_udp_receive_bfd_echo_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the bfd_echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_bfd_echo_port',`
corenet_dontaudit_udp_send_bfd_echo_port($1)
corenet_dontaudit_udp_receive_bfd_echo_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the bfd_echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_bfd_echo_port',`
gen_require(`
type bfd_echo_port_t;
')
allow $1 bfd_echo_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the bfd_echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_bfd_echo_port',`
gen_require(`
type bfd_echo_port_t;
')
allow $1 bfd_echo_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to bfd_echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_bfd_echo_port',`
gen_require(`
type bfd_echo_port_t;
')
dontaudit $1 bfd_echo_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the bfd_echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_bfd_echo_port',`
gen_require(`
type bfd_echo_port_t;
')
allow $1 bfd_echo_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to bfd_echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_bfd_echo_port',`
gen_require(`
type bfd_echo_port_t;
')
dontaudit $1 bfd_echo_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send bfd_echo_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_bfd_echo_client_packets',`
gen_require(`
type bfd_echo_client_packet_t;
')
allow $1 bfd_echo_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send bfd_echo_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_bfd_echo_client_packets',`
gen_require(`
type bfd_echo_client_packet_t;
')
dontaudit $1 bfd_echo_client_packet_t:packet send;
')
########################################
## <summary>
## Receive bfd_echo_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_bfd_echo_client_packets',`
gen_require(`
type bfd_echo_client_packet_t;
')
allow $1 bfd_echo_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive bfd_echo_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_bfd_echo_client_packets',`
gen_require(`
type bfd_echo_client_packet_t;
')
dontaudit $1 bfd_echo_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive bfd_echo_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_bfd_echo_client_packets',`
corenet_send_bfd_echo_client_packets($1)
corenet_receive_bfd_echo_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive bfd_echo_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_bfd_echo_client_packets',`
corenet_dontaudit_send_bfd_echo_client_packets($1)
corenet_dontaudit_receive_bfd_echo_client_packets($1)
')
########################################
## <summary>
## Relabel packets to bfd_echo_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_bfd_echo_client_packets',`
gen_require(`
type bfd_echo_client_packet_t;
')
allow $1 bfd_echo_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send bfd_echo_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_bfd_echo_server_packets',`
gen_require(`
type bfd_echo_server_packet_t;
')
allow $1 bfd_echo_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send bfd_echo_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_bfd_echo_server_packets',`
gen_require(`
type bfd_echo_server_packet_t;
')
dontaudit $1 bfd_echo_server_packet_t:packet send;
')
########################################
## <summary>
## Receive bfd_echo_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_bfd_echo_server_packets',`
gen_require(`
type bfd_echo_server_packet_t;
')
allow $1 bfd_echo_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive bfd_echo_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_bfd_echo_server_packets',`
gen_require(`
type bfd_echo_server_packet_t;
')
dontaudit $1 bfd_echo_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive bfd_echo_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_bfd_echo_server_packets',`
corenet_send_bfd_echo_server_packets($1)
corenet_receive_bfd_echo_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive bfd_echo_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_bfd_echo_server_packets',`
corenet_dontaudit_send_bfd_echo_server_packets($1)
corenet_dontaudit_receive_bfd_echo_server_packets($1)
')
########################################
## <summary>
## Relabel packets to bfd_echo_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_bfd_echo_server_packets',`
gen_require(`
type bfd_echo_server_packet_t;
')
allow $1 bfd_echo_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the bfd_multi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_bfd_multi_port',`
gen_require(`
type bfd_multi_port_t;
')
allow $1 bfd_multi_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the bfd_multi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_bfd_multi_port',`
gen_require(`
type bfd_multi_port_t;
')
allow $1 bfd_multi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the bfd_multi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_bfd_multi_port',`
gen_require(`
type bfd_multi_port_t;
')
dontaudit $1 bfd_multi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the bfd_multi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_bfd_multi_port',`
gen_require(`
type bfd_multi_port_t;
')
allow $1 bfd_multi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the bfd_multi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_bfd_multi_port',`
gen_require(`
type bfd_multi_port_t;
')
dontaudit $1 bfd_multi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the bfd_multi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_bfd_multi_port',`
corenet_udp_send_bfd_multi_port($1)
corenet_udp_receive_bfd_multi_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the bfd_multi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_bfd_multi_port',`
corenet_dontaudit_udp_send_bfd_multi_port($1)
corenet_dontaudit_udp_receive_bfd_multi_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the bfd_multi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_bfd_multi_port',`
gen_require(`
type bfd_multi_port_t;
')
allow $1 bfd_multi_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the bfd_multi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_bfd_multi_port',`
gen_require(`
type bfd_multi_port_t;
')
allow $1 bfd_multi_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to bfd_multi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_bfd_multi_port',`
gen_require(`
type bfd_multi_port_t;
')
dontaudit $1 bfd_multi_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the bfd_multi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_bfd_multi_port',`
gen_require(`
type bfd_multi_port_t;
')
allow $1 bfd_multi_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to bfd_multi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_bfd_multi_port',`
gen_require(`
type bfd_multi_port_t;
')
dontaudit $1 bfd_multi_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send bfd_multi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_bfd_multi_client_packets',`
gen_require(`
type bfd_multi_client_packet_t;
')
allow $1 bfd_multi_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send bfd_multi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_bfd_multi_client_packets',`
gen_require(`
type bfd_multi_client_packet_t;
')
dontaudit $1 bfd_multi_client_packet_t:packet send;
')
########################################
## <summary>
## Receive bfd_multi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_bfd_multi_client_packets',`
gen_require(`
type bfd_multi_client_packet_t;
')
allow $1 bfd_multi_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive bfd_multi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_bfd_multi_client_packets',`
gen_require(`
type bfd_multi_client_packet_t;
')
dontaudit $1 bfd_multi_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive bfd_multi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_bfd_multi_client_packets',`
corenet_send_bfd_multi_client_packets($1)
corenet_receive_bfd_multi_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive bfd_multi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_bfd_multi_client_packets',`
corenet_dontaudit_send_bfd_multi_client_packets($1)
corenet_dontaudit_receive_bfd_multi_client_packets($1)
')
########################################
## <summary>
## Relabel packets to bfd_multi_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_bfd_multi_client_packets',`
gen_require(`
type bfd_multi_client_packet_t;
')
allow $1 bfd_multi_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send bfd_multi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_bfd_multi_server_packets',`
gen_require(`
type bfd_multi_server_packet_t;
')
allow $1 bfd_multi_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send bfd_multi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_bfd_multi_server_packets',`
gen_require(`
type bfd_multi_server_packet_t;
')
dontaudit $1 bfd_multi_server_packet_t:packet send;
')
########################################
## <summary>
## Receive bfd_multi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_bfd_multi_server_packets',`
gen_require(`
type bfd_multi_server_packet_t;
')
allow $1 bfd_multi_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive bfd_multi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_bfd_multi_server_packets',`
gen_require(`
type bfd_multi_server_packet_t;
')
dontaudit $1 bfd_multi_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive bfd_multi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_bfd_multi_server_packets',`
corenet_send_bfd_multi_server_packets($1)
corenet_receive_bfd_multi_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive bfd_multi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_bfd_multi_server_packets',`
corenet_dontaudit_send_bfd_multi_server_packets($1)
corenet_dontaudit_receive_bfd_multi_server_packets($1)
')
########################################
## <summary>
## Relabel packets to bfd_multi_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_bfd_multi_server_packets',`
gen_require(`
type bfd_multi_server_packet_t;
')
allow $1 bfd_multi_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_bgp_port',`
gen_require(`
type bgp_port_t;
')
allow $1 bgp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_bgp_port',`
gen_require(`
type bgp_port_t;
')
allow $1 bgp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_bgp_port',`
gen_require(`
type bgp_port_t;
')
dontaudit $1 bgp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_bgp_port',`
gen_require(`
type bgp_port_t;
')
allow $1 bgp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_bgp_port',`
gen_require(`
type bgp_port_t;
')
dontaudit $1 bgp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_bgp_port',`
corenet_udp_send_bgp_port($1)
corenet_udp_receive_bgp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_bgp_port',`
corenet_dontaudit_udp_send_bgp_port($1)
corenet_dontaudit_udp_receive_bgp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_bgp_port',`
gen_require(`
type bgp_port_t;
')
allow $1 bgp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_bgp_port',`
gen_require(`
type bgp_port_t;
')
allow $1 bgp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_bgp_port',`
gen_require(`
type bgp_port_t;
')
dontaudit $1 bgp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_bgp_port',`
gen_require(`
type bgp_port_t;
')
allow $1 bgp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to bgp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_bgp_port',`
gen_require(`
type bgp_port_t;
')
dontaudit $1 bgp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send bgp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_bgp_client_packets',`
gen_require(`
type bgp_client_packet_t;
')
allow $1 bgp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send bgp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_bgp_client_packets',`
gen_require(`
type bgp_client_packet_t;
')
dontaudit $1 bgp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive bgp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_bgp_client_packets',`
gen_require(`
type bgp_client_packet_t;
')
allow $1 bgp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive bgp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_bgp_client_packets',`
gen_require(`
type bgp_client_packet_t;
')
dontaudit $1 bgp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive bgp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_bgp_client_packets',`
corenet_send_bgp_client_packets($1)
corenet_receive_bgp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive bgp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_bgp_client_packets',`
corenet_dontaudit_send_bgp_client_packets($1)
corenet_dontaudit_receive_bgp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to bgp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_bgp_client_packets',`
gen_require(`
type bgp_client_packet_t;
')
allow $1 bgp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send bgp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_bgp_server_packets',`
gen_require(`
type bgp_server_packet_t;
')
allow $1 bgp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send bgp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_bgp_server_packets',`
gen_require(`
type bgp_server_packet_t;
')
dontaudit $1 bgp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive bgp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_bgp_server_packets',`
gen_require(`
type bgp_server_packet_t;
')
allow $1 bgp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive bgp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_bgp_server_packets',`
gen_require(`
type bgp_server_packet_t;
')
dontaudit $1 bgp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive bgp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_bgp_server_packets',`
corenet_send_bgp_server_packets($1)
corenet_receive_bgp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive bgp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_bgp_server_packets',`
corenet_dontaudit_send_bgp_server_packets($1)
corenet_dontaudit_receive_bgp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to bgp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_bgp_server_packets',`
gen_require(`
type bgp_server_packet_t;
')
allow $1 bgp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_boinc_port',`
gen_require(`
type boinc_port_t;
')
allow $1 boinc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_boinc_port',`
gen_require(`
type boinc_port_t;
')
allow $1 boinc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_boinc_port',`
gen_require(`
type boinc_port_t;
')
dontaudit $1 boinc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_boinc_port',`
gen_require(`
type boinc_port_t;
')
allow $1 boinc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_boinc_port',`
gen_require(`
type boinc_port_t;
')
dontaudit $1 boinc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_boinc_port',`
corenet_udp_send_boinc_port($1)
corenet_udp_receive_boinc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_boinc_port',`
corenet_dontaudit_udp_send_boinc_port($1)
corenet_dontaudit_udp_receive_boinc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_boinc_port',`
gen_require(`
type boinc_port_t;
')
allow $1 boinc_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_boinc_port',`
gen_require(`
type boinc_port_t;
')
allow $1 boinc_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_boinc_port',`
gen_require(`
type boinc_port_t;
')
dontaudit $1 boinc_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_boinc_port',`
gen_require(`
type boinc_port_t;
')
allow $1 boinc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to boinc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_boinc_port',`
gen_require(`
type boinc_port_t;
')
dontaudit $1 boinc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send boinc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_boinc_client_packets',`
gen_require(`
type boinc_client_packet_t;
')
allow $1 boinc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send boinc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_boinc_client_packets',`
gen_require(`
type boinc_client_packet_t;
')
dontaudit $1 boinc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive boinc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_boinc_client_packets',`
gen_require(`
type boinc_client_packet_t;
')
allow $1 boinc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive boinc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_boinc_client_packets',`
gen_require(`
type boinc_client_packet_t;
')
dontaudit $1 boinc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive boinc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_boinc_client_packets',`
corenet_send_boinc_client_packets($1)
corenet_receive_boinc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive boinc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_boinc_client_packets',`
corenet_dontaudit_send_boinc_client_packets($1)
corenet_dontaudit_receive_boinc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to boinc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_boinc_client_packets',`
gen_require(`
type boinc_client_packet_t;
')
allow $1 boinc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send boinc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_boinc_server_packets',`
gen_require(`
type boinc_server_packet_t;
')
allow $1 boinc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send boinc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_boinc_server_packets',`
gen_require(`
type boinc_server_packet_t;
')
dontaudit $1 boinc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive boinc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_boinc_server_packets',`
gen_require(`
type boinc_server_packet_t;
')
allow $1 boinc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive boinc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_boinc_server_packets',`
gen_require(`
type boinc_server_packet_t;
')
dontaudit $1 boinc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive boinc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_boinc_server_packets',`
corenet_send_boinc_server_packets($1)
corenet_receive_boinc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive boinc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_boinc_server_packets',`
corenet_dontaudit_send_boinc_server_packets($1)
corenet_dontaudit_receive_boinc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to boinc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_boinc_server_packets',`
gen_require(`
type boinc_server_packet_t;
')
allow $1 boinc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the boinc_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_boinc_client_port',`
gen_require(`
type boinc_client_port_t;
')
allow $1 boinc_client_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the boinc_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_boinc_client_port',`
gen_require(`
type boinc_client_port_t;
')
allow $1 boinc_client_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the boinc_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_boinc_client_port',`
gen_require(`
type boinc_client_port_t;
')
dontaudit $1 boinc_client_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the boinc_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_boinc_client_port',`
gen_require(`
type boinc_client_port_t;
')
allow $1 boinc_client_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the boinc_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_boinc_client_port',`
gen_require(`
type boinc_client_port_t;
')
dontaudit $1 boinc_client_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the boinc_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_boinc_client_port',`
corenet_udp_send_boinc_client_port($1)
corenet_udp_receive_boinc_client_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the boinc_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_boinc_client_port',`
corenet_dontaudit_udp_send_boinc_client_port($1)
corenet_dontaudit_udp_receive_boinc_client_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the boinc_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_boinc_client_port',`
gen_require(`
type boinc_client_port_t;
')
allow $1 boinc_client_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the boinc_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_boinc_client_port',`
gen_require(`
type boinc_client_port_t;
')
allow $1 boinc_client_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to boinc_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_boinc_client_port',`
gen_require(`
type boinc_client_port_t;
')
dontaudit $1 boinc_client_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the boinc_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_boinc_client_port',`
gen_require(`
type boinc_client_port_t;
')
allow $1 boinc_client_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to boinc_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_boinc_client_port',`
gen_require(`
type boinc_client_port_t;
')
dontaudit $1 boinc_client_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send boinc_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_boinc_client_client_packets',`
gen_require(`
type boinc_client_client_packet_t;
')
allow $1 boinc_client_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send boinc_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_boinc_client_client_packets',`
gen_require(`
type boinc_client_client_packet_t;
')
dontaudit $1 boinc_client_client_packet_t:packet send;
')
########################################
## <summary>
## Receive boinc_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_boinc_client_client_packets',`
gen_require(`
type boinc_client_client_packet_t;
')
allow $1 boinc_client_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive boinc_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_boinc_client_client_packets',`
gen_require(`
type boinc_client_client_packet_t;
')
dontaudit $1 boinc_client_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive boinc_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_boinc_client_client_packets',`
corenet_send_boinc_client_client_packets($1)
corenet_receive_boinc_client_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive boinc_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_boinc_client_client_packets',`
corenet_dontaudit_send_boinc_client_client_packets($1)
corenet_dontaudit_receive_boinc_client_client_packets($1)
')
########################################
## <summary>
## Relabel packets to boinc_client_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_boinc_client_client_packets',`
gen_require(`
type boinc_client_client_packet_t;
')
allow $1 boinc_client_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send boinc_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_boinc_client_server_packets',`
gen_require(`
type boinc_client_server_packet_t;
')
allow $1 boinc_client_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send boinc_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_boinc_client_server_packets',`
gen_require(`
type boinc_client_server_packet_t;
')
dontaudit $1 boinc_client_server_packet_t:packet send;
')
########################################
## <summary>
## Receive boinc_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_boinc_client_server_packets',`
gen_require(`
type boinc_client_server_packet_t;
')
allow $1 boinc_client_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive boinc_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_boinc_client_server_packets',`
gen_require(`
type boinc_client_server_packet_t;
')
dontaudit $1 boinc_client_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive boinc_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_boinc_client_server_packets',`
corenet_send_boinc_client_server_packets($1)
corenet_receive_boinc_client_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive boinc_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_boinc_client_server_packets',`
corenet_dontaudit_send_boinc_client_server_packets($1)
corenet_dontaudit_receive_boinc_client_server_packets($1)
')
########################################
## <summary>
## Relabel packets to boinc_client_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_boinc_client_server_packets',`
gen_require(`
type boinc_client_server_packet_t;
')
allow $1 boinc_client_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the boothd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_boothd_port',`
gen_require(`
type boothd_port_t;
')
allow $1 boothd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the boothd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_boothd_port',`
gen_require(`
type boothd_port_t;
')
allow $1 boothd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the boothd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_boothd_port',`
gen_require(`
type boothd_port_t;
')
dontaudit $1 boothd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the boothd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_boothd_port',`
gen_require(`
type boothd_port_t;
')
allow $1 boothd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the boothd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_boothd_port',`
gen_require(`
type boothd_port_t;
')
dontaudit $1 boothd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the boothd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_boothd_port',`
corenet_udp_send_boothd_port($1)
corenet_udp_receive_boothd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the boothd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_boothd_port',`
corenet_dontaudit_udp_send_boothd_port($1)
corenet_dontaudit_udp_receive_boothd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the boothd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_boothd_port',`
gen_require(`
type boothd_port_t;
')
allow $1 boothd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the boothd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_boothd_port',`
gen_require(`
type boothd_port_t;
')
allow $1 boothd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to boothd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_boothd_port',`
gen_require(`
type boothd_port_t;
')
dontaudit $1 boothd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the boothd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_boothd_port',`
gen_require(`
type boothd_port_t;
')
allow $1 boothd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to boothd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_boothd_port',`
gen_require(`
type boothd_port_t;
')
dontaudit $1 boothd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send boothd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_boothd_client_packets',`
gen_require(`
type boothd_client_packet_t;
')
allow $1 boothd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send boothd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_boothd_client_packets',`
gen_require(`
type boothd_client_packet_t;
')
dontaudit $1 boothd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive boothd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_boothd_client_packets',`
gen_require(`
type boothd_client_packet_t;
')
allow $1 boothd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive boothd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_boothd_client_packets',`
gen_require(`
type boothd_client_packet_t;
')
dontaudit $1 boothd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive boothd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_boothd_client_packets',`
corenet_send_boothd_client_packets($1)
corenet_receive_boothd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive boothd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_boothd_client_packets',`
corenet_dontaudit_send_boothd_client_packets($1)
corenet_dontaudit_receive_boothd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to boothd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_boothd_client_packets',`
gen_require(`
type boothd_client_packet_t;
')
allow $1 boothd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send boothd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_boothd_server_packets',`
gen_require(`
type boothd_server_packet_t;
')
allow $1 boothd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send boothd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_boothd_server_packets',`
gen_require(`
type boothd_server_packet_t;
')
dontaudit $1 boothd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive boothd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_boothd_server_packets',`
gen_require(`
type boothd_server_packet_t;
')
allow $1 boothd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive boothd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_boothd_server_packets',`
gen_require(`
type boothd_server_packet_t;
')
dontaudit $1 boothd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive boothd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_boothd_server_packets',`
corenet_send_boothd_server_packets($1)
corenet_receive_boothd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive boothd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_boothd_server_packets',`
corenet_dontaudit_send_boothd_server_packets($1)
corenet_dontaudit_receive_boothd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to boothd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_boothd_server_packets',`
gen_require(`
type boothd_server_packet_t;
')
allow $1 boothd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the brlp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_brlp_port',`
gen_require(`
type brlp_port_t;
')
allow $1 brlp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the brlp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_brlp_port',`
gen_require(`
type brlp_port_t;
')
allow $1 brlp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the brlp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_brlp_port',`
gen_require(`
type brlp_port_t;
')
dontaudit $1 brlp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the brlp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_brlp_port',`
gen_require(`
type brlp_port_t;
')
allow $1 brlp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the brlp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_brlp_port',`
gen_require(`
type brlp_port_t;
')
dontaudit $1 brlp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the brlp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_brlp_port',`
corenet_udp_send_brlp_port($1)
corenet_udp_receive_brlp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the brlp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_brlp_port',`
corenet_dontaudit_udp_send_brlp_port($1)
corenet_dontaudit_udp_receive_brlp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the brlp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_brlp_port',`
gen_require(`
type brlp_port_t;
')
allow $1 brlp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the brlp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_brlp_port',`
gen_require(`
type brlp_port_t;
')
allow $1 brlp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to brlp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_brlp_port',`
gen_require(`
type brlp_port_t;
')
dontaudit $1 brlp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the brlp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_brlp_port',`
gen_require(`
type brlp_port_t;
')
allow $1 brlp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to brlp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_brlp_port',`
gen_require(`
type brlp_port_t;
')
dontaudit $1 brlp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send brlp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_brlp_client_packets',`
gen_require(`
type brlp_client_packet_t;
')
allow $1 brlp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send brlp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_brlp_client_packets',`
gen_require(`
type brlp_client_packet_t;
')
dontaudit $1 brlp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive brlp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_brlp_client_packets',`
gen_require(`
type brlp_client_packet_t;
')
allow $1 brlp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive brlp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_brlp_client_packets',`
gen_require(`
type brlp_client_packet_t;
')
dontaudit $1 brlp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive brlp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_brlp_client_packets',`
corenet_send_brlp_client_packets($1)
corenet_receive_brlp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive brlp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_brlp_client_packets',`
corenet_dontaudit_send_brlp_client_packets($1)
corenet_dontaudit_receive_brlp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to brlp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_brlp_client_packets',`
gen_require(`
type brlp_client_packet_t;
')
allow $1 brlp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send brlp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_brlp_server_packets',`
gen_require(`
type brlp_server_packet_t;
')
allow $1 brlp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send brlp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_brlp_server_packets',`
gen_require(`
type brlp_server_packet_t;
')
dontaudit $1 brlp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive brlp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_brlp_server_packets',`
gen_require(`
type brlp_server_packet_t;
')
allow $1 brlp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive brlp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_brlp_server_packets',`
gen_require(`
type brlp_server_packet_t;
')
dontaudit $1 brlp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive brlp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_brlp_server_packets',`
corenet_send_brlp_server_packets($1)
corenet_receive_brlp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive brlp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_brlp_server_packets',`
corenet_dontaudit_send_brlp_server_packets($1)
corenet_dontaudit_receive_brlp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to brlp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_brlp_server_packets',`
gen_require(`
type brlp_server_packet_t;
')
allow $1 brlp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the biff port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_biff_port',`
gen_require(`
type biff_port_t;
')
allow $1 biff_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the biff port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_biff_port',`
gen_require(`
type biff_port_t;
')
allow $1 biff_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the biff port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_biff_port',`
gen_require(`
type biff_port_t;
')
dontaudit $1 biff_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the biff port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_biff_port',`
gen_require(`
type biff_port_t;
')
allow $1 biff_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the biff port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_biff_port',`
gen_require(`
type biff_port_t;
')
dontaudit $1 biff_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the biff port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_biff_port',`
corenet_udp_send_biff_port($1)
corenet_udp_receive_biff_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the biff port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_biff_port',`
corenet_dontaudit_udp_send_biff_port($1)
corenet_dontaudit_udp_receive_biff_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the biff port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_biff_port',`
gen_require(`
type biff_port_t;
')
allow $1 biff_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the biff port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_biff_port',`
gen_require(`
type biff_port_t;
')
allow $1 biff_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to biff port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_biff_port',`
gen_require(`
type biff_port_t;
')
dontaudit $1 biff_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the biff port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_biff_port',`
gen_require(`
type biff_port_t;
')
allow $1 biff_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to biff port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_biff_port',`
gen_require(`
type biff_port_t;
')
dontaudit $1 biff_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send biff_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_biff_client_packets',`
gen_require(`
type biff_client_packet_t;
')
allow $1 biff_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send biff_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_biff_client_packets',`
gen_require(`
type biff_client_packet_t;
')
dontaudit $1 biff_client_packet_t:packet send;
')
########################################
## <summary>
## Receive biff_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_biff_client_packets',`
gen_require(`
type biff_client_packet_t;
')
allow $1 biff_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive biff_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_biff_client_packets',`
gen_require(`
type biff_client_packet_t;
')
dontaudit $1 biff_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive biff_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_biff_client_packets',`
corenet_send_biff_client_packets($1)
corenet_receive_biff_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive biff_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_biff_client_packets',`
corenet_dontaudit_send_biff_client_packets($1)
corenet_dontaudit_receive_biff_client_packets($1)
')
########################################
## <summary>
## Relabel packets to biff_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_biff_client_packets',`
gen_require(`
type biff_client_packet_t;
')
allow $1 biff_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send biff_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_biff_server_packets',`
gen_require(`
type biff_server_packet_t;
')
allow $1 biff_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send biff_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_biff_server_packets',`
gen_require(`
type biff_server_packet_t;
')
dontaudit $1 biff_server_packet_t:packet send;
')
########################################
## <summary>
## Receive biff_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_biff_server_packets',`
gen_require(`
type biff_server_packet_t;
')
allow $1 biff_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive biff_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_biff_server_packets',`
gen_require(`
type biff_server_packet_t;
')
dontaudit $1 biff_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive biff_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_biff_server_packets',`
corenet_send_biff_server_packets($1)
corenet_receive_biff_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive biff_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_biff_server_packets',`
corenet_dontaudit_send_biff_server_packets($1)
corenet_dontaudit_receive_biff_server_packets($1)
')
########################################
## <summary>
## Relabel packets to biff_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_biff_server_packets',`
gen_require(`
type biff_server_packet_t;
')
allow $1 biff_server_packet_t:packet relabelto;
')
# no defined portcon
########################################
## <summary>
## Send and receive TCP traffic on the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_certmaster_port',`
gen_require(`
type certmaster_port_t;
')
allow $1 certmaster_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_certmaster_port',`
gen_require(`
type certmaster_port_t;
')
allow $1 certmaster_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_certmaster_port',`
gen_require(`
type certmaster_port_t;
')
dontaudit $1 certmaster_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_certmaster_port',`
gen_require(`
type certmaster_port_t;
')
allow $1 certmaster_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_certmaster_port',`
gen_require(`
type certmaster_port_t;
')
dontaudit $1 certmaster_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_certmaster_port',`
corenet_udp_send_certmaster_port($1)
corenet_udp_receive_certmaster_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_certmaster_port',`
corenet_dontaudit_udp_send_certmaster_port($1)
corenet_dontaudit_udp_receive_certmaster_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_certmaster_port',`
gen_require(`
type certmaster_port_t;
')
allow $1 certmaster_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_certmaster_port',`
gen_require(`
type certmaster_port_t;
')
allow $1 certmaster_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_certmaster_port',`
gen_require(`
type certmaster_port_t;
')
dontaudit $1 certmaster_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_certmaster_port',`
gen_require(`
type certmaster_port_t;
')
allow $1 certmaster_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to certmaster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_certmaster_port',`
gen_require(`
type certmaster_port_t;
')
dontaudit $1 certmaster_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send certmaster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_certmaster_client_packets',`
gen_require(`
type certmaster_client_packet_t;
')
allow $1 certmaster_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send certmaster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_certmaster_client_packets',`
gen_require(`
type certmaster_client_packet_t;
')
dontaudit $1 certmaster_client_packet_t:packet send;
')
########################################
## <summary>
## Receive certmaster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_certmaster_client_packets',`
gen_require(`
type certmaster_client_packet_t;
')
allow $1 certmaster_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive certmaster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_certmaster_client_packets',`
gen_require(`
type certmaster_client_packet_t;
')
dontaudit $1 certmaster_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive certmaster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_certmaster_client_packets',`
corenet_send_certmaster_client_packets($1)
corenet_receive_certmaster_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive certmaster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_certmaster_client_packets',`
corenet_dontaudit_send_certmaster_client_packets($1)
corenet_dontaudit_receive_certmaster_client_packets($1)
')
########################################
## <summary>
## Relabel packets to certmaster_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_certmaster_client_packets',`
gen_require(`
type certmaster_client_packet_t;
')
allow $1 certmaster_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send certmaster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_certmaster_server_packets',`
gen_require(`
type certmaster_server_packet_t;
')
allow $1 certmaster_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send certmaster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_certmaster_server_packets',`
gen_require(`
type certmaster_server_packet_t;
')
dontaudit $1 certmaster_server_packet_t:packet send;
')
########################################
## <summary>
## Receive certmaster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_certmaster_server_packets',`
gen_require(`
type certmaster_server_packet_t;
')
allow $1 certmaster_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive certmaster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_certmaster_server_packets',`
gen_require(`
type certmaster_server_packet_t;
')
dontaudit $1 certmaster_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive certmaster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_certmaster_server_packets',`
corenet_send_certmaster_server_packets($1)
corenet_receive_certmaster_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive certmaster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_certmaster_server_packets',`
corenet_dontaudit_send_certmaster_server_packets($1)
corenet_dontaudit_receive_certmaster_server_packets($1)
')
########################################
## <summary>
## Relabel packets to certmaster_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_certmaster_server_packets',`
gen_require(`
type certmaster_server_packet_t;
')
allow $1 certmaster_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_collectd_port',`
gen_require(`
type collectd_port_t;
')
allow $1 collectd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_collectd_port',`
gen_require(`
type collectd_port_t;
')
allow $1 collectd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_collectd_port',`
gen_require(`
type collectd_port_t;
')
dontaudit $1 collectd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_collectd_port',`
gen_require(`
type collectd_port_t;
')
allow $1 collectd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_collectd_port',`
gen_require(`
type collectd_port_t;
')
dontaudit $1 collectd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_collectd_port',`
corenet_udp_send_collectd_port($1)
corenet_udp_receive_collectd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_collectd_port',`
corenet_dontaudit_udp_send_collectd_port($1)
corenet_dontaudit_udp_receive_collectd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_collectd_port',`
gen_require(`
type collectd_port_t;
')
allow $1 collectd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_collectd_port',`
gen_require(`
type collectd_port_t;
')
allow $1 collectd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_collectd_port',`
gen_require(`
type collectd_port_t;
')
dontaudit $1 collectd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_collectd_port',`
gen_require(`
type collectd_port_t;
')
allow $1 collectd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to collectd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_collectd_port',`
gen_require(`
type collectd_port_t;
')
dontaudit $1 collectd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send collectd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_collectd_client_packets',`
gen_require(`
type collectd_client_packet_t;
')
allow $1 collectd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send collectd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_collectd_client_packets',`
gen_require(`
type collectd_client_packet_t;
')
dontaudit $1 collectd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive collectd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_collectd_client_packets',`
gen_require(`
type collectd_client_packet_t;
')
allow $1 collectd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive collectd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_collectd_client_packets',`
gen_require(`
type collectd_client_packet_t;
')
dontaudit $1 collectd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive collectd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_collectd_client_packets',`
corenet_send_collectd_client_packets($1)
corenet_receive_collectd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive collectd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_collectd_client_packets',`
corenet_dontaudit_send_collectd_client_packets($1)
corenet_dontaudit_receive_collectd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to collectd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_collectd_client_packets',`
gen_require(`
type collectd_client_packet_t;
')
allow $1 collectd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send collectd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_collectd_server_packets',`
gen_require(`
type collectd_server_packet_t;
')
allow $1 collectd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send collectd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_collectd_server_packets',`
gen_require(`
type collectd_server_packet_t;
')
dontaudit $1 collectd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive collectd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_collectd_server_packets',`
gen_require(`
type collectd_server_packet_t;
')
allow $1 collectd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive collectd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_collectd_server_packets',`
gen_require(`
type collectd_server_packet_t;
')
dontaudit $1 collectd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive collectd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_collectd_server_packets',`
corenet_send_collectd_server_packets($1)
corenet_receive_collectd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive collectd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_collectd_server_packets',`
corenet_dontaudit_send_collectd_server_packets($1)
corenet_dontaudit_receive_collectd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to collectd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_collectd_server_packets',`
gen_require(`
type collectd_server_packet_t;
')
allow $1 collectd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_chronyd_port',`
gen_require(`
type chronyd_port_t;
')
allow $1 chronyd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_chronyd_port',`
gen_require(`
type chronyd_port_t;
')
allow $1 chronyd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_chronyd_port',`
gen_require(`
type chronyd_port_t;
')
dontaudit $1 chronyd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_chronyd_port',`
gen_require(`
type chronyd_port_t;
')
allow $1 chronyd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_chronyd_port',`
gen_require(`
type chronyd_port_t;
')
dontaudit $1 chronyd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_chronyd_port',`
corenet_udp_send_chronyd_port($1)
corenet_udp_receive_chronyd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_chronyd_port',`
corenet_dontaudit_udp_send_chronyd_port($1)
corenet_dontaudit_udp_receive_chronyd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_chronyd_port',`
gen_require(`
type chronyd_port_t;
')
allow $1 chronyd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_chronyd_port',`
gen_require(`
type chronyd_port_t;
')
allow $1 chronyd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_chronyd_port',`
gen_require(`
type chronyd_port_t;
')
dontaudit $1 chronyd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_chronyd_port',`
gen_require(`
type chronyd_port_t;
')
allow $1 chronyd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to chronyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_chronyd_port',`
gen_require(`
type chronyd_port_t;
')
dontaudit $1 chronyd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send chronyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_chronyd_client_packets',`
gen_require(`
type chronyd_client_packet_t;
')
allow $1 chronyd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send chronyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_chronyd_client_packets',`
gen_require(`
type chronyd_client_packet_t;
')
dontaudit $1 chronyd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive chronyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_chronyd_client_packets',`
gen_require(`
type chronyd_client_packet_t;
')
allow $1 chronyd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive chronyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_chronyd_client_packets',`
gen_require(`
type chronyd_client_packet_t;
')
dontaudit $1 chronyd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive chronyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_chronyd_client_packets',`
corenet_send_chronyd_client_packets($1)
corenet_receive_chronyd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive chronyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_chronyd_client_packets',`
corenet_dontaudit_send_chronyd_client_packets($1)
corenet_dontaudit_receive_chronyd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to chronyd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_chronyd_client_packets',`
gen_require(`
type chronyd_client_packet_t;
')
allow $1 chronyd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send chronyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_chronyd_server_packets',`
gen_require(`
type chronyd_server_packet_t;
')
allow $1 chronyd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send chronyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_chronyd_server_packets',`
gen_require(`
type chronyd_server_packet_t;
')
dontaudit $1 chronyd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive chronyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_chronyd_server_packets',`
gen_require(`
type chronyd_server_packet_t;
')
allow $1 chronyd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive chronyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_chronyd_server_packets',`
gen_require(`
type chronyd_server_packet_t;
')
dontaudit $1 chronyd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive chronyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_chronyd_server_packets',`
corenet_send_chronyd_server_packets($1)
corenet_receive_chronyd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive chronyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_chronyd_server_packets',`
corenet_dontaudit_send_chronyd_server_packets($1)
corenet_dontaudit_receive_chronyd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to chronyd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_chronyd_server_packets',`
gen_require(`
type chronyd_server_packet_t;
')
allow $1 chronyd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_clamd_port',`
gen_require(`
type clamd_port_t;
')
allow $1 clamd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_clamd_port',`
gen_require(`
type clamd_port_t;
')
allow $1 clamd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_clamd_port',`
gen_require(`
type clamd_port_t;
')
dontaudit $1 clamd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_clamd_port',`
gen_require(`
type clamd_port_t;
')
allow $1 clamd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_clamd_port',`
gen_require(`
type clamd_port_t;
')
dontaudit $1 clamd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_clamd_port',`
corenet_udp_send_clamd_port($1)
corenet_udp_receive_clamd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_clamd_port',`
corenet_dontaudit_udp_send_clamd_port($1)
corenet_dontaudit_udp_receive_clamd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_clamd_port',`
gen_require(`
type clamd_port_t;
')
allow $1 clamd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_clamd_port',`
gen_require(`
type clamd_port_t;
')
allow $1 clamd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_clamd_port',`
gen_require(`
type clamd_port_t;
')
dontaudit $1 clamd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_clamd_port',`
gen_require(`
type clamd_port_t;
')
allow $1 clamd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to clamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_clamd_port',`
gen_require(`
type clamd_port_t;
')
dontaudit $1 clamd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send clamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_clamd_client_packets',`
gen_require(`
type clamd_client_packet_t;
')
allow $1 clamd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send clamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_clamd_client_packets',`
gen_require(`
type clamd_client_packet_t;
')
dontaudit $1 clamd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive clamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_clamd_client_packets',`
gen_require(`
type clamd_client_packet_t;
')
allow $1 clamd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive clamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_clamd_client_packets',`
gen_require(`
type clamd_client_packet_t;
')
dontaudit $1 clamd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive clamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_clamd_client_packets',`
corenet_send_clamd_client_packets($1)
corenet_receive_clamd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive clamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_clamd_client_packets',`
corenet_dontaudit_send_clamd_client_packets($1)
corenet_dontaudit_receive_clamd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to clamd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_clamd_client_packets',`
gen_require(`
type clamd_client_packet_t;
')
allow $1 clamd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send clamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_clamd_server_packets',`
gen_require(`
type clamd_server_packet_t;
')
allow $1 clamd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send clamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_clamd_server_packets',`
gen_require(`
type clamd_server_packet_t;
')
dontaudit $1 clamd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive clamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_clamd_server_packets',`
gen_require(`
type clamd_server_packet_t;
')
allow $1 clamd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive clamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_clamd_server_packets',`
gen_require(`
type clamd_server_packet_t;
')
dontaudit $1 clamd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive clamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_clamd_server_packets',`
corenet_send_clamd_server_packets($1)
corenet_receive_clamd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive clamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_clamd_server_packets',`
corenet_dontaudit_send_clamd_server_packets($1)
corenet_dontaudit_receive_clamd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to clamd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_clamd_server_packets',`
gen_require(`
type clamd_server_packet_t;
')
allow $1 clamd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_clockspeed_port',`
gen_require(`
type clockspeed_port_t;
')
allow $1 clockspeed_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_clockspeed_port',`
gen_require(`
type clockspeed_port_t;
')
allow $1 clockspeed_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_clockspeed_port',`
gen_require(`
type clockspeed_port_t;
')
dontaudit $1 clockspeed_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_clockspeed_port',`
gen_require(`
type clockspeed_port_t;
')
allow $1 clockspeed_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_clockspeed_port',`
gen_require(`
type clockspeed_port_t;
')
dontaudit $1 clockspeed_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_clockspeed_port',`
corenet_udp_send_clockspeed_port($1)
corenet_udp_receive_clockspeed_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_clockspeed_port',`
corenet_dontaudit_udp_send_clockspeed_port($1)
corenet_dontaudit_udp_receive_clockspeed_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_clockspeed_port',`
gen_require(`
type clockspeed_port_t;
')
allow $1 clockspeed_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_clockspeed_port',`
gen_require(`
type clockspeed_port_t;
')
allow $1 clockspeed_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_clockspeed_port',`
gen_require(`
type clockspeed_port_t;
')
dontaudit $1 clockspeed_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_clockspeed_port',`
gen_require(`
type clockspeed_port_t;
')
allow $1 clockspeed_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to clockspeed port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_clockspeed_port',`
gen_require(`
type clockspeed_port_t;
')
dontaudit $1 clockspeed_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send clockspeed_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_clockspeed_client_packets',`
gen_require(`
type clockspeed_client_packet_t;
')
allow $1 clockspeed_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send clockspeed_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_clockspeed_client_packets',`
gen_require(`
type clockspeed_client_packet_t;
')
dontaudit $1 clockspeed_client_packet_t:packet send;
')
########################################
## <summary>
## Receive clockspeed_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_clockspeed_client_packets',`
gen_require(`
type clockspeed_client_packet_t;
')
allow $1 clockspeed_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive clockspeed_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_clockspeed_client_packets',`
gen_require(`
type clockspeed_client_packet_t;
')
dontaudit $1 clockspeed_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive clockspeed_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_clockspeed_client_packets',`
corenet_send_clockspeed_client_packets($1)
corenet_receive_clockspeed_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive clockspeed_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_clockspeed_client_packets',`
corenet_dontaudit_send_clockspeed_client_packets($1)
corenet_dontaudit_receive_clockspeed_client_packets($1)
')
########################################
## <summary>
## Relabel packets to clockspeed_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_clockspeed_client_packets',`
gen_require(`
type clockspeed_client_packet_t;
')
allow $1 clockspeed_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send clockspeed_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_clockspeed_server_packets',`
gen_require(`
type clockspeed_server_packet_t;
')
allow $1 clockspeed_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send clockspeed_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_clockspeed_server_packets',`
gen_require(`
type clockspeed_server_packet_t;
')
dontaudit $1 clockspeed_server_packet_t:packet send;
')
########################################
## <summary>
## Receive clockspeed_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_clockspeed_server_packets',`
gen_require(`
type clockspeed_server_packet_t;
')
allow $1 clockspeed_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive clockspeed_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_clockspeed_server_packets',`
gen_require(`
type clockspeed_server_packet_t;
')
dontaudit $1 clockspeed_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive clockspeed_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_clockspeed_server_packets',`
corenet_send_clockspeed_server_packets($1)
corenet_receive_clockspeed_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive clockspeed_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_clockspeed_server_packets',`
corenet_dontaudit_send_clockspeed_server_packets($1)
corenet_dontaudit_receive_clockspeed_server_packets($1)
')
########################################
## <summary>
## Relabel packets to clockspeed_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_clockspeed_server_packets',`
gen_require(`
type clockspeed_server_packet_t;
')
allow $1 clockspeed_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_cluster_port',`
gen_require(`
type cluster_port_t;
')
allow $1 cluster_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_cluster_port',`
gen_require(`
type cluster_port_t;
')
allow $1 cluster_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_cluster_port',`
gen_require(`
type cluster_port_t;
')
dontaudit $1 cluster_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_cluster_port',`
gen_require(`
type cluster_port_t;
')
allow $1 cluster_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_cluster_port',`
gen_require(`
type cluster_port_t;
')
dontaudit $1 cluster_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_cluster_port',`
corenet_udp_send_cluster_port($1)
corenet_udp_receive_cluster_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_cluster_port',`
corenet_dontaudit_udp_send_cluster_port($1)
corenet_dontaudit_udp_receive_cluster_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_cluster_port',`
gen_require(`
type cluster_port_t;
')
allow $1 cluster_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_cluster_port',`
gen_require(`
type cluster_port_t;
')
allow $1 cluster_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_cluster_port',`
gen_require(`
type cluster_port_t;
')
dontaudit $1 cluster_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_cluster_port',`
gen_require(`
type cluster_port_t;
')
allow $1 cluster_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to cluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_cluster_port',`
gen_require(`
type cluster_port_t;
')
dontaudit $1 cluster_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send cluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cluster_client_packets',`
gen_require(`
type cluster_client_packet_t;
')
allow $1 cluster_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cluster_client_packets',`
gen_require(`
type cluster_client_packet_t;
')
dontaudit $1 cluster_client_packet_t:packet send;
')
########################################
## <summary>
## Receive cluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cluster_client_packets',`
gen_require(`
type cluster_client_packet_t;
')
allow $1 cluster_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cluster_client_packets',`
gen_require(`
type cluster_client_packet_t;
')
dontaudit $1 cluster_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cluster_client_packets',`
corenet_send_cluster_client_packets($1)
corenet_receive_cluster_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cluster_client_packets',`
corenet_dontaudit_send_cluster_client_packets($1)
corenet_dontaudit_receive_cluster_client_packets($1)
')
########################################
## <summary>
## Relabel packets to cluster_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cluster_client_packets',`
gen_require(`
type cluster_client_packet_t;
')
allow $1 cluster_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send cluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cluster_server_packets',`
gen_require(`
type cluster_server_packet_t;
')
allow $1 cluster_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cluster_server_packets',`
gen_require(`
type cluster_server_packet_t;
')
dontaudit $1 cluster_server_packet_t:packet send;
')
########################################
## <summary>
## Receive cluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cluster_server_packets',`
gen_require(`
type cluster_server_packet_t;
')
allow $1 cluster_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cluster_server_packets',`
gen_require(`
type cluster_server_packet_t;
')
dontaudit $1 cluster_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cluster_server_packets',`
corenet_send_cluster_server_packets($1)
corenet_receive_cluster_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cluster_server_packets',`
corenet_dontaudit_send_cluster_server_packets($1)
corenet_dontaudit_receive_cluster_server_packets($1)
')
########################################
## <summary>
## Relabel packets to cluster_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cluster_server_packets',`
gen_require(`
type cluster_server_packet_t;
')
allow $1 cluster_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_cma_port',`
gen_require(`
type cma_port_t;
')
allow $1 cma_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_cma_port',`
gen_require(`
type cma_port_t;
')
allow $1 cma_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_cma_port',`
gen_require(`
type cma_port_t;
')
dontaudit $1 cma_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_cma_port',`
gen_require(`
type cma_port_t;
')
allow $1 cma_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_cma_port',`
gen_require(`
type cma_port_t;
')
dontaudit $1 cma_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_cma_port',`
corenet_udp_send_cma_port($1)
corenet_udp_receive_cma_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_cma_port',`
corenet_dontaudit_udp_send_cma_port($1)
corenet_dontaudit_udp_receive_cma_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_cma_port',`
gen_require(`
type cma_port_t;
')
allow $1 cma_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_cma_port',`
gen_require(`
type cma_port_t;
')
allow $1 cma_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_cma_port',`
gen_require(`
type cma_port_t;
')
dontaudit $1 cma_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_cma_port',`
gen_require(`
type cma_port_t;
')
allow $1 cma_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to cma port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_cma_port',`
gen_require(`
type cma_port_t;
')
dontaudit $1 cma_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send cma_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cma_client_packets',`
gen_require(`
type cma_client_packet_t;
')
allow $1 cma_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cma_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cma_client_packets',`
gen_require(`
type cma_client_packet_t;
')
dontaudit $1 cma_client_packet_t:packet send;
')
########################################
## <summary>
## Receive cma_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cma_client_packets',`
gen_require(`
type cma_client_packet_t;
')
allow $1 cma_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cma_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cma_client_packets',`
gen_require(`
type cma_client_packet_t;
')
dontaudit $1 cma_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cma_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cma_client_packets',`
corenet_send_cma_client_packets($1)
corenet_receive_cma_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cma_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cma_client_packets',`
corenet_dontaudit_send_cma_client_packets($1)
corenet_dontaudit_receive_cma_client_packets($1)
')
########################################
## <summary>
## Relabel packets to cma_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cma_client_packets',`
gen_require(`
type cma_client_packet_t;
')
allow $1 cma_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send cma_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cma_server_packets',`
gen_require(`
type cma_server_packet_t;
')
allow $1 cma_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cma_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cma_server_packets',`
gen_require(`
type cma_server_packet_t;
')
dontaudit $1 cma_server_packet_t:packet send;
')
########################################
## <summary>
## Receive cma_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cma_server_packets',`
gen_require(`
type cma_server_packet_t;
')
allow $1 cma_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cma_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cma_server_packets',`
gen_require(`
type cma_server_packet_t;
')
dontaudit $1 cma_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cma_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cma_server_packets',`
corenet_send_cma_server_packets($1)
corenet_receive_cma_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cma_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cma_server_packets',`
corenet_dontaudit_send_cma_server_packets($1)
corenet_dontaudit_receive_cma_server_packets($1)
')
########################################
## <summary>
## Relabel packets to cma_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cma_server_packets',`
gen_require(`
type cma_server_packet_t;
')
allow $1 cma_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the cmadmin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_cmadmin_port',`
gen_require(`
type cmadmin_port_t;
')
allow $1 cmadmin_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the cmadmin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_cmadmin_port',`
gen_require(`
type cmadmin_port_t;
')
allow $1 cmadmin_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the cmadmin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_cmadmin_port',`
gen_require(`
type cmadmin_port_t;
')
dontaudit $1 cmadmin_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the cmadmin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_cmadmin_port',`
gen_require(`
type cmadmin_port_t;
')
allow $1 cmadmin_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the cmadmin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_cmadmin_port',`
gen_require(`
type cmadmin_port_t;
')
dontaudit $1 cmadmin_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the cmadmin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_cmadmin_port',`
corenet_udp_send_cmadmin_port($1)
corenet_udp_receive_cmadmin_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the cmadmin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_cmadmin_port',`
corenet_dontaudit_udp_send_cmadmin_port($1)
corenet_dontaudit_udp_receive_cmadmin_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the cmadmin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_cmadmin_port',`
gen_require(`
type cmadmin_port_t;
')
allow $1 cmadmin_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the cmadmin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_cmadmin_port',`
gen_require(`
type cmadmin_port_t;
')
allow $1 cmadmin_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to cmadmin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_cmadmin_port',`
gen_require(`
type cmadmin_port_t;
')
dontaudit $1 cmadmin_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the cmadmin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_cmadmin_port',`
gen_require(`
type cmadmin_port_t;
')
allow $1 cmadmin_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to cmadmin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_cmadmin_port',`
gen_require(`
type cmadmin_port_t;
')
dontaudit $1 cmadmin_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send cmadmin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cmadmin_client_packets',`
gen_require(`
type cmadmin_client_packet_t;
')
allow $1 cmadmin_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cmadmin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cmadmin_client_packets',`
gen_require(`
type cmadmin_client_packet_t;
')
dontaudit $1 cmadmin_client_packet_t:packet send;
')
########################################
## <summary>
## Receive cmadmin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cmadmin_client_packets',`
gen_require(`
type cmadmin_client_packet_t;
')
allow $1 cmadmin_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cmadmin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cmadmin_client_packets',`
gen_require(`
type cmadmin_client_packet_t;
')
dontaudit $1 cmadmin_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cmadmin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cmadmin_client_packets',`
corenet_send_cmadmin_client_packets($1)
corenet_receive_cmadmin_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cmadmin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cmadmin_client_packets',`
corenet_dontaudit_send_cmadmin_client_packets($1)
corenet_dontaudit_receive_cmadmin_client_packets($1)
')
########################################
## <summary>
## Relabel packets to cmadmin_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cmadmin_client_packets',`
gen_require(`
type cmadmin_client_packet_t;
')
allow $1 cmadmin_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send cmadmin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cmadmin_server_packets',`
gen_require(`
type cmadmin_server_packet_t;
')
allow $1 cmadmin_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cmadmin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cmadmin_server_packets',`
gen_require(`
type cmadmin_server_packet_t;
')
dontaudit $1 cmadmin_server_packet_t:packet send;
')
########################################
## <summary>
## Receive cmadmin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cmadmin_server_packets',`
gen_require(`
type cmadmin_server_packet_t;
')
allow $1 cmadmin_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cmadmin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cmadmin_server_packets',`
gen_require(`
type cmadmin_server_packet_t;
')
dontaudit $1 cmadmin_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cmadmin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cmadmin_server_packets',`
corenet_send_cmadmin_server_packets($1)
corenet_receive_cmadmin_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cmadmin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cmadmin_server_packets',`
corenet_dontaudit_send_cmadmin_server_packets($1)
corenet_dontaudit_receive_cmadmin_server_packets($1)
')
########################################
## <summary>
## Relabel packets to cmadmin_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cmadmin_server_packets',`
gen_require(`
type cmadmin_server_packet_t;
')
allow $1 cmadmin_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_cobbler_port',`
gen_require(`
type cobbler_port_t;
')
allow $1 cobbler_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_cobbler_port',`
gen_require(`
type cobbler_port_t;
')
allow $1 cobbler_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_cobbler_port',`
gen_require(`
type cobbler_port_t;
')
dontaudit $1 cobbler_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_cobbler_port',`
gen_require(`
type cobbler_port_t;
')
allow $1 cobbler_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_cobbler_port',`
gen_require(`
type cobbler_port_t;
')
dontaudit $1 cobbler_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_cobbler_port',`
corenet_udp_send_cobbler_port($1)
corenet_udp_receive_cobbler_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_cobbler_port',`
corenet_dontaudit_udp_send_cobbler_port($1)
corenet_dontaudit_udp_receive_cobbler_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_cobbler_port',`
gen_require(`
type cobbler_port_t;
')
allow $1 cobbler_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_cobbler_port',`
gen_require(`
type cobbler_port_t;
')
allow $1 cobbler_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_cobbler_port',`
gen_require(`
type cobbler_port_t;
')
dontaudit $1 cobbler_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_cobbler_port',`
gen_require(`
type cobbler_port_t;
')
allow $1 cobbler_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to cobbler port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_cobbler_port',`
gen_require(`
type cobbler_port_t;
')
dontaudit $1 cobbler_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send cobbler_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cobbler_client_packets',`
gen_require(`
type cobbler_client_packet_t;
')
allow $1 cobbler_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cobbler_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cobbler_client_packets',`
gen_require(`
type cobbler_client_packet_t;
')
dontaudit $1 cobbler_client_packet_t:packet send;
')
########################################
## <summary>
## Receive cobbler_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cobbler_client_packets',`
gen_require(`
type cobbler_client_packet_t;
')
allow $1 cobbler_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cobbler_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cobbler_client_packets',`
gen_require(`
type cobbler_client_packet_t;
')
dontaudit $1 cobbler_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cobbler_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cobbler_client_packets',`
corenet_send_cobbler_client_packets($1)
corenet_receive_cobbler_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cobbler_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cobbler_client_packets',`
corenet_dontaudit_send_cobbler_client_packets($1)
corenet_dontaudit_receive_cobbler_client_packets($1)
')
########################################
## <summary>
## Relabel packets to cobbler_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cobbler_client_packets',`
gen_require(`
type cobbler_client_packet_t;
')
allow $1 cobbler_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send cobbler_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cobbler_server_packets',`
gen_require(`
type cobbler_server_packet_t;
')
allow $1 cobbler_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cobbler_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cobbler_server_packets',`
gen_require(`
type cobbler_server_packet_t;
')
dontaudit $1 cobbler_server_packet_t:packet send;
')
########################################
## <summary>
## Receive cobbler_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cobbler_server_packets',`
gen_require(`
type cobbler_server_packet_t;
')
allow $1 cobbler_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cobbler_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cobbler_server_packets',`
gen_require(`
type cobbler_server_packet_t;
')
dontaudit $1 cobbler_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cobbler_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cobbler_server_packets',`
corenet_send_cobbler_server_packets($1)
corenet_receive_cobbler_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cobbler_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cobbler_server_packets',`
corenet_dontaudit_send_cobbler_server_packets($1)
corenet_dontaudit_receive_cobbler_server_packets($1)
')
########################################
## <summary>
## Relabel packets to cobbler_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cobbler_server_packets',`
gen_require(`
type cobbler_server_packet_t;
')
allow $1 cobbler_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the commplex_link port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_commplex_link_port',`
gen_require(`
type commplex_link_port_t;
')
allow $1 commplex_link_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the commplex_link port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_commplex_link_port',`
gen_require(`
type commplex_link_port_t;
')
allow $1 commplex_link_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the commplex_link port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_commplex_link_port',`
gen_require(`
type commplex_link_port_t;
')
dontaudit $1 commplex_link_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the commplex_link port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_commplex_link_port',`
gen_require(`
type commplex_link_port_t;
')
allow $1 commplex_link_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the commplex_link port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_commplex_link_port',`
gen_require(`
type commplex_link_port_t;
')
dontaudit $1 commplex_link_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the commplex_link port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_commplex_link_port',`
corenet_udp_send_commplex_link_port($1)
corenet_udp_receive_commplex_link_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the commplex_link port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_commplex_link_port',`
corenet_dontaudit_udp_send_commplex_link_port($1)
corenet_dontaudit_udp_receive_commplex_link_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the commplex_link port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_commplex_link_port',`
gen_require(`
type commplex_link_port_t;
')
allow $1 commplex_link_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the commplex_link port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_commplex_link_port',`
gen_require(`
type commplex_link_port_t;
')
allow $1 commplex_link_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to commplex_link port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_commplex_link_port',`
gen_require(`
type commplex_link_port_t;
')
dontaudit $1 commplex_link_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the commplex_link port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_commplex_link_port',`
gen_require(`
type commplex_link_port_t;
')
allow $1 commplex_link_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to commplex_link port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_commplex_link_port',`
gen_require(`
type commplex_link_port_t;
')
dontaudit $1 commplex_link_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send commplex_link_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_commplex_link_client_packets',`
gen_require(`
type commplex_link_client_packet_t;
')
allow $1 commplex_link_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send commplex_link_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_commplex_link_client_packets',`
gen_require(`
type commplex_link_client_packet_t;
')
dontaudit $1 commplex_link_client_packet_t:packet send;
')
########################################
## <summary>
## Receive commplex_link_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_commplex_link_client_packets',`
gen_require(`
type commplex_link_client_packet_t;
')
allow $1 commplex_link_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive commplex_link_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_commplex_link_client_packets',`
gen_require(`
type commplex_link_client_packet_t;
')
dontaudit $1 commplex_link_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive commplex_link_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_commplex_link_client_packets',`
corenet_send_commplex_link_client_packets($1)
corenet_receive_commplex_link_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive commplex_link_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_commplex_link_client_packets',`
corenet_dontaudit_send_commplex_link_client_packets($1)
corenet_dontaudit_receive_commplex_link_client_packets($1)
')
########################################
## <summary>
## Relabel packets to commplex_link_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_commplex_link_client_packets',`
gen_require(`
type commplex_link_client_packet_t;
')
allow $1 commplex_link_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send commplex_link_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_commplex_link_server_packets',`
gen_require(`
type commplex_link_server_packet_t;
')
allow $1 commplex_link_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send commplex_link_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_commplex_link_server_packets',`
gen_require(`
type commplex_link_server_packet_t;
')
dontaudit $1 commplex_link_server_packet_t:packet send;
')
########################################
## <summary>
## Receive commplex_link_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_commplex_link_server_packets',`
gen_require(`
type commplex_link_server_packet_t;
')
allow $1 commplex_link_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive commplex_link_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_commplex_link_server_packets',`
gen_require(`
type commplex_link_server_packet_t;
')
dontaudit $1 commplex_link_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive commplex_link_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_commplex_link_server_packets',`
corenet_send_commplex_link_server_packets($1)
corenet_receive_commplex_link_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive commplex_link_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_commplex_link_server_packets',`
corenet_dontaudit_send_commplex_link_server_packets($1)
corenet_dontaudit_receive_commplex_link_server_packets($1)
')
########################################
## <summary>
## Relabel packets to commplex_link_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_commplex_link_server_packets',`
gen_require(`
type commplex_link_server_packet_t;
')
allow $1 commplex_link_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the commplex_main port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_commplex_main_port',`
gen_require(`
type commplex_main_port_t;
')
allow $1 commplex_main_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the commplex_main port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_commplex_main_port',`
gen_require(`
type commplex_main_port_t;
')
allow $1 commplex_main_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the commplex_main port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_commplex_main_port',`
gen_require(`
type commplex_main_port_t;
')
dontaudit $1 commplex_main_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the commplex_main port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_commplex_main_port',`
gen_require(`
type commplex_main_port_t;
')
allow $1 commplex_main_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the commplex_main port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_commplex_main_port',`
gen_require(`
type commplex_main_port_t;
')
dontaudit $1 commplex_main_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the commplex_main port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_commplex_main_port',`
corenet_udp_send_commplex_main_port($1)
corenet_udp_receive_commplex_main_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the commplex_main port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_commplex_main_port',`
corenet_dontaudit_udp_send_commplex_main_port($1)
corenet_dontaudit_udp_receive_commplex_main_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the commplex_main port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_commplex_main_port',`
gen_require(`
type commplex_main_port_t;
')
allow $1 commplex_main_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the commplex_main port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_commplex_main_port',`
gen_require(`
type commplex_main_port_t;
')
allow $1 commplex_main_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to commplex_main port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_commplex_main_port',`
gen_require(`
type commplex_main_port_t;
')
dontaudit $1 commplex_main_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the commplex_main port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_commplex_main_port',`
gen_require(`
type commplex_main_port_t;
')
allow $1 commplex_main_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to commplex_main port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_commplex_main_port',`
gen_require(`
type commplex_main_port_t;
')
dontaudit $1 commplex_main_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send commplex_main_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_commplex_main_client_packets',`
gen_require(`
type commplex_main_client_packet_t;
')
allow $1 commplex_main_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send commplex_main_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_commplex_main_client_packets',`
gen_require(`
type commplex_main_client_packet_t;
')
dontaudit $1 commplex_main_client_packet_t:packet send;
')
########################################
## <summary>
## Receive commplex_main_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_commplex_main_client_packets',`
gen_require(`
type commplex_main_client_packet_t;
')
allow $1 commplex_main_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive commplex_main_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_commplex_main_client_packets',`
gen_require(`
type commplex_main_client_packet_t;
')
dontaudit $1 commplex_main_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive commplex_main_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_commplex_main_client_packets',`
corenet_send_commplex_main_client_packets($1)
corenet_receive_commplex_main_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive commplex_main_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_commplex_main_client_packets',`
corenet_dontaudit_send_commplex_main_client_packets($1)
corenet_dontaudit_receive_commplex_main_client_packets($1)
')
########################################
## <summary>
## Relabel packets to commplex_main_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_commplex_main_client_packets',`
gen_require(`
type commplex_main_client_packet_t;
')
allow $1 commplex_main_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send commplex_main_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_commplex_main_server_packets',`
gen_require(`
type commplex_main_server_packet_t;
')
allow $1 commplex_main_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send commplex_main_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_commplex_main_server_packets',`
gen_require(`
type commplex_main_server_packet_t;
')
dontaudit $1 commplex_main_server_packet_t:packet send;
')
########################################
## <summary>
## Receive commplex_main_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_commplex_main_server_packets',`
gen_require(`
type commplex_main_server_packet_t;
')
allow $1 commplex_main_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive commplex_main_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_commplex_main_server_packets',`
gen_require(`
type commplex_main_server_packet_t;
')
dontaudit $1 commplex_main_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive commplex_main_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_commplex_main_server_packets',`
corenet_send_commplex_main_server_packets($1)
corenet_receive_commplex_main_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive commplex_main_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_commplex_main_server_packets',`
corenet_dontaudit_send_commplex_main_server_packets($1)
corenet_dontaudit_receive_commplex_main_server_packets($1)
')
########################################
## <summary>
## Relabel packets to commplex_main_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_commplex_main_server_packets',`
gen_require(`
type commplex_main_server_packet_t;
')
allow $1 commplex_main_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_comsat_port',`
gen_require(`
type comsat_port_t;
')
allow $1 comsat_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_comsat_port',`
gen_require(`
type comsat_port_t;
')
allow $1 comsat_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_comsat_port',`
gen_require(`
type comsat_port_t;
')
dontaudit $1 comsat_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_comsat_port',`
gen_require(`
type comsat_port_t;
')
allow $1 comsat_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_comsat_port',`
gen_require(`
type comsat_port_t;
')
dontaudit $1 comsat_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_comsat_port',`
corenet_udp_send_comsat_port($1)
corenet_udp_receive_comsat_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_comsat_port',`
corenet_dontaudit_udp_send_comsat_port($1)
corenet_dontaudit_udp_receive_comsat_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_comsat_port',`
gen_require(`
type comsat_port_t;
')
allow $1 comsat_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_comsat_port',`
gen_require(`
type comsat_port_t;
')
allow $1 comsat_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_comsat_port',`
gen_require(`
type comsat_port_t;
')
dontaudit $1 comsat_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_comsat_port',`
gen_require(`
type comsat_port_t;
')
allow $1 comsat_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to comsat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_comsat_port',`
gen_require(`
type comsat_port_t;
')
dontaudit $1 comsat_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send comsat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_comsat_client_packets',`
gen_require(`
type comsat_client_packet_t;
')
allow $1 comsat_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send comsat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_comsat_client_packets',`
gen_require(`
type comsat_client_packet_t;
')
dontaudit $1 comsat_client_packet_t:packet send;
')
########################################
## <summary>
## Receive comsat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_comsat_client_packets',`
gen_require(`
type comsat_client_packet_t;
')
allow $1 comsat_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive comsat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_comsat_client_packets',`
gen_require(`
type comsat_client_packet_t;
')
dontaudit $1 comsat_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive comsat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_comsat_client_packets',`
corenet_send_comsat_client_packets($1)
corenet_receive_comsat_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive comsat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_comsat_client_packets',`
corenet_dontaudit_send_comsat_client_packets($1)
corenet_dontaudit_receive_comsat_client_packets($1)
')
########################################
## <summary>
## Relabel packets to comsat_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_comsat_client_packets',`
gen_require(`
type comsat_client_packet_t;
')
allow $1 comsat_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send comsat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_comsat_server_packets',`
gen_require(`
type comsat_server_packet_t;
')
allow $1 comsat_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send comsat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_comsat_server_packets',`
gen_require(`
type comsat_server_packet_t;
')
dontaudit $1 comsat_server_packet_t:packet send;
')
########################################
## <summary>
## Receive comsat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_comsat_server_packets',`
gen_require(`
type comsat_server_packet_t;
')
allow $1 comsat_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive comsat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_comsat_server_packets',`
gen_require(`
type comsat_server_packet_t;
')
dontaudit $1 comsat_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive comsat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_comsat_server_packets',`
corenet_send_comsat_server_packets($1)
corenet_receive_comsat_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive comsat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_comsat_server_packets',`
corenet_dontaudit_send_comsat_server_packets($1)
corenet_dontaudit_receive_comsat_server_packets($1)
')
########################################
## <summary>
## Relabel packets to comsat_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_comsat_server_packets',`
gen_require(`
type comsat_server_packet_t;
')
allow $1 comsat_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_condor_port',`
gen_require(`
type condor_port_t;
')
allow $1 condor_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_condor_port',`
gen_require(`
type condor_port_t;
')
allow $1 condor_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_condor_port',`
gen_require(`
type condor_port_t;
')
dontaudit $1 condor_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_condor_port',`
gen_require(`
type condor_port_t;
')
allow $1 condor_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_condor_port',`
gen_require(`
type condor_port_t;
')
dontaudit $1 condor_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_condor_port',`
corenet_udp_send_condor_port($1)
corenet_udp_receive_condor_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_condor_port',`
corenet_dontaudit_udp_send_condor_port($1)
corenet_dontaudit_udp_receive_condor_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_condor_port',`
gen_require(`
type condor_port_t;
')
allow $1 condor_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_condor_port',`
gen_require(`
type condor_port_t;
')
allow $1 condor_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_condor_port',`
gen_require(`
type condor_port_t;
')
dontaudit $1 condor_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_condor_port',`
gen_require(`
type condor_port_t;
')
allow $1 condor_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to condor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_condor_port',`
gen_require(`
type condor_port_t;
')
dontaudit $1 condor_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send condor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_condor_client_packets',`
gen_require(`
type condor_client_packet_t;
')
allow $1 condor_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send condor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_condor_client_packets',`
gen_require(`
type condor_client_packet_t;
')
dontaudit $1 condor_client_packet_t:packet send;
')
########################################
## <summary>
## Receive condor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_condor_client_packets',`
gen_require(`
type condor_client_packet_t;
')
allow $1 condor_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive condor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_condor_client_packets',`
gen_require(`
type condor_client_packet_t;
')
dontaudit $1 condor_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive condor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_condor_client_packets',`
corenet_send_condor_client_packets($1)
corenet_receive_condor_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive condor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_condor_client_packets',`
corenet_dontaudit_send_condor_client_packets($1)
corenet_dontaudit_receive_condor_client_packets($1)
')
########################################
## <summary>
## Relabel packets to condor_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_condor_client_packets',`
gen_require(`
type condor_client_packet_t;
')
allow $1 condor_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send condor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_condor_server_packets',`
gen_require(`
type condor_server_packet_t;
')
allow $1 condor_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send condor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_condor_server_packets',`
gen_require(`
type condor_server_packet_t;
')
dontaudit $1 condor_server_packet_t:packet send;
')
########################################
## <summary>
## Receive condor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_condor_server_packets',`
gen_require(`
type condor_server_packet_t;
')
allow $1 condor_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive condor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_condor_server_packets',`
gen_require(`
type condor_server_packet_t;
')
dontaudit $1 condor_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive condor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_condor_server_packets',`
corenet_send_condor_server_packets($1)
corenet_receive_condor_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive condor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_condor_server_packets',`
corenet_dontaudit_send_condor_server_packets($1)
corenet_dontaudit_receive_condor_server_packets($1)
')
########################################
## <summary>
## Relabel packets to condor_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_condor_server_packets',`
gen_require(`
type condor_server_packet_t;
')
allow $1 condor_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_conman_port',`
gen_require(`
type conman_port_t;
')
allow $1 conman_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_conman_port',`
gen_require(`
type conman_port_t;
')
allow $1 conman_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_conman_port',`
gen_require(`
type conman_port_t;
')
dontaudit $1 conman_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_conman_port',`
gen_require(`
type conman_port_t;
')
allow $1 conman_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_conman_port',`
gen_require(`
type conman_port_t;
')
dontaudit $1 conman_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_conman_port',`
corenet_udp_send_conman_port($1)
corenet_udp_receive_conman_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_conman_port',`
corenet_dontaudit_udp_send_conman_port($1)
corenet_dontaudit_udp_receive_conman_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_conman_port',`
gen_require(`
type conman_port_t;
')
allow $1 conman_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_conman_port',`
gen_require(`
type conman_port_t;
')
allow $1 conman_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_conman_port',`
gen_require(`
type conman_port_t;
')
dontaudit $1 conman_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_conman_port',`
gen_require(`
type conman_port_t;
')
allow $1 conman_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to conman port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_conman_port',`
gen_require(`
type conman_port_t;
')
dontaudit $1 conman_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send conman_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_conman_client_packets',`
gen_require(`
type conman_client_packet_t;
')
allow $1 conman_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send conman_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_conman_client_packets',`
gen_require(`
type conman_client_packet_t;
')
dontaudit $1 conman_client_packet_t:packet send;
')
########################################
## <summary>
## Receive conman_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_conman_client_packets',`
gen_require(`
type conman_client_packet_t;
')
allow $1 conman_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive conman_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_conman_client_packets',`
gen_require(`
type conman_client_packet_t;
')
dontaudit $1 conman_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive conman_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_conman_client_packets',`
corenet_send_conman_client_packets($1)
corenet_receive_conman_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive conman_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_conman_client_packets',`
corenet_dontaudit_send_conman_client_packets($1)
corenet_dontaudit_receive_conman_client_packets($1)
')
########################################
## <summary>
## Relabel packets to conman_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_conman_client_packets',`
gen_require(`
type conman_client_packet_t;
')
allow $1 conman_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send conman_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_conman_server_packets',`
gen_require(`
type conman_server_packet_t;
')
allow $1 conman_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send conman_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_conman_server_packets',`
gen_require(`
type conman_server_packet_t;
')
dontaudit $1 conman_server_packet_t:packet send;
')
########################################
## <summary>
## Receive conman_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_conman_server_packets',`
gen_require(`
type conman_server_packet_t;
')
allow $1 conman_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive conman_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_conman_server_packets',`
gen_require(`
type conman_server_packet_t;
')
dontaudit $1 conman_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive conman_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_conman_server_packets',`
corenet_send_conman_server_packets($1)
corenet_receive_conman_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive conman_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_conman_server_packets',`
corenet_dontaudit_send_conman_server_packets($1)
corenet_dontaudit_receive_conman_server_packets($1)
')
########################################
## <summary>
## Relabel packets to conman_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_conman_server_packets',`
gen_require(`
type conman_server_packet_t;
')
allow $1 conman_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_connlcli_port',`
gen_require(`
type connlcli_port_t;
')
allow $1 connlcli_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_connlcli_port',`
gen_require(`
type connlcli_port_t;
')
allow $1 connlcli_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_connlcli_port',`
gen_require(`
type connlcli_port_t;
')
dontaudit $1 connlcli_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_connlcli_port',`
gen_require(`
type connlcli_port_t;
')
allow $1 connlcli_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_connlcli_port',`
gen_require(`
type connlcli_port_t;
')
dontaudit $1 connlcli_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_connlcli_port',`
corenet_udp_send_connlcli_port($1)
corenet_udp_receive_connlcli_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_connlcli_port',`
corenet_dontaudit_udp_send_connlcli_port($1)
corenet_dontaudit_udp_receive_connlcli_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_connlcli_port',`
gen_require(`
type connlcli_port_t;
')
allow $1 connlcli_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_connlcli_port',`
gen_require(`
type connlcli_port_t;
')
allow $1 connlcli_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_connlcli_port',`
gen_require(`
type connlcli_port_t;
')
dontaudit $1 connlcli_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_connlcli_port',`
gen_require(`
type connlcli_port_t;
')
allow $1 connlcli_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to connlcli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_connlcli_port',`
gen_require(`
type connlcli_port_t;
')
dontaudit $1 connlcli_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send connlcli_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_connlcli_client_packets',`
gen_require(`
type connlcli_client_packet_t;
')
allow $1 connlcli_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send connlcli_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_connlcli_client_packets',`
gen_require(`
type connlcli_client_packet_t;
')
dontaudit $1 connlcli_client_packet_t:packet send;
')
########################################
## <summary>
## Receive connlcli_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_connlcli_client_packets',`
gen_require(`
type connlcli_client_packet_t;
')
allow $1 connlcli_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive connlcli_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_connlcli_client_packets',`
gen_require(`
type connlcli_client_packet_t;
')
dontaudit $1 connlcli_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive connlcli_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_connlcli_client_packets',`
corenet_send_connlcli_client_packets($1)
corenet_receive_connlcli_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive connlcli_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_connlcli_client_packets',`
corenet_dontaudit_send_connlcli_client_packets($1)
corenet_dontaudit_receive_connlcli_client_packets($1)
')
########################################
## <summary>
## Relabel packets to connlcli_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_connlcli_client_packets',`
gen_require(`
type connlcli_client_packet_t;
')
allow $1 connlcli_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send connlcli_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_connlcli_server_packets',`
gen_require(`
type connlcli_server_packet_t;
')
allow $1 connlcli_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send connlcli_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_connlcli_server_packets',`
gen_require(`
type connlcli_server_packet_t;
')
dontaudit $1 connlcli_server_packet_t:packet send;
')
########################################
## <summary>
## Receive connlcli_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_connlcli_server_packets',`
gen_require(`
type connlcli_server_packet_t;
')
allow $1 connlcli_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive connlcli_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_connlcli_server_packets',`
gen_require(`
type connlcli_server_packet_t;
')
dontaudit $1 connlcli_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive connlcli_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_connlcli_server_packets',`
corenet_send_connlcli_server_packets($1)
corenet_receive_connlcli_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive connlcli_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_connlcli_server_packets',`
corenet_dontaudit_send_connlcli_server_packets($1)
corenet_dontaudit_receive_connlcli_server_packets($1)
')
########################################
## <summary>
## Relabel packets to connlcli_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_connlcli_server_packets',`
gen_require(`
type connlcli_server_packet_t;
')
allow $1 connlcli_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the conntrackd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_conntrackd_port',`
gen_require(`
type conntrackd_port_t;
')
allow $1 conntrackd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the conntrackd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_conntrackd_port',`
gen_require(`
type conntrackd_port_t;
')
allow $1 conntrackd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the conntrackd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_conntrackd_port',`
gen_require(`
type conntrackd_port_t;
')
dontaudit $1 conntrackd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the conntrackd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_conntrackd_port',`
gen_require(`
type conntrackd_port_t;
')
allow $1 conntrackd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the conntrackd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_conntrackd_port',`
gen_require(`
type conntrackd_port_t;
')
dontaudit $1 conntrackd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the conntrackd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_conntrackd_port',`
corenet_udp_send_conntrackd_port($1)
corenet_udp_receive_conntrackd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the conntrackd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_conntrackd_port',`
corenet_dontaudit_udp_send_conntrackd_port($1)
corenet_dontaudit_udp_receive_conntrackd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the conntrackd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_conntrackd_port',`
gen_require(`
type conntrackd_port_t;
')
allow $1 conntrackd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the conntrackd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_conntrackd_port',`
gen_require(`
type conntrackd_port_t;
')
allow $1 conntrackd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to conntrackd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_conntrackd_port',`
gen_require(`
type conntrackd_port_t;
')
dontaudit $1 conntrackd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the conntrackd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_conntrackd_port',`
gen_require(`
type conntrackd_port_t;
')
allow $1 conntrackd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to conntrackd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_conntrackd_port',`
gen_require(`
type conntrackd_port_t;
')
dontaudit $1 conntrackd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send conntrackd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_conntrackd_client_packets',`
gen_require(`
type conntrackd_client_packet_t;
')
allow $1 conntrackd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send conntrackd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_conntrackd_client_packets',`
gen_require(`
type conntrackd_client_packet_t;
')
dontaudit $1 conntrackd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive conntrackd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_conntrackd_client_packets',`
gen_require(`
type conntrackd_client_packet_t;
')
allow $1 conntrackd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive conntrackd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_conntrackd_client_packets',`
gen_require(`
type conntrackd_client_packet_t;
')
dontaudit $1 conntrackd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive conntrackd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_conntrackd_client_packets',`
corenet_send_conntrackd_client_packets($1)
corenet_receive_conntrackd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive conntrackd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_conntrackd_client_packets',`
corenet_dontaudit_send_conntrackd_client_packets($1)
corenet_dontaudit_receive_conntrackd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to conntrackd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_conntrackd_client_packets',`
gen_require(`
type conntrackd_client_packet_t;
')
allow $1 conntrackd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send conntrackd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_conntrackd_server_packets',`
gen_require(`
type conntrackd_server_packet_t;
')
allow $1 conntrackd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send conntrackd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_conntrackd_server_packets',`
gen_require(`
type conntrackd_server_packet_t;
')
dontaudit $1 conntrackd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive conntrackd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_conntrackd_server_packets',`
gen_require(`
type conntrackd_server_packet_t;
')
allow $1 conntrackd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive conntrackd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_conntrackd_server_packets',`
gen_require(`
type conntrackd_server_packet_t;
')
dontaudit $1 conntrackd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive conntrackd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_conntrackd_server_packets',`
corenet_send_conntrackd_server_packets($1)
corenet_receive_conntrackd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive conntrackd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_conntrackd_server_packets',`
corenet_dontaudit_send_conntrackd_server_packets($1)
corenet_dontaudit_receive_conntrackd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to conntrackd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_conntrackd_server_packets',`
gen_require(`
type conntrackd_server_packet_t;
')
allow $1 conntrackd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the couchdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_couchdb_port',`
gen_require(`
type couchdb_port_t;
')
allow $1 couchdb_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the couchdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_couchdb_port',`
gen_require(`
type couchdb_port_t;
')
allow $1 couchdb_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the couchdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_couchdb_port',`
gen_require(`
type couchdb_port_t;
')
dontaudit $1 couchdb_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the couchdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_couchdb_port',`
gen_require(`
type couchdb_port_t;
')
allow $1 couchdb_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the couchdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_couchdb_port',`
gen_require(`
type couchdb_port_t;
')
dontaudit $1 couchdb_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the couchdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_couchdb_port',`
corenet_udp_send_couchdb_port($1)
corenet_udp_receive_couchdb_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the couchdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_couchdb_port',`
corenet_dontaudit_udp_send_couchdb_port($1)
corenet_dontaudit_udp_receive_couchdb_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the couchdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_couchdb_port',`
gen_require(`
type couchdb_port_t;
')
allow $1 couchdb_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the couchdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_couchdb_port',`
gen_require(`
type couchdb_port_t;
')
allow $1 couchdb_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to couchdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_couchdb_port',`
gen_require(`
type couchdb_port_t;
')
dontaudit $1 couchdb_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the couchdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_couchdb_port',`
gen_require(`
type couchdb_port_t;
')
allow $1 couchdb_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to couchdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_couchdb_port',`
gen_require(`
type couchdb_port_t;
')
dontaudit $1 couchdb_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send couchdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_couchdb_client_packets',`
gen_require(`
type couchdb_client_packet_t;
')
allow $1 couchdb_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send couchdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_couchdb_client_packets',`
gen_require(`
type couchdb_client_packet_t;
')
dontaudit $1 couchdb_client_packet_t:packet send;
')
########################################
## <summary>
## Receive couchdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_couchdb_client_packets',`
gen_require(`
type couchdb_client_packet_t;
')
allow $1 couchdb_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive couchdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_couchdb_client_packets',`
gen_require(`
type couchdb_client_packet_t;
')
dontaudit $1 couchdb_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive couchdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_couchdb_client_packets',`
corenet_send_couchdb_client_packets($1)
corenet_receive_couchdb_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive couchdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_couchdb_client_packets',`
corenet_dontaudit_send_couchdb_client_packets($1)
corenet_dontaudit_receive_couchdb_client_packets($1)
')
########################################
## <summary>
## Relabel packets to couchdb_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_couchdb_client_packets',`
gen_require(`
type couchdb_client_packet_t;
')
allow $1 couchdb_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send couchdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_couchdb_server_packets',`
gen_require(`
type couchdb_server_packet_t;
')
allow $1 couchdb_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send couchdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_couchdb_server_packets',`
gen_require(`
type couchdb_server_packet_t;
')
dontaudit $1 couchdb_server_packet_t:packet send;
')
########################################
## <summary>
## Receive couchdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_couchdb_server_packets',`
gen_require(`
type couchdb_server_packet_t;
')
allow $1 couchdb_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive couchdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_couchdb_server_packets',`
gen_require(`
type couchdb_server_packet_t;
')
dontaudit $1 couchdb_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive couchdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_couchdb_server_packets',`
corenet_send_couchdb_server_packets($1)
corenet_receive_couchdb_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive couchdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_couchdb_server_packets',`
corenet_dontaudit_send_couchdb_server_packets($1)
corenet_dontaudit_receive_couchdb_server_packets($1)
')
########################################
## <summary>
## Relabel packets to couchdb_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_couchdb_server_packets',`
gen_require(`
type couchdb_server_packet_t;
')
allow $1 couchdb_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ctdb_port',`
gen_require(`
type ctdb_port_t;
')
allow $1 ctdb_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ctdb_port',`
gen_require(`
type ctdb_port_t;
')
allow $1 ctdb_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ctdb_port',`
gen_require(`
type ctdb_port_t;
')
dontaudit $1 ctdb_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ctdb_port',`
gen_require(`
type ctdb_port_t;
')
allow $1 ctdb_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ctdb_port',`
gen_require(`
type ctdb_port_t;
')
dontaudit $1 ctdb_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ctdb_port',`
corenet_udp_send_ctdb_port($1)
corenet_udp_receive_ctdb_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ctdb_port',`
corenet_dontaudit_udp_send_ctdb_port($1)
corenet_dontaudit_udp_receive_ctdb_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ctdb_port',`
gen_require(`
type ctdb_port_t;
')
allow $1 ctdb_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ctdb_port',`
gen_require(`
type ctdb_port_t;
')
allow $1 ctdb_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ctdb_port',`
gen_require(`
type ctdb_port_t;
')
dontaudit $1 ctdb_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ctdb_port',`
gen_require(`
type ctdb_port_t;
')
allow $1 ctdb_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ctdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ctdb_port',`
gen_require(`
type ctdb_port_t;
')
dontaudit $1 ctdb_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ctdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ctdb_client_packets',`
gen_require(`
type ctdb_client_packet_t;
')
allow $1 ctdb_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ctdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ctdb_client_packets',`
gen_require(`
type ctdb_client_packet_t;
')
dontaudit $1 ctdb_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ctdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ctdb_client_packets',`
gen_require(`
type ctdb_client_packet_t;
')
allow $1 ctdb_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ctdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ctdb_client_packets',`
gen_require(`
type ctdb_client_packet_t;
')
dontaudit $1 ctdb_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ctdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ctdb_client_packets',`
corenet_send_ctdb_client_packets($1)
corenet_receive_ctdb_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ctdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ctdb_client_packets',`
corenet_dontaudit_send_ctdb_client_packets($1)
corenet_dontaudit_receive_ctdb_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ctdb_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ctdb_client_packets',`
gen_require(`
type ctdb_client_packet_t;
')
allow $1 ctdb_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ctdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ctdb_server_packets',`
gen_require(`
type ctdb_server_packet_t;
')
allow $1 ctdb_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ctdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ctdb_server_packets',`
gen_require(`
type ctdb_server_packet_t;
')
dontaudit $1 ctdb_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ctdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ctdb_server_packets',`
gen_require(`
type ctdb_server_packet_t;
')
allow $1 ctdb_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ctdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ctdb_server_packets',`
gen_require(`
type ctdb_server_packet_t;
')
dontaudit $1 ctdb_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ctdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ctdb_server_packets',`
corenet_send_ctdb_server_packets($1)
corenet_receive_ctdb_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ctdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ctdb_server_packets',`
corenet_dontaudit_send_ctdb_server_packets($1)
corenet_dontaudit_receive_ctdb_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ctdb_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ctdb_server_packets',`
gen_require(`
type ctdb_server_packet_t;
')
allow $1 ctdb_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_cvs_port',`
gen_require(`
type cvs_port_t;
')
allow $1 cvs_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_cvs_port',`
gen_require(`
type cvs_port_t;
')
allow $1 cvs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_cvs_port',`
gen_require(`
type cvs_port_t;
')
dontaudit $1 cvs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_cvs_port',`
gen_require(`
type cvs_port_t;
')
allow $1 cvs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_cvs_port',`
gen_require(`
type cvs_port_t;
')
dontaudit $1 cvs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_cvs_port',`
corenet_udp_send_cvs_port($1)
corenet_udp_receive_cvs_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_cvs_port',`
corenet_dontaudit_udp_send_cvs_port($1)
corenet_dontaudit_udp_receive_cvs_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_cvs_port',`
gen_require(`
type cvs_port_t;
')
allow $1 cvs_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_cvs_port',`
gen_require(`
type cvs_port_t;
')
allow $1 cvs_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_cvs_port',`
gen_require(`
type cvs_port_t;
')
dontaudit $1 cvs_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_cvs_port',`
gen_require(`
type cvs_port_t;
')
allow $1 cvs_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to cvs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_cvs_port',`
gen_require(`
type cvs_port_t;
')
dontaudit $1 cvs_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send cvs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cvs_client_packets',`
gen_require(`
type cvs_client_packet_t;
')
allow $1 cvs_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cvs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cvs_client_packets',`
gen_require(`
type cvs_client_packet_t;
')
dontaudit $1 cvs_client_packet_t:packet send;
')
########################################
## <summary>
## Receive cvs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cvs_client_packets',`
gen_require(`
type cvs_client_packet_t;
')
allow $1 cvs_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cvs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cvs_client_packets',`
gen_require(`
type cvs_client_packet_t;
')
dontaudit $1 cvs_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cvs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cvs_client_packets',`
corenet_send_cvs_client_packets($1)
corenet_receive_cvs_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cvs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cvs_client_packets',`
corenet_dontaudit_send_cvs_client_packets($1)
corenet_dontaudit_receive_cvs_client_packets($1)
')
########################################
## <summary>
## Relabel packets to cvs_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cvs_client_packets',`
gen_require(`
type cvs_client_packet_t;
')
allow $1 cvs_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send cvs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cvs_server_packets',`
gen_require(`
type cvs_server_packet_t;
')
allow $1 cvs_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cvs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cvs_server_packets',`
gen_require(`
type cvs_server_packet_t;
')
dontaudit $1 cvs_server_packet_t:packet send;
')
########################################
## <summary>
## Receive cvs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cvs_server_packets',`
gen_require(`
type cvs_server_packet_t;
')
allow $1 cvs_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cvs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cvs_server_packets',`
gen_require(`
type cvs_server_packet_t;
')
dontaudit $1 cvs_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cvs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cvs_server_packets',`
corenet_send_cvs_server_packets($1)
corenet_receive_cvs_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cvs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cvs_server_packets',`
corenet_dontaudit_send_cvs_server_packets($1)
corenet_dontaudit_receive_cvs_server_packets($1)
')
########################################
## <summary>
## Relabel packets to cvs_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cvs_server_packets',`
gen_require(`
type cvs_server_packet_t;
')
allow $1 cvs_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_cyphesis_port',`
gen_require(`
type cyphesis_port_t;
')
allow $1 cyphesis_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_cyphesis_port',`
gen_require(`
type cyphesis_port_t;
')
allow $1 cyphesis_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_cyphesis_port',`
gen_require(`
type cyphesis_port_t;
')
dontaudit $1 cyphesis_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_cyphesis_port',`
gen_require(`
type cyphesis_port_t;
')
allow $1 cyphesis_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_cyphesis_port',`
gen_require(`
type cyphesis_port_t;
')
dontaudit $1 cyphesis_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_cyphesis_port',`
corenet_udp_send_cyphesis_port($1)
corenet_udp_receive_cyphesis_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_cyphesis_port',`
corenet_dontaudit_udp_send_cyphesis_port($1)
corenet_dontaudit_udp_receive_cyphesis_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_cyphesis_port',`
gen_require(`
type cyphesis_port_t;
')
allow $1 cyphesis_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_cyphesis_port',`
gen_require(`
type cyphesis_port_t;
')
allow $1 cyphesis_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_cyphesis_port',`
gen_require(`
type cyphesis_port_t;
')
dontaudit $1 cyphesis_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_cyphesis_port',`
gen_require(`
type cyphesis_port_t;
')
allow $1 cyphesis_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to cyphesis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_cyphesis_port',`
gen_require(`
type cyphesis_port_t;
')
dontaudit $1 cyphesis_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send cyphesis_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cyphesis_client_packets',`
gen_require(`
type cyphesis_client_packet_t;
')
allow $1 cyphesis_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cyphesis_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cyphesis_client_packets',`
gen_require(`
type cyphesis_client_packet_t;
')
dontaudit $1 cyphesis_client_packet_t:packet send;
')
########################################
## <summary>
## Receive cyphesis_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cyphesis_client_packets',`
gen_require(`
type cyphesis_client_packet_t;
')
allow $1 cyphesis_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cyphesis_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cyphesis_client_packets',`
gen_require(`
type cyphesis_client_packet_t;
')
dontaudit $1 cyphesis_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cyphesis_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cyphesis_client_packets',`
corenet_send_cyphesis_client_packets($1)
corenet_receive_cyphesis_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cyphesis_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cyphesis_client_packets',`
corenet_dontaudit_send_cyphesis_client_packets($1)
corenet_dontaudit_receive_cyphesis_client_packets($1)
')
########################################
## <summary>
## Relabel packets to cyphesis_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cyphesis_client_packets',`
gen_require(`
type cyphesis_client_packet_t;
')
allow $1 cyphesis_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send cyphesis_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cyphesis_server_packets',`
gen_require(`
type cyphesis_server_packet_t;
')
allow $1 cyphesis_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cyphesis_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cyphesis_server_packets',`
gen_require(`
type cyphesis_server_packet_t;
')
dontaudit $1 cyphesis_server_packet_t:packet send;
')
########################################
## <summary>
## Receive cyphesis_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cyphesis_server_packets',`
gen_require(`
type cyphesis_server_packet_t;
')
allow $1 cyphesis_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cyphesis_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cyphesis_server_packets',`
gen_require(`
type cyphesis_server_packet_t;
')
dontaudit $1 cyphesis_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cyphesis_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cyphesis_server_packets',`
corenet_send_cyphesis_server_packets($1)
corenet_receive_cyphesis_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cyphesis_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cyphesis_server_packets',`
corenet_dontaudit_send_cyphesis_server_packets($1)
corenet_dontaudit_receive_cyphesis_server_packets($1)
')
########################################
## <summary>
## Relabel packets to cyphesis_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cyphesis_server_packets',`
gen_require(`
type cyphesis_server_packet_t;
')
allow $1 cyphesis_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the cyrus_imapd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_cyrus_imapd_port',`
gen_require(`
type cyrus_imapd_port_t;
')
allow $1 cyrus_imapd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the cyrus_imapd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_cyrus_imapd_port',`
gen_require(`
type cyrus_imapd_port_t;
')
allow $1 cyrus_imapd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the cyrus_imapd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_cyrus_imapd_port',`
gen_require(`
type cyrus_imapd_port_t;
')
dontaudit $1 cyrus_imapd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the cyrus_imapd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_cyrus_imapd_port',`
gen_require(`
type cyrus_imapd_port_t;
')
allow $1 cyrus_imapd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the cyrus_imapd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_cyrus_imapd_port',`
gen_require(`
type cyrus_imapd_port_t;
')
dontaudit $1 cyrus_imapd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the cyrus_imapd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_cyrus_imapd_port',`
corenet_udp_send_cyrus_imapd_port($1)
corenet_udp_receive_cyrus_imapd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the cyrus_imapd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_cyrus_imapd_port',`
corenet_dontaudit_udp_send_cyrus_imapd_port($1)
corenet_dontaudit_udp_receive_cyrus_imapd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the cyrus_imapd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_cyrus_imapd_port',`
gen_require(`
type cyrus_imapd_port_t;
')
allow $1 cyrus_imapd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the cyrus_imapd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_cyrus_imapd_port',`
gen_require(`
type cyrus_imapd_port_t;
')
allow $1 cyrus_imapd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to cyrus_imapd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_cyrus_imapd_port',`
gen_require(`
type cyrus_imapd_port_t;
')
dontaudit $1 cyrus_imapd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the cyrus_imapd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_cyrus_imapd_port',`
gen_require(`
type cyrus_imapd_port_t;
')
allow $1 cyrus_imapd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to cyrus_imapd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_cyrus_imapd_port',`
gen_require(`
type cyrus_imapd_port_t;
')
dontaudit $1 cyrus_imapd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send cyrus_imapd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cyrus_imapd_client_packets',`
gen_require(`
type cyrus_imapd_client_packet_t;
')
allow $1 cyrus_imapd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cyrus_imapd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cyrus_imapd_client_packets',`
gen_require(`
type cyrus_imapd_client_packet_t;
')
dontaudit $1 cyrus_imapd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive cyrus_imapd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cyrus_imapd_client_packets',`
gen_require(`
type cyrus_imapd_client_packet_t;
')
allow $1 cyrus_imapd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cyrus_imapd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cyrus_imapd_client_packets',`
gen_require(`
type cyrus_imapd_client_packet_t;
')
dontaudit $1 cyrus_imapd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cyrus_imapd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cyrus_imapd_client_packets',`
corenet_send_cyrus_imapd_client_packets($1)
corenet_receive_cyrus_imapd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cyrus_imapd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cyrus_imapd_client_packets',`
corenet_dontaudit_send_cyrus_imapd_client_packets($1)
corenet_dontaudit_receive_cyrus_imapd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to cyrus_imapd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cyrus_imapd_client_packets',`
gen_require(`
type cyrus_imapd_client_packet_t;
')
allow $1 cyrus_imapd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send cyrus_imapd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_cyrus_imapd_server_packets',`
gen_require(`
type cyrus_imapd_server_packet_t;
')
allow $1 cyrus_imapd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send cyrus_imapd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_cyrus_imapd_server_packets',`
gen_require(`
type cyrus_imapd_server_packet_t;
')
dontaudit $1 cyrus_imapd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive cyrus_imapd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_cyrus_imapd_server_packets',`
gen_require(`
type cyrus_imapd_server_packet_t;
')
allow $1 cyrus_imapd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive cyrus_imapd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_cyrus_imapd_server_packets',`
gen_require(`
type cyrus_imapd_server_packet_t;
')
dontaudit $1 cyrus_imapd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive cyrus_imapd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_cyrus_imapd_server_packets',`
corenet_send_cyrus_imapd_server_packets($1)
corenet_receive_cyrus_imapd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive cyrus_imapd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_cyrus_imapd_server_packets',`
corenet_dontaudit_send_cyrus_imapd_server_packets($1)
corenet_dontaudit_receive_cyrus_imapd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to cyrus_imapd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_cyrus_imapd_server_packets',`
gen_require(`
type cyrus_imapd_server_packet_t;
')
allow $1 cyrus_imapd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the daap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_daap_port',`
gen_require(`
type daap_port_t;
')
allow $1 daap_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the daap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_daap_port',`
gen_require(`
type daap_port_t;
')
allow $1 daap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the daap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_daap_port',`
gen_require(`
type daap_port_t;
')
dontaudit $1 daap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the daap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_daap_port',`
gen_require(`
type daap_port_t;
')
allow $1 daap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the daap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_daap_port',`
gen_require(`
type daap_port_t;
')
dontaudit $1 daap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the daap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_daap_port',`
corenet_udp_send_daap_port($1)
corenet_udp_receive_daap_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the daap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_daap_port',`
corenet_dontaudit_udp_send_daap_port($1)
corenet_dontaudit_udp_receive_daap_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the daap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_daap_port',`
gen_require(`
type daap_port_t;
')
allow $1 daap_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the daap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_daap_port',`
gen_require(`
type daap_port_t;
')
allow $1 daap_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to daap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_daap_port',`
gen_require(`
type daap_port_t;
')
dontaudit $1 daap_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the daap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_daap_port',`
gen_require(`
type daap_port_t;
')
allow $1 daap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to daap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_daap_port',`
gen_require(`
type daap_port_t;
')
dontaudit $1 daap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send daap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_daap_client_packets',`
gen_require(`
type daap_client_packet_t;
')
allow $1 daap_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send daap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_daap_client_packets',`
gen_require(`
type daap_client_packet_t;
')
dontaudit $1 daap_client_packet_t:packet send;
')
########################################
## <summary>
## Receive daap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_daap_client_packets',`
gen_require(`
type daap_client_packet_t;
')
allow $1 daap_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive daap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_daap_client_packets',`
gen_require(`
type daap_client_packet_t;
')
dontaudit $1 daap_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive daap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_daap_client_packets',`
corenet_send_daap_client_packets($1)
corenet_receive_daap_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive daap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_daap_client_packets',`
corenet_dontaudit_send_daap_client_packets($1)
corenet_dontaudit_receive_daap_client_packets($1)
')
########################################
## <summary>
## Relabel packets to daap_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_daap_client_packets',`
gen_require(`
type daap_client_packet_t;
')
allow $1 daap_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send daap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_daap_server_packets',`
gen_require(`
type daap_server_packet_t;
')
allow $1 daap_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send daap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_daap_server_packets',`
gen_require(`
type daap_server_packet_t;
')
dontaudit $1 daap_server_packet_t:packet send;
')
########################################
## <summary>
## Receive daap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_daap_server_packets',`
gen_require(`
type daap_server_packet_t;
')
allow $1 daap_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive daap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_daap_server_packets',`
gen_require(`
type daap_server_packet_t;
')
dontaudit $1 daap_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive daap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_daap_server_packets',`
corenet_send_daap_server_packets($1)
corenet_receive_daap_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive daap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_daap_server_packets',`
corenet_dontaudit_send_daap_server_packets($1)
corenet_dontaudit_receive_daap_server_packets($1)
')
########################################
## <summary>
## Relabel packets to daap_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_daap_server_packets',`
gen_require(`
type daap_server_packet_t;
')
allow $1 daap_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dbskkd_port',`
gen_require(`
type dbskkd_port_t;
')
allow $1 dbskkd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dbskkd_port',`
gen_require(`
type dbskkd_port_t;
')
allow $1 dbskkd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dbskkd_port',`
gen_require(`
type dbskkd_port_t;
')
dontaudit $1 dbskkd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dbskkd_port',`
gen_require(`
type dbskkd_port_t;
')
allow $1 dbskkd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dbskkd_port',`
gen_require(`
type dbskkd_port_t;
')
dontaudit $1 dbskkd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dbskkd_port',`
corenet_udp_send_dbskkd_port($1)
corenet_udp_receive_dbskkd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dbskkd_port',`
corenet_dontaudit_udp_send_dbskkd_port($1)
corenet_dontaudit_udp_receive_dbskkd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dbskkd_port',`
gen_require(`
type dbskkd_port_t;
')
allow $1 dbskkd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dbskkd_port',`
gen_require(`
type dbskkd_port_t;
')
allow $1 dbskkd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_dbskkd_port',`
gen_require(`
type dbskkd_port_t;
')
dontaudit $1 dbskkd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dbskkd_port',`
gen_require(`
type dbskkd_port_t;
')
allow $1 dbskkd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to dbskkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_dbskkd_port',`
gen_require(`
type dbskkd_port_t;
')
dontaudit $1 dbskkd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dbskkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dbskkd_client_packets',`
gen_require(`
type dbskkd_client_packet_t;
')
allow $1 dbskkd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dbskkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dbskkd_client_packets',`
gen_require(`
type dbskkd_client_packet_t;
')
dontaudit $1 dbskkd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dbskkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dbskkd_client_packets',`
gen_require(`
type dbskkd_client_packet_t;
')
allow $1 dbskkd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dbskkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dbskkd_client_packets',`
gen_require(`
type dbskkd_client_packet_t;
')
dontaudit $1 dbskkd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dbskkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dbskkd_client_packets',`
corenet_send_dbskkd_client_packets($1)
corenet_receive_dbskkd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dbskkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dbskkd_client_packets',`
corenet_dontaudit_send_dbskkd_client_packets($1)
corenet_dontaudit_receive_dbskkd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dbskkd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dbskkd_client_packets',`
gen_require(`
type dbskkd_client_packet_t;
')
allow $1 dbskkd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dbskkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dbskkd_server_packets',`
gen_require(`
type dbskkd_server_packet_t;
')
allow $1 dbskkd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dbskkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dbskkd_server_packets',`
gen_require(`
type dbskkd_server_packet_t;
')
dontaudit $1 dbskkd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dbskkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dbskkd_server_packets',`
gen_require(`
type dbskkd_server_packet_t;
')
allow $1 dbskkd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dbskkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dbskkd_server_packets',`
gen_require(`
type dbskkd_server_packet_t;
')
dontaudit $1 dbskkd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dbskkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dbskkd_server_packets',`
corenet_send_dbskkd_server_packets($1)
corenet_receive_dbskkd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dbskkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dbskkd_server_packets',`
corenet_dontaudit_send_dbskkd_server_packets($1)
corenet_dontaudit_receive_dbskkd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dbskkd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dbskkd_server_packets',`
gen_require(`
type dbskkd_server_packet_t;
')
allow $1 dbskkd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dcc_port',`
gen_require(`
type dcc_port_t;
')
allow $1 dcc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dcc_port',`
gen_require(`
type dcc_port_t;
')
allow $1 dcc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dcc_port',`
gen_require(`
type dcc_port_t;
')
dontaudit $1 dcc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dcc_port',`
gen_require(`
type dcc_port_t;
')
allow $1 dcc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dcc_port',`
gen_require(`
type dcc_port_t;
')
dontaudit $1 dcc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dcc_port',`
corenet_udp_send_dcc_port($1)
corenet_udp_receive_dcc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dcc_port',`
corenet_dontaudit_udp_send_dcc_port($1)
corenet_dontaudit_udp_receive_dcc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dcc_port',`
gen_require(`
type dcc_port_t;
')
allow $1 dcc_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dcc_port',`
gen_require(`
type dcc_port_t;
')
allow $1 dcc_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_dcc_port',`
gen_require(`
type dcc_port_t;
')
dontaudit $1 dcc_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dcc_port',`
gen_require(`
type dcc_port_t;
')
allow $1 dcc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to dcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_dcc_port',`
gen_require(`
type dcc_port_t;
')
dontaudit $1 dcc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dcc_client_packets',`
gen_require(`
type dcc_client_packet_t;
')
allow $1 dcc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dcc_client_packets',`
gen_require(`
type dcc_client_packet_t;
')
dontaudit $1 dcc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dcc_client_packets',`
gen_require(`
type dcc_client_packet_t;
')
allow $1 dcc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dcc_client_packets',`
gen_require(`
type dcc_client_packet_t;
')
dontaudit $1 dcc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dcc_client_packets',`
corenet_send_dcc_client_packets($1)
corenet_receive_dcc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dcc_client_packets',`
corenet_dontaudit_send_dcc_client_packets($1)
corenet_dontaudit_receive_dcc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dcc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dcc_client_packets',`
gen_require(`
type dcc_client_packet_t;
')
allow $1 dcc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dcc_server_packets',`
gen_require(`
type dcc_server_packet_t;
')
allow $1 dcc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dcc_server_packets',`
gen_require(`
type dcc_server_packet_t;
')
dontaudit $1 dcc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dcc_server_packets',`
gen_require(`
type dcc_server_packet_t;
')
allow $1 dcc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dcc_server_packets',`
gen_require(`
type dcc_server_packet_t;
')
dontaudit $1 dcc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dcc_server_packets',`
corenet_send_dcc_server_packets($1)
corenet_receive_dcc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dcc_server_packets',`
corenet_dontaudit_send_dcc_server_packets($1)
corenet_dontaudit_receive_dcc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dcc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dcc_server_packets',`
gen_require(`
type dcc_server_packet_t;
')
allow $1 dcc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dccm_port',`
gen_require(`
type dccm_port_t;
')
allow $1 dccm_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dccm_port',`
gen_require(`
type dccm_port_t;
')
allow $1 dccm_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dccm_port',`
gen_require(`
type dccm_port_t;
')
dontaudit $1 dccm_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dccm_port',`
gen_require(`
type dccm_port_t;
')
allow $1 dccm_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dccm_port',`
gen_require(`
type dccm_port_t;
')
dontaudit $1 dccm_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dccm_port',`
corenet_udp_send_dccm_port($1)
corenet_udp_receive_dccm_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dccm_port',`
corenet_dontaudit_udp_send_dccm_port($1)
corenet_dontaudit_udp_receive_dccm_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dccm_port',`
gen_require(`
type dccm_port_t;
')
allow $1 dccm_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dccm_port',`
gen_require(`
type dccm_port_t;
')
allow $1 dccm_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_dccm_port',`
gen_require(`
type dccm_port_t;
')
dontaudit $1 dccm_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dccm_port',`
gen_require(`
type dccm_port_t;
')
allow $1 dccm_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to dccm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_dccm_port',`
gen_require(`
type dccm_port_t;
')
dontaudit $1 dccm_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dccm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dccm_client_packets',`
gen_require(`
type dccm_client_packet_t;
')
allow $1 dccm_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dccm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dccm_client_packets',`
gen_require(`
type dccm_client_packet_t;
')
dontaudit $1 dccm_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dccm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dccm_client_packets',`
gen_require(`
type dccm_client_packet_t;
')
allow $1 dccm_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dccm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dccm_client_packets',`
gen_require(`
type dccm_client_packet_t;
')
dontaudit $1 dccm_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dccm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dccm_client_packets',`
corenet_send_dccm_client_packets($1)
corenet_receive_dccm_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dccm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dccm_client_packets',`
corenet_dontaudit_send_dccm_client_packets($1)
corenet_dontaudit_receive_dccm_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dccm_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dccm_client_packets',`
gen_require(`
type dccm_client_packet_t;
')
allow $1 dccm_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dccm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dccm_server_packets',`
gen_require(`
type dccm_server_packet_t;
')
allow $1 dccm_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dccm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dccm_server_packets',`
gen_require(`
type dccm_server_packet_t;
')
dontaudit $1 dccm_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dccm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dccm_server_packets',`
gen_require(`
type dccm_server_packet_t;
')
allow $1 dccm_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dccm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dccm_server_packets',`
gen_require(`
type dccm_server_packet_t;
')
dontaudit $1 dccm_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dccm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dccm_server_packets',`
corenet_send_dccm_server_packets($1)
corenet_receive_dccm_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dccm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dccm_server_packets',`
corenet_dontaudit_send_dccm_server_packets($1)
corenet_dontaudit_receive_dccm_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dccm_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dccm_server_packets',`
gen_require(`
type dccm_server_packet_t;
')
allow $1 dccm_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dey_keyneg port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dey_keyneg_port',`
gen_require(`
type dey_keyneg_port_t;
')
allow $1 dey_keyneg_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dey_keyneg port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dey_keyneg_port',`
gen_require(`
type dey_keyneg_port_t;
')
allow $1 dey_keyneg_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dey_keyneg port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dey_keyneg_port',`
gen_require(`
type dey_keyneg_port_t;
')
dontaudit $1 dey_keyneg_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dey_keyneg port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dey_keyneg_port',`
gen_require(`
type dey_keyneg_port_t;
')
allow $1 dey_keyneg_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dey_keyneg port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dey_keyneg_port',`
gen_require(`
type dey_keyneg_port_t;
')
dontaudit $1 dey_keyneg_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dey_keyneg port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dey_keyneg_port',`
corenet_udp_send_dey_keyneg_port($1)
corenet_udp_receive_dey_keyneg_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dey_keyneg port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dey_keyneg_port',`
corenet_dontaudit_udp_send_dey_keyneg_port($1)
corenet_dontaudit_udp_receive_dey_keyneg_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dey_keyneg port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dey_keyneg_port',`
gen_require(`
type dey_keyneg_port_t;
')
allow $1 dey_keyneg_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the dey_keyneg port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dey_keyneg_port',`
gen_require(`
type dey_keyneg_port_t;
')
allow $1 dey_keyneg_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to dey_keyneg port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_dey_keyneg_port',`
gen_require(`
type dey_keyneg_port_t;
')
dontaudit $1 dey_keyneg_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the dey_keyneg port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dey_keyneg_port',`
gen_require(`
type dey_keyneg_port_t;
')
allow $1 dey_keyneg_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to dey_keyneg port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_dey_keyneg_port',`
gen_require(`
type dey_keyneg_port_t;
')
dontaudit $1 dey_keyneg_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dey_keyneg_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dey_keyneg_client_packets',`
gen_require(`
type dey_keyneg_client_packet_t;
')
allow $1 dey_keyneg_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dey_keyneg_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dey_keyneg_client_packets',`
gen_require(`
type dey_keyneg_client_packet_t;
')
dontaudit $1 dey_keyneg_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dey_keyneg_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dey_keyneg_client_packets',`
gen_require(`
type dey_keyneg_client_packet_t;
')
allow $1 dey_keyneg_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dey_keyneg_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dey_keyneg_client_packets',`
gen_require(`
type dey_keyneg_client_packet_t;
')
dontaudit $1 dey_keyneg_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dey_keyneg_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dey_keyneg_client_packets',`
corenet_send_dey_keyneg_client_packets($1)
corenet_receive_dey_keyneg_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dey_keyneg_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dey_keyneg_client_packets',`
corenet_dontaudit_send_dey_keyneg_client_packets($1)
corenet_dontaudit_receive_dey_keyneg_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dey_keyneg_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dey_keyneg_client_packets',`
gen_require(`
type dey_keyneg_client_packet_t;
')
allow $1 dey_keyneg_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dey_keyneg_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dey_keyneg_server_packets',`
gen_require(`
type dey_keyneg_server_packet_t;
')
allow $1 dey_keyneg_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dey_keyneg_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dey_keyneg_server_packets',`
gen_require(`
type dey_keyneg_server_packet_t;
')
dontaudit $1 dey_keyneg_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dey_keyneg_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dey_keyneg_server_packets',`
gen_require(`
type dey_keyneg_server_packet_t;
')
allow $1 dey_keyneg_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dey_keyneg_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dey_keyneg_server_packets',`
gen_require(`
type dey_keyneg_server_packet_t;
')
dontaudit $1 dey_keyneg_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dey_keyneg_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dey_keyneg_server_packets',`
corenet_send_dey_keyneg_server_packets($1)
corenet_receive_dey_keyneg_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dey_keyneg_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dey_keyneg_server_packets',`
corenet_dontaudit_send_dey_keyneg_server_packets($1)
corenet_dontaudit_receive_dey_keyneg_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dey_keyneg_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dey_keyneg_server_packets',`
gen_require(`
type dey_keyneg_server_packet_t;
')
allow $1 dey_keyneg_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dey_sapi_port',`
gen_require(`
type dey_sapi_port_t;
')
allow $1 dey_sapi_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dey_sapi_port',`
gen_require(`
type dey_sapi_port_t;
')
allow $1 dey_sapi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dey_sapi_port',`
gen_require(`
type dey_sapi_port_t;
')
dontaudit $1 dey_sapi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dey_sapi_port',`
gen_require(`
type dey_sapi_port_t;
')
allow $1 dey_sapi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dey_sapi_port',`
gen_require(`
type dey_sapi_port_t;
')
dontaudit $1 dey_sapi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dey_sapi_port',`
corenet_udp_send_dey_sapi_port($1)
corenet_udp_receive_dey_sapi_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dey_sapi_port',`
corenet_dontaudit_udp_send_dey_sapi_port($1)
corenet_dontaudit_udp_receive_dey_sapi_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dey_sapi_port',`
gen_require(`
type dey_sapi_port_t;
')
allow $1 dey_sapi_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dey_sapi_port',`
gen_require(`
type dey_sapi_port_t;
')
allow $1 dey_sapi_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_dey_sapi_port',`
gen_require(`
type dey_sapi_port_t;
')
dontaudit $1 dey_sapi_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dey_sapi_port',`
gen_require(`
type dey_sapi_port_t;
')
allow $1 dey_sapi_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to dey_sapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_dey_sapi_port',`
gen_require(`
type dey_sapi_port_t;
')
dontaudit $1 dey_sapi_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dey_sapi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dey_sapi_client_packets',`
gen_require(`
type dey_sapi_client_packet_t;
')
allow $1 dey_sapi_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dey_sapi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dey_sapi_client_packets',`
gen_require(`
type dey_sapi_client_packet_t;
')
dontaudit $1 dey_sapi_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dey_sapi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dey_sapi_client_packets',`
gen_require(`
type dey_sapi_client_packet_t;
')
allow $1 dey_sapi_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dey_sapi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dey_sapi_client_packets',`
gen_require(`
type dey_sapi_client_packet_t;
')
dontaudit $1 dey_sapi_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dey_sapi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dey_sapi_client_packets',`
corenet_send_dey_sapi_client_packets($1)
corenet_receive_dey_sapi_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dey_sapi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dey_sapi_client_packets',`
corenet_dontaudit_send_dey_sapi_client_packets($1)
corenet_dontaudit_receive_dey_sapi_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dey_sapi_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dey_sapi_client_packets',`
gen_require(`
type dey_sapi_client_packet_t;
')
allow $1 dey_sapi_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dey_sapi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dey_sapi_server_packets',`
gen_require(`
type dey_sapi_server_packet_t;
')
allow $1 dey_sapi_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dey_sapi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dey_sapi_server_packets',`
gen_require(`
type dey_sapi_server_packet_t;
')
dontaudit $1 dey_sapi_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dey_sapi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dey_sapi_server_packets',`
gen_require(`
type dey_sapi_server_packet_t;
')
allow $1 dey_sapi_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dey_sapi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dey_sapi_server_packets',`
gen_require(`
type dey_sapi_server_packet_t;
')
dontaudit $1 dey_sapi_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dey_sapi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dey_sapi_server_packets',`
corenet_send_dey_sapi_server_packets($1)
corenet_receive_dey_sapi_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dey_sapi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dey_sapi_server_packets',`
corenet_dontaudit_send_dey_sapi_server_packets($1)
corenet_dontaudit_receive_dey_sapi_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dey_sapi_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dey_sapi_server_packets',`
gen_require(`
type dey_sapi_server_packet_t;
')
allow $1 dey_sapi_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dhcpc_port',`
gen_require(`
type dhcpc_port_t;
')
allow $1 dhcpc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dhcpc_port',`
gen_require(`
type dhcpc_port_t;
')
allow $1 dhcpc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dhcpc_port',`
gen_require(`
type dhcpc_port_t;
')
dontaudit $1 dhcpc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dhcpc_port',`
gen_require(`
type dhcpc_port_t;
')
allow $1 dhcpc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dhcpc_port',`
gen_require(`
type dhcpc_port_t;
')
dontaudit $1 dhcpc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dhcpc_port',`
corenet_udp_send_dhcpc_port($1)
corenet_udp_receive_dhcpc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dhcpc_port',`
corenet_dontaudit_udp_send_dhcpc_port($1)
corenet_dontaudit_udp_receive_dhcpc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dhcpc_port',`
gen_require(`
type dhcpc_port_t;
')
allow $1 dhcpc_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dhcpc_port',`
gen_require(`
type dhcpc_port_t;
')
allow $1 dhcpc_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_dhcpc_port',`
gen_require(`
type dhcpc_port_t;
')
dontaudit $1 dhcpc_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dhcpc_port',`
gen_require(`
type dhcpc_port_t;
')
allow $1 dhcpc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to dhcpc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_dhcpc_port',`
gen_require(`
type dhcpc_port_t;
')
dontaudit $1 dhcpc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dhcpc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dhcpc_client_packets',`
gen_require(`
type dhcpc_client_packet_t;
')
allow $1 dhcpc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dhcpc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dhcpc_client_packets',`
gen_require(`
type dhcpc_client_packet_t;
')
dontaudit $1 dhcpc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dhcpc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dhcpc_client_packets',`
gen_require(`
type dhcpc_client_packet_t;
')
allow $1 dhcpc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dhcpc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dhcpc_client_packets',`
gen_require(`
type dhcpc_client_packet_t;
')
dontaudit $1 dhcpc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dhcpc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dhcpc_client_packets',`
corenet_send_dhcpc_client_packets($1)
corenet_receive_dhcpc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dhcpc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dhcpc_client_packets',`
corenet_dontaudit_send_dhcpc_client_packets($1)
corenet_dontaudit_receive_dhcpc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dhcpc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dhcpc_client_packets',`
gen_require(`
type dhcpc_client_packet_t;
')
allow $1 dhcpc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dhcpc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dhcpc_server_packets',`
gen_require(`
type dhcpc_server_packet_t;
')
allow $1 dhcpc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dhcpc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dhcpc_server_packets',`
gen_require(`
type dhcpc_server_packet_t;
')
dontaudit $1 dhcpc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dhcpc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dhcpc_server_packets',`
gen_require(`
type dhcpc_server_packet_t;
')
allow $1 dhcpc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dhcpc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dhcpc_server_packets',`
gen_require(`
type dhcpc_server_packet_t;
')
dontaudit $1 dhcpc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dhcpc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dhcpc_server_packets',`
corenet_send_dhcpc_server_packets($1)
corenet_receive_dhcpc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dhcpc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dhcpc_server_packets',`
corenet_dontaudit_send_dhcpc_server_packets($1)
corenet_dontaudit_receive_dhcpc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dhcpc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dhcpc_server_packets',`
gen_require(`
type dhcpc_server_packet_t;
')
allow $1 dhcpc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dhcpd_port',`
gen_require(`
type dhcpd_port_t;
')
allow $1 dhcpd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dhcpd_port',`
gen_require(`
type dhcpd_port_t;
')
allow $1 dhcpd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dhcpd_port',`
gen_require(`
type dhcpd_port_t;
')
dontaudit $1 dhcpd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dhcpd_port',`
gen_require(`
type dhcpd_port_t;
')
allow $1 dhcpd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dhcpd_port',`
gen_require(`
type dhcpd_port_t;
')
dontaudit $1 dhcpd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dhcpd_port',`
corenet_udp_send_dhcpd_port($1)
corenet_udp_receive_dhcpd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dhcpd_port',`
corenet_dontaudit_udp_send_dhcpd_port($1)
corenet_dontaudit_udp_receive_dhcpd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dhcpd_port',`
gen_require(`
type dhcpd_port_t;
')
allow $1 dhcpd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dhcpd_port',`
gen_require(`
type dhcpd_port_t;
')
allow $1 dhcpd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_dhcpd_port',`
gen_require(`
type dhcpd_port_t;
')
dontaudit $1 dhcpd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dhcpd_port',`
gen_require(`
type dhcpd_port_t;
')
allow $1 dhcpd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to dhcpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_dhcpd_port',`
gen_require(`
type dhcpd_port_t;
')
dontaudit $1 dhcpd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dhcpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dhcpd_client_packets',`
gen_require(`
type dhcpd_client_packet_t;
')
allow $1 dhcpd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dhcpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dhcpd_client_packets',`
gen_require(`
type dhcpd_client_packet_t;
')
dontaudit $1 dhcpd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dhcpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dhcpd_client_packets',`
gen_require(`
type dhcpd_client_packet_t;
')
allow $1 dhcpd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dhcpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dhcpd_client_packets',`
gen_require(`
type dhcpd_client_packet_t;
')
dontaudit $1 dhcpd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dhcpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dhcpd_client_packets',`
corenet_send_dhcpd_client_packets($1)
corenet_receive_dhcpd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dhcpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dhcpd_client_packets',`
corenet_dontaudit_send_dhcpd_client_packets($1)
corenet_dontaudit_receive_dhcpd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dhcpd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dhcpd_client_packets',`
gen_require(`
type dhcpd_client_packet_t;
')
allow $1 dhcpd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dhcpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dhcpd_server_packets',`
gen_require(`
type dhcpd_server_packet_t;
')
allow $1 dhcpd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dhcpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dhcpd_server_packets',`
gen_require(`
type dhcpd_server_packet_t;
')
dontaudit $1 dhcpd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dhcpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dhcpd_server_packets',`
gen_require(`
type dhcpd_server_packet_t;
')
allow $1 dhcpd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dhcpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dhcpd_server_packets',`
gen_require(`
type dhcpd_server_packet_t;
')
dontaudit $1 dhcpd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dhcpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dhcpd_server_packets',`
corenet_send_dhcpd_server_packets($1)
corenet_receive_dhcpd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dhcpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dhcpd_server_packets',`
corenet_dontaudit_send_dhcpd_server_packets($1)
corenet_dontaudit_receive_dhcpd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dhcpd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dhcpd_server_packets',`
gen_require(`
type dhcpd_server_packet_t;
')
allow $1 dhcpd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dict_port',`
gen_require(`
type dict_port_t;
')
allow $1 dict_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dict_port',`
gen_require(`
type dict_port_t;
')
allow $1 dict_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dict_port',`
gen_require(`
type dict_port_t;
')
dontaudit $1 dict_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dict_port',`
gen_require(`
type dict_port_t;
')
allow $1 dict_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dict_port',`
gen_require(`
type dict_port_t;
')
dontaudit $1 dict_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dict_port',`
corenet_udp_send_dict_port($1)
corenet_udp_receive_dict_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dict_port',`
corenet_dontaudit_udp_send_dict_port($1)
corenet_dontaudit_udp_receive_dict_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dict_port',`
gen_require(`
type dict_port_t;
')
allow $1 dict_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dict_port',`
gen_require(`
type dict_port_t;
')
allow $1 dict_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_dict_port',`
gen_require(`
type dict_port_t;
')
dontaudit $1 dict_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dict_port',`
gen_require(`
type dict_port_t;
')
allow $1 dict_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to dict port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_dict_port',`
gen_require(`
type dict_port_t;
')
dontaudit $1 dict_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dict_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dict_client_packets',`
gen_require(`
type dict_client_packet_t;
')
allow $1 dict_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dict_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dict_client_packets',`
gen_require(`
type dict_client_packet_t;
')
dontaudit $1 dict_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dict_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dict_client_packets',`
gen_require(`
type dict_client_packet_t;
')
allow $1 dict_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dict_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dict_client_packets',`
gen_require(`
type dict_client_packet_t;
')
dontaudit $1 dict_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dict_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dict_client_packets',`
corenet_send_dict_client_packets($1)
corenet_receive_dict_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dict_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dict_client_packets',`
corenet_dontaudit_send_dict_client_packets($1)
corenet_dontaudit_receive_dict_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dict_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dict_client_packets',`
gen_require(`
type dict_client_packet_t;
')
allow $1 dict_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dict_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dict_server_packets',`
gen_require(`
type dict_server_packet_t;
')
allow $1 dict_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dict_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dict_server_packets',`
gen_require(`
type dict_server_packet_t;
')
dontaudit $1 dict_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dict_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dict_server_packets',`
gen_require(`
type dict_server_packet_t;
')
allow $1 dict_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dict_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dict_server_packets',`
gen_require(`
type dict_server_packet_t;
')
dontaudit $1 dict_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dict_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dict_server_packets',`
corenet_send_dict_server_packets($1)
corenet_receive_dict_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dict_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dict_server_packets',`
corenet_dontaudit_send_dict_server_packets($1)
corenet_dontaudit_receive_dict_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dict_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dict_server_packets',`
gen_require(`
type dict_server_packet_t;
')
allow $1 dict_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_distccd_port',`
gen_require(`
type distccd_port_t;
')
allow $1 distccd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_distccd_port',`
gen_require(`
type distccd_port_t;
')
allow $1 distccd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_distccd_port',`
gen_require(`
type distccd_port_t;
')
dontaudit $1 distccd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_distccd_port',`
gen_require(`
type distccd_port_t;
')
allow $1 distccd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_distccd_port',`
gen_require(`
type distccd_port_t;
')
dontaudit $1 distccd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_distccd_port',`
corenet_udp_send_distccd_port($1)
corenet_udp_receive_distccd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_distccd_port',`
corenet_dontaudit_udp_send_distccd_port($1)
corenet_dontaudit_udp_receive_distccd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_distccd_port',`
gen_require(`
type distccd_port_t;
')
allow $1 distccd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_distccd_port',`
gen_require(`
type distccd_port_t;
')
allow $1 distccd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_distccd_port',`
gen_require(`
type distccd_port_t;
')
dontaudit $1 distccd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_distccd_port',`
gen_require(`
type distccd_port_t;
')
allow $1 distccd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to distccd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_distccd_port',`
gen_require(`
type distccd_port_t;
')
dontaudit $1 distccd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send distccd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_distccd_client_packets',`
gen_require(`
type distccd_client_packet_t;
')
allow $1 distccd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send distccd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_distccd_client_packets',`
gen_require(`
type distccd_client_packet_t;
')
dontaudit $1 distccd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive distccd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_distccd_client_packets',`
gen_require(`
type distccd_client_packet_t;
')
allow $1 distccd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive distccd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_distccd_client_packets',`
gen_require(`
type distccd_client_packet_t;
')
dontaudit $1 distccd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive distccd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_distccd_client_packets',`
corenet_send_distccd_client_packets($1)
corenet_receive_distccd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive distccd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_distccd_client_packets',`
corenet_dontaudit_send_distccd_client_packets($1)
corenet_dontaudit_receive_distccd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to distccd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_distccd_client_packets',`
gen_require(`
type distccd_client_packet_t;
')
allow $1 distccd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send distccd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_distccd_server_packets',`
gen_require(`
type distccd_server_packet_t;
')
allow $1 distccd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send distccd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_distccd_server_packets',`
gen_require(`
type distccd_server_packet_t;
')
dontaudit $1 distccd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive distccd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_distccd_server_packets',`
gen_require(`
type distccd_server_packet_t;
')
allow $1 distccd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive distccd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_distccd_server_packets',`
gen_require(`
type distccd_server_packet_t;
')
dontaudit $1 distccd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive distccd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_distccd_server_packets',`
corenet_send_distccd_server_packets($1)
corenet_receive_distccd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive distccd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_distccd_server_packets',`
corenet_dontaudit_send_distccd_server_packets($1)
corenet_dontaudit_receive_distccd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to distccd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_distccd_server_packets',`
gen_require(`
type distccd_server_packet_t;
')
allow $1 distccd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dogtag_port',`
gen_require(`
type dogtag_port_t;
')
allow $1 dogtag_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dogtag_port',`
gen_require(`
type dogtag_port_t;
')
allow $1 dogtag_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dogtag_port',`
gen_require(`
type dogtag_port_t;
')
dontaudit $1 dogtag_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dogtag_port',`
gen_require(`
type dogtag_port_t;
')
allow $1 dogtag_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dogtag_port',`
gen_require(`
type dogtag_port_t;
')
dontaudit $1 dogtag_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dogtag_port',`
corenet_udp_send_dogtag_port($1)
corenet_udp_receive_dogtag_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dogtag_port',`
corenet_dontaudit_udp_send_dogtag_port($1)
corenet_dontaudit_udp_receive_dogtag_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dogtag_port',`
gen_require(`
type dogtag_port_t;
')
allow $1 dogtag_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dogtag_port',`
gen_require(`
type dogtag_port_t;
')
allow $1 dogtag_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_dogtag_port',`
gen_require(`
type dogtag_port_t;
')
dontaudit $1 dogtag_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dogtag_port',`
gen_require(`
type dogtag_port_t;
')
allow $1 dogtag_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to dogtag port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_dogtag_port',`
gen_require(`
type dogtag_port_t;
')
dontaudit $1 dogtag_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dogtag_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dogtag_client_packets',`
gen_require(`
type dogtag_client_packet_t;
')
allow $1 dogtag_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dogtag_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dogtag_client_packets',`
gen_require(`
type dogtag_client_packet_t;
')
dontaudit $1 dogtag_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dogtag_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dogtag_client_packets',`
gen_require(`
type dogtag_client_packet_t;
')
allow $1 dogtag_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dogtag_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dogtag_client_packets',`
gen_require(`
type dogtag_client_packet_t;
')
dontaudit $1 dogtag_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dogtag_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dogtag_client_packets',`
corenet_send_dogtag_client_packets($1)
corenet_receive_dogtag_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dogtag_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dogtag_client_packets',`
corenet_dontaudit_send_dogtag_client_packets($1)
corenet_dontaudit_receive_dogtag_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dogtag_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dogtag_client_packets',`
gen_require(`
type dogtag_client_packet_t;
')
allow $1 dogtag_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dogtag_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dogtag_server_packets',`
gen_require(`
type dogtag_server_packet_t;
')
allow $1 dogtag_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dogtag_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dogtag_server_packets',`
gen_require(`
type dogtag_server_packet_t;
')
dontaudit $1 dogtag_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dogtag_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dogtag_server_packets',`
gen_require(`
type dogtag_server_packet_t;
')
allow $1 dogtag_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dogtag_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dogtag_server_packets',`
gen_require(`
type dogtag_server_packet_t;
')
dontaudit $1 dogtag_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dogtag_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dogtag_server_packets',`
corenet_send_dogtag_server_packets($1)
corenet_receive_dogtag_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dogtag_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dogtag_server_packets',`
corenet_dontaudit_send_dogtag_server_packets($1)
corenet_dontaudit_receive_dogtag_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dogtag_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dogtag_server_packets',`
gen_require(`
type dogtag_server_packet_t;
')
allow $1 dogtag_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dns_port',`
gen_require(`
type dns_port_t;
')
allow $1 dns_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dns_port',`
gen_require(`
type dns_port_t;
')
allow $1 dns_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dns_port',`
gen_require(`
type dns_port_t;
')
dontaudit $1 dns_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dns_port',`
gen_require(`
type dns_port_t;
')
allow $1 dns_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dns_port',`
gen_require(`
type dns_port_t;
')
dontaudit $1 dns_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dns_port',`
corenet_udp_send_dns_port($1)
corenet_udp_receive_dns_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dns_port',`
corenet_dontaudit_udp_send_dns_port($1)
corenet_dontaudit_udp_receive_dns_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dns_port',`
gen_require(`
type dns_port_t;
')
allow $1 dns_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dns_port',`
gen_require(`
type dns_port_t;
')
allow $1 dns_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_dns_port',`
gen_require(`
type dns_port_t;
')
dontaudit $1 dns_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dns_port',`
gen_require(`
type dns_port_t;
')
allow $1 dns_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to dns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_dns_port',`
gen_require(`
type dns_port_t;
')
dontaudit $1 dns_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dns_client_packets',`
gen_require(`
type dns_client_packet_t;
')
allow $1 dns_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dns_client_packets',`
gen_require(`
type dns_client_packet_t;
')
dontaudit $1 dns_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dns_client_packets',`
gen_require(`
type dns_client_packet_t;
')
allow $1 dns_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dns_client_packets',`
gen_require(`
type dns_client_packet_t;
')
dontaudit $1 dns_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dns_client_packets',`
corenet_send_dns_client_packets($1)
corenet_receive_dns_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dns_client_packets',`
corenet_dontaudit_send_dns_client_packets($1)
corenet_dontaudit_receive_dns_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dns_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dns_client_packets',`
gen_require(`
type dns_client_packet_t;
')
allow $1 dns_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dns_server_packets',`
gen_require(`
type dns_server_packet_t;
')
allow $1 dns_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dns_server_packets',`
gen_require(`
type dns_server_packet_t;
')
dontaudit $1 dns_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dns_server_packets',`
gen_require(`
type dns_server_packet_t;
')
allow $1 dns_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dns_server_packets',`
gen_require(`
type dns_server_packet_t;
')
dontaudit $1 dns_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dns_server_packets',`
corenet_send_dns_server_packets($1)
corenet_receive_dns_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dns_server_packets',`
corenet_dontaudit_send_dns_server_packets($1)
corenet_dontaudit_receive_dns_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dns_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dns_server_packets',`
gen_require(`
type dns_server_packet_t;
')
allow $1 dns_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the dnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_dnssec_port',`
gen_require(`
type dnssec_port_t;
')
allow $1 dnssec_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the dnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_dnssec_port',`
gen_require(`
type dnssec_port_t;
')
allow $1 dnssec_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the dnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_dnssec_port',`
gen_require(`
type dnssec_port_t;
')
dontaudit $1 dnssec_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the dnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_dnssec_port',`
gen_require(`
type dnssec_port_t;
')
allow $1 dnssec_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the dnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_dnssec_port',`
gen_require(`
type dnssec_port_t;
')
dontaudit $1 dnssec_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the dnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_dnssec_port',`
corenet_udp_send_dnssec_port($1)
corenet_udp_receive_dnssec_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the dnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_dnssec_port',`
corenet_dontaudit_udp_send_dnssec_port($1)
corenet_dontaudit_udp_receive_dnssec_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the dnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_dnssec_port',`
gen_require(`
type dnssec_port_t;
')
allow $1 dnssec_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the dnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_dnssec_port',`
gen_require(`
type dnssec_port_t;
')
allow $1 dnssec_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to dnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_dnssec_port',`
gen_require(`
type dnssec_port_t;
')
dontaudit $1 dnssec_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the dnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_dnssec_port',`
gen_require(`
type dnssec_port_t;
')
allow $1 dnssec_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to dnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_dnssec_port',`
gen_require(`
type dnssec_port_t;
')
dontaudit $1 dnssec_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send dnssec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dnssec_client_packets',`
gen_require(`
type dnssec_client_packet_t;
')
allow $1 dnssec_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dnssec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dnssec_client_packets',`
gen_require(`
type dnssec_client_packet_t;
')
dontaudit $1 dnssec_client_packet_t:packet send;
')
########################################
## <summary>
## Receive dnssec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dnssec_client_packets',`
gen_require(`
type dnssec_client_packet_t;
')
allow $1 dnssec_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dnssec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dnssec_client_packets',`
gen_require(`
type dnssec_client_packet_t;
')
dontaudit $1 dnssec_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dnssec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dnssec_client_packets',`
corenet_send_dnssec_client_packets($1)
corenet_receive_dnssec_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dnssec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dnssec_client_packets',`
corenet_dontaudit_send_dnssec_client_packets($1)
corenet_dontaudit_receive_dnssec_client_packets($1)
')
########################################
## <summary>
## Relabel packets to dnssec_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dnssec_client_packets',`
gen_require(`
type dnssec_client_packet_t;
')
allow $1 dnssec_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send dnssec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_dnssec_server_packets',`
gen_require(`
type dnssec_server_packet_t;
')
allow $1 dnssec_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send dnssec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_dnssec_server_packets',`
gen_require(`
type dnssec_server_packet_t;
')
dontaudit $1 dnssec_server_packet_t:packet send;
')
########################################
## <summary>
## Receive dnssec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_dnssec_server_packets',`
gen_require(`
type dnssec_server_packet_t;
')
allow $1 dnssec_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive dnssec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_dnssec_server_packets',`
gen_require(`
type dnssec_server_packet_t;
')
dontaudit $1 dnssec_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive dnssec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_dnssec_server_packets',`
corenet_send_dnssec_server_packets($1)
corenet_receive_dnssec_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive dnssec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_dnssec_server_packets',`
corenet_dontaudit_send_dnssec_server_packets($1)
corenet_dontaudit_receive_dnssec_server_packets($1)
')
########################################
## <summary>
## Relabel packets to dnssec_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_dnssec_server_packets',`
gen_require(`
type dnssec_server_packet_t;
')
allow $1 dnssec_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_echo_port',`
gen_require(`
type echo_port_t;
')
allow $1 echo_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_echo_port',`
gen_require(`
type echo_port_t;
')
allow $1 echo_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_echo_port',`
gen_require(`
type echo_port_t;
')
dontaudit $1 echo_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_echo_port',`
gen_require(`
type echo_port_t;
')
allow $1 echo_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_echo_port',`
gen_require(`
type echo_port_t;
')
dontaudit $1 echo_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_echo_port',`
corenet_udp_send_echo_port($1)
corenet_udp_receive_echo_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_echo_port',`
corenet_dontaudit_udp_send_echo_port($1)
corenet_dontaudit_udp_receive_echo_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_echo_port',`
gen_require(`
type echo_port_t;
')
allow $1 echo_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_echo_port',`
gen_require(`
type echo_port_t;
')
allow $1 echo_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_echo_port',`
gen_require(`
type echo_port_t;
')
dontaudit $1 echo_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_echo_port',`
gen_require(`
type echo_port_t;
')
allow $1 echo_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to echo port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_echo_port',`
gen_require(`
type echo_port_t;
')
dontaudit $1 echo_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send echo_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_echo_client_packets',`
gen_require(`
type echo_client_packet_t;
')
allow $1 echo_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send echo_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_echo_client_packets',`
gen_require(`
type echo_client_packet_t;
')
dontaudit $1 echo_client_packet_t:packet send;
')
########################################
## <summary>
## Receive echo_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_echo_client_packets',`
gen_require(`
type echo_client_packet_t;
')
allow $1 echo_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive echo_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_echo_client_packets',`
gen_require(`
type echo_client_packet_t;
')
dontaudit $1 echo_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive echo_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_echo_client_packets',`
corenet_send_echo_client_packets($1)
corenet_receive_echo_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive echo_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_echo_client_packets',`
corenet_dontaudit_send_echo_client_packets($1)
corenet_dontaudit_receive_echo_client_packets($1)
')
########################################
## <summary>
## Relabel packets to echo_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_echo_client_packets',`
gen_require(`
type echo_client_packet_t;
')
allow $1 echo_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send echo_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_echo_server_packets',`
gen_require(`
type echo_server_packet_t;
')
allow $1 echo_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send echo_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_echo_server_packets',`
gen_require(`
type echo_server_packet_t;
')
dontaudit $1 echo_server_packet_t:packet send;
')
########################################
## <summary>
## Receive echo_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_echo_server_packets',`
gen_require(`
type echo_server_packet_t;
')
allow $1 echo_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive echo_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_echo_server_packets',`
gen_require(`
type echo_server_packet_t;
')
dontaudit $1 echo_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive echo_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_echo_server_packets',`
corenet_send_echo_server_packets($1)
corenet_receive_echo_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive echo_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_echo_server_packets',`
corenet_dontaudit_send_echo_server_packets($1)
corenet_dontaudit_receive_echo_server_packets($1)
')
########################################
## <summary>
## Relabel packets to echo_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_echo_server_packets',`
gen_require(`
type echo_server_packet_t;
')
allow $1 echo_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the efs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_efs_port',`
gen_require(`
type efs_port_t;
')
allow $1 efs_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the efs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_efs_port',`
gen_require(`
type efs_port_t;
')
allow $1 efs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the efs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_efs_port',`
gen_require(`
type efs_port_t;
')
dontaudit $1 efs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the efs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_efs_port',`
gen_require(`
type efs_port_t;
')
allow $1 efs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the efs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_efs_port',`
gen_require(`
type efs_port_t;
')
dontaudit $1 efs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the efs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_efs_port',`
corenet_udp_send_efs_port($1)
corenet_udp_receive_efs_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the efs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_efs_port',`
corenet_dontaudit_udp_send_efs_port($1)
corenet_dontaudit_udp_receive_efs_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the efs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_efs_port',`
gen_require(`
type efs_port_t;
')
allow $1 efs_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the efs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_efs_port',`
gen_require(`
type efs_port_t;
')
allow $1 efs_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to efs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_efs_port',`
gen_require(`
type efs_port_t;
')
dontaudit $1 efs_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the efs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_efs_port',`
gen_require(`
type efs_port_t;
')
allow $1 efs_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to efs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_efs_port',`
gen_require(`
type efs_port_t;
')
dontaudit $1 efs_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send efs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_efs_client_packets',`
gen_require(`
type efs_client_packet_t;
')
allow $1 efs_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send efs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_efs_client_packets',`
gen_require(`
type efs_client_packet_t;
')
dontaudit $1 efs_client_packet_t:packet send;
')
########################################
## <summary>
## Receive efs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_efs_client_packets',`
gen_require(`
type efs_client_packet_t;
')
allow $1 efs_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive efs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_efs_client_packets',`
gen_require(`
type efs_client_packet_t;
')
dontaudit $1 efs_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive efs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_efs_client_packets',`
corenet_send_efs_client_packets($1)
corenet_receive_efs_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive efs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_efs_client_packets',`
corenet_dontaudit_send_efs_client_packets($1)
corenet_dontaudit_receive_efs_client_packets($1)
')
########################################
## <summary>
## Relabel packets to efs_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_efs_client_packets',`
gen_require(`
type efs_client_packet_t;
')
allow $1 efs_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send efs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_efs_server_packets',`
gen_require(`
type efs_server_packet_t;
')
allow $1 efs_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send efs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_efs_server_packets',`
gen_require(`
type efs_server_packet_t;
')
dontaudit $1 efs_server_packet_t:packet send;
')
########################################
## <summary>
## Receive efs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_efs_server_packets',`
gen_require(`
type efs_server_packet_t;
')
allow $1 efs_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive efs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_efs_server_packets',`
gen_require(`
type efs_server_packet_t;
')
dontaudit $1 efs_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive efs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_efs_server_packets',`
corenet_send_efs_server_packets($1)
corenet_receive_efs_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive efs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_efs_server_packets',`
corenet_dontaudit_send_efs_server_packets($1)
corenet_dontaudit_receive_efs_server_packets($1)
')
########################################
## <summary>
## Relabel packets to efs_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_efs_server_packets',`
gen_require(`
type efs_server_packet_t;
')
allow $1 efs_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the embrace_dp_c port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_embrace_dp_c_port',`
gen_require(`
type embrace_dp_c_port_t;
')
allow $1 embrace_dp_c_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the embrace_dp_c port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_embrace_dp_c_port',`
gen_require(`
type embrace_dp_c_port_t;
')
allow $1 embrace_dp_c_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the embrace_dp_c port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_embrace_dp_c_port',`
gen_require(`
type embrace_dp_c_port_t;
')
dontaudit $1 embrace_dp_c_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the embrace_dp_c port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_embrace_dp_c_port',`
gen_require(`
type embrace_dp_c_port_t;
')
allow $1 embrace_dp_c_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the embrace_dp_c port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_embrace_dp_c_port',`
gen_require(`
type embrace_dp_c_port_t;
')
dontaudit $1 embrace_dp_c_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the embrace_dp_c port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_embrace_dp_c_port',`
corenet_udp_send_embrace_dp_c_port($1)
corenet_udp_receive_embrace_dp_c_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the embrace_dp_c port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_embrace_dp_c_port',`
corenet_dontaudit_udp_send_embrace_dp_c_port($1)
corenet_dontaudit_udp_receive_embrace_dp_c_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the embrace_dp_c port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_embrace_dp_c_port',`
gen_require(`
type embrace_dp_c_port_t;
')
allow $1 embrace_dp_c_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the embrace_dp_c port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_embrace_dp_c_port',`
gen_require(`
type embrace_dp_c_port_t;
')
allow $1 embrace_dp_c_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to embrace_dp_c port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_embrace_dp_c_port',`
gen_require(`
type embrace_dp_c_port_t;
')
dontaudit $1 embrace_dp_c_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the embrace_dp_c port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_embrace_dp_c_port',`
gen_require(`
type embrace_dp_c_port_t;
')
allow $1 embrace_dp_c_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to embrace_dp_c port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_embrace_dp_c_port',`
gen_require(`
type embrace_dp_c_port_t;
')
dontaudit $1 embrace_dp_c_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send embrace_dp_c_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_embrace_dp_c_client_packets',`
gen_require(`
type embrace_dp_c_client_packet_t;
')
allow $1 embrace_dp_c_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send embrace_dp_c_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_embrace_dp_c_client_packets',`
gen_require(`
type embrace_dp_c_client_packet_t;
')
dontaudit $1 embrace_dp_c_client_packet_t:packet send;
')
########################################
## <summary>
## Receive embrace_dp_c_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_embrace_dp_c_client_packets',`
gen_require(`
type embrace_dp_c_client_packet_t;
')
allow $1 embrace_dp_c_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive embrace_dp_c_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_embrace_dp_c_client_packets',`
gen_require(`
type embrace_dp_c_client_packet_t;
')
dontaudit $1 embrace_dp_c_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive embrace_dp_c_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_embrace_dp_c_client_packets',`
corenet_send_embrace_dp_c_client_packets($1)
corenet_receive_embrace_dp_c_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive embrace_dp_c_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_embrace_dp_c_client_packets',`
corenet_dontaudit_send_embrace_dp_c_client_packets($1)
corenet_dontaudit_receive_embrace_dp_c_client_packets($1)
')
########################################
## <summary>
## Relabel packets to embrace_dp_c_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_embrace_dp_c_client_packets',`
gen_require(`
type embrace_dp_c_client_packet_t;
')
allow $1 embrace_dp_c_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send embrace_dp_c_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_embrace_dp_c_server_packets',`
gen_require(`
type embrace_dp_c_server_packet_t;
')
allow $1 embrace_dp_c_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send embrace_dp_c_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_embrace_dp_c_server_packets',`
gen_require(`
type embrace_dp_c_server_packet_t;
')
dontaudit $1 embrace_dp_c_server_packet_t:packet send;
')
########################################
## <summary>
## Receive embrace_dp_c_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_embrace_dp_c_server_packets',`
gen_require(`
type embrace_dp_c_server_packet_t;
')
allow $1 embrace_dp_c_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive embrace_dp_c_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_embrace_dp_c_server_packets',`
gen_require(`
type embrace_dp_c_server_packet_t;
')
dontaudit $1 embrace_dp_c_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive embrace_dp_c_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_embrace_dp_c_server_packets',`
corenet_send_embrace_dp_c_server_packets($1)
corenet_receive_embrace_dp_c_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive embrace_dp_c_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_embrace_dp_c_server_packets',`
corenet_dontaudit_send_embrace_dp_c_server_packets($1)
corenet_dontaudit_receive_embrace_dp_c_server_packets($1)
')
########################################
## <summary>
## Relabel packets to embrace_dp_c_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_embrace_dp_c_server_packets',`
gen_require(`
type embrace_dp_c_server_packet_t;
')
allow $1 embrace_dp_c_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_epmap_port',`
gen_require(`
type epmap_port_t;
')
allow $1 epmap_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_epmap_port',`
gen_require(`
type epmap_port_t;
')
allow $1 epmap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_epmap_port',`
gen_require(`
type epmap_port_t;
')
dontaudit $1 epmap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_epmap_port',`
gen_require(`
type epmap_port_t;
')
allow $1 epmap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_epmap_port',`
gen_require(`
type epmap_port_t;
')
dontaudit $1 epmap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_epmap_port',`
corenet_udp_send_epmap_port($1)
corenet_udp_receive_epmap_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_epmap_port',`
corenet_dontaudit_udp_send_epmap_port($1)
corenet_dontaudit_udp_receive_epmap_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_epmap_port',`
gen_require(`
type epmap_port_t;
')
allow $1 epmap_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_epmap_port',`
gen_require(`
type epmap_port_t;
')
allow $1 epmap_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_epmap_port',`
gen_require(`
type epmap_port_t;
')
dontaudit $1 epmap_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_epmap_port',`
gen_require(`
type epmap_port_t;
')
allow $1 epmap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to epmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_epmap_port',`
gen_require(`
type epmap_port_t;
')
dontaudit $1 epmap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send epmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_epmap_client_packets',`
gen_require(`
type epmap_client_packet_t;
')
allow $1 epmap_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send epmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_epmap_client_packets',`
gen_require(`
type epmap_client_packet_t;
')
dontaudit $1 epmap_client_packet_t:packet send;
')
########################################
## <summary>
## Receive epmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_epmap_client_packets',`
gen_require(`
type epmap_client_packet_t;
')
allow $1 epmap_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive epmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_epmap_client_packets',`
gen_require(`
type epmap_client_packet_t;
')
dontaudit $1 epmap_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive epmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_epmap_client_packets',`
corenet_send_epmap_client_packets($1)
corenet_receive_epmap_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive epmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_epmap_client_packets',`
corenet_dontaudit_send_epmap_client_packets($1)
corenet_dontaudit_receive_epmap_client_packets($1)
')
########################################
## <summary>
## Relabel packets to epmap_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_epmap_client_packets',`
gen_require(`
type epmap_client_packet_t;
')
allow $1 epmap_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send epmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_epmap_server_packets',`
gen_require(`
type epmap_server_packet_t;
')
allow $1 epmap_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send epmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_epmap_server_packets',`
gen_require(`
type epmap_server_packet_t;
')
dontaudit $1 epmap_server_packet_t:packet send;
')
########################################
## <summary>
## Receive epmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_epmap_server_packets',`
gen_require(`
type epmap_server_packet_t;
')
allow $1 epmap_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive epmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_epmap_server_packets',`
gen_require(`
type epmap_server_packet_t;
')
dontaudit $1 epmap_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive epmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_epmap_server_packets',`
corenet_send_epmap_server_packets($1)
corenet_receive_epmap_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive epmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_epmap_server_packets',`
corenet_dontaudit_send_epmap_server_packets($1)
corenet_dontaudit_receive_epmap_server_packets($1)
')
########################################
## <summary>
## Relabel packets to epmap_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_epmap_server_packets',`
gen_require(`
type epmap_server_packet_t;
')
allow $1 epmap_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the epmd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_epmd_port',`
gen_require(`
type epmd_port_t;
')
allow $1 epmd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the epmd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_epmd_port',`
gen_require(`
type epmd_port_t;
')
allow $1 epmd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the epmd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_epmd_port',`
gen_require(`
type epmd_port_t;
')
dontaudit $1 epmd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the epmd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_epmd_port',`
gen_require(`
type epmd_port_t;
')
allow $1 epmd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the epmd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_epmd_port',`
gen_require(`
type epmd_port_t;
')
dontaudit $1 epmd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the epmd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_epmd_port',`
corenet_udp_send_epmd_port($1)
corenet_udp_receive_epmd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the epmd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_epmd_port',`
corenet_dontaudit_udp_send_epmd_port($1)
corenet_dontaudit_udp_receive_epmd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the epmd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_epmd_port',`
gen_require(`
type epmd_port_t;
')
allow $1 epmd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the epmd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_epmd_port',`
gen_require(`
type epmd_port_t;
')
allow $1 epmd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to epmd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_epmd_port',`
gen_require(`
type epmd_port_t;
')
dontaudit $1 epmd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the epmd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_epmd_port',`
gen_require(`
type epmd_port_t;
')
allow $1 epmd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to epmd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_epmd_port',`
gen_require(`
type epmd_port_t;
')
dontaudit $1 epmd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send epmd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_epmd_client_packets',`
gen_require(`
type epmd_client_packet_t;
')
allow $1 epmd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send epmd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_epmd_client_packets',`
gen_require(`
type epmd_client_packet_t;
')
dontaudit $1 epmd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive epmd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_epmd_client_packets',`
gen_require(`
type epmd_client_packet_t;
')
allow $1 epmd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive epmd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_epmd_client_packets',`
gen_require(`
type epmd_client_packet_t;
')
dontaudit $1 epmd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive epmd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_epmd_client_packets',`
corenet_send_epmd_client_packets($1)
corenet_receive_epmd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive epmd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_epmd_client_packets',`
corenet_dontaudit_send_epmd_client_packets($1)
corenet_dontaudit_receive_epmd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to epmd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_epmd_client_packets',`
gen_require(`
type epmd_client_packet_t;
')
allow $1 epmd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send epmd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_epmd_server_packets',`
gen_require(`
type epmd_server_packet_t;
')
allow $1 epmd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send epmd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_epmd_server_packets',`
gen_require(`
type epmd_server_packet_t;
')
dontaudit $1 epmd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive epmd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_epmd_server_packets',`
gen_require(`
type epmd_server_packet_t;
')
allow $1 epmd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive epmd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_epmd_server_packets',`
gen_require(`
type epmd_server_packet_t;
')
dontaudit $1 epmd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive epmd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_epmd_server_packets',`
corenet_send_epmd_server_packets($1)
corenet_receive_epmd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive epmd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_epmd_server_packets',`
corenet_dontaudit_send_epmd_server_packets($1)
corenet_dontaudit_receive_epmd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to epmd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_epmd_server_packets',`
gen_require(`
type epmd_server_packet_t;
')
allow $1 epmd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the fac_restore port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_fac_restore_port',`
gen_require(`
type fac_restore_port_t;
')
allow $1 fac_restore_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the fac_restore port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_fac_restore_port',`
gen_require(`
type fac_restore_port_t;
')
allow $1 fac_restore_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the fac_restore port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_fac_restore_port',`
gen_require(`
type fac_restore_port_t;
')
dontaudit $1 fac_restore_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the fac_restore port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_fac_restore_port',`
gen_require(`
type fac_restore_port_t;
')
allow $1 fac_restore_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the fac_restore port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_fac_restore_port',`
gen_require(`
type fac_restore_port_t;
')
dontaudit $1 fac_restore_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the fac_restore port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_fac_restore_port',`
corenet_udp_send_fac_restore_port($1)
corenet_udp_receive_fac_restore_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the fac_restore port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_fac_restore_port',`
corenet_dontaudit_udp_send_fac_restore_port($1)
corenet_dontaudit_udp_receive_fac_restore_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the fac_restore port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_fac_restore_port',`
gen_require(`
type fac_restore_port_t;
')
allow $1 fac_restore_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the fac_restore port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_fac_restore_port',`
gen_require(`
type fac_restore_port_t;
')
allow $1 fac_restore_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to fac_restore port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_fac_restore_port',`
gen_require(`
type fac_restore_port_t;
')
dontaudit $1 fac_restore_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the fac_restore port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_fac_restore_port',`
gen_require(`
type fac_restore_port_t;
')
allow $1 fac_restore_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to fac_restore port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_fac_restore_port',`
gen_require(`
type fac_restore_port_t;
')
dontaudit $1 fac_restore_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send fac_restore_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_fac_restore_client_packets',`
gen_require(`
type fac_restore_client_packet_t;
')
allow $1 fac_restore_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send fac_restore_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_fac_restore_client_packets',`
gen_require(`
type fac_restore_client_packet_t;
')
dontaudit $1 fac_restore_client_packet_t:packet send;
')
########################################
## <summary>
## Receive fac_restore_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_fac_restore_client_packets',`
gen_require(`
type fac_restore_client_packet_t;
')
allow $1 fac_restore_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive fac_restore_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_fac_restore_client_packets',`
gen_require(`
type fac_restore_client_packet_t;
')
dontaudit $1 fac_restore_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive fac_restore_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_fac_restore_client_packets',`
corenet_send_fac_restore_client_packets($1)
corenet_receive_fac_restore_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive fac_restore_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_fac_restore_client_packets',`
corenet_dontaudit_send_fac_restore_client_packets($1)
corenet_dontaudit_receive_fac_restore_client_packets($1)
')
########################################
## <summary>
## Relabel packets to fac_restore_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_fac_restore_client_packets',`
gen_require(`
type fac_restore_client_packet_t;
')
allow $1 fac_restore_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send fac_restore_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_fac_restore_server_packets',`
gen_require(`
type fac_restore_server_packet_t;
')
allow $1 fac_restore_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send fac_restore_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_fac_restore_server_packets',`
gen_require(`
type fac_restore_server_packet_t;
')
dontaudit $1 fac_restore_server_packet_t:packet send;
')
########################################
## <summary>
## Receive fac_restore_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_fac_restore_server_packets',`
gen_require(`
type fac_restore_server_packet_t;
')
allow $1 fac_restore_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive fac_restore_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_fac_restore_server_packets',`
gen_require(`
type fac_restore_server_packet_t;
')
dontaudit $1 fac_restore_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive fac_restore_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_fac_restore_server_packets',`
corenet_send_fac_restore_server_packets($1)
corenet_receive_fac_restore_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive fac_restore_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_fac_restore_server_packets',`
corenet_dontaudit_send_fac_restore_server_packets($1)
corenet_dontaudit_receive_fac_restore_server_packets($1)
')
########################################
## <summary>
## Relabel packets to fac_restore_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_fac_restore_server_packets',`
gen_require(`
type fac_restore_server_packet_t;
')
allow $1 fac_restore_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_fingerd_port',`
gen_require(`
type fingerd_port_t;
')
allow $1 fingerd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_fingerd_port',`
gen_require(`
type fingerd_port_t;
')
allow $1 fingerd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_fingerd_port',`
gen_require(`
type fingerd_port_t;
')
dontaudit $1 fingerd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_fingerd_port',`
gen_require(`
type fingerd_port_t;
')
allow $1 fingerd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_fingerd_port',`
gen_require(`
type fingerd_port_t;
')
dontaudit $1 fingerd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_fingerd_port',`
corenet_udp_send_fingerd_port($1)
corenet_udp_receive_fingerd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_fingerd_port',`
corenet_dontaudit_udp_send_fingerd_port($1)
corenet_dontaudit_udp_receive_fingerd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_fingerd_port',`
gen_require(`
type fingerd_port_t;
')
allow $1 fingerd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_fingerd_port',`
gen_require(`
type fingerd_port_t;
')
allow $1 fingerd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_fingerd_port',`
gen_require(`
type fingerd_port_t;
')
dontaudit $1 fingerd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_fingerd_port',`
gen_require(`
type fingerd_port_t;
')
allow $1 fingerd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to fingerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_fingerd_port',`
gen_require(`
type fingerd_port_t;
')
dontaudit $1 fingerd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send fingerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_fingerd_client_packets',`
gen_require(`
type fingerd_client_packet_t;
')
allow $1 fingerd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send fingerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_fingerd_client_packets',`
gen_require(`
type fingerd_client_packet_t;
')
dontaudit $1 fingerd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive fingerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_fingerd_client_packets',`
gen_require(`
type fingerd_client_packet_t;
')
allow $1 fingerd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive fingerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_fingerd_client_packets',`
gen_require(`
type fingerd_client_packet_t;
')
dontaudit $1 fingerd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive fingerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_fingerd_client_packets',`
corenet_send_fingerd_client_packets($1)
corenet_receive_fingerd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive fingerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_fingerd_client_packets',`
corenet_dontaudit_send_fingerd_client_packets($1)
corenet_dontaudit_receive_fingerd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to fingerd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_fingerd_client_packets',`
gen_require(`
type fingerd_client_packet_t;
')
allow $1 fingerd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send fingerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_fingerd_server_packets',`
gen_require(`
type fingerd_server_packet_t;
')
allow $1 fingerd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send fingerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_fingerd_server_packets',`
gen_require(`
type fingerd_server_packet_t;
')
dontaudit $1 fingerd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive fingerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_fingerd_server_packets',`
gen_require(`
type fingerd_server_packet_t;
')
allow $1 fingerd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive fingerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_fingerd_server_packets',`
gen_require(`
type fingerd_server_packet_t;
')
dontaudit $1 fingerd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive fingerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_fingerd_server_packets',`
corenet_send_fingerd_server_packets($1)
corenet_receive_fingerd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive fingerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_fingerd_server_packets',`
corenet_dontaudit_send_fingerd_server_packets($1)
corenet_dontaudit_receive_fingerd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to fingerd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_fingerd_server_packets',`
gen_require(`
type fingerd_server_packet_t;
')
allow $1 fingerd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the firepower port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_firepower_port',`
gen_require(`
type firepower_port_t;
')
allow $1 firepower_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the firepower port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_firepower_port',`
gen_require(`
type firepower_port_t;
')
allow $1 firepower_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the firepower port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_firepower_port',`
gen_require(`
type firepower_port_t;
')
dontaudit $1 firepower_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the firepower port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_firepower_port',`
gen_require(`
type firepower_port_t;
')
allow $1 firepower_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the firepower port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_firepower_port',`
gen_require(`
type firepower_port_t;
')
dontaudit $1 firepower_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the firepower port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_firepower_port',`
corenet_udp_send_firepower_port($1)
corenet_udp_receive_firepower_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the firepower port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_firepower_port',`
corenet_dontaudit_udp_send_firepower_port($1)
corenet_dontaudit_udp_receive_firepower_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the firepower port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_firepower_port',`
gen_require(`
type firepower_port_t;
')
allow $1 firepower_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the firepower port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_firepower_port',`
gen_require(`
type firepower_port_t;
')
allow $1 firepower_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to firepower port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_firepower_port',`
gen_require(`
type firepower_port_t;
')
dontaudit $1 firepower_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the firepower port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_firepower_port',`
gen_require(`
type firepower_port_t;
')
allow $1 firepower_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to firepower port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_firepower_port',`
gen_require(`
type firepower_port_t;
')
dontaudit $1 firepower_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send firepower_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_firepower_client_packets',`
gen_require(`
type firepower_client_packet_t;
')
allow $1 firepower_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send firepower_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_firepower_client_packets',`
gen_require(`
type firepower_client_packet_t;
')
dontaudit $1 firepower_client_packet_t:packet send;
')
########################################
## <summary>
## Receive firepower_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_firepower_client_packets',`
gen_require(`
type firepower_client_packet_t;
')
allow $1 firepower_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive firepower_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_firepower_client_packets',`
gen_require(`
type firepower_client_packet_t;
')
dontaudit $1 firepower_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive firepower_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_firepower_client_packets',`
corenet_send_firepower_client_packets($1)
corenet_receive_firepower_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive firepower_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_firepower_client_packets',`
corenet_dontaudit_send_firepower_client_packets($1)
corenet_dontaudit_receive_firepower_client_packets($1)
')
########################################
## <summary>
## Relabel packets to firepower_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_firepower_client_packets',`
gen_require(`
type firepower_client_packet_t;
')
allow $1 firepower_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send firepower_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_firepower_server_packets',`
gen_require(`
type firepower_server_packet_t;
')
allow $1 firepower_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send firepower_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_firepower_server_packets',`
gen_require(`
type firepower_server_packet_t;
')
dontaudit $1 firepower_server_packet_t:packet send;
')
########################################
## <summary>
## Receive firepower_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_firepower_server_packets',`
gen_require(`
type firepower_server_packet_t;
')
allow $1 firepower_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive firepower_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_firepower_server_packets',`
gen_require(`
type firepower_server_packet_t;
')
dontaudit $1 firepower_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive firepower_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_firepower_server_packets',`
corenet_send_firepower_server_packets($1)
corenet_receive_firepower_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive firepower_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_firepower_server_packets',`
corenet_dontaudit_send_firepower_server_packets($1)
corenet_dontaudit_receive_firepower_server_packets($1)
')
########################################
## <summary>
## Relabel packets to firepower_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_firepower_server_packets',`
gen_require(`
type firepower_server_packet_t;
')
allow $1 firepower_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the fmpro_internal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_fmpro_internal_port',`
gen_require(`
type fmpro_internal_port_t;
')
allow $1 fmpro_internal_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the fmpro_internal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_fmpro_internal_port',`
gen_require(`
type fmpro_internal_port_t;
')
allow $1 fmpro_internal_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the fmpro_internal port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_fmpro_internal_port',`
gen_require(`
type fmpro_internal_port_t;
')
dontaudit $1 fmpro_internal_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the fmpro_internal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_fmpro_internal_port',`
gen_require(`
type fmpro_internal_port_t;
')
allow $1 fmpro_internal_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the fmpro_internal port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_fmpro_internal_port',`
gen_require(`
type fmpro_internal_port_t;
')
dontaudit $1 fmpro_internal_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the fmpro_internal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_fmpro_internal_port',`
corenet_udp_send_fmpro_internal_port($1)
corenet_udp_receive_fmpro_internal_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the fmpro_internal port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_fmpro_internal_port',`
corenet_dontaudit_udp_send_fmpro_internal_port($1)
corenet_dontaudit_udp_receive_fmpro_internal_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the fmpro_internal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_fmpro_internal_port',`
gen_require(`
type fmpro_internal_port_t;
')
allow $1 fmpro_internal_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the fmpro_internal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_fmpro_internal_port',`
gen_require(`
type fmpro_internal_port_t;
')
allow $1 fmpro_internal_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to fmpro_internal port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_fmpro_internal_port',`
gen_require(`
type fmpro_internal_port_t;
')
dontaudit $1 fmpro_internal_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the fmpro_internal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_fmpro_internal_port',`
gen_require(`
type fmpro_internal_port_t;
')
allow $1 fmpro_internal_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to fmpro_internal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_fmpro_internal_port',`
gen_require(`
type fmpro_internal_port_t;
')
dontaudit $1 fmpro_internal_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send fmpro_internal_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_fmpro_internal_client_packets',`
gen_require(`
type fmpro_internal_client_packet_t;
')
allow $1 fmpro_internal_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send fmpro_internal_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_fmpro_internal_client_packets',`
gen_require(`
type fmpro_internal_client_packet_t;
')
dontaudit $1 fmpro_internal_client_packet_t:packet send;
')
########################################
## <summary>
## Receive fmpro_internal_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_fmpro_internal_client_packets',`
gen_require(`
type fmpro_internal_client_packet_t;
')
allow $1 fmpro_internal_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive fmpro_internal_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_fmpro_internal_client_packets',`
gen_require(`
type fmpro_internal_client_packet_t;
')
dontaudit $1 fmpro_internal_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive fmpro_internal_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_fmpro_internal_client_packets',`
corenet_send_fmpro_internal_client_packets($1)
corenet_receive_fmpro_internal_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive fmpro_internal_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_fmpro_internal_client_packets',`
corenet_dontaudit_send_fmpro_internal_client_packets($1)
corenet_dontaudit_receive_fmpro_internal_client_packets($1)
')
########################################
## <summary>
## Relabel packets to fmpro_internal_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_fmpro_internal_client_packets',`
gen_require(`
type fmpro_internal_client_packet_t;
')
allow $1 fmpro_internal_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send fmpro_internal_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_fmpro_internal_server_packets',`
gen_require(`
type fmpro_internal_server_packet_t;
')
allow $1 fmpro_internal_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send fmpro_internal_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_fmpro_internal_server_packets',`
gen_require(`
type fmpro_internal_server_packet_t;
')
dontaudit $1 fmpro_internal_server_packet_t:packet send;
')
########################################
## <summary>
## Receive fmpro_internal_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_fmpro_internal_server_packets',`
gen_require(`
type fmpro_internal_server_packet_t;
')
allow $1 fmpro_internal_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive fmpro_internal_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_fmpro_internal_server_packets',`
gen_require(`
type fmpro_internal_server_packet_t;
')
dontaudit $1 fmpro_internal_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive fmpro_internal_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_fmpro_internal_server_packets',`
corenet_send_fmpro_internal_server_packets($1)
corenet_receive_fmpro_internal_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive fmpro_internal_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_fmpro_internal_server_packets',`
corenet_dontaudit_send_fmpro_internal_server_packets($1)
corenet_dontaudit_receive_fmpro_internal_server_packets($1)
')
########################################
## <summary>
## Relabel packets to fmpro_internal_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_fmpro_internal_server_packets',`
gen_require(`
type fmpro_internal_server_packet_t;
')
allow $1 fmpro_internal_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_flash_port',`
gen_require(`
type flash_port_t;
')
allow $1 flash_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_flash_port',`
gen_require(`
type flash_port_t;
')
allow $1 flash_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_flash_port',`
gen_require(`
type flash_port_t;
')
dontaudit $1 flash_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_flash_port',`
gen_require(`
type flash_port_t;
')
allow $1 flash_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_flash_port',`
gen_require(`
type flash_port_t;
')
dontaudit $1 flash_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_flash_port',`
corenet_udp_send_flash_port($1)
corenet_udp_receive_flash_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_flash_port',`
corenet_dontaudit_udp_send_flash_port($1)
corenet_dontaudit_udp_receive_flash_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_flash_port',`
gen_require(`
type flash_port_t;
')
allow $1 flash_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_flash_port',`
gen_require(`
type flash_port_t;
')
allow $1 flash_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_flash_port',`
gen_require(`
type flash_port_t;
')
dontaudit $1 flash_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_flash_port',`
gen_require(`
type flash_port_t;
')
allow $1 flash_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to flash port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_flash_port',`
gen_require(`
type flash_port_t;
')
dontaudit $1 flash_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send flash_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_flash_client_packets',`
gen_require(`
type flash_client_packet_t;
')
allow $1 flash_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send flash_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_flash_client_packets',`
gen_require(`
type flash_client_packet_t;
')
dontaudit $1 flash_client_packet_t:packet send;
')
########################################
## <summary>
## Receive flash_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_flash_client_packets',`
gen_require(`
type flash_client_packet_t;
')
allow $1 flash_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive flash_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_flash_client_packets',`
gen_require(`
type flash_client_packet_t;
')
dontaudit $1 flash_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive flash_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_flash_client_packets',`
corenet_send_flash_client_packets($1)
corenet_receive_flash_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive flash_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_flash_client_packets',`
corenet_dontaudit_send_flash_client_packets($1)
corenet_dontaudit_receive_flash_client_packets($1)
')
########################################
## <summary>
## Relabel packets to flash_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_flash_client_packets',`
gen_require(`
type flash_client_packet_t;
')
allow $1 flash_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send flash_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_flash_server_packets',`
gen_require(`
type flash_server_packet_t;
')
allow $1 flash_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send flash_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_flash_server_packets',`
gen_require(`
type flash_server_packet_t;
')
dontaudit $1 flash_server_packet_t:packet send;
')
########################################
## <summary>
## Receive flash_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_flash_server_packets',`
gen_require(`
type flash_server_packet_t;
')
allow $1 flash_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive flash_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_flash_server_packets',`
gen_require(`
type flash_server_packet_t;
')
dontaudit $1 flash_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive flash_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_flash_server_packets',`
corenet_send_flash_server_packets($1)
corenet_receive_flash_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive flash_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_flash_server_packets',`
corenet_dontaudit_send_flash_server_packets($1)
corenet_dontaudit_receive_flash_server_packets($1)
')
########################################
## <summary>
## Relabel packets to flash_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_flash_server_packets',`
gen_require(`
type flash_server_packet_t;
')
allow $1 flash_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_freeipmi_port',`
gen_require(`
type freeipmi_port_t;
')
allow $1 freeipmi_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_freeipmi_port',`
gen_require(`
type freeipmi_port_t;
')
allow $1 freeipmi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_freeipmi_port',`
gen_require(`
type freeipmi_port_t;
')
dontaudit $1 freeipmi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_freeipmi_port',`
gen_require(`
type freeipmi_port_t;
')
allow $1 freeipmi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_freeipmi_port',`
gen_require(`
type freeipmi_port_t;
')
dontaudit $1 freeipmi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_freeipmi_port',`
corenet_udp_send_freeipmi_port($1)
corenet_udp_receive_freeipmi_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_freeipmi_port',`
corenet_dontaudit_udp_send_freeipmi_port($1)
corenet_dontaudit_udp_receive_freeipmi_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_freeipmi_port',`
gen_require(`
type freeipmi_port_t;
')
allow $1 freeipmi_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_freeipmi_port',`
gen_require(`
type freeipmi_port_t;
')
allow $1 freeipmi_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_freeipmi_port',`
gen_require(`
type freeipmi_port_t;
')
dontaudit $1 freeipmi_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_freeipmi_port',`
gen_require(`
type freeipmi_port_t;
')
allow $1 freeipmi_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to freeipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_freeipmi_port',`
gen_require(`
type freeipmi_port_t;
')
dontaudit $1 freeipmi_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send freeipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_freeipmi_client_packets',`
gen_require(`
type freeipmi_client_packet_t;
')
allow $1 freeipmi_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send freeipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_freeipmi_client_packets',`
gen_require(`
type freeipmi_client_packet_t;
')
dontaudit $1 freeipmi_client_packet_t:packet send;
')
########################################
## <summary>
## Receive freeipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_freeipmi_client_packets',`
gen_require(`
type freeipmi_client_packet_t;
')
allow $1 freeipmi_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive freeipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_freeipmi_client_packets',`
gen_require(`
type freeipmi_client_packet_t;
')
dontaudit $1 freeipmi_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive freeipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_freeipmi_client_packets',`
corenet_send_freeipmi_client_packets($1)
corenet_receive_freeipmi_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive freeipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_freeipmi_client_packets',`
corenet_dontaudit_send_freeipmi_client_packets($1)
corenet_dontaudit_receive_freeipmi_client_packets($1)
')
########################################
## <summary>
## Relabel packets to freeipmi_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_freeipmi_client_packets',`
gen_require(`
type freeipmi_client_packet_t;
')
allow $1 freeipmi_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send freeipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_freeipmi_server_packets',`
gen_require(`
type freeipmi_server_packet_t;
')
allow $1 freeipmi_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send freeipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_freeipmi_server_packets',`
gen_require(`
type freeipmi_server_packet_t;
')
dontaudit $1 freeipmi_server_packet_t:packet send;
')
########################################
## <summary>
## Receive freeipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_freeipmi_server_packets',`
gen_require(`
type freeipmi_server_packet_t;
')
allow $1 freeipmi_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive freeipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_freeipmi_server_packets',`
gen_require(`
type freeipmi_server_packet_t;
')
dontaudit $1 freeipmi_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive freeipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_freeipmi_server_packets',`
corenet_send_freeipmi_server_packets($1)
corenet_receive_freeipmi_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive freeipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_freeipmi_server_packets',`
corenet_dontaudit_send_freeipmi_server_packets($1)
corenet_dontaudit_receive_freeipmi_server_packets($1)
')
########################################
## <summary>
## Relabel packets to freeipmi_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_freeipmi_server_packets',`
gen_require(`
type freeipmi_server_packet_t;
')
allow $1 freeipmi_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ftp_port',`
gen_require(`
type ftp_port_t;
')
allow $1 ftp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ftp_port',`
gen_require(`
type ftp_port_t;
')
allow $1 ftp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ftp_port',`
gen_require(`
type ftp_port_t;
')
dontaudit $1 ftp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ftp_port',`
gen_require(`
type ftp_port_t;
')
allow $1 ftp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ftp_port',`
gen_require(`
type ftp_port_t;
')
dontaudit $1 ftp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ftp_port',`
corenet_udp_send_ftp_port($1)
corenet_udp_receive_ftp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ftp_port',`
corenet_dontaudit_udp_send_ftp_port($1)
corenet_dontaudit_udp_receive_ftp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ftp_port',`
gen_require(`
type ftp_port_t;
')
allow $1 ftp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ftp_port',`
gen_require(`
type ftp_port_t;
')
allow $1 ftp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ftp_port',`
gen_require(`
type ftp_port_t;
')
dontaudit $1 ftp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ftp_port',`
gen_require(`
type ftp_port_t;
')
allow $1 ftp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ftp_port',`
gen_require(`
type ftp_port_t;
')
dontaudit $1 ftp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ftp_client_packets',`
gen_require(`
type ftp_client_packet_t;
')
allow $1 ftp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ftp_client_packets',`
gen_require(`
type ftp_client_packet_t;
')
dontaudit $1 ftp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ftp_client_packets',`
gen_require(`
type ftp_client_packet_t;
')
allow $1 ftp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ftp_client_packets',`
gen_require(`
type ftp_client_packet_t;
')
dontaudit $1 ftp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ftp_client_packets',`
corenet_send_ftp_client_packets($1)
corenet_receive_ftp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ftp_client_packets',`
corenet_dontaudit_send_ftp_client_packets($1)
corenet_dontaudit_receive_ftp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ftp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ftp_client_packets',`
gen_require(`
type ftp_client_packet_t;
')
allow $1 ftp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ftp_server_packets',`
gen_require(`
type ftp_server_packet_t;
')
allow $1 ftp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ftp_server_packets',`
gen_require(`
type ftp_server_packet_t;
')
dontaudit $1 ftp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ftp_server_packets',`
gen_require(`
type ftp_server_packet_t;
')
allow $1 ftp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ftp_server_packets',`
gen_require(`
type ftp_server_packet_t;
')
dontaudit $1 ftp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ftp_server_packets',`
corenet_send_ftp_server_packets($1)
corenet_receive_ftp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ftp_server_packets',`
corenet_dontaudit_send_ftp_server_packets($1)
corenet_dontaudit_receive_ftp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ftp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ftp_server_packets',`
gen_require(`
type ftp_server_packet_t;
')
allow $1 ftp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ftp_data_port',`
gen_require(`
type ftp_data_port_t;
')
allow $1 ftp_data_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ftp_data_port',`
gen_require(`
type ftp_data_port_t;
')
allow $1 ftp_data_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ftp_data_port',`
gen_require(`
type ftp_data_port_t;
')
dontaudit $1 ftp_data_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ftp_data_port',`
gen_require(`
type ftp_data_port_t;
')
allow $1 ftp_data_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ftp_data_port',`
gen_require(`
type ftp_data_port_t;
')
dontaudit $1 ftp_data_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ftp_data_port',`
corenet_udp_send_ftp_data_port($1)
corenet_udp_receive_ftp_data_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ftp_data_port',`
corenet_dontaudit_udp_send_ftp_data_port($1)
corenet_dontaudit_udp_receive_ftp_data_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ftp_data_port',`
gen_require(`
type ftp_data_port_t;
')
allow $1 ftp_data_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ftp_data_port',`
gen_require(`
type ftp_data_port_t;
')
allow $1 ftp_data_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ftp_data_port',`
gen_require(`
type ftp_data_port_t;
')
dontaudit $1 ftp_data_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ftp_data_port',`
gen_require(`
type ftp_data_port_t;
')
allow $1 ftp_data_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ftp_data port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ftp_data_port',`
gen_require(`
type ftp_data_port_t;
')
dontaudit $1 ftp_data_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ftp_data_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ftp_data_client_packets',`
gen_require(`
type ftp_data_client_packet_t;
')
allow $1 ftp_data_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ftp_data_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ftp_data_client_packets',`
gen_require(`
type ftp_data_client_packet_t;
')
dontaudit $1 ftp_data_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ftp_data_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ftp_data_client_packets',`
gen_require(`
type ftp_data_client_packet_t;
')
allow $1 ftp_data_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ftp_data_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ftp_data_client_packets',`
gen_require(`
type ftp_data_client_packet_t;
')
dontaudit $1 ftp_data_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ftp_data_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ftp_data_client_packets',`
corenet_send_ftp_data_client_packets($1)
corenet_receive_ftp_data_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ftp_data_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ftp_data_client_packets',`
corenet_dontaudit_send_ftp_data_client_packets($1)
corenet_dontaudit_receive_ftp_data_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ftp_data_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ftp_data_client_packets',`
gen_require(`
type ftp_data_client_packet_t;
')
allow $1 ftp_data_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ftp_data_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ftp_data_server_packets',`
gen_require(`
type ftp_data_server_packet_t;
')
allow $1 ftp_data_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ftp_data_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ftp_data_server_packets',`
gen_require(`
type ftp_data_server_packet_t;
')
dontaudit $1 ftp_data_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ftp_data_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ftp_data_server_packets',`
gen_require(`
type ftp_data_server_packet_t;
')
allow $1 ftp_data_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ftp_data_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ftp_data_server_packets',`
gen_require(`
type ftp_data_server_packet_t;
')
dontaudit $1 ftp_data_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ftp_data_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ftp_data_server_packets',`
corenet_send_ftp_data_server_packets($1)
corenet_receive_ftp_data_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ftp_data_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ftp_data_server_packets',`
corenet_dontaudit_send_ftp_data_server_packets($1)
corenet_dontaudit_receive_ftp_data_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ftp_data_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ftp_data_server_packets',`
gen_require(`
type ftp_data_server_packet_t;
')
allow $1 ftp_data_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_gatekeeper_port',`
gen_require(`
type gatekeeper_port_t;
')
allow $1 gatekeeper_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_gatekeeper_port',`
gen_require(`
type gatekeeper_port_t;
')
allow $1 gatekeeper_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_gatekeeper_port',`
gen_require(`
type gatekeeper_port_t;
')
dontaudit $1 gatekeeper_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_gatekeeper_port',`
gen_require(`
type gatekeeper_port_t;
')
allow $1 gatekeeper_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_gatekeeper_port',`
gen_require(`
type gatekeeper_port_t;
')
dontaudit $1 gatekeeper_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_gatekeeper_port',`
corenet_udp_send_gatekeeper_port($1)
corenet_udp_receive_gatekeeper_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_gatekeeper_port',`
corenet_dontaudit_udp_send_gatekeeper_port($1)
corenet_dontaudit_udp_receive_gatekeeper_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_gatekeeper_port',`
gen_require(`
type gatekeeper_port_t;
')
allow $1 gatekeeper_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_gatekeeper_port',`
gen_require(`
type gatekeeper_port_t;
')
allow $1 gatekeeper_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_gatekeeper_port',`
gen_require(`
type gatekeeper_port_t;
')
dontaudit $1 gatekeeper_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_gatekeeper_port',`
gen_require(`
type gatekeeper_port_t;
')
allow $1 gatekeeper_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to gatekeeper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_gatekeeper_port',`
gen_require(`
type gatekeeper_port_t;
')
dontaudit $1 gatekeeper_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send gatekeeper_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gatekeeper_client_packets',`
gen_require(`
type gatekeeper_client_packet_t;
')
allow $1 gatekeeper_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gatekeeper_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gatekeeper_client_packets',`
gen_require(`
type gatekeeper_client_packet_t;
')
dontaudit $1 gatekeeper_client_packet_t:packet send;
')
########################################
## <summary>
## Receive gatekeeper_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gatekeeper_client_packets',`
gen_require(`
type gatekeeper_client_packet_t;
')
allow $1 gatekeeper_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gatekeeper_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gatekeeper_client_packets',`
gen_require(`
type gatekeeper_client_packet_t;
')
dontaudit $1 gatekeeper_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gatekeeper_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gatekeeper_client_packets',`
corenet_send_gatekeeper_client_packets($1)
corenet_receive_gatekeeper_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gatekeeper_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gatekeeper_client_packets',`
corenet_dontaudit_send_gatekeeper_client_packets($1)
corenet_dontaudit_receive_gatekeeper_client_packets($1)
')
########################################
## <summary>
## Relabel packets to gatekeeper_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gatekeeper_client_packets',`
gen_require(`
type gatekeeper_client_packet_t;
')
allow $1 gatekeeper_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send gatekeeper_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gatekeeper_server_packets',`
gen_require(`
type gatekeeper_server_packet_t;
')
allow $1 gatekeeper_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gatekeeper_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gatekeeper_server_packets',`
gen_require(`
type gatekeeper_server_packet_t;
')
dontaudit $1 gatekeeper_server_packet_t:packet send;
')
########################################
## <summary>
## Receive gatekeeper_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gatekeeper_server_packets',`
gen_require(`
type gatekeeper_server_packet_t;
')
allow $1 gatekeeper_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gatekeeper_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gatekeeper_server_packets',`
gen_require(`
type gatekeeper_server_packet_t;
')
dontaudit $1 gatekeeper_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gatekeeper_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gatekeeper_server_packets',`
corenet_send_gatekeeper_server_packets($1)
corenet_receive_gatekeeper_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gatekeeper_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gatekeeper_server_packets',`
corenet_dontaudit_send_gatekeeper_server_packets($1)
corenet_dontaudit_receive_gatekeeper_server_packets($1)
')
########################################
## <summary>
## Relabel packets to gatekeeper_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gatekeeper_server_packets',`
gen_require(`
type gatekeeper_server_packet_t;
')
allow $1 gatekeeper_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the gear port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_gear_port',`
gen_require(`
type gear_port_t;
')
allow $1 gear_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the gear port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_gear_port',`
gen_require(`
type gear_port_t;
')
allow $1 gear_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the gear port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_gear_port',`
gen_require(`
type gear_port_t;
')
dontaudit $1 gear_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the gear port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_gear_port',`
gen_require(`
type gear_port_t;
')
allow $1 gear_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the gear port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_gear_port',`
gen_require(`
type gear_port_t;
')
dontaudit $1 gear_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the gear port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_gear_port',`
corenet_udp_send_gear_port($1)
corenet_udp_receive_gear_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the gear port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_gear_port',`
corenet_dontaudit_udp_send_gear_port($1)
corenet_dontaudit_udp_receive_gear_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the gear port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_gear_port',`
gen_require(`
type gear_port_t;
')
allow $1 gear_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the gear port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_gear_port',`
gen_require(`
type gear_port_t;
')
allow $1 gear_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to gear port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_gear_port',`
gen_require(`
type gear_port_t;
')
dontaudit $1 gear_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the gear port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_gear_port',`
gen_require(`
type gear_port_t;
')
allow $1 gear_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to gear port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_gear_port',`
gen_require(`
type gear_port_t;
')
dontaudit $1 gear_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send gear_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gear_client_packets',`
gen_require(`
type gear_client_packet_t;
')
allow $1 gear_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gear_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gear_client_packets',`
gen_require(`
type gear_client_packet_t;
')
dontaudit $1 gear_client_packet_t:packet send;
')
########################################
## <summary>
## Receive gear_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gear_client_packets',`
gen_require(`
type gear_client_packet_t;
')
allow $1 gear_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gear_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gear_client_packets',`
gen_require(`
type gear_client_packet_t;
')
dontaudit $1 gear_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gear_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gear_client_packets',`
corenet_send_gear_client_packets($1)
corenet_receive_gear_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gear_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gear_client_packets',`
corenet_dontaudit_send_gear_client_packets($1)
corenet_dontaudit_receive_gear_client_packets($1)
')
########################################
## <summary>
## Relabel packets to gear_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gear_client_packets',`
gen_require(`
type gear_client_packet_t;
')
allow $1 gear_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send gear_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gear_server_packets',`
gen_require(`
type gear_server_packet_t;
')
allow $1 gear_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gear_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gear_server_packets',`
gen_require(`
type gear_server_packet_t;
')
dontaudit $1 gear_server_packet_t:packet send;
')
########################################
## <summary>
## Receive gear_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gear_server_packets',`
gen_require(`
type gear_server_packet_t;
')
allow $1 gear_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gear_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gear_server_packets',`
gen_require(`
type gear_server_packet_t;
')
dontaudit $1 gear_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gear_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gear_server_packets',`
corenet_send_gear_server_packets($1)
corenet_receive_gear_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gear_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gear_server_packets',`
corenet_dontaudit_send_gear_server_packets($1)
corenet_dontaudit_receive_gear_server_packets($1)
')
########################################
## <summary>
## Relabel packets to gear_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gear_server_packets',`
gen_require(`
type gear_server_packet_t;
')
allow $1 gear_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the geneve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_geneve_port',`
gen_require(`
type geneve_port_t;
')
allow $1 geneve_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the geneve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_geneve_port',`
gen_require(`
type geneve_port_t;
')
allow $1 geneve_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the geneve port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_geneve_port',`
gen_require(`
type geneve_port_t;
')
dontaudit $1 geneve_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the geneve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_geneve_port',`
gen_require(`
type geneve_port_t;
')
allow $1 geneve_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the geneve port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_geneve_port',`
gen_require(`
type geneve_port_t;
')
dontaudit $1 geneve_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the geneve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_geneve_port',`
corenet_udp_send_geneve_port($1)
corenet_udp_receive_geneve_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the geneve port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_geneve_port',`
corenet_dontaudit_udp_send_geneve_port($1)
corenet_dontaudit_udp_receive_geneve_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the geneve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_geneve_port',`
gen_require(`
type geneve_port_t;
')
allow $1 geneve_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the geneve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_geneve_port',`
gen_require(`
type geneve_port_t;
')
allow $1 geneve_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to geneve port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_geneve_port',`
gen_require(`
type geneve_port_t;
')
dontaudit $1 geneve_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the geneve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_geneve_port',`
gen_require(`
type geneve_port_t;
')
allow $1 geneve_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to geneve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_geneve_port',`
gen_require(`
type geneve_port_t;
')
dontaudit $1 geneve_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send geneve_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_geneve_client_packets',`
gen_require(`
type geneve_client_packet_t;
')
allow $1 geneve_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send geneve_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_geneve_client_packets',`
gen_require(`
type geneve_client_packet_t;
')
dontaudit $1 geneve_client_packet_t:packet send;
')
########################################
## <summary>
## Receive geneve_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_geneve_client_packets',`
gen_require(`
type geneve_client_packet_t;
')
allow $1 geneve_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive geneve_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_geneve_client_packets',`
gen_require(`
type geneve_client_packet_t;
')
dontaudit $1 geneve_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive geneve_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_geneve_client_packets',`
corenet_send_geneve_client_packets($1)
corenet_receive_geneve_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive geneve_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_geneve_client_packets',`
corenet_dontaudit_send_geneve_client_packets($1)
corenet_dontaudit_receive_geneve_client_packets($1)
')
########################################
## <summary>
## Relabel packets to geneve_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_geneve_client_packets',`
gen_require(`
type geneve_client_packet_t;
')
allow $1 geneve_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send geneve_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_geneve_server_packets',`
gen_require(`
type geneve_server_packet_t;
')
allow $1 geneve_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send geneve_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_geneve_server_packets',`
gen_require(`
type geneve_server_packet_t;
')
dontaudit $1 geneve_server_packet_t:packet send;
')
########################################
## <summary>
## Receive geneve_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_geneve_server_packets',`
gen_require(`
type geneve_server_packet_t;
')
allow $1 geneve_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive geneve_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_geneve_server_packets',`
gen_require(`
type geneve_server_packet_t;
')
dontaudit $1 geneve_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive geneve_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_geneve_server_packets',`
corenet_send_geneve_server_packets($1)
corenet_receive_geneve_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive geneve_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_geneve_server_packets',`
corenet_dontaudit_send_geneve_server_packets($1)
corenet_dontaudit_receive_geneve_server_packets($1)
')
########################################
## <summary>
## Relabel packets to geneve_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_geneve_server_packets',`
gen_require(`
type geneve_server_packet_t;
')
allow $1 geneve_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the gdomap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_gdomap_port',`
gen_require(`
type gdomap_port_t;
')
allow $1 gdomap_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the gdomap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_gdomap_port',`
gen_require(`
type gdomap_port_t;
')
allow $1 gdomap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the gdomap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_gdomap_port',`
gen_require(`
type gdomap_port_t;
')
dontaudit $1 gdomap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the gdomap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_gdomap_port',`
gen_require(`
type gdomap_port_t;
')
allow $1 gdomap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the gdomap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_gdomap_port',`
gen_require(`
type gdomap_port_t;
')
dontaudit $1 gdomap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the gdomap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_gdomap_port',`
corenet_udp_send_gdomap_port($1)
corenet_udp_receive_gdomap_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the gdomap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_gdomap_port',`
corenet_dontaudit_udp_send_gdomap_port($1)
corenet_dontaudit_udp_receive_gdomap_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the gdomap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_gdomap_port',`
gen_require(`
type gdomap_port_t;
')
allow $1 gdomap_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the gdomap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_gdomap_port',`
gen_require(`
type gdomap_port_t;
')
allow $1 gdomap_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to gdomap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_gdomap_port',`
gen_require(`
type gdomap_port_t;
')
dontaudit $1 gdomap_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the gdomap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_gdomap_port',`
gen_require(`
type gdomap_port_t;
')
allow $1 gdomap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to gdomap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_gdomap_port',`
gen_require(`
type gdomap_port_t;
')
dontaudit $1 gdomap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send gdomap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gdomap_client_packets',`
gen_require(`
type gdomap_client_packet_t;
')
allow $1 gdomap_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gdomap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gdomap_client_packets',`
gen_require(`
type gdomap_client_packet_t;
')
dontaudit $1 gdomap_client_packet_t:packet send;
')
########################################
## <summary>
## Receive gdomap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gdomap_client_packets',`
gen_require(`
type gdomap_client_packet_t;
')
allow $1 gdomap_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gdomap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gdomap_client_packets',`
gen_require(`
type gdomap_client_packet_t;
')
dontaudit $1 gdomap_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gdomap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gdomap_client_packets',`
corenet_send_gdomap_client_packets($1)
corenet_receive_gdomap_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gdomap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gdomap_client_packets',`
corenet_dontaudit_send_gdomap_client_packets($1)
corenet_dontaudit_receive_gdomap_client_packets($1)
')
########################################
## <summary>
## Relabel packets to gdomap_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gdomap_client_packets',`
gen_require(`
type gdomap_client_packet_t;
')
allow $1 gdomap_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send gdomap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gdomap_server_packets',`
gen_require(`
type gdomap_server_packet_t;
')
allow $1 gdomap_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gdomap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gdomap_server_packets',`
gen_require(`
type gdomap_server_packet_t;
')
dontaudit $1 gdomap_server_packet_t:packet send;
')
########################################
## <summary>
## Receive gdomap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gdomap_server_packets',`
gen_require(`
type gdomap_server_packet_t;
')
allow $1 gdomap_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gdomap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gdomap_server_packets',`
gen_require(`
type gdomap_server_packet_t;
')
dontaudit $1 gdomap_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gdomap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gdomap_server_packets',`
corenet_send_gdomap_server_packets($1)
corenet_receive_gdomap_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gdomap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gdomap_server_packets',`
corenet_dontaudit_send_gdomap_server_packets($1)
corenet_dontaudit_receive_gdomap_server_packets($1)
')
########################################
## <summary>
## Relabel packets to gdomap_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gdomap_server_packets',`
gen_require(`
type gdomap_server_packet_t;
')
allow $1 gdomap_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the gds_db port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_gds_db_port',`
gen_require(`
type gds_db_port_t;
')
allow $1 gds_db_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the gds_db port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_gds_db_port',`
gen_require(`
type gds_db_port_t;
')
allow $1 gds_db_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the gds_db port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_gds_db_port',`
gen_require(`
type gds_db_port_t;
')
dontaudit $1 gds_db_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the gds_db port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_gds_db_port',`
gen_require(`
type gds_db_port_t;
')
allow $1 gds_db_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the gds_db port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_gds_db_port',`
gen_require(`
type gds_db_port_t;
')
dontaudit $1 gds_db_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the gds_db port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_gds_db_port',`
corenet_udp_send_gds_db_port($1)
corenet_udp_receive_gds_db_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the gds_db port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_gds_db_port',`
corenet_dontaudit_udp_send_gds_db_port($1)
corenet_dontaudit_udp_receive_gds_db_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the gds_db port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_gds_db_port',`
gen_require(`
type gds_db_port_t;
')
allow $1 gds_db_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the gds_db port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_gds_db_port',`
gen_require(`
type gds_db_port_t;
')
allow $1 gds_db_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to gds_db port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_gds_db_port',`
gen_require(`
type gds_db_port_t;
')
dontaudit $1 gds_db_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the gds_db port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_gds_db_port',`
gen_require(`
type gds_db_port_t;
')
allow $1 gds_db_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to gds_db port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_gds_db_port',`
gen_require(`
type gds_db_port_t;
')
dontaudit $1 gds_db_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send gds_db_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gds_db_client_packets',`
gen_require(`
type gds_db_client_packet_t;
')
allow $1 gds_db_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gds_db_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gds_db_client_packets',`
gen_require(`
type gds_db_client_packet_t;
')
dontaudit $1 gds_db_client_packet_t:packet send;
')
########################################
## <summary>
## Receive gds_db_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gds_db_client_packets',`
gen_require(`
type gds_db_client_packet_t;
')
allow $1 gds_db_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gds_db_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gds_db_client_packets',`
gen_require(`
type gds_db_client_packet_t;
')
dontaudit $1 gds_db_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gds_db_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gds_db_client_packets',`
corenet_send_gds_db_client_packets($1)
corenet_receive_gds_db_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gds_db_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gds_db_client_packets',`
corenet_dontaudit_send_gds_db_client_packets($1)
corenet_dontaudit_receive_gds_db_client_packets($1)
')
########################################
## <summary>
## Relabel packets to gds_db_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gds_db_client_packets',`
gen_require(`
type gds_db_client_packet_t;
')
allow $1 gds_db_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send gds_db_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gds_db_server_packets',`
gen_require(`
type gds_db_server_packet_t;
')
allow $1 gds_db_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gds_db_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gds_db_server_packets',`
gen_require(`
type gds_db_server_packet_t;
')
dontaudit $1 gds_db_server_packet_t:packet send;
')
########################################
## <summary>
## Receive gds_db_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gds_db_server_packets',`
gen_require(`
type gds_db_server_packet_t;
')
allow $1 gds_db_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gds_db_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gds_db_server_packets',`
gen_require(`
type gds_db_server_packet_t;
')
dontaudit $1 gds_db_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gds_db_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gds_db_server_packets',`
corenet_send_gds_db_server_packets($1)
corenet_receive_gds_db_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gds_db_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gds_db_server_packets',`
corenet_dontaudit_send_gds_db_server_packets($1)
corenet_dontaudit_receive_gds_db_server_packets($1)
')
########################################
## <summary>
## Relabel packets to gds_db_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gds_db_server_packets',`
gen_require(`
type gds_db_server_packet_t;
')
allow $1 gds_db_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_giftd_port',`
gen_require(`
type giftd_port_t;
')
allow $1 giftd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_giftd_port',`
gen_require(`
type giftd_port_t;
')
allow $1 giftd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_giftd_port',`
gen_require(`
type giftd_port_t;
')
dontaudit $1 giftd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_giftd_port',`
gen_require(`
type giftd_port_t;
')
allow $1 giftd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_giftd_port',`
gen_require(`
type giftd_port_t;
')
dontaudit $1 giftd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_giftd_port',`
corenet_udp_send_giftd_port($1)
corenet_udp_receive_giftd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_giftd_port',`
corenet_dontaudit_udp_send_giftd_port($1)
corenet_dontaudit_udp_receive_giftd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_giftd_port',`
gen_require(`
type giftd_port_t;
')
allow $1 giftd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_giftd_port',`
gen_require(`
type giftd_port_t;
')
allow $1 giftd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_giftd_port',`
gen_require(`
type giftd_port_t;
')
dontaudit $1 giftd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_giftd_port',`
gen_require(`
type giftd_port_t;
')
allow $1 giftd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to giftd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_giftd_port',`
gen_require(`
type giftd_port_t;
')
dontaudit $1 giftd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send giftd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_giftd_client_packets',`
gen_require(`
type giftd_client_packet_t;
')
allow $1 giftd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send giftd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_giftd_client_packets',`
gen_require(`
type giftd_client_packet_t;
')
dontaudit $1 giftd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive giftd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_giftd_client_packets',`
gen_require(`
type giftd_client_packet_t;
')
allow $1 giftd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive giftd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_giftd_client_packets',`
gen_require(`
type giftd_client_packet_t;
')
dontaudit $1 giftd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive giftd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_giftd_client_packets',`
corenet_send_giftd_client_packets($1)
corenet_receive_giftd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive giftd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_giftd_client_packets',`
corenet_dontaudit_send_giftd_client_packets($1)
corenet_dontaudit_receive_giftd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to giftd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_giftd_client_packets',`
gen_require(`
type giftd_client_packet_t;
')
allow $1 giftd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send giftd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_giftd_server_packets',`
gen_require(`
type giftd_server_packet_t;
')
allow $1 giftd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send giftd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_giftd_server_packets',`
gen_require(`
type giftd_server_packet_t;
')
dontaudit $1 giftd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive giftd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_giftd_server_packets',`
gen_require(`
type giftd_server_packet_t;
')
allow $1 giftd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive giftd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_giftd_server_packets',`
gen_require(`
type giftd_server_packet_t;
')
dontaudit $1 giftd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive giftd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_giftd_server_packets',`
corenet_send_giftd_server_packets($1)
corenet_receive_giftd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive giftd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_giftd_server_packets',`
corenet_dontaudit_send_giftd_server_packets($1)
corenet_dontaudit_receive_giftd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to giftd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_giftd_server_packets',`
gen_require(`
type giftd_server_packet_t;
')
allow $1 giftd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_git_port',`
gen_require(`
type git_port_t;
')
allow $1 git_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_git_port',`
gen_require(`
type git_port_t;
')
allow $1 git_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_git_port',`
gen_require(`
type git_port_t;
')
dontaudit $1 git_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_git_port',`
gen_require(`
type git_port_t;
')
allow $1 git_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_git_port',`
gen_require(`
type git_port_t;
')
dontaudit $1 git_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_git_port',`
corenet_udp_send_git_port($1)
corenet_udp_receive_git_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_git_port',`
corenet_dontaudit_udp_send_git_port($1)
corenet_dontaudit_udp_receive_git_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_git_port',`
gen_require(`
type git_port_t;
')
allow $1 git_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_git_port',`
gen_require(`
type git_port_t;
')
allow $1 git_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to git port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_git_port',`
gen_require(`
type git_port_t;
')
dontaudit $1 git_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the git port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_git_port',`
gen_require(`
type git_port_t;
')
allow $1 git_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to git port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_git_port',`
gen_require(`
type git_port_t;
')
dontaudit $1 git_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send git_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_git_client_packets',`
gen_require(`
type git_client_packet_t;
')
allow $1 git_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send git_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_git_client_packets',`
gen_require(`
type git_client_packet_t;
')
dontaudit $1 git_client_packet_t:packet send;
')
########################################
## <summary>
## Receive git_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_git_client_packets',`
gen_require(`
type git_client_packet_t;
')
allow $1 git_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive git_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_git_client_packets',`
gen_require(`
type git_client_packet_t;
')
dontaudit $1 git_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive git_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_git_client_packets',`
corenet_send_git_client_packets($1)
corenet_receive_git_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive git_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_git_client_packets',`
corenet_dontaudit_send_git_client_packets($1)
corenet_dontaudit_receive_git_client_packets($1)
')
########################################
## <summary>
## Relabel packets to git_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_git_client_packets',`
gen_require(`
type git_client_packet_t;
')
allow $1 git_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send git_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_git_server_packets',`
gen_require(`
type git_server_packet_t;
')
allow $1 git_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send git_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_git_server_packets',`
gen_require(`
type git_server_packet_t;
')
dontaudit $1 git_server_packet_t:packet send;
')
########################################
## <summary>
## Receive git_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_git_server_packets',`
gen_require(`
type git_server_packet_t;
')
allow $1 git_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive git_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_git_server_packets',`
gen_require(`
type git_server_packet_t;
')
dontaudit $1 git_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive git_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_git_server_packets',`
corenet_send_git_server_packets($1)
corenet_receive_git_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive git_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_git_server_packets',`
corenet_dontaudit_send_git_server_packets($1)
corenet_dontaudit_receive_git_server_packets($1)
')
########################################
## <summary>
## Relabel packets to git_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_git_server_packets',`
gen_require(`
type git_server_packet_t;
')
allow $1 git_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_glance_port',`
gen_require(`
type glance_port_t;
')
allow $1 glance_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_glance_port',`
gen_require(`
type glance_port_t;
')
allow $1 glance_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_glance_port',`
gen_require(`
type glance_port_t;
')
dontaudit $1 glance_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_glance_port',`
gen_require(`
type glance_port_t;
')
allow $1 glance_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_glance_port',`
gen_require(`
type glance_port_t;
')
dontaudit $1 glance_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_glance_port',`
corenet_udp_send_glance_port($1)
corenet_udp_receive_glance_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_glance_port',`
corenet_dontaudit_udp_send_glance_port($1)
corenet_dontaudit_udp_receive_glance_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_glance_port',`
gen_require(`
type glance_port_t;
')
allow $1 glance_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_glance_port',`
gen_require(`
type glance_port_t;
')
allow $1 glance_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_glance_port',`
gen_require(`
type glance_port_t;
')
dontaudit $1 glance_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_glance_port',`
gen_require(`
type glance_port_t;
')
allow $1 glance_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to glance port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_glance_port',`
gen_require(`
type glance_port_t;
')
dontaudit $1 glance_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send glance_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_glance_client_packets',`
gen_require(`
type glance_client_packet_t;
')
allow $1 glance_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send glance_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_glance_client_packets',`
gen_require(`
type glance_client_packet_t;
')
dontaudit $1 glance_client_packet_t:packet send;
')
########################################
## <summary>
## Receive glance_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_glance_client_packets',`
gen_require(`
type glance_client_packet_t;
')
allow $1 glance_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive glance_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_glance_client_packets',`
gen_require(`
type glance_client_packet_t;
')
dontaudit $1 glance_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive glance_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_glance_client_packets',`
corenet_send_glance_client_packets($1)
corenet_receive_glance_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive glance_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_glance_client_packets',`
corenet_dontaudit_send_glance_client_packets($1)
corenet_dontaudit_receive_glance_client_packets($1)
')
########################################
## <summary>
## Relabel packets to glance_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_glance_client_packets',`
gen_require(`
type glance_client_packet_t;
')
allow $1 glance_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send glance_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_glance_server_packets',`
gen_require(`
type glance_server_packet_t;
')
allow $1 glance_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send glance_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_glance_server_packets',`
gen_require(`
type glance_server_packet_t;
')
dontaudit $1 glance_server_packet_t:packet send;
')
########################################
## <summary>
## Receive glance_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_glance_server_packets',`
gen_require(`
type glance_server_packet_t;
')
allow $1 glance_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive glance_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_glance_server_packets',`
gen_require(`
type glance_server_packet_t;
')
dontaudit $1 glance_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive glance_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_glance_server_packets',`
corenet_send_glance_server_packets($1)
corenet_receive_glance_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive glance_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_glance_server_packets',`
corenet_dontaudit_send_glance_server_packets($1)
corenet_dontaudit_receive_glance_server_packets($1)
')
########################################
## <summary>
## Relabel packets to glance_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_glance_server_packets',`
gen_require(`
type glance_server_packet_t;
')
allow $1 glance_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_glance_registry_port',`
gen_require(`
type glance_registry_port_t;
')
allow $1 glance_registry_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_glance_registry_port',`
gen_require(`
type glance_registry_port_t;
')
allow $1 glance_registry_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_glance_registry_port',`
gen_require(`
type glance_registry_port_t;
')
dontaudit $1 glance_registry_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_glance_registry_port',`
gen_require(`
type glance_registry_port_t;
')
allow $1 glance_registry_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_glance_registry_port',`
gen_require(`
type glance_registry_port_t;
')
dontaudit $1 glance_registry_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_glance_registry_port',`
corenet_udp_send_glance_registry_port($1)
corenet_udp_receive_glance_registry_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_glance_registry_port',`
corenet_dontaudit_udp_send_glance_registry_port($1)
corenet_dontaudit_udp_receive_glance_registry_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_glance_registry_port',`
gen_require(`
type glance_registry_port_t;
')
allow $1 glance_registry_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_glance_registry_port',`
gen_require(`
type glance_registry_port_t;
')
allow $1 glance_registry_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_glance_registry_port',`
gen_require(`
type glance_registry_port_t;
')
dontaudit $1 glance_registry_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_glance_registry_port',`
gen_require(`
type glance_registry_port_t;
')
allow $1 glance_registry_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to glance_registry port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_glance_registry_port',`
gen_require(`
type glance_registry_port_t;
')
dontaudit $1 glance_registry_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send glance_registry_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_glance_registry_client_packets',`
gen_require(`
type glance_registry_client_packet_t;
')
allow $1 glance_registry_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send glance_registry_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_glance_registry_client_packets',`
gen_require(`
type glance_registry_client_packet_t;
')
dontaudit $1 glance_registry_client_packet_t:packet send;
')
########################################
## <summary>
## Receive glance_registry_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_glance_registry_client_packets',`
gen_require(`
type glance_registry_client_packet_t;
')
allow $1 glance_registry_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive glance_registry_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_glance_registry_client_packets',`
gen_require(`
type glance_registry_client_packet_t;
')
dontaudit $1 glance_registry_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive glance_registry_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_glance_registry_client_packets',`
corenet_send_glance_registry_client_packets($1)
corenet_receive_glance_registry_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive glance_registry_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_glance_registry_client_packets',`
corenet_dontaudit_send_glance_registry_client_packets($1)
corenet_dontaudit_receive_glance_registry_client_packets($1)
')
########################################
## <summary>
## Relabel packets to glance_registry_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_glance_registry_client_packets',`
gen_require(`
type glance_registry_client_packet_t;
')
allow $1 glance_registry_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send glance_registry_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_glance_registry_server_packets',`
gen_require(`
type glance_registry_server_packet_t;
')
allow $1 glance_registry_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send glance_registry_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_glance_registry_server_packets',`
gen_require(`
type glance_registry_server_packet_t;
')
dontaudit $1 glance_registry_server_packet_t:packet send;
')
########################################
## <summary>
## Receive glance_registry_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_glance_registry_server_packets',`
gen_require(`
type glance_registry_server_packet_t;
')
allow $1 glance_registry_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive glance_registry_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_glance_registry_server_packets',`
gen_require(`
type glance_registry_server_packet_t;
')
dontaudit $1 glance_registry_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive glance_registry_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_glance_registry_server_packets',`
corenet_send_glance_registry_server_packets($1)
corenet_receive_glance_registry_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive glance_registry_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_glance_registry_server_packets',`
corenet_dontaudit_send_glance_registry_server_packets($1)
corenet_dontaudit_receive_glance_registry_server_packets($1)
')
########################################
## <summary>
## Relabel packets to glance_registry_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_glance_registry_server_packets',`
gen_require(`
type glance_registry_server_packet_t;
')
allow $1 glance_registry_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_gluster_port',`
gen_require(`
type gluster_port_t;
')
allow $1 gluster_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_gluster_port',`
gen_require(`
type gluster_port_t;
')
allow $1 gluster_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_gluster_port',`
gen_require(`
type gluster_port_t;
')
dontaudit $1 gluster_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_gluster_port',`
gen_require(`
type gluster_port_t;
')
allow $1 gluster_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_gluster_port',`
gen_require(`
type gluster_port_t;
')
dontaudit $1 gluster_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_gluster_port',`
corenet_udp_send_gluster_port($1)
corenet_udp_receive_gluster_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_gluster_port',`
corenet_dontaudit_udp_send_gluster_port($1)
corenet_dontaudit_udp_receive_gluster_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_gluster_port',`
gen_require(`
type gluster_port_t;
')
allow $1 gluster_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_gluster_port',`
gen_require(`
type gluster_port_t;
')
allow $1 gluster_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_gluster_port',`
gen_require(`
type gluster_port_t;
')
dontaudit $1 gluster_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_gluster_port',`
gen_require(`
type gluster_port_t;
')
allow $1 gluster_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to gluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_gluster_port',`
gen_require(`
type gluster_port_t;
')
dontaudit $1 gluster_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send gluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gluster_client_packets',`
gen_require(`
type gluster_client_packet_t;
')
allow $1 gluster_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gluster_client_packets',`
gen_require(`
type gluster_client_packet_t;
')
dontaudit $1 gluster_client_packet_t:packet send;
')
########################################
## <summary>
## Receive gluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gluster_client_packets',`
gen_require(`
type gluster_client_packet_t;
')
allow $1 gluster_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gluster_client_packets',`
gen_require(`
type gluster_client_packet_t;
')
dontaudit $1 gluster_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gluster_client_packets',`
corenet_send_gluster_client_packets($1)
corenet_receive_gluster_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gluster_client_packets',`
corenet_dontaudit_send_gluster_client_packets($1)
corenet_dontaudit_receive_gluster_client_packets($1)
')
########################################
## <summary>
## Relabel packets to gluster_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gluster_client_packets',`
gen_require(`
type gluster_client_packet_t;
')
allow $1 gluster_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send gluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gluster_server_packets',`
gen_require(`
type gluster_server_packet_t;
')
allow $1 gluster_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gluster_server_packets',`
gen_require(`
type gluster_server_packet_t;
')
dontaudit $1 gluster_server_packet_t:packet send;
')
########################################
## <summary>
## Receive gluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gluster_server_packets',`
gen_require(`
type gluster_server_packet_t;
')
allow $1 gluster_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gluster_server_packets',`
gen_require(`
type gluster_server_packet_t;
')
dontaudit $1 gluster_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gluster_server_packets',`
corenet_send_gluster_server_packets($1)
corenet_receive_gluster_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gluster_server_packets',`
corenet_dontaudit_send_gluster_server_packets($1)
corenet_dontaudit_receive_gluster_server_packets($1)
')
########################################
## <summary>
## Relabel packets to gluster_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gluster_server_packets',`
gen_require(`
type gluster_server_packet_t;
')
allow $1 gluster_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_gopher_port',`
gen_require(`
type gopher_port_t;
')
allow $1 gopher_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_gopher_port',`
gen_require(`
type gopher_port_t;
')
allow $1 gopher_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_gopher_port',`
gen_require(`
type gopher_port_t;
')
dontaudit $1 gopher_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_gopher_port',`
gen_require(`
type gopher_port_t;
')
allow $1 gopher_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_gopher_port',`
gen_require(`
type gopher_port_t;
')
dontaudit $1 gopher_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_gopher_port',`
corenet_udp_send_gopher_port($1)
corenet_udp_receive_gopher_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_gopher_port',`
corenet_dontaudit_udp_send_gopher_port($1)
corenet_dontaudit_udp_receive_gopher_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_gopher_port',`
gen_require(`
type gopher_port_t;
')
allow $1 gopher_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_gopher_port',`
gen_require(`
type gopher_port_t;
')
allow $1 gopher_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_gopher_port',`
gen_require(`
type gopher_port_t;
')
dontaudit $1 gopher_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_gopher_port',`
gen_require(`
type gopher_port_t;
')
allow $1 gopher_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to gopher port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_gopher_port',`
gen_require(`
type gopher_port_t;
')
dontaudit $1 gopher_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send gopher_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gopher_client_packets',`
gen_require(`
type gopher_client_packet_t;
')
allow $1 gopher_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gopher_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gopher_client_packets',`
gen_require(`
type gopher_client_packet_t;
')
dontaudit $1 gopher_client_packet_t:packet send;
')
########################################
## <summary>
## Receive gopher_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gopher_client_packets',`
gen_require(`
type gopher_client_packet_t;
')
allow $1 gopher_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gopher_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gopher_client_packets',`
gen_require(`
type gopher_client_packet_t;
')
dontaudit $1 gopher_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gopher_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gopher_client_packets',`
corenet_send_gopher_client_packets($1)
corenet_receive_gopher_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gopher_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gopher_client_packets',`
corenet_dontaudit_send_gopher_client_packets($1)
corenet_dontaudit_receive_gopher_client_packets($1)
')
########################################
## <summary>
## Relabel packets to gopher_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gopher_client_packets',`
gen_require(`
type gopher_client_packet_t;
')
allow $1 gopher_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send gopher_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gopher_server_packets',`
gen_require(`
type gopher_server_packet_t;
')
allow $1 gopher_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gopher_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gopher_server_packets',`
gen_require(`
type gopher_server_packet_t;
')
dontaudit $1 gopher_server_packet_t:packet send;
')
########################################
## <summary>
## Receive gopher_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gopher_server_packets',`
gen_require(`
type gopher_server_packet_t;
')
allow $1 gopher_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gopher_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gopher_server_packets',`
gen_require(`
type gopher_server_packet_t;
')
dontaudit $1 gopher_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gopher_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gopher_server_packets',`
corenet_send_gopher_server_packets($1)
corenet_receive_gopher_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gopher_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gopher_server_packets',`
corenet_dontaudit_send_gopher_server_packets($1)
corenet_dontaudit_receive_gopher_server_packets($1)
')
########################################
## <summary>
## Relabel packets to gopher_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gopher_server_packets',`
gen_require(`
type gopher_server_packet_t;
')
allow $1 gopher_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_gpsd_port',`
gen_require(`
type gpsd_port_t;
')
allow $1 gpsd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_gpsd_port',`
gen_require(`
type gpsd_port_t;
')
allow $1 gpsd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_gpsd_port',`
gen_require(`
type gpsd_port_t;
')
dontaudit $1 gpsd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_gpsd_port',`
gen_require(`
type gpsd_port_t;
')
allow $1 gpsd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_gpsd_port',`
gen_require(`
type gpsd_port_t;
')
dontaudit $1 gpsd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_gpsd_port',`
corenet_udp_send_gpsd_port($1)
corenet_udp_receive_gpsd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_gpsd_port',`
corenet_dontaudit_udp_send_gpsd_port($1)
corenet_dontaudit_udp_receive_gpsd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_gpsd_port',`
gen_require(`
type gpsd_port_t;
')
allow $1 gpsd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_gpsd_port',`
gen_require(`
type gpsd_port_t;
')
allow $1 gpsd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_gpsd_port',`
gen_require(`
type gpsd_port_t;
')
dontaudit $1 gpsd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_gpsd_port',`
gen_require(`
type gpsd_port_t;
')
allow $1 gpsd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to gpsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_gpsd_port',`
gen_require(`
type gpsd_port_t;
')
dontaudit $1 gpsd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send gpsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gpsd_client_packets',`
gen_require(`
type gpsd_client_packet_t;
')
allow $1 gpsd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gpsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gpsd_client_packets',`
gen_require(`
type gpsd_client_packet_t;
')
dontaudit $1 gpsd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive gpsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gpsd_client_packets',`
gen_require(`
type gpsd_client_packet_t;
')
allow $1 gpsd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gpsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gpsd_client_packets',`
gen_require(`
type gpsd_client_packet_t;
')
dontaudit $1 gpsd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gpsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gpsd_client_packets',`
corenet_send_gpsd_client_packets($1)
corenet_receive_gpsd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gpsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gpsd_client_packets',`
corenet_dontaudit_send_gpsd_client_packets($1)
corenet_dontaudit_receive_gpsd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to gpsd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gpsd_client_packets',`
gen_require(`
type gpsd_client_packet_t;
')
allow $1 gpsd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send gpsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_gpsd_server_packets',`
gen_require(`
type gpsd_server_packet_t;
')
allow $1 gpsd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send gpsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_gpsd_server_packets',`
gen_require(`
type gpsd_server_packet_t;
')
dontaudit $1 gpsd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive gpsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_gpsd_server_packets',`
gen_require(`
type gpsd_server_packet_t;
')
allow $1 gpsd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive gpsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_gpsd_server_packets',`
gen_require(`
type gpsd_server_packet_t;
')
dontaudit $1 gpsd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive gpsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_gpsd_server_packets',`
corenet_send_gpsd_server_packets($1)
corenet_receive_gpsd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive gpsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_gpsd_server_packets',`
corenet_dontaudit_send_gpsd_server_packets($1)
corenet_dontaudit_receive_gpsd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to gpsd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_gpsd_server_packets',`
gen_require(`
type gpsd_server_packet_t;
')
allow $1 gpsd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the hadoop_datanode port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_hadoop_datanode_port',`
gen_require(`
type hadoop_datanode_port_t;
')
allow $1 hadoop_datanode_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the hadoop_datanode port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_hadoop_datanode_port',`
gen_require(`
type hadoop_datanode_port_t;
')
allow $1 hadoop_datanode_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the hadoop_datanode port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_hadoop_datanode_port',`
gen_require(`
type hadoop_datanode_port_t;
')
dontaudit $1 hadoop_datanode_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the hadoop_datanode port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_hadoop_datanode_port',`
gen_require(`
type hadoop_datanode_port_t;
')
allow $1 hadoop_datanode_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the hadoop_datanode port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_hadoop_datanode_port',`
gen_require(`
type hadoop_datanode_port_t;
')
dontaudit $1 hadoop_datanode_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the hadoop_datanode port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_hadoop_datanode_port',`
corenet_udp_send_hadoop_datanode_port($1)
corenet_udp_receive_hadoop_datanode_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the hadoop_datanode port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_hadoop_datanode_port',`
corenet_dontaudit_udp_send_hadoop_datanode_port($1)
corenet_dontaudit_udp_receive_hadoop_datanode_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the hadoop_datanode port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_hadoop_datanode_port',`
gen_require(`
type hadoop_datanode_port_t;
')
allow $1 hadoop_datanode_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the hadoop_datanode port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_hadoop_datanode_port',`
gen_require(`
type hadoop_datanode_port_t;
')
allow $1 hadoop_datanode_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to hadoop_datanode port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_hadoop_datanode_port',`
gen_require(`
type hadoop_datanode_port_t;
')
dontaudit $1 hadoop_datanode_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the hadoop_datanode port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_hadoop_datanode_port',`
gen_require(`
type hadoop_datanode_port_t;
')
allow $1 hadoop_datanode_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to hadoop_datanode port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_hadoop_datanode_port',`
gen_require(`
type hadoop_datanode_port_t;
')
dontaudit $1 hadoop_datanode_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send hadoop_datanode_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_hadoop_datanode_client_packets',`
gen_require(`
type hadoop_datanode_client_packet_t;
')
allow $1 hadoop_datanode_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send hadoop_datanode_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_hadoop_datanode_client_packets',`
gen_require(`
type hadoop_datanode_client_packet_t;
')
dontaudit $1 hadoop_datanode_client_packet_t:packet send;
')
########################################
## <summary>
## Receive hadoop_datanode_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_hadoop_datanode_client_packets',`
gen_require(`
type hadoop_datanode_client_packet_t;
')
allow $1 hadoop_datanode_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive hadoop_datanode_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_hadoop_datanode_client_packets',`
gen_require(`
type hadoop_datanode_client_packet_t;
')
dontaudit $1 hadoop_datanode_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive hadoop_datanode_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_hadoop_datanode_client_packets',`
corenet_send_hadoop_datanode_client_packets($1)
corenet_receive_hadoop_datanode_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive hadoop_datanode_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_hadoop_datanode_client_packets',`
corenet_dontaudit_send_hadoop_datanode_client_packets($1)
corenet_dontaudit_receive_hadoop_datanode_client_packets($1)
')
########################################
## <summary>
## Relabel packets to hadoop_datanode_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_hadoop_datanode_client_packets',`
gen_require(`
type hadoop_datanode_client_packet_t;
')
allow $1 hadoop_datanode_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send hadoop_datanode_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_hadoop_datanode_server_packets',`
gen_require(`
type hadoop_datanode_server_packet_t;
')
allow $1 hadoop_datanode_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send hadoop_datanode_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_hadoop_datanode_server_packets',`
gen_require(`
type hadoop_datanode_server_packet_t;
')
dontaudit $1 hadoop_datanode_server_packet_t:packet send;
')
########################################
## <summary>
## Receive hadoop_datanode_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_hadoop_datanode_server_packets',`
gen_require(`
type hadoop_datanode_server_packet_t;
')
allow $1 hadoop_datanode_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive hadoop_datanode_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_hadoop_datanode_server_packets',`
gen_require(`
type hadoop_datanode_server_packet_t;
')
dontaudit $1 hadoop_datanode_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive hadoop_datanode_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_hadoop_datanode_server_packets',`
corenet_send_hadoop_datanode_server_packets($1)
corenet_receive_hadoop_datanode_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive hadoop_datanode_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_hadoop_datanode_server_packets',`
corenet_dontaudit_send_hadoop_datanode_server_packets($1)
corenet_dontaudit_receive_hadoop_datanode_server_packets($1)
')
########################################
## <summary>
## Relabel packets to hadoop_datanode_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_hadoop_datanode_server_packets',`
gen_require(`
type hadoop_datanode_server_packet_t;
')
allow $1 hadoop_datanode_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the hadoop_namenode port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_hadoop_namenode_port',`
gen_require(`
type hadoop_namenode_port_t;
')
allow $1 hadoop_namenode_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the hadoop_namenode port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_hadoop_namenode_port',`
gen_require(`
type hadoop_namenode_port_t;
')
allow $1 hadoop_namenode_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the hadoop_namenode port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_hadoop_namenode_port',`
gen_require(`
type hadoop_namenode_port_t;
')
dontaudit $1 hadoop_namenode_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the hadoop_namenode port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_hadoop_namenode_port',`
gen_require(`
type hadoop_namenode_port_t;
')
allow $1 hadoop_namenode_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the hadoop_namenode port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_hadoop_namenode_port',`
gen_require(`
type hadoop_namenode_port_t;
')
dontaudit $1 hadoop_namenode_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the hadoop_namenode port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_hadoop_namenode_port',`
corenet_udp_send_hadoop_namenode_port($1)
corenet_udp_receive_hadoop_namenode_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the hadoop_namenode port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_hadoop_namenode_port',`
corenet_dontaudit_udp_send_hadoop_namenode_port($1)
corenet_dontaudit_udp_receive_hadoop_namenode_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the hadoop_namenode port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_hadoop_namenode_port',`
gen_require(`
type hadoop_namenode_port_t;
')
allow $1 hadoop_namenode_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the hadoop_namenode port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_hadoop_namenode_port',`
gen_require(`
type hadoop_namenode_port_t;
')
allow $1 hadoop_namenode_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to hadoop_namenode port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_hadoop_namenode_port',`
gen_require(`
type hadoop_namenode_port_t;
')
dontaudit $1 hadoop_namenode_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the hadoop_namenode port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_hadoop_namenode_port',`
gen_require(`
type hadoop_namenode_port_t;
')
allow $1 hadoop_namenode_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to hadoop_namenode port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_hadoop_namenode_port',`
gen_require(`
type hadoop_namenode_port_t;
')
dontaudit $1 hadoop_namenode_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send hadoop_namenode_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_hadoop_namenode_client_packets',`
gen_require(`
type hadoop_namenode_client_packet_t;
')
allow $1 hadoop_namenode_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send hadoop_namenode_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_hadoop_namenode_client_packets',`
gen_require(`
type hadoop_namenode_client_packet_t;
')
dontaudit $1 hadoop_namenode_client_packet_t:packet send;
')
########################################
## <summary>
## Receive hadoop_namenode_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_hadoop_namenode_client_packets',`
gen_require(`
type hadoop_namenode_client_packet_t;
')
allow $1 hadoop_namenode_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive hadoop_namenode_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_hadoop_namenode_client_packets',`
gen_require(`
type hadoop_namenode_client_packet_t;
')
dontaudit $1 hadoop_namenode_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive hadoop_namenode_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_hadoop_namenode_client_packets',`
corenet_send_hadoop_namenode_client_packets($1)
corenet_receive_hadoop_namenode_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive hadoop_namenode_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_hadoop_namenode_client_packets',`
corenet_dontaudit_send_hadoop_namenode_client_packets($1)
corenet_dontaudit_receive_hadoop_namenode_client_packets($1)
')
########################################
## <summary>
## Relabel packets to hadoop_namenode_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_hadoop_namenode_client_packets',`
gen_require(`
type hadoop_namenode_client_packet_t;
')
allow $1 hadoop_namenode_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send hadoop_namenode_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_hadoop_namenode_server_packets',`
gen_require(`
type hadoop_namenode_server_packet_t;
')
allow $1 hadoop_namenode_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send hadoop_namenode_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_hadoop_namenode_server_packets',`
gen_require(`
type hadoop_namenode_server_packet_t;
')
dontaudit $1 hadoop_namenode_server_packet_t:packet send;
')
########################################
## <summary>
## Receive hadoop_namenode_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_hadoop_namenode_server_packets',`
gen_require(`
type hadoop_namenode_server_packet_t;
')
allow $1 hadoop_namenode_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive hadoop_namenode_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_hadoop_namenode_server_packets',`
gen_require(`
type hadoop_namenode_server_packet_t;
')
dontaudit $1 hadoop_namenode_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive hadoop_namenode_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_hadoop_namenode_server_packets',`
corenet_send_hadoop_namenode_server_packets($1)
corenet_receive_hadoop_namenode_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive hadoop_namenode_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_hadoop_namenode_server_packets',`
corenet_dontaudit_send_hadoop_namenode_server_packets($1)
corenet_dontaudit_receive_hadoop_namenode_server_packets($1)
')
########################################
## <summary>
## Relabel packets to hadoop_namenode_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_hadoop_namenode_server_packets',`
gen_require(`
type hadoop_namenode_server_packet_t;
')
allow $1 hadoop_namenode_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_hddtemp_port',`
gen_require(`
type hddtemp_port_t;
')
allow $1 hddtemp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_hddtemp_port',`
gen_require(`
type hddtemp_port_t;
')
allow $1 hddtemp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_hddtemp_port',`
gen_require(`
type hddtemp_port_t;
')
dontaudit $1 hddtemp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_hddtemp_port',`
gen_require(`
type hddtemp_port_t;
')
allow $1 hddtemp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_hddtemp_port',`
gen_require(`
type hddtemp_port_t;
')
dontaudit $1 hddtemp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_hddtemp_port',`
corenet_udp_send_hddtemp_port($1)
corenet_udp_receive_hddtemp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_hddtemp_port',`
corenet_dontaudit_udp_send_hddtemp_port($1)
corenet_dontaudit_udp_receive_hddtemp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_hddtemp_port',`
gen_require(`
type hddtemp_port_t;
')
allow $1 hddtemp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_hddtemp_port',`
gen_require(`
type hddtemp_port_t;
')
allow $1 hddtemp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_hddtemp_port',`
gen_require(`
type hddtemp_port_t;
')
dontaudit $1 hddtemp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_hddtemp_port',`
gen_require(`
type hddtemp_port_t;
')
allow $1 hddtemp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to hddtemp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_hddtemp_port',`
gen_require(`
type hddtemp_port_t;
')
dontaudit $1 hddtemp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send hddtemp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_hddtemp_client_packets',`
gen_require(`
type hddtemp_client_packet_t;
')
allow $1 hddtemp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send hddtemp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_hddtemp_client_packets',`
gen_require(`
type hddtemp_client_packet_t;
')
dontaudit $1 hddtemp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive hddtemp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_hddtemp_client_packets',`
gen_require(`
type hddtemp_client_packet_t;
')
allow $1 hddtemp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive hddtemp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_hddtemp_client_packets',`
gen_require(`
type hddtemp_client_packet_t;
')
dontaudit $1 hddtemp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive hddtemp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_hddtemp_client_packets',`
corenet_send_hddtemp_client_packets($1)
corenet_receive_hddtemp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive hddtemp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_hddtemp_client_packets',`
corenet_dontaudit_send_hddtemp_client_packets($1)
corenet_dontaudit_receive_hddtemp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to hddtemp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_hddtemp_client_packets',`
gen_require(`
type hddtemp_client_packet_t;
')
allow $1 hddtemp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send hddtemp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_hddtemp_server_packets',`
gen_require(`
type hddtemp_server_packet_t;
')
allow $1 hddtemp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send hddtemp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_hddtemp_server_packets',`
gen_require(`
type hddtemp_server_packet_t;
')
dontaudit $1 hddtemp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive hddtemp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_hddtemp_server_packets',`
gen_require(`
type hddtemp_server_packet_t;
')
allow $1 hddtemp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive hddtemp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_hddtemp_server_packets',`
gen_require(`
type hddtemp_server_packet_t;
')
dontaudit $1 hddtemp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive hddtemp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_hddtemp_server_packets',`
corenet_send_hddtemp_server_packets($1)
corenet_receive_hddtemp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive hddtemp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_hddtemp_server_packets',`
corenet_dontaudit_send_hddtemp_server_packets($1)
corenet_dontaudit_receive_hddtemp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to hddtemp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_hddtemp_server_packets',`
gen_require(`
type hddtemp_server_packet_t;
')
allow $1 hddtemp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_howl_port',`
gen_require(`
type howl_port_t;
')
allow $1 howl_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_howl_port',`
gen_require(`
type howl_port_t;
')
allow $1 howl_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_howl_port',`
gen_require(`
type howl_port_t;
')
dontaudit $1 howl_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_howl_port',`
gen_require(`
type howl_port_t;
')
allow $1 howl_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_howl_port',`
gen_require(`
type howl_port_t;
')
dontaudit $1 howl_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_howl_port',`
corenet_udp_send_howl_port($1)
corenet_udp_receive_howl_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_howl_port',`
corenet_dontaudit_udp_send_howl_port($1)
corenet_dontaudit_udp_receive_howl_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_howl_port',`
gen_require(`
type howl_port_t;
')
allow $1 howl_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_howl_port',`
gen_require(`
type howl_port_t;
')
allow $1 howl_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_howl_port',`
gen_require(`
type howl_port_t;
')
dontaudit $1 howl_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_howl_port',`
gen_require(`
type howl_port_t;
')
allow $1 howl_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to howl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_howl_port',`
gen_require(`
type howl_port_t;
')
dontaudit $1 howl_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send howl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_howl_client_packets',`
gen_require(`
type howl_client_packet_t;
')
allow $1 howl_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send howl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_howl_client_packets',`
gen_require(`
type howl_client_packet_t;
')
dontaudit $1 howl_client_packet_t:packet send;
')
########################################
## <summary>
## Receive howl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_howl_client_packets',`
gen_require(`
type howl_client_packet_t;
')
allow $1 howl_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive howl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_howl_client_packets',`
gen_require(`
type howl_client_packet_t;
')
dontaudit $1 howl_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive howl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_howl_client_packets',`
corenet_send_howl_client_packets($1)
corenet_receive_howl_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive howl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_howl_client_packets',`
corenet_dontaudit_send_howl_client_packets($1)
corenet_dontaudit_receive_howl_client_packets($1)
')
########################################
## <summary>
## Relabel packets to howl_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_howl_client_packets',`
gen_require(`
type howl_client_packet_t;
')
allow $1 howl_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send howl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_howl_server_packets',`
gen_require(`
type howl_server_packet_t;
')
allow $1 howl_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send howl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_howl_server_packets',`
gen_require(`
type howl_server_packet_t;
')
dontaudit $1 howl_server_packet_t:packet send;
')
########################################
## <summary>
## Receive howl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_howl_server_packets',`
gen_require(`
type howl_server_packet_t;
')
allow $1 howl_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive howl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_howl_server_packets',`
gen_require(`
type howl_server_packet_t;
')
dontaudit $1 howl_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive howl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_howl_server_packets',`
corenet_send_howl_server_packets($1)
corenet_receive_howl_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive howl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_howl_server_packets',`
corenet_dontaudit_send_howl_server_packets($1)
corenet_dontaudit_receive_howl_server_packets($1)
')
########################################
## <summary>
## Relabel packets to howl_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_howl_server_packets',`
gen_require(`
type howl_server_packet_t;
')
allow $1 howl_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_hplip_port',`
gen_require(`
type hplip_port_t;
')
allow $1 hplip_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_hplip_port',`
gen_require(`
type hplip_port_t;
')
allow $1 hplip_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_hplip_port',`
gen_require(`
type hplip_port_t;
')
dontaudit $1 hplip_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_hplip_port',`
gen_require(`
type hplip_port_t;
')
allow $1 hplip_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_hplip_port',`
gen_require(`
type hplip_port_t;
')
dontaudit $1 hplip_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_hplip_port',`
corenet_udp_send_hplip_port($1)
corenet_udp_receive_hplip_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_hplip_port',`
corenet_dontaudit_udp_send_hplip_port($1)
corenet_dontaudit_udp_receive_hplip_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_hplip_port',`
gen_require(`
type hplip_port_t;
')
allow $1 hplip_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_hplip_port',`
gen_require(`
type hplip_port_t;
')
allow $1 hplip_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_hplip_port',`
gen_require(`
type hplip_port_t;
')
dontaudit $1 hplip_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_hplip_port',`
gen_require(`
type hplip_port_t;
')
allow $1 hplip_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to hplip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_hplip_port',`
gen_require(`
type hplip_port_t;
')
dontaudit $1 hplip_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send hplip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_hplip_client_packets',`
gen_require(`
type hplip_client_packet_t;
')
allow $1 hplip_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send hplip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_hplip_client_packets',`
gen_require(`
type hplip_client_packet_t;
')
dontaudit $1 hplip_client_packet_t:packet send;
')
########################################
## <summary>
## Receive hplip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_hplip_client_packets',`
gen_require(`
type hplip_client_packet_t;
')
allow $1 hplip_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive hplip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_hplip_client_packets',`
gen_require(`
type hplip_client_packet_t;
')
dontaudit $1 hplip_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive hplip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_hplip_client_packets',`
corenet_send_hplip_client_packets($1)
corenet_receive_hplip_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive hplip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_hplip_client_packets',`
corenet_dontaudit_send_hplip_client_packets($1)
corenet_dontaudit_receive_hplip_client_packets($1)
')
########################################
## <summary>
## Relabel packets to hplip_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_hplip_client_packets',`
gen_require(`
type hplip_client_packet_t;
')
allow $1 hplip_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send hplip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_hplip_server_packets',`
gen_require(`
type hplip_server_packet_t;
')
allow $1 hplip_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send hplip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_hplip_server_packets',`
gen_require(`
type hplip_server_packet_t;
')
dontaudit $1 hplip_server_packet_t:packet send;
')
########################################
## <summary>
## Receive hplip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_hplip_server_packets',`
gen_require(`
type hplip_server_packet_t;
')
allow $1 hplip_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive hplip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_hplip_server_packets',`
gen_require(`
type hplip_server_packet_t;
')
dontaudit $1 hplip_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive hplip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_hplip_server_packets',`
corenet_send_hplip_server_packets($1)
corenet_receive_hplip_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive hplip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_hplip_server_packets',`
corenet_dontaudit_send_hplip_server_packets($1)
corenet_dontaudit_receive_hplip_server_packets($1)
')
########################################
## <summary>
## Relabel packets to hplip_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_hplip_server_packets',`
gen_require(`
type hplip_server_packet_t;
')
allow $1 hplip_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_http_port',`
gen_require(`
type http_port_t;
')
allow $1 http_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_http_port',`
gen_require(`
type http_port_t;
')
allow $1 http_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_http_port',`
gen_require(`
type http_port_t;
')
dontaudit $1 http_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_http_port',`
gen_require(`
type http_port_t;
')
allow $1 http_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_http_port',`
gen_require(`
type http_port_t;
')
dontaudit $1 http_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_http_port',`
corenet_udp_send_http_port($1)
corenet_udp_receive_http_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_http_port',`
corenet_dontaudit_udp_send_http_port($1)
corenet_dontaudit_udp_receive_http_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_http_port',`
gen_require(`
type http_port_t;
')
allow $1 http_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_http_port',`
gen_require(`
type http_port_t;
')
allow $1 http_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to http port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_http_port',`
gen_require(`
type http_port_t;
')
dontaudit $1 http_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_http_port',`
gen_require(`
type http_port_t;
')
allow $1 http_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_http_port',`
gen_require(`
type http_port_t;
')
dontaudit $1 http_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_http_client_packets',`
gen_require(`
type http_client_packet_t;
')
allow $1 http_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_http_client_packets',`
gen_require(`
type http_client_packet_t;
')
dontaudit $1 http_client_packet_t:packet send;
')
########################################
## <summary>
## Receive http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_http_client_packets',`
gen_require(`
type http_client_packet_t;
')
allow $1 http_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_http_client_packets',`
gen_require(`
type http_client_packet_t;
')
dontaudit $1 http_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_http_client_packets',`
corenet_send_http_client_packets($1)
corenet_receive_http_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_http_client_packets',`
corenet_dontaudit_send_http_client_packets($1)
corenet_dontaudit_receive_http_client_packets($1)
')
########################################
## <summary>
## Relabel packets to http_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_http_client_packets',`
gen_require(`
type http_client_packet_t;
')
allow $1 http_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_http_server_packets',`
gen_require(`
type http_server_packet_t;
')
allow $1 http_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_http_server_packets',`
gen_require(`
type http_server_packet_t;
')
dontaudit $1 http_server_packet_t:packet send;
')
########################################
## <summary>
## Receive http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_http_server_packets',`
gen_require(`
type http_server_packet_t;
')
allow $1 http_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_http_server_packets',`
gen_require(`
type http_server_packet_t;
')
dontaudit $1 http_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_http_server_packets',`
corenet_send_http_server_packets($1)
corenet_receive_http_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_http_server_packets',`
corenet_dontaudit_send_http_server_packets($1)
corenet_dontaudit_receive_http_server_packets($1)
')
########################################
## <summary>
## Relabel packets to http_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_http_server_packets',`
gen_require(`
type http_server_packet_t;
')
allow $1 http_server_packet_t:packet relabelto;
')
#8443 is mod_nss default port
########################################
## <summary>
## Send and receive TCP traffic on the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_http_cache_port',`
gen_require(`
type http_cache_port_t;
')
allow $1 http_cache_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_http_cache_port',`
gen_require(`
type http_cache_port_t;
')
allow $1 http_cache_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_http_cache_port',`
gen_require(`
type http_cache_port_t;
')
dontaudit $1 http_cache_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_http_cache_port',`
gen_require(`
type http_cache_port_t;
')
allow $1 http_cache_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_http_cache_port',`
gen_require(`
type http_cache_port_t;
')
dontaudit $1 http_cache_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_http_cache_port',`
corenet_udp_send_http_cache_port($1)
corenet_udp_receive_http_cache_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_http_cache_port',`
corenet_dontaudit_udp_send_http_cache_port($1)
corenet_dontaudit_udp_receive_http_cache_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_http_cache_port',`
gen_require(`
type http_cache_port_t;
')
allow $1 http_cache_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_http_cache_port',`
gen_require(`
type http_cache_port_t;
')
allow $1 http_cache_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_http_cache_port',`
gen_require(`
type http_cache_port_t;
')
dontaudit $1 http_cache_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_http_cache_port',`
gen_require(`
type http_cache_port_t;
')
allow $1 http_cache_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to http_cache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_http_cache_port',`
gen_require(`
type http_cache_port_t;
')
dontaudit $1 http_cache_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send http_cache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_http_cache_client_packets',`
gen_require(`
type http_cache_client_packet_t;
')
allow $1 http_cache_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send http_cache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_http_cache_client_packets',`
gen_require(`
type http_cache_client_packet_t;
')
dontaudit $1 http_cache_client_packet_t:packet send;
')
########################################
## <summary>
## Receive http_cache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_http_cache_client_packets',`
gen_require(`
type http_cache_client_packet_t;
')
allow $1 http_cache_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive http_cache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_http_cache_client_packets',`
gen_require(`
type http_cache_client_packet_t;
')
dontaudit $1 http_cache_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive http_cache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_http_cache_client_packets',`
corenet_send_http_cache_client_packets($1)
corenet_receive_http_cache_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive http_cache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_http_cache_client_packets',`
corenet_dontaudit_send_http_cache_client_packets($1)
corenet_dontaudit_receive_http_cache_client_packets($1)
')
########################################
## <summary>
## Relabel packets to http_cache_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_http_cache_client_packets',`
gen_require(`
type http_cache_client_packet_t;
')
allow $1 http_cache_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send http_cache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_http_cache_server_packets',`
gen_require(`
type http_cache_server_packet_t;
')
allow $1 http_cache_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send http_cache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_http_cache_server_packets',`
gen_require(`
type http_cache_server_packet_t;
')
dontaudit $1 http_cache_server_packet_t:packet send;
')
########################################
## <summary>
## Receive http_cache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_http_cache_server_packets',`
gen_require(`
type http_cache_server_packet_t;
')
allow $1 http_cache_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive http_cache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_http_cache_server_packets',`
gen_require(`
type http_cache_server_packet_t;
')
dontaudit $1 http_cache_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive http_cache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_http_cache_server_packets',`
corenet_send_http_cache_server_packets($1)
corenet_receive_http_cache_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive http_cache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_http_cache_server_packets',`
corenet_dontaudit_send_http_cache_server_packets($1)
corenet_dontaudit_receive_http_cache_server_packets($1)
')
########################################
## <summary>
## Relabel packets to http_cache_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_http_cache_server_packets',`
gen_require(`
type http_cache_server_packet_t;
')
allow $1 http_cache_server_packet_t:packet relabelto;
')
# 8118 is for privoxy
########################################
## <summary>
## Send and receive TCP traffic on the ibm_dt_2 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ibm_dt_2_port',`
gen_require(`
type ibm_dt_2_port_t;
')
allow $1 ibm_dt_2_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ibm_dt_2 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ibm_dt_2_port',`
gen_require(`
type ibm_dt_2_port_t;
')
allow $1 ibm_dt_2_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ibm_dt_2 port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ibm_dt_2_port',`
gen_require(`
type ibm_dt_2_port_t;
')
dontaudit $1 ibm_dt_2_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ibm_dt_2 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ibm_dt_2_port',`
gen_require(`
type ibm_dt_2_port_t;
')
allow $1 ibm_dt_2_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ibm_dt_2 port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ibm_dt_2_port',`
gen_require(`
type ibm_dt_2_port_t;
')
dontaudit $1 ibm_dt_2_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ibm_dt_2 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ibm_dt_2_port',`
corenet_udp_send_ibm_dt_2_port($1)
corenet_udp_receive_ibm_dt_2_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ibm_dt_2 port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ibm_dt_2_port',`
corenet_dontaudit_udp_send_ibm_dt_2_port($1)
corenet_dontaudit_udp_receive_ibm_dt_2_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ibm_dt_2 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ibm_dt_2_port',`
gen_require(`
type ibm_dt_2_port_t;
')
allow $1 ibm_dt_2_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ibm_dt_2 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ibm_dt_2_port',`
gen_require(`
type ibm_dt_2_port_t;
')
allow $1 ibm_dt_2_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to ibm_dt_2 port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ibm_dt_2_port',`
gen_require(`
type ibm_dt_2_port_t;
')
dontaudit $1 ibm_dt_2_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ibm_dt_2 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ibm_dt_2_port',`
gen_require(`
type ibm_dt_2_port_t;
')
allow $1 ibm_dt_2_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ibm_dt_2 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ibm_dt_2_port',`
gen_require(`
type ibm_dt_2_port_t;
')
dontaudit $1 ibm_dt_2_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ibm_dt_2_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ibm_dt_2_client_packets',`
gen_require(`
type ibm_dt_2_client_packet_t;
')
allow $1 ibm_dt_2_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ibm_dt_2_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ibm_dt_2_client_packets',`
gen_require(`
type ibm_dt_2_client_packet_t;
')
dontaudit $1 ibm_dt_2_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ibm_dt_2_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ibm_dt_2_client_packets',`
gen_require(`
type ibm_dt_2_client_packet_t;
')
allow $1 ibm_dt_2_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ibm_dt_2_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ibm_dt_2_client_packets',`
gen_require(`
type ibm_dt_2_client_packet_t;
')
dontaudit $1 ibm_dt_2_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ibm_dt_2_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ibm_dt_2_client_packets',`
corenet_send_ibm_dt_2_client_packets($1)
corenet_receive_ibm_dt_2_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ibm_dt_2_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ibm_dt_2_client_packets',`
corenet_dontaudit_send_ibm_dt_2_client_packets($1)
corenet_dontaudit_receive_ibm_dt_2_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ibm_dt_2_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ibm_dt_2_client_packets',`
gen_require(`
type ibm_dt_2_client_packet_t;
')
allow $1 ibm_dt_2_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ibm_dt_2_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ibm_dt_2_server_packets',`
gen_require(`
type ibm_dt_2_server_packet_t;
')
allow $1 ibm_dt_2_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ibm_dt_2_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ibm_dt_2_server_packets',`
gen_require(`
type ibm_dt_2_server_packet_t;
')
dontaudit $1 ibm_dt_2_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ibm_dt_2_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ibm_dt_2_server_packets',`
gen_require(`
type ibm_dt_2_server_packet_t;
')
allow $1 ibm_dt_2_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ibm_dt_2_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ibm_dt_2_server_packets',`
gen_require(`
type ibm_dt_2_server_packet_t;
')
dontaudit $1 ibm_dt_2_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ibm_dt_2_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ibm_dt_2_server_packets',`
corenet_send_ibm_dt_2_server_packets($1)
corenet_receive_ibm_dt_2_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ibm_dt_2_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ibm_dt_2_server_packets',`
corenet_dontaudit_send_ibm_dt_2_server_packets($1)
corenet_dontaudit_receive_ibm_dt_2_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ibm_dt_2_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ibm_dt_2_server_packets',`
gen_require(`
type ibm_dt_2_server_packet_t;
')
allow $1 ibm_dt_2_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the intermapper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_intermapper_port',`
gen_require(`
type intermapper_port_t;
')
allow $1 intermapper_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the intermapper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_intermapper_port',`
gen_require(`
type intermapper_port_t;
')
allow $1 intermapper_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the intermapper port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_intermapper_port',`
gen_require(`
type intermapper_port_t;
')
dontaudit $1 intermapper_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the intermapper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_intermapper_port',`
gen_require(`
type intermapper_port_t;
')
allow $1 intermapper_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the intermapper port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_intermapper_port',`
gen_require(`
type intermapper_port_t;
')
dontaudit $1 intermapper_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the intermapper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_intermapper_port',`
corenet_udp_send_intermapper_port($1)
corenet_udp_receive_intermapper_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the intermapper port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_intermapper_port',`
corenet_dontaudit_udp_send_intermapper_port($1)
corenet_dontaudit_udp_receive_intermapper_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the intermapper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_intermapper_port',`
gen_require(`
type intermapper_port_t;
')
allow $1 intermapper_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the intermapper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_intermapper_port',`
gen_require(`
type intermapper_port_t;
')
allow $1 intermapper_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to intermapper port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_intermapper_port',`
gen_require(`
type intermapper_port_t;
')
dontaudit $1 intermapper_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the intermapper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_intermapper_port',`
gen_require(`
type intermapper_port_t;
')
allow $1 intermapper_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to intermapper port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_intermapper_port',`
gen_require(`
type intermapper_port_t;
')
dontaudit $1 intermapper_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send intermapper_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_intermapper_client_packets',`
gen_require(`
type intermapper_client_packet_t;
')
allow $1 intermapper_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send intermapper_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_intermapper_client_packets',`
gen_require(`
type intermapper_client_packet_t;
')
dontaudit $1 intermapper_client_packet_t:packet send;
')
########################################
## <summary>
## Receive intermapper_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_intermapper_client_packets',`
gen_require(`
type intermapper_client_packet_t;
')
allow $1 intermapper_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive intermapper_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_intermapper_client_packets',`
gen_require(`
type intermapper_client_packet_t;
')
dontaudit $1 intermapper_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive intermapper_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_intermapper_client_packets',`
corenet_send_intermapper_client_packets($1)
corenet_receive_intermapper_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive intermapper_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_intermapper_client_packets',`
corenet_dontaudit_send_intermapper_client_packets($1)
corenet_dontaudit_receive_intermapper_client_packets($1)
')
########################################
## <summary>
## Relabel packets to intermapper_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_intermapper_client_packets',`
gen_require(`
type intermapper_client_packet_t;
')
allow $1 intermapper_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send intermapper_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_intermapper_server_packets',`
gen_require(`
type intermapper_server_packet_t;
')
allow $1 intermapper_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send intermapper_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_intermapper_server_packets',`
gen_require(`
type intermapper_server_packet_t;
')
dontaudit $1 intermapper_server_packet_t:packet send;
')
########################################
## <summary>
## Receive intermapper_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_intermapper_server_packets',`
gen_require(`
type intermapper_server_packet_t;
')
allow $1 intermapper_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive intermapper_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_intermapper_server_packets',`
gen_require(`
type intermapper_server_packet_t;
')
dontaudit $1 intermapper_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive intermapper_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_intermapper_server_packets',`
corenet_send_intermapper_server_packets($1)
corenet_receive_intermapper_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive intermapper_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_intermapper_server_packets',`
corenet_dontaudit_send_intermapper_server_packets($1)
corenet_dontaudit_receive_intermapper_server_packets($1)
')
########################################
## <summary>
## Relabel packets to intermapper_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_intermapper_server_packets',`
gen_require(`
type intermapper_server_packet_t;
')
allow $1 intermapper_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_i18n_input_port',`
gen_require(`
type i18n_input_port_t;
')
allow $1 i18n_input_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_i18n_input_port',`
gen_require(`
type i18n_input_port_t;
')
allow $1 i18n_input_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_i18n_input_port',`
gen_require(`
type i18n_input_port_t;
')
dontaudit $1 i18n_input_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_i18n_input_port',`
gen_require(`
type i18n_input_port_t;
')
allow $1 i18n_input_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_i18n_input_port',`
gen_require(`
type i18n_input_port_t;
')
dontaudit $1 i18n_input_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_i18n_input_port',`
corenet_udp_send_i18n_input_port($1)
corenet_udp_receive_i18n_input_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_i18n_input_port',`
corenet_dontaudit_udp_send_i18n_input_port($1)
corenet_dontaudit_udp_receive_i18n_input_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_i18n_input_port',`
gen_require(`
type i18n_input_port_t;
')
allow $1 i18n_input_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_i18n_input_port',`
gen_require(`
type i18n_input_port_t;
')
allow $1 i18n_input_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_i18n_input_port',`
gen_require(`
type i18n_input_port_t;
')
dontaudit $1 i18n_input_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_i18n_input_port',`
gen_require(`
type i18n_input_port_t;
')
allow $1 i18n_input_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to i18n_input port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_i18n_input_port',`
gen_require(`
type i18n_input_port_t;
')
dontaudit $1 i18n_input_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send i18n_input_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_i18n_input_client_packets',`
gen_require(`
type i18n_input_client_packet_t;
')
allow $1 i18n_input_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send i18n_input_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_i18n_input_client_packets',`
gen_require(`
type i18n_input_client_packet_t;
')
dontaudit $1 i18n_input_client_packet_t:packet send;
')
########################################
## <summary>
## Receive i18n_input_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_i18n_input_client_packets',`
gen_require(`
type i18n_input_client_packet_t;
')
allow $1 i18n_input_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive i18n_input_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_i18n_input_client_packets',`
gen_require(`
type i18n_input_client_packet_t;
')
dontaudit $1 i18n_input_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive i18n_input_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_i18n_input_client_packets',`
corenet_send_i18n_input_client_packets($1)
corenet_receive_i18n_input_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive i18n_input_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_i18n_input_client_packets',`
corenet_dontaudit_send_i18n_input_client_packets($1)
corenet_dontaudit_receive_i18n_input_client_packets($1)
')
########################################
## <summary>
## Relabel packets to i18n_input_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_i18n_input_client_packets',`
gen_require(`
type i18n_input_client_packet_t;
')
allow $1 i18n_input_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send i18n_input_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_i18n_input_server_packets',`
gen_require(`
type i18n_input_server_packet_t;
')
allow $1 i18n_input_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send i18n_input_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_i18n_input_server_packets',`
gen_require(`
type i18n_input_server_packet_t;
')
dontaudit $1 i18n_input_server_packet_t:packet send;
')
########################################
## <summary>
## Receive i18n_input_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_i18n_input_server_packets',`
gen_require(`
type i18n_input_server_packet_t;
')
allow $1 i18n_input_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive i18n_input_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_i18n_input_server_packets',`
gen_require(`
type i18n_input_server_packet_t;
')
dontaudit $1 i18n_input_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive i18n_input_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_i18n_input_server_packets',`
corenet_send_i18n_input_server_packets($1)
corenet_receive_i18n_input_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive i18n_input_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_i18n_input_server_packets',`
corenet_dontaudit_send_i18n_input_server_packets($1)
corenet_dontaudit_receive_i18n_input_server_packets($1)
')
########################################
## <summary>
## Relabel packets to i18n_input_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_i18n_input_server_packets',`
gen_require(`
type i18n_input_server_packet_t;
')
allow $1 i18n_input_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_imaze_port',`
gen_require(`
type imaze_port_t;
')
allow $1 imaze_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_imaze_port',`
gen_require(`
type imaze_port_t;
')
allow $1 imaze_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_imaze_port',`
gen_require(`
type imaze_port_t;
')
dontaudit $1 imaze_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_imaze_port',`
gen_require(`
type imaze_port_t;
')
allow $1 imaze_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_imaze_port',`
gen_require(`
type imaze_port_t;
')
dontaudit $1 imaze_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_imaze_port',`
corenet_udp_send_imaze_port($1)
corenet_udp_receive_imaze_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_imaze_port',`
corenet_dontaudit_udp_send_imaze_port($1)
corenet_dontaudit_udp_receive_imaze_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_imaze_port',`
gen_require(`
type imaze_port_t;
')
allow $1 imaze_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_imaze_port',`
gen_require(`
type imaze_port_t;
')
allow $1 imaze_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_imaze_port',`
gen_require(`
type imaze_port_t;
')
dontaudit $1 imaze_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_imaze_port',`
gen_require(`
type imaze_port_t;
')
allow $1 imaze_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to imaze port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_imaze_port',`
gen_require(`
type imaze_port_t;
')
dontaudit $1 imaze_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send imaze_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_imaze_client_packets',`
gen_require(`
type imaze_client_packet_t;
')
allow $1 imaze_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send imaze_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_imaze_client_packets',`
gen_require(`
type imaze_client_packet_t;
')
dontaudit $1 imaze_client_packet_t:packet send;
')
########################################
## <summary>
## Receive imaze_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_imaze_client_packets',`
gen_require(`
type imaze_client_packet_t;
')
allow $1 imaze_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive imaze_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_imaze_client_packets',`
gen_require(`
type imaze_client_packet_t;
')
dontaudit $1 imaze_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive imaze_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_imaze_client_packets',`
corenet_send_imaze_client_packets($1)
corenet_receive_imaze_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive imaze_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_imaze_client_packets',`
corenet_dontaudit_send_imaze_client_packets($1)
corenet_dontaudit_receive_imaze_client_packets($1)
')
########################################
## <summary>
## Relabel packets to imaze_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_imaze_client_packets',`
gen_require(`
type imaze_client_packet_t;
')
allow $1 imaze_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send imaze_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_imaze_server_packets',`
gen_require(`
type imaze_server_packet_t;
')
allow $1 imaze_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send imaze_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_imaze_server_packets',`
gen_require(`
type imaze_server_packet_t;
')
dontaudit $1 imaze_server_packet_t:packet send;
')
########################################
## <summary>
## Receive imaze_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_imaze_server_packets',`
gen_require(`
type imaze_server_packet_t;
')
allow $1 imaze_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive imaze_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_imaze_server_packets',`
gen_require(`
type imaze_server_packet_t;
')
dontaudit $1 imaze_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive imaze_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_imaze_server_packets',`
corenet_send_imaze_server_packets($1)
corenet_receive_imaze_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive imaze_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_imaze_server_packets',`
corenet_dontaudit_send_imaze_server_packets($1)
corenet_dontaudit_receive_imaze_server_packets($1)
')
########################################
## <summary>
## Relabel packets to imaze_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_imaze_server_packets',`
gen_require(`
type imaze_server_packet_t;
')
allow $1 imaze_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_inetd_child_port',`
gen_require(`
type inetd_child_port_t;
')
allow $1 inetd_child_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_inetd_child_port',`
gen_require(`
type inetd_child_port_t;
')
allow $1 inetd_child_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_inetd_child_port',`
gen_require(`
type inetd_child_port_t;
')
dontaudit $1 inetd_child_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_inetd_child_port',`
gen_require(`
type inetd_child_port_t;
')
allow $1 inetd_child_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_inetd_child_port',`
gen_require(`
type inetd_child_port_t;
')
dontaudit $1 inetd_child_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_inetd_child_port',`
corenet_udp_send_inetd_child_port($1)
corenet_udp_receive_inetd_child_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_inetd_child_port',`
corenet_dontaudit_udp_send_inetd_child_port($1)
corenet_dontaudit_udp_receive_inetd_child_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_inetd_child_port',`
gen_require(`
type inetd_child_port_t;
')
allow $1 inetd_child_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_inetd_child_port',`
gen_require(`
type inetd_child_port_t;
')
allow $1 inetd_child_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_inetd_child_port',`
gen_require(`
type inetd_child_port_t;
')
dontaudit $1 inetd_child_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_inetd_child_port',`
gen_require(`
type inetd_child_port_t;
')
allow $1 inetd_child_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to inetd_child port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_inetd_child_port',`
gen_require(`
type inetd_child_port_t;
')
dontaudit $1 inetd_child_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send inetd_child_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_inetd_child_client_packets',`
gen_require(`
type inetd_child_client_packet_t;
')
allow $1 inetd_child_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send inetd_child_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_inetd_child_client_packets',`
gen_require(`
type inetd_child_client_packet_t;
')
dontaudit $1 inetd_child_client_packet_t:packet send;
')
########################################
## <summary>
## Receive inetd_child_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_inetd_child_client_packets',`
gen_require(`
type inetd_child_client_packet_t;
')
allow $1 inetd_child_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive inetd_child_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_inetd_child_client_packets',`
gen_require(`
type inetd_child_client_packet_t;
')
dontaudit $1 inetd_child_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive inetd_child_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_inetd_child_client_packets',`
corenet_send_inetd_child_client_packets($1)
corenet_receive_inetd_child_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive inetd_child_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_inetd_child_client_packets',`
corenet_dontaudit_send_inetd_child_client_packets($1)
corenet_dontaudit_receive_inetd_child_client_packets($1)
')
########################################
## <summary>
## Relabel packets to inetd_child_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_inetd_child_client_packets',`
gen_require(`
type inetd_child_client_packet_t;
')
allow $1 inetd_child_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send inetd_child_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_inetd_child_server_packets',`
gen_require(`
type inetd_child_server_packet_t;
')
allow $1 inetd_child_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send inetd_child_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_inetd_child_server_packets',`
gen_require(`
type inetd_child_server_packet_t;
')
dontaudit $1 inetd_child_server_packet_t:packet send;
')
########################################
## <summary>
## Receive inetd_child_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_inetd_child_server_packets',`
gen_require(`
type inetd_child_server_packet_t;
')
allow $1 inetd_child_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive inetd_child_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_inetd_child_server_packets',`
gen_require(`
type inetd_child_server_packet_t;
')
dontaudit $1 inetd_child_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive inetd_child_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_inetd_child_server_packets',`
corenet_send_inetd_child_server_packets($1)
corenet_receive_inetd_child_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive inetd_child_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_inetd_child_server_packets',`
corenet_dontaudit_send_inetd_child_server_packets($1)
corenet_dontaudit_receive_inetd_child_server_packets($1)
')
########################################
## <summary>
## Relabel packets to inetd_child_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_inetd_child_server_packets',`
gen_require(`
type inetd_child_server_packet_t;
')
allow $1 inetd_child_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_innd_port',`
gen_require(`
type innd_port_t;
')
allow $1 innd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_innd_port',`
gen_require(`
type innd_port_t;
')
allow $1 innd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_innd_port',`
gen_require(`
type innd_port_t;
')
dontaudit $1 innd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_innd_port',`
gen_require(`
type innd_port_t;
')
allow $1 innd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_innd_port',`
gen_require(`
type innd_port_t;
')
dontaudit $1 innd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_innd_port',`
corenet_udp_send_innd_port($1)
corenet_udp_receive_innd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_innd_port',`
corenet_dontaudit_udp_send_innd_port($1)
corenet_dontaudit_udp_receive_innd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_innd_port',`
gen_require(`
type innd_port_t;
')
allow $1 innd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_innd_port',`
gen_require(`
type innd_port_t;
')
allow $1 innd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_innd_port',`
gen_require(`
type innd_port_t;
')
dontaudit $1 innd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_innd_port',`
gen_require(`
type innd_port_t;
')
allow $1 innd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to innd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_innd_port',`
gen_require(`
type innd_port_t;
')
dontaudit $1 innd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send innd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_innd_client_packets',`
gen_require(`
type innd_client_packet_t;
')
allow $1 innd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send innd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_innd_client_packets',`
gen_require(`
type innd_client_packet_t;
')
dontaudit $1 innd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive innd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_innd_client_packets',`
gen_require(`
type innd_client_packet_t;
')
allow $1 innd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive innd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_innd_client_packets',`
gen_require(`
type innd_client_packet_t;
')
dontaudit $1 innd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive innd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_innd_client_packets',`
corenet_send_innd_client_packets($1)
corenet_receive_innd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive innd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_innd_client_packets',`
corenet_dontaudit_send_innd_client_packets($1)
corenet_dontaudit_receive_innd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to innd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_innd_client_packets',`
gen_require(`
type innd_client_packet_t;
')
allow $1 innd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send innd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_innd_server_packets',`
gen_require(`
type innd_server_packet_t;
')
allow $1 innd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send innd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_innd_server_packets',`
gen_require(`
type innd_server_packet_t;
')
dontaudit $1 innd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive innd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_innd_server_packets',`
gen_require(`
type innd_server_packet_t;
')
allow $1 innd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive innd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_innd_server_packets',`
gen_require(`
type innd_server_packet_t;
')
dontaudit $1 innd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive innd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_innd_server_packets',`
corenet_send_innd_server_packets($1)
corenet_receive_innd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive innd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_innd_server_packets',`
corenet_dontaudit_send_innd_server_packets($1)
corenet_dontaudit_receive_innd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to innd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_innd_server_packets',`
gen_require(`
type innd_server_packet_t;
')
allow $1 innd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the interwise port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_interwise_port',`
gen_require(`
type interwise_port_t;
')
allow $1 interwise_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the interwise port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_interwise_port',`
gen_require(`
type interwise_port_t;
')
allow $1 interwise_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the interwise port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_interwise_port',`
gen_require(`
type interwise_port_t;
')
dontaudit $1 interwise_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the interwise port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_interwise_port',`
gen_require(`
type interwise_port_t;
')
allow $1 interwise_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the interwise port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_interwise_port',`
gen_require(`
type interwise_port_t;
')
dontaudit $1 interwise_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the interwise port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_interwise_port',`
corenet_udp_send_interwise_port($1)
corenet_udp_receive_interwise_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the interwise port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_interwise_port',`
corenet_dontaudit_udp_send_interwise_port($1)
corenet_dontaudit_udp_receive_interwise_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the interwise port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_interwise_port',`
gen_require(`
type interwise_port_t;
')
allow $1 interwise_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the interwise port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_interwise_port',`
gen_require(`
type interwise_port_t;
')
allow $1 interwise_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to interwise port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_interwise_port',`
gen_require(`
type interwise_port_t;
')
dontaudit $1 interwise_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the interwise port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_interwise_port',`
gen_require(`
type interwise_port_t;
')
allow $1 interwise_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to interwise port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_interwise_port',`
gen_require(`
type interwise_port_t;
')
dontaudit $1 interwise_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send interwise_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_interwise_client_packets',`
gen_require(`
type interwise_client_packet_t;
')
allow $1 interwise_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send interwise_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_interwise_client_packets',`
gen_require(`
type interwise_client_packet_t;
')
dontaudit $1 interwise_client_packet_t:packet send;
')
########################################
## <summary>
## Receive interwise_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_interwise_client_packets',`
gen_require(`
type interwise_client_packet_t;
')
allow $1 interwise_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive interwise_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_interwise_client_packets',`
gen_require(`
type interwise_client_packet_t;
')
dontaudit $1 interwise_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive interwise_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_interwise_client_packets',`
corenet_send_interwise_client_packets($1)
corenet_receive_interwise_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive interwise_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_interwise_client_packets',`
corenet_dontaudit_send_interwise_client_packets($1)
corenet_dontaudit_receive_interwise_client_packets($1)
')
########################################
## <summary>
## Relabel packets to interwise_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_interwise_client_packets',`
gen_require(`
type interwise_client_packet_t;
')
allow $1 interwise_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send interwise_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_interwise_server_packets',`
gen_require(`
type interwise_server_packet_t;
')
allow $1 interwise_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send interwise_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_interwise_server_packets',`
gen_require(`
type interwise_server_packet_t;
')
dontaudit $1 interwise_server_packet_t:packet send;
')
########################################
## <summary>
## Receive interwise_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_interwise_server_packets',`
gen_require(`
type interwise_server_packet_t;
')
allow $1 interwise_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive interwise_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_interwise_server_packets',`
gen_require(`
type interwise_server_packet_t;
')
dontaudit $1 interwise_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive interwise_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_interwise_server_packets',`
corenet_send_interwise_server_packets($1)
corenet_receive_interwise_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive interwise_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_interwise_server_packets',`
corenet_dontaudit_send_interwise_server_packets($1)
corenet_dontaudit_receive_interwise_server_packets($1)
')
########################################
## <summary>
## Relabel packets to interwise_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_interwise_server_packets',`
gen_require(`
type interwise_server_packet_t;
')
allow $1 interwise_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ionixnetmon_port',`
gen_require(`
type ionixnetmon_port_t;
')
allow $1 ionixnetmon_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ionixnetmon_port',`
gen_require(`
type ionixnetmon_port_t;
')
allow $1 ionixnetmon_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ionixnetmon_port',`
gen_require(`
type ionixnetmon_port_t;
')
dontaudit $1 ionixnetmon_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ionixnetmon_port',`
gen_require(`
type ionixnetmon_port_t;
')
allow $1 ionixnetmon_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ionixnetmon_port',`
gen_require(`
type ionixnetmon_port_t;
')
dontaudit $1 ionixnetmon_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ionixnetmon_port',`
corenet_udp_send_ionixnetmon_port($1)
corenet_udp_receive_ionixnetmon_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ionixnetmon_port',`
corenet_dontaudit_udp_send_ionixnetmon_port($1)
corenet_dontaudit_udp_receive_ionixnetmon_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ionixnetmon_port',`
gen_require(`
type ionixnetmon_port_t;
')
allow $1 ionixnetmon_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ionixnetmon_port',`
gen_require(`
type ionixnetmon_port_t;
')
allow $1 ionixnetmon_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ionixnetmon_port',`
gen_require(`
type ionixnetmon_port_t;
')
dontaudit $1 ionixnetmon_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ionixnetmon_port',`
gen_require(`
type ionixnetmon_port_t;
')
allow $1 ionixnetmon_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ionixnetmon port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ionixnetmon_port',`
gen_require(`
type ionixnetmon_port_t;
')
dontaudit $1 ionixnetmon_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ionixnetmon_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ionixnetmon_client_packets',`
gen_require(`
type ionixnetmon_client_packet_t;
')
allow $1 ionixnetmon_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ionixnetmon_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ionixnetmon_client_packets',`
gen_require(`
type ionixnetmon_client_packet_t;
')
dontaudit $1 ionixnetmon_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ionixnetmon_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ionixnetmon_client_packets',`
gen_require(`
type ionixnetmon_client_packet_t;
')
allow $1 ionixnetmon_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ionixnetmon_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ionixnetmon_client_packets',`
gen_require(`
type ionixnetmon_client_packet_t;
')
dontaudit $1 ionixnetmon_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ionixnetmon_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ionixnetmon_client_packets',`
corenet_send_ionixnetmon_client_packets($1)
corenet_receive_ionixnetmon_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ionixnetmon_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ionixnetmon_client_packets',`
corenet_dontaudit_send_ionixnetmon_client_packets($1)
corenet_dontaudit_receive_ionixnetmon_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ionixnetmon_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ionixnetmon_client_packets',`
gen_require(`
type ionixnetmon_client_packet_t;
')
allow $1 ionixnetmon_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ionixnetmon_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ionixnetmon_server_packets',`
gen_require(`
type ionixnetmon_server_packet_t;
')
allow $1 ionixnetmon_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ionixnetmon_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ionixnetmon_server_packets',`
gen_require(`
type ionixnetmon_server_packet_t;
')
dontaudit $1 ionixnetmon_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ionixnetmon_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ionixnetmon_server_packets',`
gen_require(`
type ionixnetmon_server_packet_t;
')
allow $1 ionixnetmon_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ionixnetmon_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ionixnetmon_server_packets',`
gen_require(`
type ionixnetmon_server_packet_t;
')
dontaudit $1 ionixnetmon_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ionixnetmon_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ionixnetmon_server_packets',`
corenet_send_ionixnetmon_server_packets($1)
corenet_receive_ionixnetmon_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ionixnetmon_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ionixnetmon_server_packets',`
corenet_dontaudit_send_ionixnetmon_server_packets($1)
corenet_dontaudit_receive_ionixnetmon_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ionixnetmon_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ionixnetmon_server_packets',`
gen_require(`
type ionixnetmon_server_packet_t;
')
allow $1 ionixnetmon_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ipmi_port',`
gen_require(`
type ipmi_port_t;
')
allow $1 ipmi_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ipmi_port',`
gen_require(`
type ipmi_port_t;
')
allow $1 ipmi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ipmi_port',`
gen_require(`
type ipmi_port_t;
')
dontaudit $1 ipmi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ipmi_port',`
gen_require(`
type ipmi_port_t;
')
allow $1 ipmi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ipmi_port',`
gen_require(`
type ipmi_port_t;
')
dontaudit $1 ipmi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ipmi_port',`
corenet_udp_send_ipmi_port($1)
corenet_udp_receive_ipmi_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ipmi_port',`
corenet_dontaudit_udp_send_ipmi_port($1)
corenet_dontaudit_udp_receive_ipmi_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ipmi_port',`
gen_require(`
type ipmi_port_t;
')
allow $1 ipmi_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ipmi_port',`
gen_require(`
type ipmi_port_t;
')
allow $1 ipmi_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ipmi_port',`
gen_require(`
type ipmi_port_t;
')
dontaudit $1 ipmi_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ipmi_port',`
gen_require(`
type ipmi_port_t;
')
allow $1 ipmi_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ipmi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ipmi_port',`
gen_require(`
type ipmi_port_t;
')
dontaudit $1 ipmi_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ipmi_client_packets',`
gen_require(`
type ipmi_client_packet_t;
')
allow $1 ipmi_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ipmi_client_packets',`
gen_require(`
type ipmi_client_packet_t;
')
dontaudit $1 ipmi_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ipmi_client_packets',`
gen_require(`
type ipmi_client_packet_t;
')
allow $1 ipmi_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ipmi_client_packets',`
gen_require(`
type ipmi_client_packet_t;
')
dontaudit $1 ipmi_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ipmi_client_packets',`
corenet_send_ipmi_client_packets($1)
corenet_receive_ipmi_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ipmi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ipmi_client_packets',`
corenet_dontaudit_send_ipmi_client_packets($1)
corenet_dontaudit_receive_ipmi_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ipmi_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ipmi_client_packets',`
gen_require(`
type ipmi_client_packet_t;
')
allow $1 ipmi_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ipmi_server_packets',`
gen_require(`
type ipmi_server_packet_t;
')
allow $1 ipmi_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ipmi_server_packets',`
gen_require(`
type ipmi_server_packet_t;
')
dontaudit $1 ipmi_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ipmi_server_packets',`
gen_require(`
type ipmi_server_packet_t;
')
allow $1 ipmi_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ipmi_server_packets',`
gen_require(`
type ipmi_server_packet_t;
')
dontaudit $1 ipmi_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ipmi_server_packets',`
corenet_send_ipmi_server_packets($1)
corenet_receive_ipmi_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ipmi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ipmi_server_packets',`
corenet_dontaudit_send_ipmi_server_packets($1)
corenet_dontaudit_receive_ipmi_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ipmi_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ipmi_server_packets',`
gen_require(`
type ipmi_server_packet_t;
')
allow $1 ipmi_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ipp_port',`
gen_require(`
type ipp_port_t;
')
allow $1 ipp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ipp_port',`
gen_require(`
type ipp_port_t;
')
allow $1 ipp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ipp_port',`
gen_require(`
type ipp_port_t;
')
dontaudit $1 ipp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ipp_port',`
gen_require(`
type ipp_port_t;
')
allow $1 ipp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ipp_port',`
gen_require(`
type ipp_port_t;
')
dontaudit $1 ipp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ipp_port',`
corenet_udp_send_ipp_port($1)
corenet_udp_receive_ipp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ipp_port',`
corenet_dontaudit_udp_send_ipp_port($1)
corenet_dontaudit_udp_receive_ipp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ipp_port',`
gen_require(`
type ipp_port_t;
')
allow $1 ipp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ipp_port',`
gen_require(`
type ipp_port_t;
')
allow $1 ipp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ipp_port',`
gen_require(`
type ipp_port_t;
')
dontaudit $1 ipp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ipp_port',`
gen_require(`
type ipp_port_t;
')
allow $1 ipp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ipp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ipp_port',`
gen_require(`
type ipp_port_t;
')
dontaudit $1 ipp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ipp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ipp_client_packets',`
gen_require(`
type ipp_client_packet_t;
')
allow $1 ipp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ipp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ipp_client_packets',`
gen_require(`
type ipp_client_packet_t;
')
dontaudit $1 ipp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ipp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ipp_client_packets',`
gen_require(`
type ipp_client_packet_t;
')
allow $1 ipp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ipp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ipp_client_packets',`
gen_require(`
type ipp_client_packet_t;
')
dontaudit $1 ipp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ipp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ipp_client_packets',`
corenet_send_ipp_client_packets($1)
corenet_receive_ipp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ipp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ipp_client_packets',`
corenet_dontaudit_send_ipp_client_packets($1)
corenet_dontaudit_receive_ipp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ipp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ipp_client_packets',`
gen_require(`
type ipp_client_packet_t;
')
allow $1 ipp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ipp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ipp_server_packets',`
gen_require(`
type ipp_server_packet_t;
')
allow $1 ipp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ipp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ipp_server_packets',`
gen_require(`
type ipp_server_packet_t;
')
dontaudit $1 ipp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ipp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ipp_server_packets',`
gen_require(`
type ipp_server_packet_t;
')
allow $1 ipp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ipp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ipp_server_packets',`
gen_require(`
type ipp_server_packet_t;
')
dontaudit $1 ipp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ipp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ipp_server_packets',`
corenet_send_ipp_server_packets($1)
corenet_receive_ipp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ipp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ipp_server_packets',`
corenet_dontaudit_send_ipp_server_packets($1)
corenet_dontaudit_receive_ipp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ipp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ipp_server_packets',`
gen_require(`
type ipp_server_packet_t;
')
allow $1 ipp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ipsecnat_port',`
gen_require(`
type ipsecnat_port_t;
')
allow $1 ipsecnat_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ipsecnat_port',`
gen_require(`
type ipsecnat_port_t;
')
allow $1 ipsecnat_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ipsecnat_port',`
gen_require(`
type ipsecnat_port_t;
')
dontaudit $1 ipsecnat_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ipsecnat_port',`
gen_require(`
type ipsecnat_port_t;
')
allow $1 ipsecnat_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ipsecnat_port',`
gen_require(`
type ipsecnat_port_t;
')
dontaudit $1 ipsecnat_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ipsecnat_port',`
corenet_udp_send_ipsecnat_port($1)
corenet_udp_receive_ipsecnat_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ipsecnat_port',`
corenet_dontaudit_udp_send_ipsecnat_port($1)
corenet_dontaudit_udp_receive_ipsecnat_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ipsecnat_port',`
gen_require(`
type ipsecnat_port_t;
')
allow $1 ipsecnat_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ipsecnat_port',`
gen_require(`
type ipsecnat_port_t;
')
allow $1 ipsecnat_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ipsecnat_port',`
gen_require(`
type ipsecnat_port_t;
')
dontaudit $1 ipsecnat_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ipsecnat_port',`
gen_require(`
type ipsecnat_port_t;
')
allow $1 ipsecnat_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ipsecnat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ipsecnat_port',`
gen_require(`
type ipsecnat_port_t;
')
dontaudit $1 ipsecnat_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ipsecnat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ipsecnat_client_packets',`
gen_require(`
type ipsecnat_client_packet_t;
')
allow $1 ipsecnat_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ipsecnat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ipsecnat_client_packets',`
gen_require(`
type ipsecnat_client_packet_t;
')
dontaudit $1 ipsecnat_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ipsecnat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ipsecnat_client_packets',`
gen_require(`
type ipsecnat_client_packet_t;
')
allow $1 ipsecnat_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ipsecnat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ipsecnat_client_packets',`
gen_require(`
type ipsecnat_client_packet_t;
')
dontaudit $1 ipsecnat_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ipsecnat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ipsecnat_client_packets',`
corenet_send_ipsecnat_client_packets($1)
corenet_receive_ipsecnat_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ipsecnat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ipsecnat_client_packets',`
corenet_dontaudit_send_ipsecnat_client_packets($1)
corenet_dontaudit_receive_ipsecnat_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ipsecnat_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ipsecnat_client_packets',`
gen_require(`
type ipsecnat_client_packet_t;
')
allow $1 ipsecnat_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ipsecnat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ipsecnat_server_packets',`
gen_require(`
type ipsecnat_server_packet_t;
')
allow $1 ipsecnat_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ipsecnat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ipsecnat_server_packets',`
gen_require(`
type ipsecnat_server_packet_t;
')
dontaudit $1 ipsecnat_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ipsecnat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ipsecnat_server_packets',`
gen_require(`
type ipsecnat_server_packet_t;
')
allow $1 ipsecnat_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ipsecnat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ipsecnat_server_packets',`
gen_require(`
type ipsecnat_server_packet_t;
')
dontaudit $1 ipsecnat_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ipsecnat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ipsecnat_server_packets',`
corenet_send_ipsecnat_server_packets($1)
corenet_receive_ipsecnat_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ipsecnat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ipsecnat_server_packets',`
corenet_dontaudit_send_ipsecnat_server_packets($1)
corenet_dontaudit_receive_ipsecnat_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ipsecnat_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ipsecnat_server_packets',`
gen_require(`
type ipsecnat_server_packet_t;
')
allow $1 ipsecnat_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ircd_port',`
gen_require(`
type ircd_port_t;
')
allow $1 ircd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ircd_port',`
gen_require(`
type ircd_port_t;
')
allow $1 ircd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ircd_port',`
gen_require(`
type ircd_port_t;
')
dontaudit $1 ircd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ircd_port',`
gen_require(`
type ircd_port_t;
')
allow $1 ircd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ircd_port',`
gen_require(`
type ircd_port_t;
')
dontaudit $1 ircd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ircd_port',`
corenet_udp_send_ircd_port($1)
corenet_udp_receive_ircd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ircd_port',`
corenet_dontaudit_udp_send_ircd_port($1)
corenet_dontaudit_udp_receive_ircd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ircd_port',`
gen_require(`
type ircd_port_t;
')
allow $1 ircd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ircd_port',`
gen_require(`
type ircd_port_t;
')
allow $1 ircd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ircd_port',`
gen_require(`
type ircd_port_t;
')
dontaudit $1 ircd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ircd_port',`
gen_require(`
type ircd_port_t;
')
allow $1 ircd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ircd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ircd_port',`
gen_require(`
type ircd_port_t;
')
dontaudit $1 ircd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ircd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ircd_client_packets',`
gen_require(`
type ircd_client_packet_t;
')
allow $1 ircd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ircd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ircd_client_packets',`
gen_require(`
type ircd_client_packet_t;
')
dontaudit $1 ircd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ircd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ircd_client_packets',`
gen_require(`
type ircd_client_packet_t;
')
allow $1 ircd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ircd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ircd_client_packets',`
gen_require(`
type ircd_client_packet_t;
')
dontaudit $1 ircd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ircd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ircd_client_packets',`
corenet_send_ircd_client_packets($1)
corenet_receive_ircd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ircd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ircd_client_packets',`
corenet_dontaudit_send_ircd_client_packets($1)
corenet_dontaudit_receive_ircd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ircd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ircd_client_packets',`
gen_require(`
type ircd_client_packet_t;
')
allow $1 ircd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ircd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ircd_server_packets',`
gen_require(`
type ircd_server_packet_t;
')
allow $1 ircd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ircd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ircd_server_packets',`
gen_require(`
type ircd_server_packet_t;
')
dontaudit $1 ircd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ircd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ircd_server_packets',`
gen_require(`
type ircd_server_packet_t;
')
allow $1 ircd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ircd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ircd_server_packets',`
gen_require(`
type ircd_server_packet_t;
')
dontaudit $1 ircd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ircd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ircd_server_packets',`
corenet_send_ircd_server_packets($1)
corenet_receive_ircd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ircd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ircd_server_packets',`
corenet_dontaudit_send_ircd_server_packets($1)
corenet_dontaudit_receive_ircd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ircd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ircd_server_packets',`
gen_require(`
type ircd_server_packet_t;
')
allow $1 ircd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_isakmp_port',`
gen_require(`
type isakmp_port_t;
')
allow $1 isakmp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_isakmp_port',`
gen_require(`
type isakmp_port_t;
')
allow $1 isakmp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_isakmp_port',`
gen_require(`
type isakmp_port_t;
')
dontaudit $1 isakmp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_isakmp_port',`
gen_require(`
type isakmp_port_t;
')
allow $1 isakmp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_isakmp_port',`
gen_require(`
type isakmp_port_t;
')
dontaudit $1 isakmp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_isakmp_port',`
corenet_udp_send_isakmp_port($1)
corenet_udp_receive_isakmp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_isakmp_port',`
corenet_dontaudit_udp_send_isakmp_port($1)
corenet_dontaudit_udp_receive_isakmp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_isakmp_port',`
gen_require(`
type isakmp_port_t;
')
allow $1 isakmp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_isakmp_port',`
gen_require(`
type isakmp_port_t;
')
allow $1 isakmp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_isakmp_port',`
gen_require(`
type isakmp_port_t;
')
dontaudit $1 isakmp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_isakmp_port',`
gen_require(`
type isakmp_port_t;
')
allow $1 isakmp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to isakmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_isakmp_port',`
gen_require(`
type isakmp_port_t;
')
dontaudit $1 isakmp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send isakmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_isakmp_client_packets',`
gen_require(`
type isakmp_client_packet_t;
')
allow $1 isakmp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send isakmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_isakmp_client_packets',`
gen_require(`
type isakmp_client_packet_t;
')
dontaudit $1 isakmp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive isakmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_isakmp_client_packets',`
gen_require(`
type isakmp_client_packet_t;
')
allow $1 isakmp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive isakmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_isakmp_client_packets',`
gen_require(`
type isakmp_client_packet_t;
')
dontaudit $1 isakmp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive isakmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_isakmp_client_packets',`
corenet_send_isakmp_client_packets($1)
corenet_receive_isakmp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive isakmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_isakmp_client_packets',`
corenet_dontaudit_send_isakmp_client_packets($1)
corenet_dontaudit_receive_isakmp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to isakmp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_isakmp_client_packets',`
gen_require(`
type isakmp_client_packet_t;
')
allow $1 isakmp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send isakmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_isakmp_server_packets',`
gen_require(`
type isakmp_server_packet_t;
')
allow $1 isakmp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send isakmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_isakmp_server_packets',`
gen_require(`
type isakmp_server_packet_t;
')
dontaudit $1 isakmp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive isakmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_isakmp_server_packets',`
gen_require(`
type isakmp_server_packet_t;
')
allow $1 isakmp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive isakmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_isakmp_server_packets',`
gen_require(`
type isakmp_server_packet_t;
')
dontaudit $1 isakmp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive isakmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_isakmp_server_packets',`
corenet_send_isakmp_server_packets($1)
corenet_receive_isakmp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive isakmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_isakmp_server_packets',`
corenet_dontaudit_send_isakmp_server_packets($1)
corenet_dontaudit_receive_isakmp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to isakmp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_isakmp_server_packets',`
gen_require(`
type isakmp_server_packet_t;
')
allow $1 isakmp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_iscsi_port',`
gen_require(`
type iscsi_port_t;
')
allow $1 iscsi_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_iscsi_port',`
gen_require(`
type iscsi_port_t;
')
allow $1 iscsi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_iscsi_port',`
gen_require(`
type iscsi_port_t;
')
dontaudit $1 iscsi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_iscsi_port',`
gen_require(`
type iscsi_port_t;
')
allow $1 iscsi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_iscsi_port',`
gen_require(`
type iscsi_port_t;
')
dontaudit $1 iscsi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_iscsi_port',`
corenet_udp_send_iscsi_port($1)
corenet_udp_receive_iscsi_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_iscsi_port',`
corenet_dontaudit_udp_send_iscsi_port($1)
corenet_dontaudit_udp_receive_iscsi_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_iscsi_port',`
gen_require(`
type iscsi_port_t;
')
allow $1 iscsi_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_iscsi_port',`
gen_require(`
type iscsi_port_t;
')
allow $1 iscsi_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_iscsi_port',`
gen_require(`
type iscsi_port_t;
')
dontaudit $1 iscsi_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_iscsi_port',`
gen_require(`
type iscsi_port_t;
')
allow $1 iscsi_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to iscsi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_iscsi_port',`
gen_require(`
type iscsi_port_t;
')
dontaudit $1 iscsi_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send iscsi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_iscsi_client_packets',`
gen_require(`
type iscsi_client_packet_t;
')
allow $1 iscsi_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send iscsi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_iscsi_client_packets',`
gen_require(`
type iscsi_client_packet_t;
')
dontaudit $1 iscsi_client_packet_t:packet send;
')
########################################
## <summary>
## Receive iscsi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_iscsi_client_packets',`
gen_require(`
type iscsi_client_packet_t;
')
allow $1 iscsi_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive iscsi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_iscsi_client_packets',`
gen_require(`
type iscsi_client_packet_t;
')
dontaudit $1 iscsi_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive iscsi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_iscsi_client_packets',`
corenet_send_iscsi_client_packets($1)
corenet_receive_iscsi_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive iscsi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_iscsi_client_packets',`
corenet_dontaudit_send_iscsi_client_packets($1)
corenet_dontaudit_receive_iscsi_client_packets($1)
')
########################################
## <summary>
## Relabel packets to iscsi_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_iscsi_client_packets',`
gen_require(`
type iscsi_client_packet_t;
')
allow $1 iscsi_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send iscsi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_iscsi_server_packets',`
gen_require(`
type iscsi_server_packet_t;
')
allow $1 iscsi_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send iscsi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_iscsi_server_packets',`
gen_require(`
type iscsi_server_packet_t;
')
dontaudit $1 iscsi_server_packet_t:packet send;
')
########################################
## <summary>
## Receive iscsi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_iscsi_server_packets',`
gen_require(`
type iscsi_server_packet_t;
')
allow $1 iscsi_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive iscsi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_iscsi_server_packets',`
gen_require(`
type iscsi_server_packet_t;
')
dontaudit $1 iscsi_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive iscsi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_iscsi_server_packets',`
corenet_send_iscsi_server_packets($1)
corenet_receive_iscsi_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive iscsi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_iscsi_server_packets',`
corenet_dontaudit_send_iscsi_server_packets($1)
corenet_dontaudit_receive_iscsi_server_packets($1)
')
########################################
## <summary>
## Relabel packets to iscsi_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_iscsi_server_packets',`
gen_require(`
type iscsi_server_packet_t;
')
allow $1 iscsi_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_isns_port',`
gen_require(`
type isns_port_t;
')
allow $1 isns_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_isns_port',`
gen_require(`
type isns_port_t;
')
allow $1 isns_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_isns_port',`
gen_require(`
type isns_port_t;
')
dontaudit $1 isns_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_isns_port',`
gen_require(`
type isns_port_t;
')
allow $1 isns_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_isns_port',`
gen_require(`
type isns_port_t;
')
dontaudit $1 isns_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_isns_port',`
corenet_udp_send_isns_port($1)
corenet_udp_receive_isns_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_isns_port',`
corenet_dontaudit_udp_send_isns_port($1)
corenet_dontaudit_udp_receive_isns_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_isns_port',`
gen_require(`
type isns_port_t;
')
allow $1 isns_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_isns_port',`
gen_require(`
type isns_port_t;
')
allow $1 isns_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_isns_port',`
gen_require(`
type isns_port_t;
')
dontaudit $1 isns_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_isns_port',`
gen_require(`
type isns_port_t;
')
allow $1 isns_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to isns port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_isns_port',`
gen_require(`
type isns_port_t;
')
dontaudit $1 isns_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send isns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_isns_client_packets',`
gen_require(`
type isns_client_packet_t;
')
allow $1 isns_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send isns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_isns_client_packets',`
gen_require(`
type isns_client_packet_t;
')
dontaudit $1 isns_client_packet_t:packet send;
')
########################################
## <summary>
## Receive isns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_isns_client_packets',`
gen_require(`
type isns_client_packet_t;
')
allow $1 isns_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive isns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_isns_client_packets',`
gen_require(`
type isns_client_packet_t;
')
dontaudit $1 isns_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive isns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_isns_client_packets',`
corenet_send_isns_client_packets($1)
corenet_receive_isns_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive isns_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_isns_client_packets',`
corenet_dontaudit_send_isns_client_packets($1)
corenet_dontaudit_receive_isns_client_packets($1)
')
########################################
## <summary>
## Relabel packets to isns_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_isns_client_packets',`
gen_require(`
type isns_client_packet_t;
')
allow $1 isns_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send isns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_isns_server_packets',`
gen_require(`
type isns_server_packet_t;
')
allow $1 isns_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send isns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_isns_server_packets',`
gen_require(`
type isns_server_packet_t;
')
dontaudit $1 isns_server_packet_t:packet send;
')
########################################
## <summary>
## Receive isns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_isns_server_packets',`
gen_require(`
type isns_server_packet_t;
')
allow $1 isns_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive isns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_isns_server_packets',`
gen_require(`
type isns_server_packet_t;
')
dontaudit $1 isns_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive isns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_isns_server_packets',`
corenet_send_isns_server_packets($1)
corenet_receive_isns_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive isns_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_isns_server_packets',`
corenet_dontaudit_send_isns_server_packets($1)
corenet_dontaudit_receive_isns_server_packets($1)
')
########################################
## <summary>
## Relabel packets to isns_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_isns_server_packets',`
gen_require(`
type isns_server_packet_t;
')
allow $1 isns_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_jabber_client_port',`
gen_require(`
type jabber_client_port_t;
')
allow $1 jabber_client_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_jabber_client_port',`
gen_require(`
type jabber_client_port_t;
')
allow $1 jabber_client_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_jabber_client_port',`
gen_require(`
type jabber_client_port_t;
')
dontaudit $1 jabber_client_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_jabber_client_port',`
gen_require(`
type jabber_client_port_t;
')
allow $1 jabber_client_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_jabber_client_port',`
gen_require(`
type jabber_client_port_t;
')
dontaudit $1 jabber_client_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_jabber_client_port',`
corenet_udp_send_jabber_client_port($1)
corenet_udp_receive_jabber_client_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_jabber_client_port',`
corenet_dontaudit_udp_send_jabber_client_port($1)
corenet_dontaudit_udp_receive_jabber_client_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_jabber_client_port',`
gen_require(`
type jabber_client_port_t;
')
allow $1 jabber_client_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_jabber_client_port',`
gen_require(`
type jabber_client_port_t;
')
allow $1 jabber_client_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_jabber_client_port',`
gen_require(`
type jabber_client_port_t;
')
dontaudit $1 jabber_client_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_jabber_client_port',`
gen_require(`
type jabber_client_port_t;
')
allow $1 jabber_client_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to jabber_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_jabber_client_port',`
gen_require(`
type jabber_client_port_t;
')
dontaudit $1 jabber_client_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send jabber_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jabber_client_client_packets',`
gen_require(`
type jabber_client_client_packet_t;
')
allow $1 jabber_client_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jabber_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jabber_client_client_packets',`
gen_require(`
type jabber_client_client_packet_t;
')
dontaudit $1 jabber_client_client_packet_t:packet send;
')
########################################
## <summary>
## Receive jabber_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jabber_client_client_packets',`
gen_require(`
type jabber_client_client_packet_t;
')
allow $1 jabber_client_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jabber_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jabber_client_client_packets',`
gen_require(`
type jabber_client_client_packet_t;
')
dontaudit $1 jabber_client_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jabber_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jabber_client_client_packets',`
corenet_send_jabber_client_client_packets($1)
corenet_receive_jabber_client_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jabber_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jabber_client_client_packets',`
corenet_dontaudit_send_jabber_client_client_packets($1)
corenet_dontaudit_receive_jabber_client_client_packets($1)
')
########################################
## <summary>
## Relabel packets to jabber_client_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jabber_client_client_packets',`
gen_require(`
type jabber_client_client_packet_t;
')
allow $1 jabber_client_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send jabber_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jabber_client_server_packets',`
gen_require(`
type jabber_client_server_packet_t;
')
allow $1 jabber_client_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jabber_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jabber_client_server_packets',`
gen_require(`
type jabber_client_server_packet_t;
')
dontaudit $1 jabber_client_server_packet_t:packet send;
')
########################################
## <summary>
## Receive jabber_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jabber_client_server_packets',`
gen_require(`
type jabber_client_server_packet_t;
')
allow $1 jabber_client_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jabber_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jabber_client_server_packets',`
gen_require(`
type jabber_client_server_packet_t;
')
dontaudit $1 jabber_client_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jabber_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jabber_client_server_packets',`
corenet_send_jabber_client_server_packets($1)
corenet_receive_jabber_client_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jabber_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jabber_client_server_packets',`
corenet_dontaudit_send_jabber_client_server_packets($1)
corenet_dontaudit_receive_jabber_client_server_packets($1)
')
########################################
## <summary>
## Relabel packets to jabber_client_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jabber_client_server_packets',`
gen_require(`
type jabber_client_server_packet_t;
')
allow $1 jabber_client_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_jabber_interserver_port',`
gen_require(`
type jabber_interserver_port_t;
')
allow $1 jabber_interserver_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_jabber_interserver_port',`
gen_require(`
type jabber_interserver_port_t;
')
allow $1 jabber_interserver_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_jabber_interserver_port',`
gen_require(`
type jabber_interserver_port_t;
')
dontaudit $1 jabber_interserver_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_jabber_interserver_port',`
gen_require(`
type jabber_interserver_port_t;
')
allow $1 jabber_interserver_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_jabber_interserver_port',`
gen_require(`
type jabber_interserver_port_t;
')
dontaudit $1 jabber_interserver_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_jabber_interserver_port',`
corenet_udp_send_jabber_interserver_port($1)
corenet_udp_receive_jabber_interserver_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_jabber_interserver_port',`
corenet_dontaudit_udp_send_jabber_interserver_port($1)
corenet_dontaudit_udp_receive_jabber_interserver_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_jabber_interserver_port',`
gen_require(`
type jabber_interserver_port_t;
')
allow $1 jabber_interserver_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_jabber_interserver_port',`
gen_require(`
type jabber_interserver_port_t;
')
allow $1 jabber_interserver_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_jabber_interserver_port',`
gen_require(`
type jabber_interserver_port_t;
')
dontaudit $1 jabber_interserver_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_jabber_interserver_port',`
gen_require(`
type jabber_interserver_port_t;
')
allow $1 jabber_interserver_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to jabber_interserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_jabber_interserver_port',`
gen_require(`
type jabber_interserver_port_t;
')
dontaudit $1 jabber_interserver_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send jabber_interserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jabber_interserver_client_packets',`
gen_require(`
type jabber_interserver_client_packet_t;
')
allow $1 jabber_interserver_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jabber_interserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jabber_interserver_client_packets',`
gen_require(`
type jabber_interserver_client_packet_t;
')
dontaudit $1 jabber_interserver_client_packet_t:packet send;
')
########################################
## <summary>
## Receive jabber_interserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jabber_interserver_client_packets',`
gen_require(`
type jabber_interserver_client_packet_t;
')
allow $1 jabber_interserver_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jabber_interserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jabber_interserver_client_packets',`
gen_require(`
type jabber_interserver_client_packet_t;
')
dontaudit $1 jabber_interserver_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jabber_interserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jabber_interserver_client_packets',`
corenet_send_jabber_interserver_client_packets($1)
corenet_receive_jabber_interserver_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jabber_interserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jabber_interserver_client_packets',`
corenet_dontaudit_send_jabber_interserver_client_packets($1)
corenet_dontaudit_receive_jabber_interserver_client_packets($1)
')
########################################
## <summary>
## Relabel packets to jabber_interserver_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jabber_interserver_client_packets',`
gen_require(`
type jabber_interserver_client_packet_t;
')
allow $1 jabber_interserver_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send jabber_interserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jabber_interserver_server_packets',`
gen_require(`
type jabber_interserver_server_packet_t;
')
allow $1 jabber_interserver_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jabber_interserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jabber_interserver_server_packets',`
gen_require(`
type jabber_interserver_server_packet_t;
')
dontaudit $1 jabber_interserver_server_packet_t:packet send;
')
########################################
## <summary>
## Receive jabber_interserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jabber_interserver_server_packets',`
gen_require(`
type jabber_interserver_server_packet_t;
')
allow $1 jabber_interserver_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jabber_interserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jabber_interserver_server_packets',`
gen_require(`
type jabber_interserver_server_packet_t;
')
dontaudit $1 jabber_interserver_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jabber_interserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jabber_interserver_server_packets',`
corenet_send_jabber_interserver_server_packets($1)
corenet_receive_jabber_interserver_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jabber_interserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jabber_interserver_server_packets',`
corenet_dontaudit_send_jabber_interserver_server_packets($1)
corenet_dontaudit_receive_jabber_interserver_server_packets($1)
')
########################################
## <summary>
## Relabel packets to jabber_interserver_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jabber_interserver_server_packets',`
gen_require(`
type jabber_interserver_server_packet_t;
')
allow $1 jabber_interserver_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_jabber_router_port',`
gen_require(`
type jabber_router_port_t;
')
allow $1 jabber_router_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_jabber_router_port',`
gen_require(`
type jabber_router_port_t;
')
allow $1 jabber_router_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_jabber_router_port',`
gen_require(`
type jabber_router_port_t;
')
dontaudit $1 jabber_router_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_jabber_router_port',`
gen_require(`
type jabber_router_port_t;
')
allow $1 jabber_router_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_jabber_router_port',`
gen_require(`
type jabber_router_port_t;
')
dontaudit $1 jabber_router_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_jabber_router_port',`
corenet_udp_send_jabber_router_port($1)
corenet_udp_receive_jabber_router_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_jabber_router_port',`
corenet_dontaudit_udp_send_jabber_router_port($1)
corenet_dontaudit_udp_receive_jabber_router_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_jabber_router_port',`
gen_require(`
type jabber_router_port_t;
')
allow $1 jabber_router_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_jabber_router_port',`
gen_require(`
type jabber_router_port_t;
')
allow $1 jabber_router_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_jabber_router_port',`
gen_require(`
type jabber_router_port_t;
')
dontaudit $1 jabber_router_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_jabber_router_port',`
gen_require(`
type jabber_router_port_t;
')
allow $1 jabber_router_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to jabber_router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_jabber_router_port',`
gen_require(`
type jabber_router_port_t;
')
dontaudit $1 jabber_router_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send jabber_router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jabber_router_client_packets',`
gen_require(`
type jabber_router_client_packet_t;
')
allow $1 jabber_router_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jabber_router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jabber_router_client_packets',`
gen_require(`
type jabber_router_client_packet_t;
')
dontaudit $1 jabber_router_client_packet_t:packet send;
')
########################################
## <summary>
## Receive jabber_router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jabber_router_client_packets',`
gen_require(`
type jabber_router_client_packet_t;
')
allow $1 jabber_router_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jabber_router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jabber_router_client_packets',`
gen_require(`
type jabber_router_client_packet_t;
')
dontaudit $1 jabber_router_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jabber_router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jabber_router_client_packets',`
corenet_send_jabber_router_client_packets($1)
corenet_receive_jabber_router_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jabber_router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jabber_router_client_packets',`
corenet_dontaudit_send_jabber_router_client_packets($1)
corenet_dontaudit_receive_jabber_router_client_packets($1)
')
########################################
## <summary>
## Relabel packets to jabber_router_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jabber_router_client_packets',`
gen_require(`
type jabber_router_client_packet_t;
')
allow $1 jabber_router_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send jabber_router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jabber_router_server_packets',`
gen_require(`
type jabber_router_server_packet_t;
')
allow $1 jabber_router_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jabber_router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jabber_router_server_packets',`
gen_require(`
type jabber_router_server_packet_t;
')
dontaudit $1 jabber_router_server_packet_t:packet send;
')
########################################
## <summary>
## Receive jabber_router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jabber_router_server_packets',`
gen_require(`
type jabber_router_server_packet_t;
')
allow $1 jabber_router_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jabber_router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jabber_router_server_packets',`
gen_require(`
type jabber_router_server_packet_t;
')
dontaudit $1 jabber_router_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jabber_router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jabber_router_server_packets',`
corenet_send_jabber_router_server_packets($1)
corenet_receive_jabber_router_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jabber_router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jabber_router_server_packets',`
corenet_dontaudit_send_jabber_router_server_packets($1)
corenet_dontaudit_receive_jabber_router_server_packets($1)
')
########################################
## <summary>
## Relabel packets to jabber_router_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jabber_router_server_packets',`
gen_require(`
type jabber_router_server_packet_t;
')
allow $1 jabber_router_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_jacorb_port',`
gen_require(`
type jacorb_port_t;
')
allow $1 jacorb_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_jacorb_port',`
gen_require(`
type jacorb_port_t;
')
allow $1 jacorb_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_jacorb_port',`
gen_require(`
type jacorb_port_t;
')
dontaudit $1 jacorb_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_jacorb_port',`
gen_require(`
type jacorb_port_t;
')
allow $1 jacorb_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_jacorb_port',`
gen_require(`
type jacorb_port_t;
')
dontaudit $1 jacorb_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_jacorb_port',`
corenet_udp_send_jacorb_port($1)
corenet_udp_receive_jacorb_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_jacorb_port',`
corenet_dontaudit_udp_send_jacorb_port($1)
corenet_dontaudit_udp_receive_jacorb_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_jacorb_port',`
gen_require(`
type jacorb_port_t;
')
allow $1 jacorb_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_jacorb_port',`
gen_require(`
type jacorb_port_t;
')
allow $1 jacorb_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_jacorb_port',`
gen_require(`
type jacorb_port_t;
')
dontaudit $1 jacorb_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_jacorb_port',`
gen_require(`
type jacorb_port_t;
')
allow $1 jacorb_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to jacorb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_jacorb_port',`
gen_require(`
type jacorb_port_t;
')
dontaudit $1 jacorb_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send jacorb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jacorb_client_packets',`
gen_require(`
type jacorb_client_packet_t;
')
allow $1 jacorb_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jacorb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jacorb_client_packets',`
gen_require(`
type jacorb_client_packet_t;
')
dontaudit $1 jacorb_client_packet_t:packet send;
')
########################################
## <summary>
## Receive jacorb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jacorb_client_packets',`
gen_require(`
type jacorb_client_packet_t;
')
allow $1 jacorb_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jacorb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jacorb_client_packets',`
gen_require(`
type jacorb_client_packet_t;
')
dontaudit $1 jacorb_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jacorb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jacorb_client_packets',`
corenet_send_jacorb_client_packets($1)
corenet_receive_jacorb_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jacorb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jacorb_client_packets',`
corenet_dontaudit_send_jacorb_client_packets($1)
corenet_dontaudit_receive_jacorb_client_packets($1)
')
########################################
## <summary>
## Relabel packets to jacorb_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jacorb_client_packets',`
gen_require(`
type jacorb_client_packet_t;
')
allow $1 jacorb_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send jacorb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jacorb_server_packets',`
gen_require(`
type jacorb_server_packet_t;
')
allow $1 jacorb_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jacorb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jacorb_server_packets',`
gen_require(`
type jacorb_server_packet_t;
')
dontaudit $1 jacorb_server_packet_t:packet send;
')
########################################
## <summary>
## Receive jacorb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jacorb_server_packets',`
gen_require(`
type jacorb_server_packet_t;
')
allow $1 jacorb_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jacorb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jacorb_server_packets',`
gen_require(`
type jacorb_server_packet_t;
')
dontaudit $1 jacorb_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jacorb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jacorb_server_packets',`
corenet_send_jacorb_server_packets($1)
corenet_receive_jacorb_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jacorb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jacorb_server_packets',`
corenet_dontaudit_send_jacorb_server_packets($1)
corenet_dontaudit_receive_jacorb_server_packets($1)
')
########################################
## <summary>
## Relabel packets to jacorb_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jacorb_server_packets',`
gen_require(`
type jacorb_server_packet_t;
')
allow $1 jacorb_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_jboss_debug_port',`
gen_require(`
type jboss_debug_port_t;
')
allow $1 jboss_debug_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_jboss_debug_port',`
gen_require(`
type jboss_debug_port_t;
')
allow $1 jboss_debug_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_jboss_debug_port',`
gen_require(`
type jboss_debug_port_t;
')
dontaudit $1 jboss_debug_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_jboss_debug_port',`
gen_require(`
type jboss_debug_port_t;
')
allow $1 jboss_debug_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_jboss_debug_port',`
gen_require(`
type jboss_debug_port_t;
')
dontaudit $1 jboss_debug_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_jboss_debug_port',`
corenet_udp_send_jboss_debug_port($1)
corenet_udp_receive_jboss_debug_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_jboss_debug_port',`
corenet_dontaudit_udp_send_jboss_debug_port($1)
corenet_dontaudit_udp_receive_jboss_debug_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_jboss_debug_port',`
gen_require(`
type jboss_debug_port_t;
')
allow $1 jboss_debug_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_jboss_debug_port',`
gen_require(`
type jboss_debug_port_t;
')
allow $1 jboss_debug_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_jboss_debug_port',`
gen_require(`
type jboss_debug_port_t;
')
dontaudit $1 jboss_debug_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_jboss_debug_port',`
gen_require(`
type jboss_debug_port_t;
')
allow $1 jboss_debug_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to jboss_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_jboss_debug_port',`
gen_require(`
type jboss_debug_port_t;
')
dontaudit $1 jboss_debug_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send jboss_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jboss_debug_client_packets',`
gen_require(`
type jboss_debug_client_packet_t;
')
allow $1 jboss_debug_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jboss_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jboss_debug_client_packets',`
gen_require(`
type jboss_debug_client_packet_t;
')
dontaudit $1 jboss_debug_client_packet_t:packet send;
')
########################################
## <summary>
## Receive jboss_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jboss_debug_client_packets',`
gen_require(`
type jboss_debug_client_packet_t;
')
allow $1 jboss_debug_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jboss_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jboss_debug_client_packets',`
gen_require(`
type jboss_debug_client_packet_t;
')
dontaudit $1 jboss_debug_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jboss_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jboss_debug_client_packets',`
corenet_send_jboss_debug_client_packets($1)
corenet_receive_jboss_debug_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jboss_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jboss_debug_client_packets',`
corenet_dontaudit_send_jboss_debug_client_packets($1)
corenet_dontaudit_receive_jboss_debug_client_packets($1)
')
########################################
## <summary>
## Relabel packets to jboss_debug_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jboss_debug_client_packets',`
gen_require(`
type jboss_debug_client_packet_t;
')
allow $1 jboss_debug_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send jboss_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jboss_debug_server_packets',`
gen_require(`
type jboss_debug_server_packet_t;
')
allow $1 jboss_debug_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jboss_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jboss_debug_server_packets',`
gen_require(`
type jboss_debug_server_packet_t;
')
dontaudit $1 jboss_debug_server_packet_t:packet send;
')
########################################
## <summary>
## Receive jboss_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jboss_debug_server_packets',`
gen_require(`
type jboss_debug_server_packet_t;
')
allow $1 jboss_debug_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jboss_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jboss_debug_server_packets',`
gen_require(`
type jboss_debug_server_packet_t;
')
dontaudit $1 jboss_debug_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jboss_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jboss_debug_server_packets',`
corenet_send_jboss_debug_server_packets($1)
corenet_receive_jboss_debug_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jboss_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jboss_debug_server_packets',`
corenet_dontaudit_send_jboss_debug_server_packets($1)
corenet_dontaudit_receive_jboss_debug_server_packets($1)
')
########################################
## <summary>
## Relabel packets to jboss_debug_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jboss_debug_server_packets',`
gen_require(`
type jboss_debug_server_packet_t;
')
allow $1 jboss_debug_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_jboss_messaging_port',`
gen_require(`
type jboss_messaging_port_t;
')
allow $1 jboss_messaging_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_jboss_messaging_port',`
gen_require(`
type jboss_messaging_port_t;
')
allow $1 jboss_messaging_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_jboss_messaging_port',`
gen_require(`
type jboss_messaging_port_t;
')
dontaudit $1 jboss_messaging_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_jboss_messaging_port',`
gen_require(`
type jboss_messaging_port_t;
')
allow $1 jboss_messaging_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_jboss_messaging_port',`
gen_require(`
type jboss_messaging_port_t;
')
dontaudit $1 jboss_messaging_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_jboss_messaging_port',`
corenet_udp_send_jboss_messaging_port($1)
corenet_udp_receive_jboss_messaging_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_jboss_messaging_port',`
corenet_dontaudit_udp_send_jboss_messaging_port($1)
corenet_dontaudit_udp_receive_jboss_messaging_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_jboss_messaging_port',`
gen_require(`
type jboss_messaging_port_t;
')
allow $1 jboss_messaging_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_jboss_messaging_port',`
gen_require(`
type jboss_messaging_port_t;
')
allow $1 jboss_messaging_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_jboss_messaging_port',`
gen_require(`
type jboss_messaging_port_t;
')
dontaudit $1 jboss_messaging_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_jboss_messaging_port',`
gen_require(`
type jboss_messaging_port_t;
')
allow $1 jboss_messaging_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to jboss_messaging port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_jboss_messaging_port',`
gen_require(`
type jboss_messaging_port_t;
')
dontaudit $1 jboss_messaging_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send jboss_messaging_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jboss_messaging_client_packets',`
gen_require(`
type jboss_messaging_client_packet_t;
')
allow $1 jboss_messaging_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jboss_messaging_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jboss_messaging_client_packets',`
gen_require(`
type jboss_messaging_client_packet_t;
')
dontaudit $1 jboss_messaging_client_packet_t:packet send;
')
########################################
## <summary>
## Receive jboss_messaging_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jboss_messaging_client_packets',`
gen_require(`
type jboss_messaging_client_packet_t;
')
allow $1 jboss_messaging_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jboss_messaging_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jboss_messaging_client_packets',`
gen_require(`
type jboss_messaging_client_packet_t;
')
dontaudit $1 jboss_messaging_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jboss_messaging_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jboss_messaging_client_packets',`
corenet_send_jboss_messaging_client_packets($1)
corenet_receive_jboss_messaging_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jboss_messaging_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jboss_messaging_client_packets',`
corenet_dontaudit_send_jboss_messaging_client_packets($1)
corenet_dontaudit_receive_jboss_messaging_client_packets($1)
')
########################################
## <summary>
## Relabel packets to jboss_messaging_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jboss_messaging_client_packets',`
gen_require(`
type jboss_messaging_client_packet_t;
')
allow $1 jboss_messaging_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send jboss_messaging_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jboss_messaging_server_packets',`
gen_require(`
type jboss_messaging_server_packet_t;
')
allow $1 jboss_messaging_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jboss_messaging_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jboss_messaging_server_packets',`
gen_require(`
type jboss_messaging_server_packet_t;
')
dontaudit $1 jboss_messaging_server_packet_t:packet send;
')
########################################
## <summary>
## Receive jboss_messaging_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jboss_messaging_server_packets',`
gen_require(`
type jboss_messaging_server_packet_t;
')
allow $1 jboss_messaging_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jboss_messaging_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jboss_messaging_server_packets',`
gen_require(`
type jboss_messaging_server_packet_t;
')
dontaudit $1 jboss_messaging_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jboss_messaging_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jboss_messaging_server_packets',`
corenet_send_jboss_messaging_server_packets($1)
corenet_receive_jboss_messaging_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jboss_messaging_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jboss_messaging_server_packets',`
corenet_dontaudit_send_jboss_messaging_server_packets($1)
corenet_dontaudit_receive_jboss_messaging_server_packets($1)
')
########################################
## <summary>
## Relabel packets to jboss_messaging_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jboss_messaging_server_packets',`
gen_require(`
type jboss_messaging_server_packet_t;
')
allow $1 jboss_messaging_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_jboss_management_port',`
gen_require(`
type jboss_management_port_t;
')
allow $1 jboss_management_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_jboss_management_port',`
gen_require(`
type jboss_management_port_t;
')
allow $1 jboss_management_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_jboss_management_port',`
gen_require(`
type jboss_management_port_t;
')
dontaudit $1 jboss_management_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_jboss_management_port',`
gen_require(`
type jboss_management_port_t;
')
allow $1 jboss_management_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_jboss_management_port',`
gen_require(`
type jboss_management_port_t;
')
dontaudit $1 jboss_management_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_jboss_management_port',`
corenet_udp_send_jboss_management_port($1)
corenet_udp_receive_jboss_management_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_jboss_management_port',`
corenet_dontaudit_udp_send_jboss_management_port($1)
corenet_dontaudit_udp_receive_jboss_management_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_jboss_management_port',`
gen_require(`
type jboss_management_port_t;
')
allow $1 jboss_management_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_jboss_management_port',`
gen_require(`
type jboss_management_port_t;
')
allow $1 jboss_management_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_jboss_management_port',`
gen_require(`
type jboss_management_port_t;
')
dontaudit $1 jboss_management_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_jboss_management_port',`
gen_require(`
type jboss_management_port_t;
')
allow $1 jboss_management_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to jboss_management port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_jboss_management_port',`
gen_require(`
type jboss_management_port_t;
')
dontaudit $1 jboss_management_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send jboss_management_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jboss_management_client_packets',`
gen_require(`
type jboss_management_client_packet_t;
')
allow $1 jboss_management_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jboss_management_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jboss_management_client_packets',`
gen_require(`
type jboss_management_client_packet_t;
')
dontaudit $1 jboss_management_client_packet_t:packet send;
')
########################################
## <summary>
## Receive jboss_management_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jboss_management_client_packets',`
gen_require(`
type jboss_management_client_packet_t;
')
allow $1 jboss_management_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jboss_management_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jboss_management_client_packets',`
gen_require(`
type jboss_management_client_packet_t;
')
dontaudit $1 jboss_management_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jboss_management_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jboss_management_client_packets',`
corenet_send_jboss_management_client_packets($1)
corenet_receive_jboss_management_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jboss_management_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jboss_management_client_packets',`
corenet_dontaudit_send_jboss_management_client_packets($1)
corenet_dontaudit_receive_jboss_management_client_packets($1)
')
########################################
## <summary>
## Relabel packets to jboss_management_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jboss_management_client_packets',`
gen_require(`
type jboss_management_client_packet_t;
')
allow $1 jboss_management_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send jboss_management_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_jboss_management_server_packets',`
gen_require(`
type jboss_management_server_packet_t;
')
allow $1 jboss_management_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send jboss_management_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_jboss_management_server_packets',`
gen_require(`
type jboss_management_server_packet_t;
')
dontaudit $1 jboss_management_server_packet_t:packet send;
')
########################################
## <summary>
## Receive jboss_management_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_jboss_management_server_packets',`
gen_require(`
type jboss_management_server_packet_t;
')
allow $1 jboss_management_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive jboss_management_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_jboss_management_server_packets',`
gen_require(`
type jboss_management_server_packet_t;
')
dontaudit $1 jboss_management_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive jboss_management_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_jboss_management_server_packets',`
corenet_send_jboss_management_server_packets($1)
corenet_receive_jboss_management_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive jboss_management_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_jboss_management_server_packets',`
corenet_dontaudit_send_jboss_management_server_packets($1)
corenet_dontaudit_receive_jboss_management_server_packets($1)
')
########################################
## <summary>
## Relabel packets to jboss_management_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_jboss_management_server_packets',`
gen_require(`
type jboss_management_server_packet_t;
')
allow $1 jboss_management_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the journal_remote port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_journal_remote_port',`
gen_require(`
type journal_remote_port_t;
')
allow $1 journal_remote_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the journal_remote port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_journal_remote_port',`
gen_require(`
type journal_remote_port_t;
')
allow $1 journal_remote_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the journal_remote port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_journal_remote_port',`
gen_require(`
type journal_remote_port_t;
')
dontaudit $1 journal_remote_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the journal_remote port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_journal_remote_port',`
gen_require(`
type journal_remote_port_t;
')
allow $1 journal_remote_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the journal_remote port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_journal_remote_port',`
gen_require(`
type journal_remote_port_t;
')
dontaudit $1 journal_remote_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the journal_remote port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_journal_remote_port',`
corenet_udp_send_journal_remote_port($1)
corenet_udp_receive_journal_remote_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the journal_remote port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_journal_remote_port',`
corenet_dontaudit_udp_send_journal_remote_port($1)
corenet_dontaudit_udp_receive_journal_remote_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the journal_remote port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_journal_remote_port',`
gen_require(`
type journal_remote_port_t;
')
allow $1 journal_remote_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the journal_remote port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_journal_remote_port',`
gen_require(`
type journal_remote_port_t;
')
allow $1 journal_remote_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to journal_remote port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_journal_remote_port',`
gen_require(`
type journal_remote_port_t;
')
dontaudit $1 journal_remote_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the journal_remote port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_journal_remote_port',`
gen_require(`
type journal_remote_port_t;
')
allow $1 journal_remote_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to journal_remote port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_journal_remote_port',`
gen_require(`
type journal_remote_port_t;
')
dontaudit $1 journal_remote_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send journal_remote_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_journal_remote_client_packets',`
gen_require(`
type journal_remote_client_packet_t;
')
allow $1 journal_remote_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send journal_remote_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_journal_remote_client_packets',`
gen_require(`
type journal_remote_client_packet_t;
')
dontaudit $1 journal_remote_client_packet_t:packet send;
')
########################################
## <summary>
## Receive journal_remote_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_journal_remote_client_packets',`
gen_require(`
type journal_remote_client_packet_t;
')
allow $1 journal_remote_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive journal_remote_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_journal_remote_client_packets',`
gen_require(`
type journal_remote_client_packet_t;
')
dontaudit $1 journal_remote_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive journal_remote_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_journal_remote_client_packets',`
corenet_send_journal_remote_client_packets($1)
corenet_receive_journal_remote_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive journal_remote_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_journal_remote_client_packets',`
corenet_dontaudit_send_journal_remote_client_packets($1)
corenet_dontaudit_receive_journal_remote_client_packets($1)
')
########################################
## <summary>
## Relabel packets to journal_remote_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_journal_remote_client_packets',`
gen_require(`
type journal_remote_client_packet_t;
')
allow $1 journal_remote_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send journal_remote_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_journal_remote_server_packets',`
gen_require(`
type journal_remote_server_packet_t;
')
allow $1 journal_remote_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send journal_remote_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_journal_remote_server_packets',`
gen_require(`
type journal_remote_server_packet_t;
')
dontaudit $1 journal_remote_server_packet_t:packet send;
')
########################################
## <summary>
## Receive journal_remote_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_journal_remote_server_packets',`
gen_require(`
type journal_remote_server_packet_t;
')
allow $1 journal_remote_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive journal_remote_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_journal_remote_server_packets',`
gen_require(`
type journal_remote_server_packet_t;
')
dontaudit $1 journal_remote_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive journal_remote_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_journal_remote_server_packets',`
corenet_send_journal_remote_server_packets($1)
corenet_receive_journal_remote_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive journal_remote_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_journal_remote_server_packets',`
corenet_dontaudit_send_journal_remote_server_packets($1)
corenet_dontaudit_receive_journal_remote_server_packets($1)
')
########################################
## <summary>
## Relabel packets to journal_remote_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_journal_remote_server_packets',`
gen_require(`
type journal_remote_server_packet_t;
')
allow $1 journal_remote_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_kerberos_port',`
gen_require(`
type kerberos_port_t;
')
allow $1 kerberos_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_kerberos_port',`
gen_require(`
type kerberos_port_t;
')
allow $1 kerberos_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_kerberos_port',`
gen_require(`
type kerberos_port_t;
')
dontaudit $1 kerberos_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_kerberos_port',`
gen_require(`
type kerberos_port_t;
')
allow $1 kerberos_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_kerberos_port',`
gen_require(`
type kerberos_port_t;
')
dontaudit $1 kerberos_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_kerberos_port',`
corenet_udp_send_kerberos_port($1)
corenet_udp_receive_kerberos_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_kerberos_port',`
corenet_dontaudit_udp_send_kerberos_port($1)
corenet_dontaudit_udp_receive_kerberos_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_kerberos_port',`
gen_require(`
type kerberos_port_t;
')
allow $1 kerberos_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_kerberos_port',`
gen_require(`
type kerberos_port_t;
')
allow $1 kerberos_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_kerberos_port',`
gen_require(`
type kerberos_port_t;
')
dontaudit $1 kerberos_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_kerberos_port',`
gen_require(`
type kerberos_port_t;
')
allow $1 kerberos_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to kerberos port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_kerberos_port',`
gen_require(`
type kerberos_port_t;
')
dontaudit $1 kerberos_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send kerberos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kerberos_client_packets',`
gen_require(`
type kerberos_client_packet_t;
')
allow $1 kerberos_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kerberos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kerberos_client_packets',`
gen_require(`
type kerberos_client_packet_t;
')
dontaudit $1 kerberos_client_packet_t:packet send;
')
########################################
## <summary>
## Receive kerberos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kerberos_client_packets',`
gen_require(`
type kerberos_client_packet_t;
')
allow $1 kerberos_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kerberos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kerberos_client_packets',`
gen_require(`
type kerberos_client_packet_t;
')
dontaudit $1 kerberos_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kerberos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kerberos_client_packets',`
corenet_send_kerberos_client_packets($1)
corenet_receive_kerberos_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kerberos_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kerberos_client_packets',`
corenet_dontaudit_send_kerberos_client_packets($1)
corenet_dontaudit_receive_kerberos_client_packets($1)
')
########################################
## <summary>
## Relabel packets to kerberos_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kerberos_client_packets',`
gen_require(`
type kerberos_client_packet_t;
')
allow $1 kerberos_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send kerberos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kerberos_server_packets',`
gen_require(`
type kerberos_server_packet_t;
')
allow $1 kerberos_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kerberos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kerberos_server_packets',`
gen_require(`
type kerberos_server_packet_t;
')
dontaudit $1 kerberos_server_packet_t:packet send;
')
########################################
## <summary>
## Receive kerberos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kerberos_server_packets',`
gen_require(`
type kerberos_server_packet_t;
')
allow $1 kerberos_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kerberos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kerberos_server_packets',`
gen_require(`
type kerberos_server_packet_t;
')
dontaudit $1 kerberos_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kerberos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kerberos_server_packets',`
corenet_send_kerberos_server_packets($1)
corenet_receive_kerberos_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kerberos_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kerberos_server_packets',`
corenet_dontaudit_send_kerberos_server_packets($1)
corenet_dontaudit_receive_kerberos_server_packets($1)
')
########################################
## <summary>
## Relabel packets to kerberos_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kerberos_server_packets',`
gen_require(`
type kerberos_server_packet_t;
')
allow $1 kerberos_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_kerberos_admin_port',`
gen_require(`
type kerberos_admin_port_t;
')
allow $1 kerberos_admin_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_kerberos_admin_port',`
gen_require(`
type kerberos_admin_port_t;
')
allow $1 kerberos_admin_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_kerberos_admin_port',`
gen_require(`
type kerberos_admin_port_t;
')
dontaudit $1 kerberos_admin_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_kerberos_admin_port',`
gen_require(`
type kerberos_admin_port_t;
')
allow $1 kerberos_admin_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_kerberos_admin_port',`
gen_require(`
type kerberos_admin_port_t;
')
dontaudit $1 kerberos_admin_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_kerberos_admin_port',`
corenet_udp_send_kerberos_admin_port($1)
corenet_udp_receive_kerberos_admin_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_kerberos_admin_port',`
corenet_dontaudit_udp_send_kerberos_admin_port($1)
corenet_dontaudit_udp_receive_kerberos_admin_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_kerberos_admin_port',`
gen_require(`
type kerberos_admin_port_t;
')
allow $1 kerberos_admin_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_kerberos_admin_port',`
gen_require(`
type kerberos_admin_port_t;
')
allow $1 kerberos_admin_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_kerberos_admin_port',`
gen_require(`
type kerberos_admin_port_t;
')
dontaudit $1 kerberos_admin_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_kerberos_admin_port',`
gen_require(`
type kerberos_admin_port_t;
')
allow $1 kerberos_admin_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to kerberos_admin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_kerberos_admin_port',`
gen_require(`
type kerberos_admin_port_t;
')
dontaudit $1 kerberos_admin_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send kerberos_admin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kerberos_admin_client_packets',`
gen_require(`
type kerberos_admin_client_packet_t;
')
allow $1 kerberos_admin_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kerberos_admin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kerberos_admin_client_packets',`
gen_require(`
type kerberos_admin_client_packet_t;
')
dontaudit $1 kerberos_admin_client_packet_t:packet send;
')
########################################
## <summary>
## Receive kerberos_admin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kerberos_admin_client_packets',`
gen_require(`
type kerberos_admin_client_packet_t;
')
allow $1 kerberos_admin_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kerberos_admin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kerberos_admin_client_packets',`
gen_require(`
type kerberos_admin_client_packet_t;
')
dontaudit $1 kerberos_admin_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kerberos_admin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kerberos_admin_client_packets',`
corenet_send_kerberos_admin_client_packets($1)
corenet_receive_kerberos_admin_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kerberos_admin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kerberos_admin_client_packets',`
corenet_dontaudit_send_kerberos_admin_client_packets($1)
corenet_dontaudit_receive_kerberos_admin_client_packets($1)
')
########################################
## <summary>
## Relabel packets to kerberos_admin_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kerberos_admin_client_packets',`
gen_require(`
type kerberos_admin_client_packet_t;
')
allow $1 kerberos_admin_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send kerberos_admin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kerberos_admin_server_packets',`
gen_require(`
type kerberos_admin_server_packet_t;
')
allow $1 kerberos_admin_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kerberos_admin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kerberos_admin_server_packets',`
gen_require(`
type kerberos_admin_server_packet_t;
')
dontaudit $1 kerberos_admin_server_packet_t:packet send;
')
########################################
## <summary>
## Receive kerberos_admin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kerberos_admin_server_packets',`
gen_require(`
type kerberos_admin_server_packet_t;
')
allow $1 kerberos_admin_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kerberos_admin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kerberos_admin_server_packets',`
gen_require(`
type kerberos_admin_server_packet_t;
')
dontaudit $1 kerberos_admin_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kerberos_admin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kerberos_admin_server_packets',`
corenet_send_kerberos_admin_server_packets($1)
corenet_receive_kerberos_admin_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kerberos_admin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kerberos_admin_server_packets',`
corenet_dontaudit_send_kerberos_admin_server_packets($1)
corenet_dontaudit_receive_kerberos_admin_server_packets($1)
')
########################################
## <summary>
## Relabel packets to kerberos_admin_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kerberos_admin_server_packets',`
gen_require(`
type kerberos_admin_server_packet_t;
')
allow $1 kerberos_admin_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_kerberos_password_port',`
gen_require(`
type kerberos_password_port_t;
')
allow $1 kerberos_password_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_kerberos_password_port',`
gen_require(`
type kerberos_password_port_t;
')
allow $1 kerberos_password_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_kerberos_password_port',`
gen_require(`
type kerberos_password_port_t;
')
dontaudit $1 kerberos_password_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_kerberos_password_port',`
gen_require(`
type kerberos_password_port_t;
')
allow $1 kerberos_password_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_kerberos_password_port',`
gen_require(`
type kerberos_password_port_t;
')
dontaudit $1 kerberos_password_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_kerberos_password_port',`
corenet_udp_send_kerberos_password_port($1)
corenet_udp_receive_kerberos_password_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_kerberos_password_port',`
corenet_dontaudit_udp_send_kerberos_password_port($1)
corenet_dontaudit_udp_receive_kerberos_password_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_kerberos_password_port',`
gen_require(`
type kerberos_password_port_t;
')
allow $1 kerberos_password_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_kerberos_password_port',`
gen_require(`
type kerberos_password_port_t;
')
allow $1 kerberos_password_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_kerberos_password_port',`
gen_require(`
type kerberos_password_port_t;
')
dontaudit $1 kerberos_password_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_kerberos_password_port',`
gen_require(`
type kerberos_password_port_t;
')
allow $1 kerberos_password_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to kerberos_password port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_kerberos_password_port',`
gen_require(`
type kerberos_password_port_t;
')
dontaudit $1 kerberos_password_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send kerberos_password_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kerberos_password_client_packets',`
gen_require(`
type kerberos_password_client_packet_t;
')
allow $1 kerberos_password_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kerberos_password_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kerberos_password_client_packets',`
gen_require(`
type kerberos_password_client_packet_t;
')
dontaudit $1 kerberos_password_client_packet_t:packet send;
')
########################################
## <summary>
## Receive kerberos_password_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kerberos_password_client_packets',`
gen_require(`
type kerberos_password_client_packet_t;
')
allow $1 kerberos_password_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kerberos_password_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kerberos_password_client_packets',`
gen_require(`
type kerberos_password_client_packet_t;
')
dontaudit $1 kerberos_password_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kerberos_password_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kerberos_password_client_packets',`
corenet_send_kerberos_password_client_packets($1)
corenet_receive_kerberos_password_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kerberos_password_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kerberos_password_client_packets',`
corenet_dontaudit_send_kerberos_password_client_packets($1)
corenet_dontaudit_receive_kerberos_password_client_packets($1)
')
########################################
## <summary>
## Relabel packets to kerberos_password_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kerberos_password_client_packets',`
gen_require(`
type kerberos_password_client_packet_t;
')
allow $1 kerberos_password_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send kerberos_password_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kerberos_password_server_packets',`
gen_require(`
type kerberos_password_server_packet_t;
')
allow $1 kerberos_password_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kerberos_password_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kerberos_password_server_packets',`
gen_require(`
type kerberos_password_server_packet_t;
')
dontaudit $1 kerberos_password_server_packet_t:packet send;
')
########################################
## <summary>
## Receive kerberos_password_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kerberos_password_server_packets',`
gen_require(`
type kerberos_password_server_packet_t;
')
allow $1 kerberos_password_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kerberos_password_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kerberos_password_server_packets',`
gen_require(`
type kerberos_password_server_packet_t;
')
dontaudit $1 kerberos_password_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kerberos_password_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kerberos_password_server_packets',`
corenet_send_kerberos_password_server_packets($1)
corenet_receive_kerberos_password_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kerberos_password_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kerberos_password_server_packets',`
corenet_dontaudit_send_kerberos_password_server_packets($1)
corenet_dontaudit_receive_kerberos_password_server_packets($1)
')
########################################
## <summary>
## Relabel packets to kerberos_password_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kerberos_password_server_packets',`
gen_require(`
type kerberos_password_server_packet_t;
')
allow $1 kerberos_password_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the keylime port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_keylime_port',`
gen_require(`
type keylime_port_t;
')
allow $1 keylime_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the keylime port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_keylime_port',`
gen_require(`
type keylime_port_t;
')
allow $1 keylime_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the keylime port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_keylime_port',`
gen_require(`
type keylime_port_t;
')
dontaudit $1 keylime_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the keylime port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_keylime_port',`
gen_require(`
type keylime_port_t;
')
allow $1 keylime_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the keylime port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_keylime_port',`
gen_require(`
type keylime_port_t;
')
dontaudit $1 keylime_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the keylime port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_keylime_port',`
corenet_udp_send_keylime_port($1)
corenet_udp_receive_keylime_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the keylime port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_keylime_port',`
corenet_dontaudit_udp_send_keylime_port($1)
corenet_dontaudit_udp_receive_keylime_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the keylime port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_keylime_port',`
gen_require(`
type keylime_port_t;
')
allow $1 keylime_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the keylime port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_keylime_port',`
gen_require(`
type keylime_port_t;
')
allow $1 keylime_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to keylime port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_keylime_port',`
gen_require(`
type keylime_port_t;
')
dontaudit $1 keylime_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the keylime port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_keylime_port',`
gen_require(`
type keylime_port_t;
')
allow $1 keylime_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to keylime port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_keylime_port',`
gen_require(`
type keylime_port_t;
')
dontaudit $1 keylime_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send keylime_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_keylime_client_packets',`
gen_require(`
type keylime_client_packet_t;
')
allow $1 keylime_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send keylime_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_keylime_client_packets',`
gen_require(`
type keylime_client_packet_t;
')
dontaudit $1 keylime_client_packet_t:packet send;
')
########################################
## <summary>
## Receive keylime_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_keylime_client_packets',`
gen_require(`
type keylime_client_packet_t;
')
allow $1 keylime_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive keylime_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_keylime_client_packets',`
gen_require(`
type keylime_client_packet_t;
')
dontaudit $1 keylime_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive keylime_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_keylime_client_packets',`
corenet_send_keylime_client_packets($1)
corenet_receive_keylime_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive keylime_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_keylime_client_packets',`
corenet_dontaudit_send_keylime_client_packets($1)
corenet_dontaudit_receive_keylime_client_packets($1)
')
########################################
## <summary>
## Relabel packets to keylime_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_keylime_client_packets',`
gen_require(`
type keylime_client_packet_t;
')
allow $1 keylime_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send keylime_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_keylime_server_packets',`
gen_require(`
type keylime_server_packet_t;
')
allow $1 keylime_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send keylime_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_keylime_server_packets',`
gen_require(`
type keylime_server_packet_t;
')
dontaudit $1 keylime_server_packet_t:packet send;
')
########################################
## <summary>
## Receive keylime_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_keylime_server_packets',`
gen_require(`
type keylime_server_packet_t;
')
allow $1 keylime_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive keylime_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_keylime_server_packets',`
gen_require(`
type keylime_server_packet_t;
')
dontaudit $1 keylime_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive keylime_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_keylime_server_packets',`
corenet_send_keylime_server_packets($1)
corenet_receive_keylime_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive keylime_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_keylime_server_packets',`
corenet_dontaudit_send_keylime_server_packets($1)
corenet_dontaudit_receive_keylime_server_packets($1)
')
########################################
## <summary>
## Relabel packets to keylime_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_keylime_server_packets',`
gen_require(`
type keylime_server_packet_t;
')
allow $1 keylime_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the keystone port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_keystone_port',`
gen_require(`
type keystone_port_t;
')
allow $1 keystone_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the keystone port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_keystone_port',`
gen_require(`
type keystone_port_t;
')
allow $1 keystone_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the keystone port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_keystone_port',`
gen_require(`
type keystone_port_t;
')
dontaudit $1 keystone_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the keystone port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_keystone_port',`
gen_require(`
type keystone_port_t;
')
allow $1 keystone_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the keystone port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_keystone_port',`
gen_require(`
type keystone_port_t;
')
dontaudit $1 keystone_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the keystone port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_keystone_port',`
corenet_udp_send_keystone_port($1)
corenet_udp_receive_keystone_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the keystone port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_keystone_port',`
corenet_dontaudit_udp_send_keystone_port($1)
corenet_dontaudit_udp_receive_keystone_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the keystone port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_keystone_port',`
gen_require(`
type keystone_port_t;
')
allow $1 keystone_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the keystone port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_keystone_port',`
gen_require(`
type keystone_port_t;
')
allow $1 keystone_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to keystone port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_keystone_port',`
gen_require(`
type keystone_port_t;
')
dontaudit $1 keystone_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the keystone port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_keystone_port',`
gen_require(`
type keystone_port_t;
')
allow $1 keystone_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to keystone port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_keystone_port',`
gen_require(`
type keystone_port_t;
')
dontaudit $1 keystone_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send keystone_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_keystone_client_packets',`
gen_require(`
type keystone_client_packet_t;
')
allow $1 keystone_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send keystone_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_keystone_client_packets',`
gen_require(`
type keystone_client_packet_t;
')
dontaudit $1 keystone_client_packet_t:packet send;
')
########################################
## <summary>
## Receive keystone_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_keystone_client_packets',`
gen_require(`
type keystone_client_packet_t;
')
allow $1 keystone_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive keystone_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_keystone_client_packets',`
gen_require(`
type keystone_client_packet_t;
')
dontaudit $1 keystone_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive keystone_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_keystone_client_packets',`
corenet_send_keystone_client_packets($1)
corenet_receive_keystone_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive keystone_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_keystone_client_packets',`
corenet_dontaudit_send_keystone_client_packets($1)
corenet_dontaudit_receive_keystone_client_packets($1)
')
########################################
## <summary>
## Relabel packets to keystone_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_keystone_client_packets',`
gen_require(`
type keystone_client_packet_t;
')
allow $1 keystone_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send keystone_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_keystone_server_packets',`
gen_require(`
type keystone_server_packet_t;
')
allow $1 keystone_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send keystone_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_keystone_server_packets',`
gen_require(`
type keystone_server_packet_t;
')
dontaudit $1 keystone_server_packet_t:packet send;
')
########################################
## <summary>
## Receive keystone_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_keystone_server_packets',`
gen_require(`
type keystone_server_packet_t;
')
allow $1 keystone_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive keystone_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_keystone_server_packets',`
gen_require(`
type keystone_server_packet_t;
')
dontaudit $1 keystone_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive keystone_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_keystone_server_packets',`
corenet_send_keystone_server_packets($1)
corenet_receive_keystone_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive keystone_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_keystone_server_packets',`
corenet_dontaudit_send_keystone_server_packets($1)
corenet_dontaudit_receive_keystone_server_packets($1)
')
########################################
## <summary>
## Relabel packets to keystone_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_keystone_server_packets',`
gen_require(`
type keystone_server_packet_t;
')
allow $1 keystone_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the kubernetes port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_kubernetes_port',`
gen_require(`
type kubernetes_port_t;
')
allow $1 kubernetes_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the kubernetes port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_kubernetes_port',`
gen_require(`
type kubernetes_port_t;
')
allow $1 kubernetes_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the kubernetes port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_kubernetes_port',`
gen_require(`
type kubernetes_port_t;
')
dontaudit $1 kubernetes_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the kubernetes port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_kubernetes_port',`
gen_require(`
type kubernetes_port_t;
')
allow $1 kubernetes_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the kubernetes port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_kubernetes_port',`
gen_require(`
type kubernetes_port_t;
')
dontaudit $1 kubernetes_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the kubernetes port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_kubernetes_port',`
corenet_udp_send_kubernetes_port($1)
corenet_udp_receive_kubernetes_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the kubernetes port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_kubernetes_port',`
corenet_dontaudit_udp_send_kubernetes_port($1)
corenet_dontaudit_udp_receive_kubernetes_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the kubernetes port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_kubernetes_port',`
gen_require(`
type kubernetes_port_t;
')
allow $1 kubernetes_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the kubernetes port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_kubernetes_port',`
gen_require(`
type kubernetes_port_t;
')
allow $1 kubernetes_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to kubernetes port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_kubernetes_port',`
gen_require(`
type kubernetes_port_t;
')
dontaudit $1 kubernetes_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the kubernetes port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_kubernetes_port',`
gen_require(`
type kubernetes_port_t;
')
allow $1 kubernetes_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to kubernetes port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_kubernetes_port',`
gen_require(`
type kubernetes_port_t;
')
dontaudit $1 kubernetes_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send kubernetes_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kubernetes_client_packets',`
gen_require(`
type kubernetes_client_packet_t;
')
allow $1 kubernetes_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kubernetes_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kubernetes_client_packets',`
gen_require(`
type kubernetes_client_packet_t;
')
dontaudit $1 kubernetes_client_packet_t:packet send;
')
########################################
## <summary>
## Receive kubernetes_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kubernetes_client_packets',`
gen_require(`
type kubernetes_client_packet_t;
')
allow $1 kubernetes_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kubernetes_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kubernetes_client_packets',`
gen_require(`
type kubernetes_client_packet_t;
')
dontaudit $1 kubernetes_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kubernetes_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kubernetes_client_packets',`
corenet_send_kubernetes_client_packets($1)
corenet_receive_kubernetes_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kubernetes_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kubernetes_client_packets',`
corenet_dontaudit_send_kubernetes_client_packets($1)
corenet_dontaudit_receive_kubernetes_client_packets($1)
')
########################################
## <summary>
## Relabel packets to kubernetes_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kubernetes_client_packets',`
gen_require(`
type kubernetes_client_packet_t;
')
allow $1 kubernetes_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send kubernetes_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kubernetes_server_packets',`
gen_require(`
type kubernetes_server_packet_t;
')
allow $1 kubernetes_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kubernetes_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kubernetes_server_packets',`
gen_require(`
type kubernetes_server_packet_t;
')
dontaudit $1 kubernetes_server_packet_t:packet send;
')
########################################
## <summary>
## Receive kubernetes_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kubernetes_server_packets',`
gen_require(`
type kubernetes_server_packet_t;
')
allow $1 kubernetes_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kubernetes_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kubernetes_server_packets',`
gen_require(`
type kubernetes_server_packet_t;
')
dontaudit $1 kubernetes_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kubernetes_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kubernetes_server_packets',`
corenet_send_kubernetes_server_packets($1)
corenet_receive_kubernetes_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kubernetes_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kubernetes_server_packets',`
corenet_dontaudit_send_kubernetes_server_packets($1)
corenet_dontaudit_receive_kubernetes_server_packets($1)
')
########################################
## <summary>
## Relabel packets to kubernetes_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kubernetes_server_packets',`
gen_require(`
type kubernetes_server_packet_t;
')
allow $1 kubernetes_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the lltng port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_lltng_port',`
gen_require(`
type lltng_port_t;
')
allow $1 lltng_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the lltng port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_lltng_port',`
gen_require(`
type lltng_port_t;
')
allow $1 lltng_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the lltng port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_lltng_port',`
gen_require(`
type lltng_port_t;
')
dontaudit $1 lltng_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the lltng port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_lltng_port',`
gen_require(`
type lltng_port_t;
')
allow $1 lltng_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the lltng port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_lltng_port',`
gen_require(`
type lltng_port_t;
')
dontaudit $1 lltng_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the lltng port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_lltng_port',`
corenet_udp_send_lltng_port($1)
corenet_udp_receive_lltng_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the lltng port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_lltng_port',`
corenet_dontaudit_udp_send_lltng_port($1)
corenet_dontaudit_udp_receive_lltng_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the lltng port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_lltng_port',`
gen_require(`
type lltng_port_t;
')
allow $1 lltng_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the lltng port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_lltng_port',`
gen_require(`
type lltng_port_t;
')
allow $1 lltng_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to lltng port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_lltng_port',`
gen_require(`
type lltng_port_t;
')
dontaudit $1 lltng_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the lltng port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_lltng_port',`
gen_require(`
type lltng_port_t;
')
allow $1 lltng_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to lltng port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_lltng_port',`
gen_require(`
type lltng_port_t;
')
dontaudit $1 lltng_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send lltng_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_lltng_client_packets',`
gen_require(`
type lltng_client_packet_t;
')
allow $1 lltng_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send lltng_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_lltng_client_packets',`
gen_require(`
type lltng_client_packet_t;
')
dontaudit $1 lltng_client_packet_t:packet send;
')
########################################
## <summary>
## Receive lltng_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_lltng_client_packets',`
gen_require(`
type lltng_client_packet_t;
')
allow $1 lltng_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive lltng_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_lltng_client_packets',`
gen_require(`
type lltng_client_packet_t;
')
dontaudit $1 lltng_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive lltng_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_lltng_client_packets',`
corenet_send_lltng_client_packets($1)
corenet_receive_lltng_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive lltng_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_lltng_client_packets',`
corenet_dontaudit_send_lltng_client_packets($1)
corenet_dontaudit_receive_lltng_client_packets($1)
')
########################################
## <summary>
## Relabel packets to lltng_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_lltng_client_packets',`
gen_require(`
type lltng_client_packet_t;
')
allow $1 lltng_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send lltng_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_lltng_server_packets',`
gen_require(`
type lltng_server_packet_t;
')
allow $1 lltng_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send lltng_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_lltng_server_packets',`
gen_require(`
type lltng_server_packet_t;
')
dontaudit $1 lltng_server_packet_t:packet send;
')
########################################
## <summary>
## Receive lltng_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_lltng_server_packets',`
gen_require(`
type lltng_server_packet_t;
')
allow $1 lltng_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive lltng_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_lltng_server_packets',`
gen_require(`
type lltng_server_packet_t;
')
dontaudit $1 lltng_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive lltng_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_lltng_server_packets',`
corenet_send_lltng_server_packets($1)
corenet_receive_lltng_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive lltng_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_lltng_server_packets',`
corenet_dontaudit_send_lltng_server_packets($1)
corenet_dontaudit_receive_lltng_server_packets($1)
')
########################################
## <summary>
## Relabel packets to lltng_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_lltng_server_packets',`
gen_require(`
type lltng_server_packet_t;
')
allow $1 lltng_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the llmnr port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_llmnr_port',`
gen_require(`
type llmnr_port_t;
')
allow $1 llmnr_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the llmnr port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_llmnr_port',`
gen_require(`
type llmnr_port_t;
')
allow $1 llmnr_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the llmnr port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_llmnr_port',`
gen_require(`
type llmnr_port_t;
')
dontaudit $1 llmnr_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the llmnr port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_llmnr_port',`
gen_require(`
type llmnr_port_t;
')
allow $1 llmnr_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the llmnr port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_llmnr_port',`
gen_require(`
type llmnr_port_t;
')
dontaudit $1 llmnr_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the llmnr port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_llmnr_port',`
corenet_udp_send_llmnr_port($1)
corenet_udp_receive_llmnr_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the llmnr port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_llmnr_port',`
corenet_dontaudit_udp_send_llmnr_port($1)
corenet_dontaudit_udp_receive_llmnr_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the llmnr port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_llmnr_port',`
gen_require(`
type llmnr_port_t;
')
allow $1 llmnr_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the llmnr port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_llmnr_port',`
gen_require(`
type llmnr_port_t;
')
allow $1 llmnr_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to llmnr port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_llmnr_port',`
gen_require(`
type llmnr_port_t;
')
dontaudit $1 llmnr_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the llmnr port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_llmnr_port',`
gen_require(`
type llmnr_port_t;
')
allow $1 llmnr_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to llmnr port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_llmnr_port',`
gen_require(`
type llmnr_port_t;
')
dontaudit $1 llmnr_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send llmnr_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_llmnr_client_packets',`
gen_require(`
type llmnr_client_packet_t;
')
allow $1 llmnr_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send llmnr_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_llmnr_client_packets',`
gen_require(`
type llmnr_client_packet_t;
')
dontaudit $1 llmnr_client_packet_t:packet send;
')
########################################
## <summary>
## Receive llmnr_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_llmnr_client_packets',`
gen_require(`
type llmnr_client_packet_t;
')
allow $1 llmnr_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive llmnr_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_llmnr_client_packets',`
gen_require(`
type llmnr_client_packet_t;
')
dontaudit $1 llmnr_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive llmnr_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_llmnr_client_packets',`
corenet_send_llmnr_client_packets($1)
corenet_receive_llmnr_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive llmnr_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_llmnr_client_packets',`
corenet_dontaudit_send_llmnr_client_packets($1)
corenet_dontaudit_receive_llmnr_client_packets($1)
')
########################################
## <summary>
## Relabel packets to llmnr_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_llmnr_client_packets',`
gen_require(`
type llmnr_client_packet_t;
')
allow $1 llmnr_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send llmnr_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_llmnr_server_packets',`
gen_require(`
type llmnr_server_packet_t;
')
allow $1 llmnr_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send llmnr_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_llmnr_server_packets',`
gen_require(`
type llmnr_server_packet_t;
')
dontaudit $1 llmnr_server_packet_t:packet send;
')
########################################
## <summary>
## Receive llmnr_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_llmnr_server_packets',`
gen_require(`
type llmnr_server_packet_t;
')
allow $1 llmnr_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive llmnr_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_llmnr_server_packets',`
gen_require(`
type llmnr_server_packet_t;
')
dontaudit $1 llmnr_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive llmnr_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_llmnr_server_packets',`
corenet_send_llmnr_server_packets($1)
corenet_receive_llmnr_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive llmnr_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_llmnr_server_packets',`
corenet_dontaudit_send_llmnr_server_packets($1)
corenet_dontaudit_receive_llmnr_server_packets($1)
')
########################################
## <summary>
## Relabel packets to llmnr_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_llmnr_server_packets',`
gen_require(`
type llmnr_server_packet_t;
')
allow $1 llmnr_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the rabbitmq port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_rabbitmq_port',`
gen_require(`
type rabbitmq_port_t;
')
allow $1 rabbitmq_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the rabbitmq port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_rabbitmq_port',`
gen_require(`
type rabbitmq_port_t;
')
allow $1 rabbitmq_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the rabbitmq port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_rabbitmq_port',`
gen_require(`
type rabbitmq_port_t;
')
dontaudit $1 rabbitmq_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the rabbitmq port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_rabbitmq_port',`
gen_require(`
type rabbitmq_port_t;
')
allow $1 rabbitmq_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the rabbitmq port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_rabbitmq_port',`
gen_require(`
type rabbitmq_port_t;
')
dontaudit $1 rabbitmq_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the rabbitmq port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_rabbitmq_port',`
corenet_udp_send_rabbitmq_port($1)
corenet_udp_receive_rabbitmq_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the rabbitmq port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_rabbitmq_port',`
corenet_dontaudit_udp_send_rabbitmq_port($1)
corenet_dontaudit_udp_receive_rabbitmq_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the rabbitmq port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_rabbitmq_port',`
gen_require(`
type rabbitmq_port_t;
')
allow $1 rabbitmq_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the rabbitmq port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_rabbitmq_port',`
gen_require(`
type rabbitmq_port_t;
')
allow $1 rabbitmq_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to rabbitmq port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_rabbitmq_port',`
gen_require(`
type rabbitmq_port_t;
')
dontaudit $1 rabbitmq_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the rabbitmq port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_rabbitmq_port',`
gen_require(`
type rabbitmq_port_t;
')
allow $1 rabbitmq_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to rabbitmq port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_rabbitmq_port',`
gen_require(`
type rabbitmq_port_t;
')
dontaudit $1 rabbitmq_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send rabbitmq_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rabbitmq_client_packets',`
gen_require(`
type rabbitmq_client_packet_t;
')
allow $1 rabbitmq_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rabbitmq_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rabbitmq_client_packets',`
gen_require(`
type rabbitmq_client_packet_t;
')
dontaudit $1 rabbitmq_client_packet_t:packet send;
')
########################################
## <summary>
## Receive rabbitmq_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rabbitmq_client_packets',`
gen_require(`
type rabbitmq_client_packet_t;
')
allow $1 rabbitmq_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rabbitmq_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rabbitmq_client_packets',`
gen_require(`
type rabbitmq_client_packet_t;
')
dontaudit $1 rabbitmq_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rabbitmq_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rabbitmq_client_packets',`
corenet_send_rabbitmq_client_packets($1)
corenet_receive_rabbitmq_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rabbitmq_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rabbitmq_client_packets',`
corenet_dontaudit_send_rabbitmq_client_packets($1)
corenet_dontaudit_receive_rabbitmq_client_packets($1)
')
########################################
## <summary>
## Relabel packets to rabbitmq_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rabbitmq_client_packets',`
gen_require(`
type rabbitmq_client_packet_t;
')
allow $1 rabbitmq_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send rabbitmq_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rabbitmq_server_packets',`
gen_require(`
type rabbitmq_server_packet_t;
')
allow $1 rabbitmq_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rabbitmq_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rabbitmq_server_packets',`
gen_require(`
type rabbitmq_server_packet_t;
')
dontaudit $1 rabbitmq_server_packet_t:packet send;
')
########################################
## <summary>
## Receive rabbitmq_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rabbitmq_server_packets',`
gen_require(`
type rabbitmq_server_packet_t;
')
allow $1 rabbitmq_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rabbitmq_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rabbitmq_server_packets',`
gen_require(`
type rabbitmq_server_packet_t;
')
dontaudit $1 rabbitmq_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rabbitmq_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rabbitmq_server_packets',`
corenet_send_rabbitmq_server_packets($1)
corenet_receive_rabbitmq_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rabbitmq_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rabbitmq_server_packets',`
corenet_dontaudit_send_rabbitmq_server_packets($1)
corenet_dontaudit_receive_rabbitmq_server_packets($1)
')
########################################
## <summary>
## Relabel packets to rabbitmq_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rabbitmq_server_packets',`
gen_require(`
type rabbitmq_server_packet_t;
')
allow $1 rabbitmq_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the rkt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_rkt_port',`
gen_require(`
type rkt_port_t;
')
allow $1 rkt_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the rkt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_rkt_port',`
gen_require(`
type rkt_port_t;
')
allow $1 rkt_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the rkt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_rkt_port',`
gen_require(`
type rkt_port_t;
')
dontaudit $1 rkt_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the rkt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_rkt_port',`
gen_require(`
type rkt_port_t;
')
allow $1 rkt_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the rkt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_rkt_port',`
gen_require(`
type rkt_port_t;
')
dontaudit $1 rkt_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the rkt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_rkt_port',`
corenet_udp_send_rkt_port($1)
corenet_udp_receive_rkt_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the rkt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_rkt_port',`
corenet_dontaudit_udp_send_rkt_port($1)
corenet_dontaudit_udp_receive_rkt_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the rkt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_rkt_port',`
gen_require(`
type rkt_port_t;
')
allow $1 rkt_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the rkt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_rkt_port',`
gen_require(`
type rkt_port_t;
')
allow $1 rkt_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to rkt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_rkt_port',`
gen_require(`
type rkt_port_t;
')
dontaudit $1 rkt_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the rkt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_rkt_port',`
gen_require(`
type rkt_port_t;
')
allow $1 rkt_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to rkt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_rkt_port',`
gen_require(`
type rkt_port_t;
')
dontaudit $1 rkt_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send rkt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rkt_client_packets',`
gen_require(`
type rkt_client_packet_t;
')
allow $1 rkt_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rkt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rkt_client_packets',`
gen_require(`
type rkt_client_packet_t;
')
dontaudit $1 rkt_client_packet_t:packet send;
')
########################################
## <summary>
## Receive rkt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rkt_client_packets',`
gen_require(`
type rkt_client_packet_t;
')
allow $1 rkt_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rkt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rkt_client_packets',`
gen_require(`
type rkt_client_packet_t;
')
dontaudit $1 rkt_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rkt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rkt_client_packets',`
corenet_send_rkt_client_packets($1)
corenet_receive_rkt_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rkt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rkt_client_packets',`
corenet_dontaudit_send_rkt_client_packets($1)
corenet_dontaudit_receive_rkt_client_packets($1)
')
########################################
## <summary>
## Relabel packets to rkt_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rkt_client_packets',`
gen_require(`
type rkt_client_packet_t;
')
allow $1 rkt_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send rkt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rkt_server_packets',`
gen_require(`
type rkt_server_packet_t;
')
allow $1 rkt_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rkt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rkt_server_packets',`
gen_require(`
type rkt_server_packet_t;
')
dontaudit $1 rkt_server_packet_t:packet send;
')
########################################
## <summary>
## Receive rkt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rkt_server_packets',`
gen_require(`
type rkt_server_packet_t;
')
allow $1 rkt_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rkt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rkt_server_packets',`
gen_require(`
type rkt_server_packet_t;
')
dontaudit $1 rkt_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rkt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rkt_server_packets',`
corenet_send_rkt_server_packets($1)
corenet_receive_rkt_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rkt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rkt_server_packets',`
corenet_dontaudit_send_rkt_server_packets($1)
corenet_dontaudit_receive_rkt_server_packets($1)
')
########################################
## <summary>
## Relabel packets to rkt_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rkt_server_packets',`
gen_require(`
type rkt_server_packet_t;
')
allow $1 rkt_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the rlogin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_rlogin_port',`
gen_require(`
type rlogin_port_t;
')
allow $1 rlogin_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the rlogin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_rlogin_port',`
gen_require(`
type rlogin_port_t;
')
allow $1 rlogin_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the rlogin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_rlogin_port',`
gen_require(`
type rlogin_port_t;
')
dontaudit $1 rlogin_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the rlogin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_rlogin_port',`
gen_require(`
type rlogin_port_t;
')
allow $1 rlogin_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the rlogin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_rlogin_port',`
gen_require(`
type rlogin_port_t;
')
dontaudit $1 rlogin_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the rlogin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_rlogin_port',`
corenet_udp_send_rlogin_port($1)
corenet_udp_receive_rlogin_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the rlogin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_rlogin_port',`
corenet_dontaudit_udp_send_rlogin_port($1)
corenet_dontaudit_udp_receive_rlogin_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the rlogin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_rlogin_port',`
gen_require(`
type rlogin_port_t;
')
allow $1 rlogin_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the rlogin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_rlogin_port',`
gen_require(`
type rlogin_port_t;
')
allow $1 rlogin_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to rlogin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_rlogin_port',`
gen_require(`
type rlogin_port_t;
')
dontaudit $1 rlogin_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the rlogin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_rlogin_port',`
gen_require(`
type rlogin_port_t;
')
allow $1 rlogin_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to rlogin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_rlogin_port',`
gen_require(`
type rlogin_port_t;
')
dontaudit $1 rlogin_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send rlogin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rlogin_client_packets',`
gen_require(`
type rlogin_client_packet_t;
')
allow $1 rlogin_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rlogin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rlogin_client_packets',`
gen_require(`
type rlogin_client_packet_t;
')
dontaudit $1 rlogin_client_packet_t:packet send;
')
########################################
## <summary>
## Receive rlogin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rlogin_client_packets',`
gen_require(`
type rlogin_client_packet_t;
')
allow $1 rlogin_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rlogin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rlogin_client_packets',`
gen_require(`
type rlogin_client_packet_t;
')
dontaudit $1 rlogin_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rlogin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rlogin_client_packets',`
corenet_send_rlogin_client_packets($1)
corenet_receive_rlogin_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rlogin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rlogin_client_packets',`
corenet_dontaudit_send_rlogin_client_packets($1)
corenet_dontaudit_receive_rlogin_client_packets($1)
')
########################################
## <summary>
## Relabel packets to rlogin_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rlogin_client_packets',`
gen_require(`
type rlogin_client_packet_t;
')
allow $1 rlogin_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send rlogin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rlogin_server_packets',`
gen_require(`
type rlogin_server_packet_t;
')
allow $1 rlogin_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rlogin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rlogin_server_packets',`
gen_require(`
type rlogin_server_packet_t;
')
dontaudit $1 rlogin_server_packet_t:packet send;
')
########################################
## <summary>
## Receive rlogin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rlogin_server_packets',`
gen_require(`
type rlogin_server_packet_t;
')
allow $1 rlogin_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rlogin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rlogin_server_packets',`
gen_require(`
type rlogin_server_packet_t;
')
dontaudit $1 rlogin_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rlogin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rlogin_server_packets',`
corenet_send_rlogin_server_packets($1)
corenet_receive_rlogin_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rlogin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rlogin_server_packets',`
corenet_dontaudit_send_rlogin_server_packets($1)
corenet_dontaudit_receive_rlogin_server_packets($1)
')
########################################
## <summary>
## Relabel packets to rlogin_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rlogin_server_packets',`
gen_require(`
type rlogin_server_packet_t;
')
allow $1 rlogin_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the rtsclient port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_rtsclient_port',`
gen_require(`
type rtsclient_port_t;
')
allow $1 rtsclient_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the rtsclient port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_rtsclient_port',`
gen_require(`
type rtsclient_port_t;
')
allow $1 rtsclient_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the rtsclient port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_rtsclient_port',`
gen_require(`
type rtsclient_port_t;
')
dontaudit $1 rtsclient_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the rtsclient port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_rtsclient_port',`
gen_require(`
type rtsclient_port_t;
')
allow $1 rtsclient_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the rtsclient port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_rtsclient_port',`
gen_require(`
type rtsclient_port_t;
')
dontaudit $1 rtsclient_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the rtsclient port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_rtsclient_port',`
corenet_udp_send_rtsclient_port($1)
corenet_udp_receive_rtsclient_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the rtsclient port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_rtsclient_port',`
corenet_dontaudit_udp_send_rtsclient_port($1)
corenet_dontaudit_udp_receive_rtsclient_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the rtsclient port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_rtsclient_port',`
gen_require(`
type rtsclient_port_t;
')
allow $1 rtsclient_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the rtsclient port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_rtsclient_port',`
gen_require(`
type rtsclient_port_t;
')
allow $1 rtsclient_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to rtsclient port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_rtsclient_port',`
gen_require(`
type rtsclient_port_t;
')
dontaudit $1 rtsclient_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the rtsclient port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_rtsclient_port',`
gen_require(`
type rtsclient_port_t;
')
allow $1 rtsclient_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to rtsclient port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_rtsclient_port',`
gen_require(`
type rtsclient_port_t;
')
dontaudit $1 rtsclient_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send rtsclient_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rtsclient_client_packets',`
gen_require(`
type rtsclient_client_packet_t;
')
allow $1 rtsclient_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rtsclient_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rtsclient_client_packets',`
gen_require(`
type rtsclient_client_packet_t;
')
dontaudit $1 rtsclient_client_packet_t:packet send;
')
########################################
## <summary>
## Receive rtsclient_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rtsclient_client_packets',`
gen_require(`
type rtsclient_client_packet_t;
')
allow $1 rtsclient_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rtsclient_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rtsclient_client_packets',`
gen_require(`
type rtsclient_client_packet_t;
')
dontaudit $1 rtsclient_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rtsclient_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rtsclient_client_packets',`
corenet_send_rtsclient_client_packets($1)
corenet_receive_rtsclient_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rtsclient_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rtsclient_client_packets',`
corenet_dontaudit_send_rtsclient_client_packets($1)
corenet_dontaudit_receive_rtsclient_client_packets($1)
')
########################################
## <summary>
## Relabel packets to rtsclient_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rtsclient_client_packets',`
gen_require(`
type rtsclient_client_packet_t;
')
allow $1 rtsclient_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send rtsclient_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rtsclient_server_packets',`
gen_require(`
type rtsclient_server_packet_t;
')
allow $1 rtsclient_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rtsclient_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rtsclient_server_packets',`
gen_require(`
type rtsclient_server_packet_t;
')
dontaudit $1 rtsclient_server_packet_t:packet send;
')
########################################
## <summary>
## Receive rtsclient_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rtsclient_server_packets',`
gen_require(`
type rtsclient_server_packet_t;
')
allow $1 rtsclient_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rtsclient_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rtsclient_server_packets',`
gen_require(`
type rtsclient_server_packet_t;
')
dontaudit $1 rtsclient_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rtsclient_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rtsclient_server_packets',`
corenet_send_rtsclient_server_packets($1)
corenet_receive_rtsclient_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rtsclient_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rtsclient_server_packets',`
corenet_dontaudit_send_rtsclient_server_packets($1)
corenet_dontaudit_receive_rtsclient_server_packets($1)
')
########################################
## <summary>
## Relabel packets to rtsclient_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rtsclient_server_packets',`
gen_require(`
type rtsclient_server_packet_t;
')
allow $1 rtsclient_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_kprop_port',`
gen_require(`
type kprop_port_t;
')
allow $1 kprop_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_kprop_port',`
gen_require(`
type kprop_port_t;
')
allow $1 kprop_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_kprop_port',`
gen_require(`
type kprop_port_t;
')
dontaudit $1 kprop_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_kprop_port',`
gen_require(`
type kprop_port_t;
')
allow $1 kprop_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_kprop_port',`
gen_require(`
type kprop_port_t;
')
dontaudit $1 kprop_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_kprop_port',`
corenet_udp_send_kprop_port($1)
corenet_udp_receive_kprop_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_kprop_port',`
corenet_dontaudit_udp_send_kprop_port($1)
corenet_dontaudit_udp_receive_kprop_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_kprop_port',`
gen_require(`
type kprop_port_t;
')
allow $1 kprop_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_kprop_port',`
gen_require(`
type kprop_port_t;
')
allow $1 kprop_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_kprop_port',`
gen_require(`
type kprop_port_t;
')
dontaudit $1 kprop_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_kprop_port',`
gen_require(`
type kprop_port_t;
')
allow $1 kprop_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to kprop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_kprop_port',`
gen_require(`
type kprop_port_t;
')
dontaudit $1 kprop_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send kprop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kprop_client_packets',`
gen_require(`
type kprop_client_packet_t;
')
allow $1 kprop_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kprop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kprop_client_packets',`
gen_require(`
type kprop_client_packet_t;
')
dontaudit $1 kprop_client_packet_t:packet send;
')
########################################
## <summary>
## Receive kprop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kprop_client_packets',`
gen_require(`
type kprop_client_packet_t;
')
allow $1 kprop_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kprop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kprop_client_packets',`
gen_require(`
type kprop_client_packet_t;
')
dontaudit $1 kprop_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kprop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kprop_client_packets',`
corenet_send_kprop_client_packets($1)
corenet_receive_kprop_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kprop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kprop_client_packets',`
corenet_dontaudit_send_kprop_client_packets($1)
corenet_dontaudit_receive_kprop_client_packets($1)
')
########################################
## <summary>
## Relabel packets to kprop_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kprop_client_packets',`
gen_require(`
type kprop_client_packet_t;
')
allow $1 kprop_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send kprop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_kprop_server_packets',`
gen_require(`
type kprop_server_packet_t;
')
allow $1 kprop_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send kprop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_kprop_server_packets',`
gen_require(`
type kprop_server_packet_t;
')
dontaudit $1 kprop_server_packet_t:packet send;
')
########################################
## <summary>
## Receive kprop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_kprop_server_packets',`
gen_require(`
type kprop_server_packet_t;
')
allow $1 kprop_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive kprop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_kprop_server_packets',`
gen_require(`
type kprop_server_packet_t;
')
dontaudit $1 kprop_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive kprop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_kprop_server_packets',`
corenet_send_kprop_server_packets($1)
corenet_receive_kprop_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive kprop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_kprop_server_packets',`
corenet_dontaudit_send_kprop_server_packets($1)
corenet_dontaudit_receive_kprop_server_packets($1)
')
########################################
## <summary>
## Relabel packets to kprop_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_kprop_server_packets',`
gen_require(`
type kprop_server_packet_t;
')
allow $1 kprop_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ktalkd_port',`
gen_require(`
type ktalkd_port_t;
')
allow $1 ktalkd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ktalkd_port',`
gen_require(`
type ktalkd_port_t;
')
allow $1 ktalkd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ktalkd_port',`
gen_require(`
type ktalkd_port_t;
')
dontaudit $1 ktalkd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ktalkd_port',`
gen_require(`
type ktalkd_port_t;
')
allow $1 ktalkd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ktalkd_port',`
gen_require(`
type ktalkd_port_t;
')
dontaudit $1 ktalkd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ktalkd_port',`
corenet_udp_send_ktalkd_port($1)
corenet_udp_receive_ktalkd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ktalkd_port',`
corenet_dontaudit_udp_send_ktalkd_port($1)
corenet_dontaudit_udp_receive_ktalkd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ktalkd_port',`
gen_require(`
type ktalkd_port_t;
')
allow $1 ktalkd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ktalkd_port',`
gen_require(`
type ktalkd_port_t;
')
allow $1 ktalkd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ktalkd_port',`
gen_require(`
type ktalkd_port_t;
')
dontaudit $1 ktalkd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ktalkd_port',`
gen_require(`
type ktalkd_port_t;
')
allow $1 ktalkd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ktalkd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ktalkd_port',`
gen_require(`
type ktalkd_port_t;
')
dontaudit $1 ktalkd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ktalkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ktalkd_client_packets',`
gen_require(`
type ktalkd_client_packet_t;
')
allow $1 ktalkd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ktalkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ktalkd_client_packets',`
gen_require(`
type ktalkd_client_packet_t;
')
dontaudit $1 ktalkd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ktalkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ktalkd_client_packets',`
gen_require(`
type ktalkd_client_packet_t;
')
allow $1 ktalkd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ktalkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ktalkd_client_packets',`
gen_require(`
type ktalkd_client_packet_t;
')
dontaudit $1 ktalkd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ktalkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ktalkd_client_packets',`
corenet_send_ktalkd_client_packets($1)
corenet_receive_ktalkd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ktalkd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ktalkd_client_packets',`
corenet_dontaudit_send_ktalkd_client_packets($1)
corenet_dontaudit_receive_ktalkd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ktalkd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ktalkd_client_packets',`
gen_require(`
type ktalkd_client_packet_t;
')
allow $1 ktalkd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ktalkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ktalkd_server_packets',`
gen_require(`
type ktalkd_server_packet_t;
')
allow $1 ktalkd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ktalkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ktalkd_server_packets',`
gen_require(`
type ktalkd_server_packet_t;
')
dontaudit $1 ktalkd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ktalkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ktalkd_server_packets',`
gen_require(`
type ktalkd_server_packet_t;
')
allow $1 ktalkd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ktalkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ktalkd_server_packets',`
gen_require(`
type ktalkd_server_packet_t;
')
dontaudit $1 ktalkd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ktalkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ktalkd_server_packets',`
corenet_send_ktalkd_server_packets($1)
corenet_receive_ktalkd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ktalkd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ktalkd_server_packets',`
corenet_dontaudit_send_ktalkd_server_packets($1)
corenet_dontaudit_receive_ktalkd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ktalkd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ktalkd_server_packets',`
gen_require(`
type ktalkd_server_packet_t;
')
allow $1 ktalkd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ldap_port',`
gen_require(`
type ldap_port_t;
')
allow $1 ldap_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ldap_port',`
gen_require(`
type ldap_port_t;
')
allow $1 ldap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ldap_port',`
gen_require(`
type ldap_port_t;
')
dontaudit $1 ldap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ldap_port',`
gen_require(`
type ldap_port_t;
')
allow $1 ldap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ldap_port',`
gen_require(`
type ldap_port_t;
')
dontaudit $1 ldap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ldap_port',`
corenet_udp_send_ldap_port($1)
corenet_udp_receive_ldap_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ldap_port',`
corenet_dontaudit_udp_send_ldap_port($1)
corenet_dontaudit_udp_receive_ldap_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ldap_port',`
gen_require(`
type ldap_port_t;
')
allow $1 ldap_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ldap_port',`
gen_require(`
type ldap_port_t;
')
allow $1 ldap_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ldap_port',`
gen_require(`
type ldap_port_t;
')
dontaudit $1 ldap_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ldap_port',`
gen_require(`
type ldap_port_t;
')
allow $1 ldap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ldap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ldap_port',`
gen_require(`
type ldap_port_t;
')
dontaudit $1 ldap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ldap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ldap_client_packets',`
gen_require(`
type ldap_client_packet_t;
')
allow $1 ldap_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ldap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ldap_client_packets',`
gen_require(`
type ldap_client_packet_t;
')
dontaudit $1 ldap_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ldap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ldap_client_packets',`
gen_require(`
type ldap_client_packet_t;
')
allow $1 ldap_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ldap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ldap_client_packets',`
gen_require(`
type ldap_client_packet_t;
')
dontaudit $1 ldap_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ldap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ldap_client_packets',`
corenet_send_ldap_client_packets($1)
corenet_receive_ldap_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ldap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ldap_client_packets',`
corenet_dontaudit_send_ldap_client_packets($1)
corenet_dontaudit_receive_ldap_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ldap_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ldap_client_packets',`
gen_require(`
type ldap_client_packet_t;
')
allow $1 ldap_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ldap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ldap_server_packets',`
gen_require(`
type ldap_server_packet_t;
')
allow $1 ldap_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ldap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ldap_server_packets',`
gen_require(`
type ldap_server_packet_t;
')
dontaudit $1 ldap_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ldap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ldap_server_packets',`
gen_require(`
type ldap_server_packet_t;
')
allow $1 ldap_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ldap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ldap_server_packets',`
gen_require(`
type ldap_server_packet_t;
')
dontaudit $1 ldap_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ldap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ldap_server_packets',`
corenet_send_ldap_server_packets($1)
corenet_receive_ldap_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ldap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ldap_server_packets',`
corenet_dontaudit_send_ldap_server_packets($1)
corenet_dontaudit_receive_ldap_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ldap_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ldap_server_packets',`
gen_require(`
type ldap_server_packet_t;
')
allow $1 ldap_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_lirc_port',`
gen_require(`
type lirc_port_t;
')
allow $1 lirc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_lirc_port',`
gen_require(`
type lirc_port_t;
')
allow $1 lirc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_lirc_port',`
gen_require(`
type lirc_port_t;
')
dontaudit $1 lirc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_lirc_port',`
gen_require(`
type lirc_port_t;
')
allow $1 lirc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_lirc_port',`
gen_require(`
type lirc_port_t;
')
dontaudit $1 lirc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_lirc_port',`
corenet_udp_send_lirc_port($1)
corenet_udp_receive_lirc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_lirc_port',`
corenet_dontaudit_udp_send_lirc_port($1)
corenet_dontaudit_udp_receive_lirc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_lirc_port',`
gen_require(`
type lirc_port_t;
')
allow $1 lirc_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_lirc_port',`
gen_require(`
type lirc_port_t;
')
allow $1 lirc_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_lirc_port',`
gen_require(`
type lirc_port_t;
')
dontaudit $1 lirc_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_lirc_port',`
gen_require(`
type lirc_port_t;
')
allow $1 lirc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to lirc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_lirc_port',`
gen_require(`
type lirc_port_t;
')
dontaudit $1 lirc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send lirc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_lirc_client_packets',`
gen_require(`
type lirc_client_packet_t;
')
allow $1 lirc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send lirc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_lirc_client_packets',`
gen_require(`
type lirc_client_packet_t;
')
dontaudit $1 lirc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive lirc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_lirc_client_packets',`
gen_require(`
type lirc_client_packet_t;
')
allow $1 lirc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive lirc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_lirc_client_packets',`
gen_require(`
type lirc_client_packet_t;
')
dontaudit $1 lirc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive lirc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_lirc_client_packets',`
corenet_send_lirc_client_packets($1)
corenet_receive_lirc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive lirc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_lirc_client_packets',`
corenet_dontaudit_send_lirc_client_packets($1)
corenet_dontaudit_receive_lirc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to lirc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_lirc_client_packets',`
gen_require(`
type lirc_client_packet_t;
')
allow $1 lirc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send lirc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_lirc_server_packets',`
gen_require(`
type lirc_server_packet_t;
')
allow $1 lirc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send lirc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_lirc_server_packets',`
gen_require(`
type lirc_server_packet_t;
')
dontaudit $1 lirc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive lirc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_lirc_server_packets',`
gen_require(`
type lirc_server_packet_t;
')
allow $1 lirc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive lirc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_lirc_server_packets',`
gen_require(`
type lirc_server_packet_t;
')
dontaudit $1 lirc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive lirc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_lirc_server_packets',`
corenet_send_lirc_server_packets($1)
corenet_receive_lirc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive lirc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_lirc_server_packets',`
corenet_dontaudit_send_lirc_server_packets($1)
corenet_dontaudit_receive_lirc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to lirc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_lirc_server_packets',`
gen_require(`
type lirc_server_packet_t;
')
allow $1 lirc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_luci_port',`
gen_require(`
type luci_port_t;
')
allow $1 luci_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_luci_port',`
gen_require(`
type luci_port_t;
')
allow $1 luci_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_luci_port',`
gen_require(`
type luci_port_t;
')
dontaudit $1 luci_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_luci_port',`
gen_require(`
type luci_port_t;
')
allow $1 luci_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_luci_port',`
gen_require(`
type luci_port_t;
')
dontaudit $1 luci_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_luci_port',`
corenet_udp_send_luci_port($1)
corenet_udp_receive_luci_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_luci_port',`
corenet_dontaudit_udp_send_luci_port($1)
corenet_dontaudit_udp_receive_luci_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_luci_port',`
gen_require(`
type luci_port_t;
')
allow $1 luci_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_luci_port',`
gen_require(`
type luci_port_t;
')
allow $1 luci_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_luci_port',`
gen_require(`
type luci_port_t;
')
dontaudit $1 luci_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_luci_port',`
gen_require(`
type luci_port_t;
')
allow $1 luci_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to luci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_luci_port',`
gen_require(`
type luci_port_t;
')
dontaudit $1 luci_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send luci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_luci_client_packets',`
gen_require(`
type luci_client_packet_t;
')
allow $1 luci_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send luci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_luci_client_packets',`
gen_require(`
type luci_client_packet_t;
')
dontaudit $1 luci_client_packet_t:packet send;
')
########################################
## <summary>
## Receive luci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_luci_client_packets',`
gen_require(`
type luci_client_packet_t;
')
allow $1 luci_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive luci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_luci_client_packets',`
gen_require(`
type luci_client_packet_t;
')
dontaudit $1 luci_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive luci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_luci_client_packets',`
corenet_send_luci_client_packets($1)
corenet_receive_luci_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive luci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_luci_client_packets',`
corenet_dontaudit_send_luci_client_packets($1)
corenet_dontaudit_receive_luci_client_packets($1)
')
########################################
## <summary>
## Relabel packets to luci_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_luci_client_packets',`
gen_require(`
type luci_client_packet_t;
')
allow $1 luci_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send luci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_luci_server_packets',`
gen_require(`
type luci_server_packet_t;
')
allow $1 luci_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send luci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_luci_server_packets',`
gen_require(`
type luci_server_packet_t;
')
dontaudit $1 luci_server_packet_t:packet send;
')
########################################
## <summary>
## Receive luci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_luci_server_packets',`
gen_require(`
type luci_server_packet_t;
')
allow $1 luci_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive luci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_luci_server_packets',`
gen_require(`
type luci_server_packet_t;
')
dontaudit $1 luci_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive luci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_luci_server_packets',`
corenet_send_luci_server_packets($1)
corenet_receive_luci_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive luci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_luci_server_packets',`
corenet_dontaudit_send_luci_server_packets($1)
corenet_dontaudit_receive_luci_server_packets($1)
')
########################################
## <summary>
## Relabel packets to luci_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_luci_server_packets',`
gen_require(`
type luci_server_packet_t;
')
allow $1 luci_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_lmtp_port',`
gen_require(`
type lmtp_port_t;
')
allow $1 lmtp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_lmtp_port',`
gen_require(`
type lmtp_port_t;
')
allow $1 lmtp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_lmtp_port',`
gen_require(`
type lmtp_port_t;
')
dontaudit $1 lmtp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_lmtp_port',`
gen_require(`
type lmtp_port_t;
')
allow $1 lmtp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_lmtp_port',`
gen_require(`
type lmtp_port_t;
')
dontaudit $1 lmtp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_lmtp_port',`
corenet_udp_send_lmtp_port($1)
corenet_udp_receive_lmtp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_lmtp_port',`
corenet_dontaudit_udp_send_lmtp_port($1)
corenet_dontaudit_udp_receive_lmtp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_lmtp_port',`
gen_require(`
type lmtp_port_t;
')
allow $1 lmtp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_lmtp_port',`
gen_require(`
type lmtp_port_t;
')
allow $1 lmtp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_lmtp_port',`
gen_require(`
type lmtp_port_t;
')
dontaudit $1 lmtp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_lmtp_port',`
gen_require(`
type lmtp_port_t;
')
allow $1 lmtp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to lmtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_lmtp_port',`
gen_require(`
type lmtp_port_t;
')
dontaudit $1 lmtp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send lmtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_lmtp_client_packets',`
gen_require(`
type lmtp_client_packet_t;
')
allow $1 lmtp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send lmtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_lmtp_client_packets',`
gen_require(`
type lmtp_client_packet_t;
')
dontaudit $1 lmtp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive lmtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_lmtp_client_packets',`
gen_require(`
type lmtp_client_packet_t;
')
allow $1 lmtp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive lmtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_lmtp_client_packets',`
gen_require(`
type lmtp_client_packet_t;
')
dontaudit $1 lmtp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive lmtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_lmtp_client_packets',`
corenet_send_lmtp_client_packets($1)
corenet_receive_lmtp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive lmtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_lmtp_client_packets',`
corenet_dontaudit_send_lmtp_client_packets($1)
corenet_dontaudit_receive_lmtp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to lmtp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_lmtp_client_packets',`
gen_require(`
type lmtp_client_packet_t;
')
allow $1 lmtp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send lmtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_lmtp_server_packets',`
gen_require(`
type lmtp_server_packet_t;
')
allow $1 lmtp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send lmtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_lmtp_server_packets',`
gen_require(`
type lmtp_server_packet_t;
')
dontaudit $1 lmtp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive lmtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_lmtp_server_packets',`
gen_require(`
type lmtp_server_packet_t;
')
allow $1 lmtp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive lmtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_lmtp_server_packets',`
gen_require(`
type lmtp_server_packet_t;
')
dontaudit $1 lmtp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive lmtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_lmtp_server_packets',`
corenet_send_lmtp_server_packets($1)
corenet_receive_lmtp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive lmtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_lmtp_server_packets',`
corenet_dontaudit_send_lmtp_server_packets($1)
corenet_dontaudit_receive_lmtp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to lmtp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_lmtp_server_packets',`
gen_require(`
type lmtp_server_packet_t;
')
allow $1 lmtp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the lrrd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_lrrd_port',`
gen_require(`
type lrrd_port_t;
')
allow $1 lrrd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the lrrd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_lrrd_port',`
gen_require(`
type lrrd_port_t;
')
allow $1 lrrd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the lrrd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_lrrd_port',`
gen_require(`
type lrrd_port_t;
')
dontaudit $1 lrrd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the lrrd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_lrrd_port',`
gen_require(`
type lrrd_port_t;
')
allow $1 lrrd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the lrrd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_lrrd_port',`
gen_require(`
type lrrd_port_t;
')
dontaudit $1 lrrd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the lrrd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_lrrd_port',`
corenet_udp_send_lrrd_port($1)
corenet_udp_receive_lrrd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the lrrd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_lrrd_port',`
corenet_dontaudit_udp_send_lrrd_port($1)
corenet_dontaudit_udp_receive_lrrd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the lrrd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_lrrd_port',`
gen_require(`
type lrrd_port_t;
')
allow $1 lrrd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the lrrd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_lrrd_port',`
gen_require(`
type lrrd_port_t;
')
allow $1 lrrd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to lrrd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_lrrd_port',`
gen_require(`
type lrrd_port_t;
')
dontaudit $1 lrrd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the lrrd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_lrrd_port',`
gen_require(`
type lrrd_port_t;
')
allow $1 lrrd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to lrrd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_lrrd_port',`
gen_require(`
type lrrd_port_t;
')
dontaudit $1 lrrd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send lrrd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_lrrd_client_packets',`
gen_require(`
type lrrd_client_packet_t;
')
allow $1 lrrd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send lrrd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_lrrd_client_packets',`
gen_require(`
type lrrd_client_packet_t;
')
dontaudit $1 lrrd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive lrrd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_lrrd_client_packets',`
gen_require(`
type lrrd_client_packet_t;
')
allow $1 lrrd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive lrrd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_lrrd_client_packets',`
gen_require(`
type lrrd_client_packet_t;
')
dontaudit $1 lrrd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive lrrd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_lrrd_client_packets',`
corenet_send_lrrd_client_packets($1)
corenet_receive_lrrd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive lrrd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_lrrd_client_packets',`
corenet_dontaudit_send_lrrd_client_packets($1)
corenet_dontaudit_receive_lrrd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to lrrd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_lrrd_client_packets',`
gen_require(`
type lrrd_client_packet_t;
')
allow $1 lrrd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send lrrd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_lrrd_server_packets',`
gen_require(`
type lrrd_server_packet_t;
')
allow $1 lrrd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send lrrd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_lrrd_server_packets',`
gen_require(`
type lrrd_server_packet_t;
')
dontaudit $1 lrrd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive lrrd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_lrrd_server_packets',`
gen_require(`
type lrrd_server_packet_t;
')
allow $1 lrrd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive lrrd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_lrrd_server_packets',`
gen_require(`
type lrrd_server_packet_t;
')
dontaudit $1 lrrd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive lrrd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_lrrd_server_packets',`
corenet_send_lrrd_server_packets($1)
corenet_receive_lrrd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive lrrd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_lrrd_server_packets',`
corenet_dontaudit_send_lrrd_server_packets($1)
corenet_dontaudit_receive_lrrd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to lrrd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_lrrd_server_packets',`
gen_require(`
type lrrd_server_packet_t;
')
allow $1 lrrd_server_packet_t:packet relabelto;
')
# no defined portcon
########################################
## <summary>
## Send and receive TCP traffic on the lsm_plugin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_lsm_plugin_port',`
gen_require(`
type lsm_plugin_port_t;
')
allow $1 lsm_plugin_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the lsm_plugin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_lsm_plugin_port',`
gen_require(`
type lsm_plugin_port_t;
')
allow $1 lsm_plugin_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the lsm_plugin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_lsm_plugin_port',`
gen_require(`
type lsm_plugin_port_t;
')
dontaudit $1 lsm_plugin_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the lsm_plugin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_lsm_plugin_port',`
gen_require(`
type lsm_plugin_port_t;
')
allow $1 lsm_plugin_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the lsm_plugin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_lsm_plugin_port',`
gen_require(`
type lsm_plugin_port_t;
')
dontaudit $1 lsm_plugin_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the lsm_plugin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_lsm_plugin_port',`
corenet_udp_send_lsm_plugin_port($1)
corenet_udp_receive_lsm_plugin_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the lsm_plugin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_lsm_plugin_port',`
corenet_dontaudit_udp_send_lsm_plugin_port($1)
corenet_dontaudit_udp_receive_lsm_plugin_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the lsm_plugin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_lsm_plugin_port',`
gen_require(`
type lsm_plugin_port_t;
')
allow $1 lsm_plugin_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the lsm_plugin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_lsm_plugin_port',`
gen_require(`
type lsm_plugin_port_t;
')
allow $1 lsm_plugin_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to lsm_plugin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_lsm_plugin_port',`
gen_require(`
type lsm_plugin_port_t;
')
dontaudit $1 lsm_plugin_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the lsm_plugin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_lsm_plugin_port',`
gen_require(`
type lsm_plugin_port_t;
')
allow $1 lsm_plugin_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to lsm_plugin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_lsm_plugin_port',`
gen_require(`
type lsm_plugin_port_t;
')
dontaudit $1 lsm_plugin_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send lsm_plugin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_lsm_plugin_client_packets',`
gen_require(`
type lsm_plugin_client_packet_t;
')
allow $1 lsm_plugin_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send lsm_plugin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_lsm_plugin_client_packets',`
gen_require(`
type lsm_plugin_client_packet_t;
')
dontaudit $1 lsm_plugin_client_packet_t:packet send;
')
########################################
## <summary>
## Receive lsm_plugin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_lsm_plugin_client_packets',`
gen_require(`
type lsm_plugin_client_packet_t;
')
allow $1 lsm_plugin_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive lsm_plugin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_lsm_plugin_client_packets',`
gen_require(`
type lsm_plugin_client_packet_t;
')
dontaudit $1 lsm_plugin_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive lsm_plugin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_lsm_plugin_client_packets',`
corenet_send_lsm_plugin_client_packets($1)
corenet_receive_lsm_plugin_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive lsm_plugin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_lsm_plugin_client_packets',`
corenet_dontaudit_send_lsm_plugin_client_packets($1)
corenet_dontaudit_receive_lsm_plugin_client_packets($1)
')
########################################
## <summary>
## Relabel packets to lsm_plugin_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_lsm_plugin_client_packets',`
gen_require(`
type lsm_plugin_client_packet_t;
')
allow $1 lsm_plugin_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send lsm_plugin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_lsm_plugin_server_packets',`
gen_require(`
type lsm_plugin_server_packet_t;
')
allow $1 lsm_plugin_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send lsm_plugin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_lsm_plugin_server_packets',`
gen_require(`
type lsm_plugin_server_packet_t;
')
dontaudit $1 lsm_plugin_server_packet_t:packet send;
')
########################################
## <summary>
## Receive lsm_plugin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_lsm_plugin_server_packets',`
gen_require(`
type lsm_plugin_server_packet_t;
')
allow $1 lsm_plugin_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive lsm_plugin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_lsm_plugin_server_packets',`
gen_require(`
type lsm_plugin_server_packet_t;
')
dontaudit $1 lsm_plugin_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive lsm_plugin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_lsm_plugin_server_packets',`
corenet_send_lsm_plugin_server_packets($1)
corenet_receive_lsm_plugin_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive lsm_plugin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_lsm_plugin_server_packets',`
corenet_dontaudit_send_lsm_plugin_server_packets($1)
corenet_dontaudit_receive_lsm_plugin_server_packets($1)
')
########################################
## <summary>
## Relabel packets to lsm_plugin_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_lsm_plugin_server_packets',`
gen_require(`
type lsm_plugin_server_packet_t;
')
allow $1 lsm_plugin_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_l2tp_port',`
gen_require(`
type l2tp_port_t;
')
allow $1 l2tp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_l2tp_port',`
gen_require(`
type l2tp_port_t;
')
allow $1 l2tp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_l2tp_port',`
gen_require(`
type l2tp_port_t;
')
dontaudit $1 l2tp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_l2tp_port',`
gen_require(`
type l2tp_port_t;
')
allow $1 l2tp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_l2tp_port',`
gen_require(`
type l2tp_port_t;
')
dontaudit $1 l2tp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_l2tp_port',`
corenet_udp_send_l2tp_port($1)
corenet_udp_receive_l2tp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_l2tp_port',`
corenet_dontaudit_udp_send_l2tp_port($1)
corenet_dontaudit_udp_receive_l2tp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_l2tp_port',`
gen_require(`
type l2tp_port_t;
')
allow $1 l2tp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_l2tp_port',`
gen_require(`
type l2tp_port_t;
')
allow $1 l2tp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_l2tp_port',`
gen_require(`
type l2tp_port_t;
')
dontaudit $1 l2tp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_l2tp_port',`
gen_require(`
type l2tp_port_t;
')
allow $1 l2tp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to l2tp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_l2tp_port',`
gen_require(`
type l2tp_port_t;
')
dontaudit $1 l2tp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send l2tp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_l2tp_client_packets',`
gen_require(`
type l2tp_client_packet_t;
')
allow $1 l2tp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send l2tp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_l2tp_client_packets',`
gen_require(`
type l2tp_client_packet_t;
')
dontaudit $1 l2tp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive l2tp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_l2tp_client_packets',`
gen_require(`
type l2tp_client_packet_t;
')
allow $1 l2tp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive l2tp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_l2tp_client_packets',`
gen_require(`
type l2tp_client_packet_t;
')
dontaudit $1 l2tp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive l2tp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_l2tp_client_packets',`
corenet_send_l2tp_client_packets($1)
corenet_receive_l2tp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive l2tp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_l2tp_client_packets',`
corenet_dontaudit_send_l2tp_client_packets($1)
corenet_dontaudit_receive_l2tp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to l2tp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_l2tp_client_packets',`
gen_require(`
type l2tp_client_packet_t;
')
allow $1 l2tp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send l2tp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_l2tp_server_packets',`
gen_require(`
type l2tp_server_packet_t;
')
allow $1 l2tp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send l2tp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_l2tp_server_packets',`
gen_require(`
type l2tp_server_packet_t;
')
dontaudit $1 l2tp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive l2tp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_l2tp_server_packets',`
gen_require(`
type l2tp_server_packet_t;
')
allow $1 l2tp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive l2tp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_l2tp_server_packets',`
gen_require(`
type l2tp_server_packet_t;
')
dontaudit $1 l2tp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive l2tp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_l2tp_server_packets',`
corenet_send_l2tp_server_packets($1)
corenet_receive_l2tp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive l2tp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_l2tp_server_packets',`
corenet_dontaudit_send_l2tp_server_packets($1)
corenet_dontaudit_receive_l2tp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to l2tp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_l2tp_server_packets',`
gen_require(`
type l2tp_server_packet_t;
')
allow $1 l2tp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mail_port',`
gen_require(`
type mail_port_t;
')
allow $1 mail_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mail_port',`
gen_require(`
type mail_port_t;
')
allow $1 mail_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mail_port',`
gen_require(`
type mail_port_t;
')
dontaudit $1 mail_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mail_port',`
gen_require(`
type mail_port_t;
')
allow $1 mail_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mail_port',`
gen_require(`
type mail_port_t;
')
dontaudit $1 mail_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mail_port',`
corenet_udp_send_mail_port($1)
corenet_udp_receive_mail_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mail_port',`
corenet_dontaudit_udp_send_mail_port($1)
corenet_dontaudit_udp_receive_mail_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mail_port',`
gen_require(`
type mail_port_t;
')
allow $1 mail_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mail_port',`
gen_require(`
type mail_port_t;
')
allow $1 mail_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_mail_port',`
gen_require(`
type mail_port_t;
')
dontaudit $1 mail_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mail_port',`
gen_require(`
type mail_port_t;
')
allow $1 mail_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to mail port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_mail_port',`
gen_require(`
type mail_port_t;
')
dontaudit $1 mail_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mail_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mail_client_packets',`
gen_require(`
type mail_client_packet_t;
')
allow $1 mail_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mail_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mail_client_packets',`
gen_require(`
type mail_client_packet_t;
')
dontaudit $1 mail_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mail_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mail_client_packets',`
gen_require(`
type mail_client_packet_t;
')
allow $1 mail_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mail_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mail_client_packets',`
gen_require(`
type mail_client_packet_t;
')
dontaudit $1 mail_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mail_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mail_client_packets',`
corenet_send_mail_client_packets($1)
corenet_receive_mail_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mail_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mail_client_packets',`
corenet_dontaudit_send_mail_client_packets($1)
corenet_dontaudit_receive_mail_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mail_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mail_client_packets',`
gen_require(`
type mail_client_packet_t;
')
allow $1 mail_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mail_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mail_server_packets',`
gen_require(`
type mail_server_packet_t;
')
allow $1 mail_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mail_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mail_server_packets',`
gen_require(`
type mail_server_packet_t;
')
dontaudit $1 mail_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mail_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mail_server_packets',`
gen_require(`
type mail_server_packet_t;
')
allow $1 mail_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mail_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mail_server_packets',`
gen_require(`
type mail_server_packet_t;
')
dontaudit $1 mail_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mail_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mail_server_packets',`
corenet_send_mail_server_packets($1)
corenet_receive_mail_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mail_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mail_server_packets',`
corenet_dontaudit_send_mail_server_packets($1)
corenet_dontaudit_receive_mail_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mail_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mail_server_packets',`
gen_require(`
type mail_server_packet_t;
')
allow $1 mail_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the mailbox port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mailbox_port',`
gen_require(`
type mailbox_port_t;
')
allow $1 mailbox_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mailbox port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mailbox_port',`
gen_require(`
type mailbox_port_t;
')
allow $1 mailbox_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mailbox port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mailbox_port',`
gen_require(`
type mailbox_port_t;
')
dontaudit $1 mailbox_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mailbox port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mailbox_port',`
gen_require(`
type mailbox_port_t;
')
allow $1 mailbox_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mailbox port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mailbox_port',`
gen_require(`
type mailbox_port_t;
')
dontaudit $1 mailbox_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mailbox port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mailbox_port',`
corenet_udp_send_mailbox_port($1)
corenet_udp_receive_mailbox_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mailbox port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mailbox_port',`
corenet_dontaudit_udp_send_mailbox_port($1)
corenet_dontaudit_udp_receive_mailbox_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mailbox port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mailbox_port',`
gen_require(`
type mailbox_port_t;
')
allow $1 mailbox_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the mailbox port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mailbox_port',`
gen_require(`
type mailbox_port_t;
')
allow $1 mailbox_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to mailbox port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_mailbox_port',`
gen_require(`
type mailbox_port_t;
')
dontaudit $1 mailbox_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the mailbox port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mailbox_port',`
gen_require(`
type mailbox_port_t;
')
allow $1 mailbox_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to mailbox port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_mailbox_port',`
gen_require(`
type mailbox_port_t;
')
dontaudit $1 mailbox_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mailbox_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mailbox_client_packets',`
gen_require(`
type mailbox_client_packet_t;
')
allow $1 mailbox_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mailbox_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mailbox_client_packets',`
gen_require(`
type mailbox_client_packet_t;
')
dontaudit $1 mailbox_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mailbox_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mailbox_client_packets',`
gen_require(`
type mailbox_client_packet_t;
')
allow $1 mailbox_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mailbox_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mailbox_client_packets',`
gen_require(`
type mailbox_client_packet_t;
')
dontaudit $1 mailbox_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mailbox_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mailbox_client_packets',`
corenet_send_mailbox_client_packets($1)
corenet_receive_mailbox_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mailbox_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mailbox_client_packets',`
corenet_dontaudit_send_mailbox_client_packets($1)
corenet_dontaudit_receive_mailbox_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mailbox_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mailbox_client_packets',`
gen_require(`
type mailbox_client_packet_t;
')
allow $1 mailbox_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mailbox_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mailbox_server_packets',`
gen_require(`
type mailbox_server_packet_t;
')
allow $1 mailbox_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mailbox_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mailbox_server_packets',`
gen_require(`
type mailbox_server_packet_t;
')
dontaudit $1 mailbox_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mailbox_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mailbox_server_packets',`
gen_require(`
type mailbox_server_packet_t;
')
allow $1 mailbox_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mailbox_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mailbox_server_packets',`
gen_require(`
type mailbox_server_packet_t;
')
dontaudit $1 mailbox_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mailbox_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mailbox_server_packets',`
corenet_send_mailbox_server_packets($1)
corenet_receive_mailbox_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mailbox_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mailbox_server_packets',`
corenet_dontaudit_send_mailbox_server_packets($1)
corenet_dontaudit_receive_mailbox_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mailbox_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mailbox_server_packets',`
gen_require(`
type mailbox_server_packet_t;
')
allow $1 mailbox_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_matahari_port',`
gen_require(`
type matahari_port_t;
')
allow $1 matahari_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_matahari_port',`
gen_require(`
type matahari_port_t;
')
allow $1 matahari_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_matahari_port',`
gen_require(`
type matahari_port_t;
')
dontaudit $1 matahari_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_matahari_port',`
gen_require(`
type matahari_port_t;
')
allow $1 matahari_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_matahari_port',`
gen_require(`
type matahari_port_t;
')
dontaudit $1 matahari_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_matahari_port',`
corenet_udp_send_matahari_port($1)
corenet_udp_receive_matahari_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_matahari_port',`
corenet_dontaudit_udp_send_matahari_port($1)
corenet_dontaudit_udp_receive_matahari_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_matahari_port',`
gen_require(`
type matahari_port_t;
')
allow $1 matahari_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_matahari_port',`
gen_require(`
type matahari_port_t;
')
allow $1 matahari_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_matahari_port',`
gen_require(`
type matahari_port_t;
')
dontaudit $1 matahari_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_matahari_port',`
gen_require(`
type matahari_port_t;
')
allow $1 matahari_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to matahari port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_matahari_port',`
gen_require(`
type matahari_port_t;
')
dontaudit $1 matahari_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send matahari_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_matahari_client_packets',`
gen_require(`
type matahari_client_packet_t;
')
allow $1 matahari_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send matahari_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_matahari_client_packets',`
gen_require(`
type matahari_client_packet_t;
')
dontaudit $1 matahari_client_packet_t:packet send;
')
########################################
## <summary>
## Receive matahari_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_matahari_client_packets',`
gen_require(`
type matahari_client_packet_t;
')
allow $1 matahari_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive matahari_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_matahari_client_packets',`
gen_require(`
type matahari_client_packet_t;
')
dontaudit $1 matahari_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive matahari_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_matahari_client_packets',`
corenet_send_matahari_client_packets($1)
corenet_receive_matahari_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive matahari_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_matahari_client_packets',`
corenet_dontaudit_send_matahari_client_packets($1)
corenet_dontaudit_receive_matahari_client_packets($1)
')
########################################
## <summary>
## Relabel packets to matahari_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_matahari_client_packets',`
gen_require(`
type matahari_client_packet_t;
')
allow $1 matahari_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send matahari_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_matahari_server_packets',`
gen_require(`
type matahari_server_packet_t;
')
allow $1 matahari_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send matahari_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_matahari_server_packets',`
gen_require(`
type matahari_server_packet_t;
')
dontaudit $1 matahari_server_packet_t:packet send;
')
########################################
## <summary>
## Receive matahari_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_matahari_server_packets',`
gen_require(`
type matahari_server_packet_t;
')
allow $1 matahari_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive matahari_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_matahari_server_packets',`
gen_require(`
type matahari_server_packet_t;
')
dontaudit $1 matahari_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive matahari_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_matahari_server_packets',`
corenet_send_matahari_server_packets($1)
corenet_receive_matahari_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive matahari_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_matahari_server_packets',`
corenet_dontaudit_send_matahari_server_packets($1)
corenet_dontaudit_receive_matahari_server_packets($1)
')
########################################
## <summary>
## Relabel packets to matahari_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_matahari_server_packets',`
gen_require(`
type matahari_server_packet_t;
')
allow $1 matahari_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_memcache_port',`
gen_require(`
type memcache_port_t;
')
allow $1 memcache_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_memcache_port',`
gen_require(`
type memcache_port_t;
')
allow $1 memcache_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_memcache_port',`
gen_require(`
type memcache_port_t;
')
dontaudit $1 memcache_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_memcache_port',`
gen_require(`
type memcache_port_t;
')
allow $1 memcache_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_memcache_port',`
gen_require(`
type memcache_port_t;
')
dontaudit $1 memcache_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_memcache_port',`
corenet_udp_send_memcache_port($1)
corenet_udp_receive_memcache_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_memcache_port',`
corenet_dontaudit_udp_send_memcache_port($1)
corenet_dontaudit_udp_receive_memcache_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_memcache_port',`
gen_require(`
type memcache_port_t;
')
allow $1 memcache_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_memcache_port',`
gen_require(`
type memcache_port_t;
')
allow $1 memcache_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_memcache_port',`
gen_require(`
type memcache_port_t;
')
dontaudit $1 memcache_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_memcache_port',`
gen_require(`
type memcache_port_t;
')
allow $1 memcache_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to memcache port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_memcache_port',`
gen_require(`
type memcache_port_t;
')
dontaudit $1 memcache_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send memcache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_memcache_client_packets',`
gen_require(`
type memcache_client_packet_t;
')
allow $1 memcache_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send memcache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_memcache_client_packets',`
gen_require(`
type memcache_client_packet_t;
')
dontaudit $1 memcache_client_packet_t:packet send;
')
########################################
## <summary>
## Receive memcache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_memcache_client_packets',`
gen_require(`
type memcache_client_packet_t;
')
allow $1 memcache_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive memcache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_memcache_client_packets',`
gen_require(`
type memcache_client_packet_t;
')
dontaudit $1 memcache_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive memcache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_memcache_client_packets',`
corenet_send_memcache_client_packets($1)
corenet_receive_memcache_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive memcache_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_memcache_client_packets',`
corenet_dontaudit_send_memcache_client_packets($1)
corenet_dontaudit_receive_memcache_client_packets($1)
')
########################################
## <summary>
## Relabel packets to memcache_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_memcache_client_packets',`
gen_require(`
type memcache_client_packet_t;
')
allow $1 memcache_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send memcache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_memcache_server_packets',`
gen_require(`
type memcache_server_packet_t;
')
allow $1 memcache_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send memcache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_memcache_server_packets',`
gen_require(`
type memcache_server_packet_t;
')
dontaudit $1 memcache_server_packet_t:packet send;
')
########################################
## <summary>
## Receive memcache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_memcache_server_packets',`
gen_require(`
type memcache_server_packet_t;
')
allow $1 memcache_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive memcache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_memcache_server_packets',`
gen_require(`
type memcache_server_packet_t;
')
dontaudit $1 memcache_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive memcache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_memcache_server_packets',`
corenet_send_memcache_server_packets($1)
corenet_receive_memcache_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive memcache_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_memcache_server_packets',`
corenet_dontaudit_send_memcache_server_packets($1)
corenet_dontaudit_receive_memcache_server_packets($1)
')
########################################
## <summary>
## Relabel packets to memcache_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_memcache_server_packets',`
gen_require(`
type memcache_server_packet_t;
')
allow $1 memcache_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_milter_port',`
gen_require(`
type milter_port_t;
')
allow $1 milter_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_milter_port',`
gen_require(`
type milter_port_t;
')
allow $1 milter_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_milter_port',`
gen_require(`
type milter_port_t;
')
dontaudit $1 milter_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_milter_port',`
gen_require(`
type milter_port_t;
')
allow $1 milter_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_milter_port',`
gen_require(`
type milter_port_t;
')
dontaudit $1 milter_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_milter_port',`
corenet_udp_send_milter_port($1)
corenet_udp_receive_milter_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_milter_port',`
corenet_dontaudit_udp_send_milter_port($1)
corenet_dontaudit_udp_receive_milter_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_milter_port',`
gen_require(`
type milter_port_t;
')
allow $1 milter_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_milter_port',`
gen_require(`
type milter_port_t;
')
allow $1 milter_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_milter_port',`
gen_require(`
type milter_port_t;
')
dontaudit $1 milter_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_milter_port',`
gen_require(`
type milter_port_t;
')
allow $1 milter_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to milter port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_milter_port',`
gen_require(`
type milter_port_t;
')
dontaudit $1 milter_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send milter_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_milter_client_packets',`
gen_require(`
type milter_client_packet_t;
')
allow $1 milter_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send milter_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_milter_client_packets',`
gen_require(`
type milter_client_packet_t;
')
dontaudit $1 milter_client_packet_t:packet send;
')
########################################
## <summary>
## Receive milter_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_milter_client_packets',`
gen_require(`
type milter_client_packet_t;
')
allow $1 milter_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive milter_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_milter_client_packets',`
gen_require(`
type milter_client_packet_t;
')
dontaudit $1 milter_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive milter_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_milter_client_packets',`
corenet_send_milter_client_packets($1)
corenet_receive_milter_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive milter_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_milter_client_packets',`
corenet_dontaudit_send_milter_client_packets($1)
corenet_dontaudit_receive_milter_client_packets($1)
')
########################################
## <summary>
## Relabel packets to milter_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_milter_client_packets',`
gen_require(`
type milter_client_packet_t;
')
allow $1 milter_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send milter_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_milter_server_packets',`
gen_require(`
type milter_server_packet_t;
')
allow $1 milter_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send milter_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_milter_server_packets',`
gen_require(`
type milter_server_packet_t;
')
dontaudit $1 milter_server_packet_t:packet send;
')
########################################
## <summary>
## Receive milter_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_milter_server_packets',`
gen_require(`
type milter_server_packet_t;
')
allow $1 milter_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive milter_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_milter_server_packets',`
gen_require(`
type milter_server_packet_t;
')
dontaudit $1 milter_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive milter_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_milter_server_packets',`
corenet_send_milter_server_packets($1)
corenet_receive_milter_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive milter_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_milter_server_packets',`
corenet_dontaudit_send_milter_server_packets($1)
corenet_dontaudit_receive_milter_server_packets($1)
')
########################################
## <summary>
## Relabel packets to milter_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_milter_server_packets',`
gen_require(`
type milter_server_packet_t;
')
allow $1 milter_server_packet_t:packet relabelto;
')
# no defined portcon
########################################
## <summary>
## Send and receive TCP traffic on the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mmcc_port',`
gen_require(`
type mmcc_port_t;
')
allow $1 mmcc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mmcc_port',`
gen_require(`
type mmcc_port_t;
')
allow $1 mmcc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mmcc_port',`
gen_require(`
type mmcc_port_t;
')
dontaudit $1 mmcc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mmcc_port',`
gen_require(`
type mmcc_port_t;
')
allow $1 mmcc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mmcc_port',`
gen_require(`
type mmcc_port_t;
')
dontaudit $1 mmcc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mmcc_port',`
corenet_udp_send_mmcc_port($1)
corenet_udp_receive_mmcc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mmcc_port',`
corenet_dontaudit_udp_send_mmcc_port($1)
corenet_dontaudit_udp_receive_mmcc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mmcc_port',`
gen_require(`
type mmcc_port_t;
')
allow $1 mmcc_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mmcc_port',`
gen_require(`
type mmcc_port_t;
')
allow $1 mmcc_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_mmcc_port',`
gen_require(`
type mmcc_port_t;
')
dontaudit $1 mmcc_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mmcc_port',`
gen_require(`
type mmcc_port_t;
')
allow $1 mmcc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to mmcc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_mmcc_port',`
gen_require(`
type mmcc_port_t;
')
dontaudit $1 mmcc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mmcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mmcc_client_packets',`
gen_require(`
type mmcc_client_packet_t;
')
allow $1 mmcc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mmcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mmcc_client_packets',`
gen_require(`
type mmcc_client_packet_t;
')
dontaudit $1 mmcc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mmcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mmcc_client_packets',`
gen_require(`
type mmcc_client_packet_t;
')
allow $1 mmcc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mmcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mmcc_client_packets',`
gen_require(`
type mmcc_client_packet_t;
')
dontaudit $1 mmcc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mmcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mmcc_client_packets',`
corenet_send_mmcc_client_packets($1)
corenet_receive_mmcc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mmcc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mmcc_client_packets',`
corenet_dontaudit_send_mmcc_client_packets($1)
corenet_dontaudit_receive_mmcc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mmcc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mmcc_client_packets',`
gen_require(`
type mmcc_client_packet_t;
')
allow $1 mmcc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mmcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mmcc_server_packets',`
gen_require(`
type mmcc_server_packet_t;
')
allow $1 mmcc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mmcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mmcc_server_packets',`
gen_require(`
type mmcc_server_packet_t;
')
dontaudit $1 mmcc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mmcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mmcc_server_packets',`
gen_require(`
type mmcc_server_packet_t;
')
allow $1 mmcc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mmcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mmcc_server_packets',`
gen_require(`
type mmcc_server_packet_t;
')
dontaudit $1 mmcc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mmcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mmcc_server_packets',`
corenet_send_mmcc_server_packets($1)
corenet_receive_mmcc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mmcc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mmcc_server_packets',`
corenet_dontaudit_send_mmcc_server_packets($1)
corenet_dontaudit_receive_mmcc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mmcc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mmcc_server_packets',`
gen_require(`
type mmcc_server_packet_t;
')
allow $1 mmcc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mongod_port',`
gen_require(`
type mongod_port_t;
')
allow $1 mongod_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mongod_port',`
gen_require(`
type mongod_port_t;
')
allow $1 mongod_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mongod_port',`
gen_require(`
type mongod_port_t;
')
dontaudit $1 mongod_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mongod_port',`
gen_require(`
type mongod_port_t;
')
allow $1 mongod_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mongod_port',`
gen_require(`
type mongod_port_t;
')
dontaudit $1 mongod_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mongod_port',`
corenet_udp_send_mongod_port($1)
corenet_udp_receive_mongod_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mongod_port',`
corenet_dontaudit_udp_send_mongod_port($1)
corenet_dontaudit_udp_receive_mongod_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mongod_port',`
gen_require(`
type mongod_port_t;
')
allow $1 mongod_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mongod_port',`
gen_require(`
type mongod_port_t;
')
allow $1 mongod_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_mongod_port',`
gen_require(`
type mongod_port_t;
')
dontaudit $1 mongod_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mongod_port',`
gen_require(`
type mongod_port_t;
')
allow $1 mongod_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to mongod port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_mongod_port',`
gen_require(`
type mongod_port_t;
')
dontaudit $1 mongod_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mongod_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mongod_client_packets',`
gen_require(`
type mongod_client_packet_t;
')
allow $1 mongod_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mongod_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mongod_client_packets',`
gen_require(`
type mongod_client_packet_t;
')
dontaudit $1 mongod_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mongod_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mongod_client_packets',`
gen_require(`
type mongod_client_packet_t;
')
allow $1 mongod_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mongod_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mongod_client_packets',`
gen_require(`
type mongod_client_packet_t;
')
dontaudit $1 mongod_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mongod_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mongod_client_packets',`
corenet_send_mongod_client_packets($1)
corenet_receive_mongod_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mongod_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mongod_client_packets',`
corenet_dontaudit_send_mongod_client_packets($1)
corenet_dontaudit_receive_mongod_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mongod_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mongod_client_packets',`
gen_require(`
type mongod_client_packet_t;
')
allow $1 mongod_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mongod_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mongod_server_packets',`
gen_require(`
type mongod_server_packet_t;
')
allow $1 mongod_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mongod_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mongod_server_packets',`
gen_require(`
type mongod_server_packet_t;
')
dontaudit $1 mongod_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mongod_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mongod_server_packets',`
gen_require(`
type mongod_server_packet_t;
')
allow $1 mongod_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mongod_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mongod_server_packets',`
gen_require(`
type mongod_server_packet_t;
')
dontaudit $1 mongod_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mongod_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mongod_server_packets',`
corenet_send_mongod_server_packets($1)
corenet_receive_mongod_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mongod_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mongod_server_packets',`
corenet_dontaudit_send_mongod_server_packets($1)
corenet_dontaudit_receive_mongod_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mongod_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mongod_server_packets',`
gen_require(`
type mongod_server_packet_t;
')
allow $1 mongod_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_monopd_port',`
gen_require(`
type monopd_port_t;
')
allow $1 monopd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_monopd_port',`
gen_require(`
type monopd_port_t;
')
allow $1 monopd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_monopd_port',`
gen_require(`
type monopd_port_t;
')
dontaudit $1 monopd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_monopd_port',`
gen_require(`
type monopd_port_t;
')
allow $1 monopd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_monopd_port',`
gen_require(`
type monopd_port_t;
')
dontaudit $1 monopd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_monopd_port',`
corenet_udp_send_monopd_port($1)
corenet_udp_receive_monopd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_monopd_port',`
corenet_dontaudit_udp_send_monopd_port($1)
corenet_dontaudit_udp_receive_monopd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_monopd_port',`
gen_require(`
type monopd_port_t;
')
allow $1 monopd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_monopd_port',`
gen_require(`
type monopd_port_t;
')
allow $1 monopd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_monopd_port',`
gen_require(`
type monopd_port_t;
')
dontaudit $1 monopd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_monopd_port',`
gen_require(`
type monopd_port_t;
')
allow $1 monopd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to monopd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_monopd_port',`
gen_require(`
type monopd_port_t;
')
dontaudit $1 monopd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send monopd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_monopd_client_packets',`
gen_require(`
type monopd_client_packet_t;
')
allow $1 monopd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send monopd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_monopd_client_packets',`
gen_require(`
type monopd_client_packet_t;
')
dontaudit $1 monopd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive monopd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_monopd_client_packets',`
gen_require(`
type monopd_client_packet_t;
')
allow $1 monopd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive monopd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_monopd_client_packets',`
gen_require(`
type monopd_client_packet_t;
')
dontaudit $1 monopd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive monopd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_monopd_client_packets',`
corenet_send_monopd_client_packets($1)
corenet_receive_monopd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive monopd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_monopd_client_packets',`
corenet_dontaudit_send_monopd_client_packets($1)
corenet_dontaudit_receive_monopd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to monopd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_monopd_client_packets',`
gen_require(`
type monopd_client_packet_t;
')
allow $1 monopd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send monopd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_monopd_server_packets',`
gen_require(`
type monopd_server_packet_t;
')
allow $1 monopd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send monopd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_monopd_server_packets',`
gen_require(`
type monopd_server_packet_t;
')
dontaudit $1 monopd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive monopd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_monopd_server_packets',`
gen_require(`
type monopd_server_packet_t;
')
allow $1 monopd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive monopd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_monopd_server_packets',`
gen_require(`
type monopd_server_packet_t;
')
dontaudit $1 monopd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive monopd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_monopd_server_packets',`
corenet_send_monopd_server_packets($1)
corenet_receive_monopd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive monopd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_monopd_server_packets',`
corenet_dontaudit_send_monopd_server_packets($1)
corenet_dontaudit_receive_monopd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to monopd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_monopd_server_packets',`
gen_require(`
type monopd_server_packet_t;
')
allow $1 monopd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mountd_port',`
gen_require(`
type mountd_port_t;
')
allow $1 mountd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mountd_port',`
gen_require(`
type mountd_port_t;
')
allow $1 mountd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mountd_port',`
gen_require(`
type mountd_port_t;
')
dontaudit $1 mountd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mountd_port',`
gen_require(`
type mountd_port_t;
')
allow $1 mountd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mountd_port',`
gen_require(`
type mountd_port_t;
')
dontaudit $1 mountd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mountd_port',`
corenet_udp_send_mountd_port($1)
corenet_udp_receive_mountd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mountd_port',`
corenet_dontaudit_udp_send_mountd_port($1)
corenet_dontaudit_udp_receive_mountd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mountd_port',`
gen_require(`
type mountd_port_t;
')
allow $1 mountd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mountd_port',`
gen_require(`
type mountd_port_t;
')
allow $1 mountd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_mountd_port',`
gen_require(`
type mountd_port_t;
')
dontaudit $1 mountd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mountd_port',`
gen_require(`
type mountd_port_t;
')
allow $1 mountd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to mountd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_mountd_port',`
gen_require(`
type mountd_port_t;
')
dontaudit $1 mountd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mountd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mountd_client_packets',`
gen_require(`
type mountd_client_packet_t;
')
allow $1 mountd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mountd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mountd_client_packets',`
gen_require(`
type mountd_client_packet_t;
')
dontaudit $1 mountd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mountd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mountd_client_packets',`
gen_require(`
type mountd_client_packet_t;
')
allow $1 mountd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mountd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mountd_client_packets',`
gen_require(`
type mountd_client_packet_t;
')
dontaudit $1 mountd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mountd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mountd_client_packets',`
corenet_send_mountd_client_packets($1)
corenet_receive_mountd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mountd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mountd_client_packets',`
corenet_dontaudit_send_mountd_client_packets($1)
corenet_dontaudit_receive_mountd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mountd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mountd_client_packets',`
gen_require(`
type mountd_client_packet_t;
')
allow $1 mountd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mountd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mountd_server_packets',`
gen_require(`
type mountd_server_packet_t;
')
allow $1 mountd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mountd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mountd_server_packets',`
gen_require(`
type mountd_server_packet_t;
')
dontaudit $1 mountd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mountd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mountd_server_packets',`
gen_require(`
type mountd_server_packet_t;
')
allow $1 mountd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mountd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mountd_server_packets',`
gen_require(`
type mountd_server_packet_t;
')
dontaudit $1 mountd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mountd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mountd_server_packets',`
corenet_send_mountd_server_packets($1)
corenet_receive_mountd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mountd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mountd_server_packets',`
corenet_dontaudit_send_mountd_server_packets($1)
corenet_dontaudit_receive_mountd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mountd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mountd_server_packets',`
gen_require(`
type mountd_server_packet_t;
')
allow $1 mountd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_movaz_ssc_port',`
gen_require(`
type movaz_ssc_port_t;
')
allow $1 movaz_ssc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_movaz_ssc_port',`
gen_require(`
type movaz_ssc_port_t;
')
allow $1 movaz_ssc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_movaz_ssc_port',`
gen_require(`
type movaz_ssc_port_t;
')
dontaudit $1 movaz_ssc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_movaz_ssc_port',`
gen_require(`
type movaz_ssc_port_t;
')
allow $1 movaz_ssc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_movaz_ssc_port',`
gen_require(`
type movaz_ssc_port_t;
')
dontaudit $1 movaz_ssc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_movaz_ssc_port',`
corenet_udp_send_movaz_ssc_port($1)
corenet_udp_receive_movaz_ssc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_movaz_ssc_port',`
corenet_dontaudit_udp_send_movaz_ssc_port($1)
corenet_dontaudit_udp_receive_movaz_ssc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_movaz_ssc_port',`
gen_require(`
type movaz_ssc_port_t;
')
allow $1 movaz_ssc_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_movaz_ssc_port',`
gen_require(`
type movaz_ssc_port_t;
')
allow $1 movaz_ssc_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_movaz_ssc_port',`
gen_require(`
type movaz_ssc_port_t;
')
dontaudit $1 movaz_ssc_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_movaz_ssc_port',`
gen_require(`
type movaz_ssc_port_t;
')
allow $1 movaz_ssc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to movaz_ssc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_movaz_ssc_port',`
gen_require(`
type movaz_ssc_port_t;
')
dontaudit $1 movaz_ssc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send movaz_ssc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_movaz_ssc_client_packets',`
gen_require(`
type movaz_ssc_client_packet_t;
')
allow $1 movaz_ssc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send movaz_ssc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_movaz_ssc_client_packets',`
gen_require(`
type movaz_ssc_client_packet_t;
')
dontaudit $1 movaz_ssc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive movaz_ssc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_movaz_ssc_client_packets',`
gen_require(`
type movaz_ssc_client_packet_t;
')
allow $1 movaz_ssc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive movaz_ssc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_movaz_ssc_client_packets',`
gen_require(`
type movaz_ssc_client_packet_t;
')
dontaudit $1 movaz_ssc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive movaz_ssc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_movaz_ssc_client_packets',`
corenet_send_movaz_ssc_client_packets($1)
corenet_receive_movaz_ssc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive movaz_ssc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_movaz_ssc_client_packets',`
corenet_dontaudit_send_movaz_ssc_client_packets($1)
corenet_dontaudit_receive_movaz_ssc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to movaz_ssc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_movaz_ssc_client_packets',`
gen_require(`
type movaz_ssc_client_packet_t;
')
allow $1 movaz_ssc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send movaz_ssc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_movaz_ssc_server_packets',`
gen_require(`
type movaz_ssc_server_packet_t;
')
allow $1 movaz_ssc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send movaz_ssc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_movaz_ssc_server_packets',`
gen_require(`
type movaz_ssc_server_packet_t;
')
dontaudit $1 movaz_ssc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive movaz_ssc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_movaz_ssc_server_packets',`
gen_require(`
type movaz_ssc_server_packet_t;
')
allow $1 movaz_ssc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive movaz_ssc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_movaz_ssc_server_packets',`
gen_require(`
type movaz_ssc_server_packet_t;
')
dontaudit $1 movaz_ssc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive movaz_ssc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_movaz_ssc_server_packets',`
corenet_send_movaz_ssc_server_packets($1)
corenet_receive_movaz_ssc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive movaz_ssc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_movaz_ssc_server_packets',`
corenet_dontaudit_send_movaz_ssc_server_packets($1)
corenet_dontaudit_receive_movaz_ssc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to movaz_ssc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_movaz_ssc_server_packets',`
gen_require(`
type movaz_ssc_server_packet_t;
')
allow $1 movaz_ssc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mpd_port',`
gen_require(`
type mpd_port_t;
')
allow $1 mpd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mpd_port',`
gen_require(`
type mpd_port_t;
')
allow $1 mpd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mpd_port',`
gen_require(`
type mpd_port_t;
')
dontaudit $1 mpd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mpd_port',`
gen_require(`
type mpd_port_t;
')
allow $1 mpd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mpd_port',`
gen_require(`
type mpd_port_t;
')
dontaudit $1 mpd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mpd_port',`
corenet_udp_send_mpd_port($1)
corenet_udp_receive_mpd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mpd_port',`
corenet_dontaudit_udp_send_mpd_port($1)
corenet_dontaudit_udp_receive_mpd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mpd_port',`
gen_require(`
type mpd_port_t;
')
allow $1 mpd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mpd_port',`
gen_require(`
type mpd_port_t;
')
allow $1 mpd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_mpd_port',`
gen_require(`
type mpd_port_t;
')
dontaudit $1 mpd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mpd_port',`
gen_require(`
type mpd_port_t;
')
allow $1 mpd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to mpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_mpd_port',`
gen_require(`
type mpd_port_t;
')
dontaudit $1 mpd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mpd_client_packets',`
gen_require(`
type mpd_client_packet_t;
')
allow $1 mpd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mpd_client_packets',`
gen_require(`
type mpd_client_packet_t;
')
dontaudit $1 mpd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mpd_client_packets',`
gen_require(`
type mpd_client_packet_t;
')
allow $1 mpd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mpd_client_packets',`
gen_require(`
type mpd_client_packet_t;
')
dontaudit $1 mpd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mpd_client_packets',`
corenet_send_mpd_client_packets($1)
corenet_receive_mpd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mpd_client_packets',`
corenet_dontaudit_send_mpd_client_packets($1)
corenet_dontaudit_receive_mpd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mpd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mpd_client_packets',`
gen_require(`
type mpd_client_packet_t;
')
allow $1 mpd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mpd_server_packets',`
gen_require(`
type mpd_server_packet_t;
')
allow $1 mpd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mpd_server_packets',`
gen_require(`
type mpd_server_packet_t;
')
dontaudit $1 mpd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mpd_server_packets',`
gen_require(`
type mpd_server_packet_t;
')
allow $1 mpd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mpd_server_packets',`
gen_require(`
type mpd_server_packet_t;
')
dontaudit $1 mpd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mpd_server_packets',`
corenet_send_mpd_server_packets($1)
corenet_receive_mpd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mpd_server_packets',`
corenet_dontaudit_send_mpd_server_packets($1)
corenet_dontaudit_receive_mpd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mpd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mpd_server_packets',`
gen_require(`
type mpd_server_packet_t;
')
allow $1 mpd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_msnp_port',`
gen_require(`
type msnp_port_t;
')
allow $1 msnp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_msnp_port',`
gen_require(`
type msnp_port_t;
')
allow $1 msnp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_msnp_port',`
gen_require(`
type msnp_port_t;
')
dontaudit $1 msnp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_msnp_port',`
gen_require(`
type msnp_port_t;
')
allow $1 msnp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_msnp_port',`
gen_require(`
type msnp_port_t;
')
dontaudit $1 msnp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_msnp_port',`
corenet_udp_send_msnp_port($1)
corenet_udp_receive_msnp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_msnp_port',`
corenet_dontaudit_udp_send_msnp_port($1)
corenet_dontaudit_udp_receive_msnp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_msnp_port',`
gen_require(`
type msnp_port_t;
')
allow $1 msnp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_msnp_port',`
gen_require(`
type msnp_port_t;
')
allow $1 msnp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_msnp_port',`
gen_require(`
type msnp_port_t;
')
dontaudit $1 msnp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_msnp_port',`
gen_require(`
type msnp_port_t;
')
allow $1 msnp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to msnp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_msnp_port',`
gen_require(`
type msnp_port_t;
')
dontaudit $1 msnp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send msnp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_msnp_client_packets',`
gen_require(`
type msnp_client_packet_t;
')
allow $1 msnp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send msnp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_msnp_client_packets',`
gen_require(`
type msnp_client_packet_t;
')
dontaudit $1 msnp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive msnp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_msnp_client_packets',`
gen_require(`
type msnp_client_packet_t;
')
allow $1 msnp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive msnp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_msnp_client_packets',`
gen_require(`
type msnp_client_packet_t;
')
dontaudit $1 msnp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive msnp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_msnp_client_packets',`
corenet_send_msnp_client_packets($1)
corenet_receive_msnp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive msnp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_msnp_client_packets',`
corenet_dontaudit_send_msnp_client_packets($1)
corenet_dontaudit_receive_msnp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to msnp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_msnp_client_packets',`
gen_require(`
type msnp_client_packet_t;
')
allow $1 msnp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send msnp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_msnp_server_packets',`
gen_require(`
type msnp_server_packet_t;
')
allow $1 msnp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send msnp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_msnp_server_packets',`
gen_require(`
type msnp_server_packet_t;
')
dontaudit $1 msnp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive msnp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_msnp_server_packets',`
gen_require(`
type msnp_server_packet_t;
')
allow $1 msnp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive msnp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_msnp_server_packets',`
gen_require(`
type msnp_server_packet_t;
')
dontaudit $1 msnp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive msnp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_msnp_server_packets',`
corenet_send_msnp_server_packets($1)
corenet_receive_msnp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive msnp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_msnp_server_packets',`
corenet_dontaudit_send_msnp_server_packets($1)
corenet_dontaudit_receive_msnp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to msnp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_msnp_server_packets',`
gen_require(`
type msnp_server_packet_t;
')
allow $1 msnp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mssql_port',`
gen_require(`
type mssql_port_t;
')
allow $1 mssql_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mssql_port',`
gen_require(`
type mssql_port_t;
')
allow $1 mssql_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mssql_port',`
gen_require(`
type mssql_port_t;
')
dontaudit $1 mssql_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mssql_port',`
gen_require(`
type mssql_port_t;
')
allow $1 mssql_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mssql_port',`
gen_require(`
type mssql_port_t;
')
dontaudit $1 mssql_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mssql_port',`
corenet_udp_send_mssql_port($1)
corenet_udp_receive_mssql_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mssql_port',`
corenet_dontaudit_udp_send_mssql_port($1)
corenet_dontaudit_udp_receive_mssql_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mssql_port',`
gen_require(`
type mssql_port_t;
')
allow $1 mssql_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mssql_port',`
gen_require(`
type mssql_port_t;
')
allow $1 mssql_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_mssql_port',`
gen_require(`
type mssql_port_t;
')
dontaudit $1 mssql_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mssql_port',`
gen_require(`
type mssql_port_t;
')
allow $1 mssql_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to mssql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_mssql_port',`
gen_require(`
type mssql_port_t;
')
dontaudit $1 mssql_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mssql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mssql_client_packets',`
gen_require(`
type mssql_client_packet_t;
')
allow $1 mssql_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mssql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mssql_client_packets',`
gen_require(`
type mssql_client_packet_t;
')
dontaudit $1 mssql_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mssql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mssql_client_packets',`
gen_require(`
type mssql_client_packet_t;
')
allow $1 mssql_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mssql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mssql_client_packets',`
gen_require(`
type mssql_client_packet_t;
')
dontaudit $1 mssql_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mssql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mssql_client_packets',`
corenet_send_mssql_client_packets($1)
corenet_receive_mssql_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mssql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mssql_client_packets',`
corenet_dontaudit_send_mssql_client_packets($1)
corenet_dontaudit_receive_mssql_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mssql_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mssql_client_packets',`
gen_require(`
type mssql_client_packet_t;
')
allow $1 mssql_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mssql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mssql_server_packets',`
gen_require(`
type mssql_server_packet_t;
')
allow $1 mssql_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mssql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mssql_server_packets',`
gen_require(`
type mssql_server_packet_t;
')
dontaudit $1 mssql_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mssql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mssql_server_packets',`
gen_require(`
type mssql_server_packet_t;
')
allow $1 mssql_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mssql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mssql_server_packets',`
gen_require(`
type mssql_server_packet_t;
')
dontaudit $1 mssql_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mssql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mssql_server_packets',`
corenet_send_mssql_server_packets($1)
corenet_receive_mssql_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mssql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mssql_server_packets',`
corenet_dontaudit_send_mssql_server_packets($1)
corenet_dontaudit_receive_mssql_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mssql_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mssql_server_packets',`
gen_require(`
type mssql_server_packet_t;
')
allow $1 mssql_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ms_streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ms_streaming_port',`
gen_require(`
type ms_streaming_port_t;
')
allow $1 ms_streaming_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ms_streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ms_streaming_port',`
gen_require(`
type ms_streaming_port_t;
')
allow $1 ms_streaming_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ms_streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ms_streaming_port',`
gen_require(`
type ms_streaming_port_t;
')
dontaudit $1 ms_streaming_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ms_streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ms_streaming_port',`
gen_require(`
type ms_streaming_port_t;
')
allow $1 ms_streaming_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ms_streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ms_streaming_port',`
gen_require(`
type ms_streaming_port_t;
')
dontaudit $1 ms_streaming_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ms_streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ms_streaming_port',`
corenet_udp_send_ms_streaming_port($1)
corenet_udp_receive_ms_streaming_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ms_streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ms_streaming_port',`
corenet_dontaudit_udp_send_ms_streaming_port($1)
corenet_dontaudit_udp_receive_ms_streaming_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ms_streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ms_streaming_port',`
gen_require(`
type ms_streaming_port_t;
')
allow $1 ms_streaming_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ms_streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ms_streaming_port',`
gen_require(`
type ms_streaming_port_t;
')
allow $1 ms_streaming_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to ms_streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ms_streaming_port',`
gen_require(`
type ms_streaming_port_t;
')
dontaudit $1 ms_streaming_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ms_streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ms_streaming_port',`
gen_require(`
type ms_streaming_port_t;
')
allow $1 ms_streaming_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ms_streaming port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ms_streaming_port',`
gen_require(`
type ms_streaming_port_t;
')
dontaudit $1 ms_streaming_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ms_streaming_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ms_streaming_client_packets',`
gen_require(`
type ms_streaming_client_packet_t;
')
allow $1 ms_streaming_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ms_streaming_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ms_streaming_client_packets',`
gen_require(`
type ms_streaming_client_packet_t;
')
dontaudit $1 ms_streaming_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ms_streaming_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ms_streaming_client_packets',`
gen_require(`
type ms_streaming_client_packet_t;
')
allow $1 ms_streaming_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ms_streaming_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ms_streaming_client_packets',`
gen_require(`
type ms_streaming_client_packet_t;
')
dontaudit $1 ms_streaming_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ms_streaming_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ms_streaming_client_packets',`
corenet_send_ms_streaming_client_packets($1)
corenet_receive_ms_streaming_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ms_streaming_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ms_streaming_client_packets',`
corenet_dontaudit_send_ms_streaming_client_packets($1)
corenet_dontaudit_receive_ms_streaming_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ms_streaming_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ms_streaming_client_packets',`
gen_require(`
type ms_streaming_client_packet_t;
')
allow $1 ms_streaming_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ms_streaming_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ms_streaming_server_packets',`
gen_require(`
type ms_streaming_server_packet_t;
')
allow $1 ms_streaming_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ms_streaming_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ms_streaming_server_packets',`
gen_require(`
type ms_streaming_server_packet_t;
')
dontaudit $1 ms_streaming_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ms_streaming_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ms_streaming_server_packets',`
gen_require(`
type ms_streaming_server_packet_t;
')
allow $1 ms_streaming_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ms_streaming_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ms_streaming_server_packets',`
gen_require(`
type ms_streaming_server_packet_t;
')
dontaudit $1 ms_streaming_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ms_streaming_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ms_streaming_server_packets',`
corenet_send_ms_streaming_server_packets($1)
corenet_receive_ms_streaming_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ms_streaming_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ms_streaming_server_packets',`
corenet_dontaudit_send_ms_streaming_server_packets($1)
corenet_dontaudit_receive_ms_streaming_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ms_streaming_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ms_streaming_server_packets',`
gen_require(`
type ms_streaming_server_packet_t;
')
allow $1 ms_streaming_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_munin_port',`
gen_require(`
type munin_port_t;
')
allow $1 munin_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_munin_port',`
gen_require(`
type munin_port_t;
')
allow $1 munin_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_munin_port',`
gen_require(`
type munin_port_t;
')
dontaudit $1 munin_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_munin_port',`
gen_require(`
type munin_port_t;
')
allow $1 munin_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_munin_port',`
gen_require(`
type munin_port_t;
')
dontaudit $1 munin_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_munin_port',`
corenet_udp_send_munin_port($1)
corenet_udp_receive_munin_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_munin_port',`
corenet_dontaudit_udp_send_munin_port($1)
corenet_dontaudit_udp_receive_munin_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_munin_port',`
gen_require(`
type munin_port_t;
')
allow $1 munin_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_munin_port',`
gen_require(`
type munin_port_t;
')
allow $1 munin_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_munin_port',`
gen_require(`
type munin_port_t;
')
dontaudit $1 munin_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_munin_port',`
gen_require(`
type munin_port_t;
')
allow $1 munin_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to munin port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_munin_port',`
gen_require(`
type munin_port_t;
')
dontaudit $1 munin_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send munin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_munin_client_packets',`
gen_require(`
type munin_client_packet_t;
')
allow $1 munin_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send munin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_munin_client_packets',`
gen_require(`
type munin_client_packet_t;
')
dontaudit $1 munin_client_packet_t:packet send;
')
########################################
## <summary>
## Receive munin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_munin_client_packets',`
gen_require(`
type munin_client_packet_t;
')
allow $1 munin_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive munin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_munin_client_packets',`
gen_require(`
type munin_client_packet_t;
')
dontaudit $1 munin_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive munin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_munin_client_packets',`
corenet_send_munin_client_packets($1)
corenet_receive_munin_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive munin_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_munin_client_packets',`
corenet_dontaudit_send_munin_client_packets($1)
corenet_dontaudit_receive_munin_client_packets($1)
')
########################################
## <summary>
## Relabel packets to munin_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_munin_client_packets',`
gen_require(`
type munin_client_packet_t;
')
allow $1 munin_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send munin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_munin_server_packets',`
gen_require(`
type munin_server_packet_t;
')
allow $1 munin_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send munin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_munin_server_packets',`
gen_require(`
type munin_server_packet_t;
')
dontaudit $1 munin_server_packet_t:packet send;
')
########################################
## <summary>
## Receive munin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_munin_server_packets',`
gen_require(`
type munin_server_packet_t;
')
allow $1 munin_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive munin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_munin_server_packets',`
gen_require(`
type munin_server_packet_t;
')
dontaudit $1 munin_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive munin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_munin_server_packets',`
corenet_send_munin_server_packets($1)
corenet_receive_munin_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive munin_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_munin_server_packets',`
corenet_dontaudit_send_munin_server_packets($1)
corenet_dontaudit_receive_munin_server_packets($1)
')
########################################
## <summary>
## Relabel packets to munin_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_munin_server_packets',`
gen_require(`
type munin_server_packet_t;
')
allow $1 munin_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the mxi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mxi_port',`
gen_require(`
type mxi_port_t;
')
allow $1 mxi_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mxi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mxi_port',`
gen_require(`
type mxi_port_t;
')
allow $1 mxi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mxi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mxi_port',`
gen_require(`
type mxi_port_t;
')
dontaudit $1 mxi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mxi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mxi_port',`
gen_require(`
type mxi_port_t;
')
allow $1 mxi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mxi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mxi_port',`
gen_require(`
type mxi_port_t;
')
dontaudit $1 mxi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mxi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mxi_port',`
corenet_udp_send_mxi_port($1)
corenet_udp_receive_mxi_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mxi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mxi_port',`
corenet_dontaudit_udp_send_mxi_port($1)
corenet_dontaudit_udp_receive_mxi_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mxi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mxi_port',`
gen_require(`
type mxi_port_t;
')
allow $1 mxi_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the mxi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mxi_port',`
gen_require(`
type mxi_port_t;
')
allow $1 mxi_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to mxi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_mxi_port',`
gen_require(`
type mxi_port_t;
')
dontaudit $1 mxi_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the mxi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mxi_port',`
gen_require(`
type mxi_port_t;
')
allow $1 mxi_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to mxi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_mxi_port',`
gen_require(`
type mxi_port_t;
')
dontaudit $1 mxi_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mxi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mxi_client_packets',`
gen_require(`
type mxi_client_packet_t;
')
allow $1 mxi_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mxi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mxi_client_packets',`
gen_require(`
type mxi_client_packet_t;
')
dontaudit $1 mxi_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mxi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mxi_client_packets',`
gen_require(`
type mxi_client_packet_t;
')
allow $1 mxi_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mxi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mxi_client_packets',`
gen_require(`
type mxi_client_packet_t;
')
dontaudit $1 mxi_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mxi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mxi_client_packets',`
corenet_send_mxi_client_packets($1)
corenet_receive_mxi_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mxi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mxi_client_packets',`
corenet_dontaudit_send_mxi_client_packets($1)
corenet_dontaudit_receive_mxi_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mxi_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mxi_client_packets',`
gen_require(`
type mxi_client_packet_t;
')
allow $1 mxi_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mxi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mxi_server_packets',`
gen_require(`
type mxi_server_packet_t;
')
allow $1 mxi_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mxi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mxi_server_packets',`
gen_require(`
type mxi_server_packet_t;
')
dontaudit $1 mxi_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mxi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mxi_server_packets',`
gen_require(`
type mxi_server_packet_t;
')
allow $1 mxi_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mxi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mxi_server_packets',`
gen_require(`
type mxi_server_packet_t;
')
dontaudit $1 mxi_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mxi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mxi_server_packets',`
corenet_send_mxi_server_packets($1)
corenet_receive_mxi_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mxi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mxi_server_packets',`
corenet_dontaudit_send_mxi_server_packets($1)
corenet_dontaudit_receive_mxi_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mxi_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mxi_server_packets',`
gen_require(`
type mxi_server_packet_t;
')
allow $1 mxi_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mysqld_port',`
gen_require(`
type mysqld_port_t;
')
allow $1 mysqld_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mysqld_port',`
gen_require(`
type mysqld_port_t;
')
allow $1 mysqld_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mysqld_port',`
gen_require(`
type mysqld_port_t;
')
dontaudit $1 mysqld_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mysqld_port',`
gen_require(`
type mysqld_port_t;
')
allow $1 mysqld_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mysqld_port',`
gen_require(`
type mysqld_port_t;
')
dontaudit $1 mysqld_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mysqld_port',`
corenet_udp_send_mysqld_port($1)
corenet_udp_receive_mysqld_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mysqld_port',`
corenet_dontaudit_udp_send_mysqld_port($1)
corenet_dontaudit_udp_receive_mysqld_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mysqld_port',`
gen_require(`
type mysqld_port_t;
')
allow $1 mysqld_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mysqld_port',`
gen_require(`
type mysqld_port_t;
')
allow $1 mysqld_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_mysqld_port',`
gen_require(`
type mysqld_port_t;
')
dontaudit $1 mysqld_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mysqld_port',`
gen_require(`
type mysqld_port_t;
')
allow $1 mysqld_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to mysqld port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_mysqld_port',`
gen_require(`
type mysqld_port_t;
')
dontaudit $1 mysqld_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mysqld_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mysqld_client_packets',`
gen_require(`
type mysqld_client_packet_t;
')
allow $1 mysqld_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mysqld_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mysqld_client_packets',`
gen_require(`
type mysqld_client_packet_t;
')
dontaudit $1 mysqld_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mysqld_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mysqld_client_packets',`
gen_require(`
type mysqld_client_packet_t;
')
allow $1 mysqld_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mysqld_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mysqld_client_packets',`
gen_require(`
type mysqld_client_packet_t;
')
dontaudit $1 mysqld_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mysqld_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mysqld_client_packets',`
corenet_send_mysqld_client_packets($1)
corenet_receive_mysqld_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mysqld_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mysqld_client_packets',`
corenet_dontaudit_send_mysqld_client_packets($1)
corenet_dontaudit_receive_mysqld_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mysqld_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mysqld_client_packets',`
gen_require(`
type mysqld_client_packet_t;
')
allow $1 mysqld_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mysqld_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mysqld_server_packets',`
gen_require(`
type mysqld_server_packet_t;
')
allow $1 mysqld_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mysqld_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mysqld_server_packets',`
gen_require(`
type mysqld_server_packet_t;
')
dontaudit $1 mysqld_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mysqld_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mysqld_server_packets',`
gen_require(`
type mysqld_server_packet_t;
')
allow $1 mysqld_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mysqld_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mysqld_server_packets',`
gen_require(`
type mysqld_server_packet_t;
')
dontaudit $1 mysqld_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mysqld_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mysqld_server_packets',`
corenet_send_mysqld_server_packets($1)
corenet_receive_mysqld_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mysqld_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mysqld_server_packets',`
corenet_dontaudit_send_mysqld_server_packets($1)
corenet_dontaudit_receive_mysqld_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mysqld_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mysqld_server_packets',`
gen_require(`
type mysqld_server_packet_t;
')
allow $1 mysqld_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mysqlmanagerd_port',`
gen_require(`
type mysqlmanagerd_port_t;
')
allow $1 mysqlmanagerd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mysqlmanagerd_port',`
gen_require(`
type mysqlmanagerd_port_t;
')
allow $1 mysqlmanagerd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mysqlmanagerd_port',`
gen_require(`
type mysqlmanagerd_port_t;
')
dontaudit $1 mysqlmanagerd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mysqlmanagerd_port',`
gen_require(`
type mysqlmanagerd_port_t;
')
allow $1 mysqlmanagerd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mysqlmanagerd_port',`
gen_require(`
type mysqlmanagerd_port_t;
')
dontaudit $1 mysqlmanagerd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mysqlmanagerd_port',`
corenet_udp_send_mysqlmanagerd_port($1)
corenet_udp_receive_mysqlmanagerd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mysqlmanagerd_port',`
corenet_dontaudit_udp_send_mysqlmanagerd_port($1)
corenet_dontaudit_udp_receive_mysqlmanagerd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mysqlmanagerd_port',`
gen_require(`
type mysqlmanagerd_port_t;
')
allow $1 mysqlmanagerd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mysqlmanagerd_port',`
gen_require(`
type mysqlmanagerd_port_t;
')
allow $1 mysqlmanagerd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_mysqlmanagerd_port',`
gen_require(`
type mysqlmanagerd_port_t;
')
dontaudit $1 mysqlmanagerd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mysqlmanagerd_port',`
gen_require(`
type mysqlmanagerd_port_t;
')
allow $1 mysqlmanagerd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to mysqlmanagerd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_mysqlmanagerd_port',`
gen_require(`
type mysqlmanagerd_port_t;
')
dontaudit $1 mysqlmanagerd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mysqlmanagerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mysqlmanagerd_client_packets',`
gen_require(`
type mysqlmanagerd_client_packet_t;
')
allow $1 mysqlmanagerd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mysqlmanagerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mysqlmanagerd_client_packets',`
gen_require(`
type mysqlmanagerd_client_packet_t;
')
dontaudit $1 mysqlmanagerd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mysqlmanagerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mysqlmanagerd_client_packets',`
gen_require(`
type mysqlmanagerd_client_packet_t;
')
allow $1 mysqlmanagerd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mysqlmanagerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mysqlmanagerd_client_packets',`
gen_require(`
type mysqlmanagerd_client_packet_t;
')
dontaudit $1 mysqlmanagerd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mysqlmanagerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mysqlmanagerd_client_packets',`
corenet_send_mysqlmanagerd_client_packets($1)
corenet_receive_mysqlmanagerd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mysqlmanagerd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mysqlmanagerd_client_packets',`
corenet_dontaudit_send_mysqlmanagerd_client_packets($1)
corenet_dontaudit_receive_mysqlmanagerd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mysqlmanagerd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mysqlmanagerd_client_packets',`
gen_require(`
type mysqlmanagerd_client_packet_t;
')
allow $1 mysqlmanagerd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mysqlmanagerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mysqlmanagerd_server_packets',`
gen_require(`
type mysqlmanagerd_server_packet_t;
')
allow $1 mysqlmanagerd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mysqlmanagerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mysqlmanagerd_server_packets',`
gen_require(`
type mysqlmanagerd_server_packet_t;
')
dontaudit $1 mysqlmanagerd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mysqlmanagerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mysqlmanagerd_server_packets',`
gen_require(`
type mysqlmanagerd_server_packet_t;
')
allow $1 mysqlmanagerd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mysqlmanagerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mysqlmanagerd_server_packets',`
gen_require(`
type mysqlmanagerd_server_packet_t;
')
dontaudit $1 mysqlmanagerd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mysqlmanagerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mysqlmanagerd_server_packets',`
corenet_send_mysqlmanagerd_server_packets($1)
corenet_receive_mysqlmanagerd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mysqlmanagerd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mysqlmanagerd_server_packets',`
corenet_dontaudit_send_mysqlmanagerd_server_packets($1)
corenet_dontaudit_receive_mysqlmanagerd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mysqlmanagerd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mysqlmanagerd_server_packets',`
gen_require(`
type mysqlmanagerd_server_packet_t;
')
allow $1 mysqlmanagerd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the mythtv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_mythtv_port',`
gen_require(`
type mythtv_port_t;
')
allow $1 mythtv_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the mythtv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_mythtv_port',`
gen_require(`
type mythtv_port_t;
')
allow $1 mythtv_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the mythtv port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_mythtv_port',`
gen_require(`
type mythtv_port_t;
')
dontaudit $1 mythtv_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the mythtv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_mythtv_port',`
gen_require(`
type mythtv_port_t;
')
allow $1 mythtv_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the mythtv port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_mythtv_port',`
gen_require(`
type mythtv_port_t;
')
dontaudit $1 mythtv_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the mythtv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_mythtv_port',`
corenet_udp_send_mythtv_port($1)
corenet_udp_receive_mythtv_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the mythtv port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_mythtv_port',`
corenet_dontaudit_udp_send_mythtv_port($1)
corenet_dontaudit_udp_receive_mythtv_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the mythtv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_mythtv_port',`
gen_require(`
type mythtv_port_t;
')
allow $1 mythtv_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the mythtv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_mythtv_port',`
gen_require(`
type mythtv_port_t;
')
allow $1 mythtv_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to mythtv port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_mythtv_port',`
gen_require(`
type mythtv_port_t;
')
dontaudit $1 mythtv_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the mythtv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_mythtv_port',`
gen_require(`
type mythtv_port_t;
')
allow $1 mythtv_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to mythtv port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_mythtv_port',`
gen_require(`
type mythtv_port_t;
')
dontaudit $1 mythtv_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send mythtv_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mythtv_client_packets',`
gen_require(`
type mythtv_client_packet_t;
')
allow $1 mythtv_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mythtv_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mythtv_client_packets',`
gen_require(`
type mythtv_client_packet_t;
')
dontaudit $1 mythtv_client_packet_t:packet send;
')
########################################
## <summary>
## Receive mythtv_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mythtv_client_packets',`
gen_require(`
type mythtv_client_packet_t;
')
allow $1 mythtv_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mythtv_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mythtv_client_packets',`
gen_require(`
type mythtv_client_packet_t;
')
dontaudit $1 mythtv_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mythtv_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mythtv_client_packets',`
corenet_send_mythtv_client_packets($1)
corenet_receive_mythtv_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mythtv_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mythtv_client_packets',`
corenet_dontaudit_send_mythtv_client_packets($1)
corenet_dontaudit_receive_mythtv_client_packets($1)
')
########################################
## <summary>
## Relabel packets to mythtv_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mythtv_client_packets',`
gen_require(`
type mythtv_client_packet_t;
')
allow $1 mythtv_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send mythtv_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_mythtv_server_packets',`
gen_require(`
type mythtv_server_packet_t;
')
allow $1 mythtv_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send mythtv_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_mythtv_server_packets',`
gen_require(`
type mythtv_server_packet_t;
')
dontaudit $1 mythtv_server_packet_t:packet send;
')
########################################
## <summary>
## Receive mythtv_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_mythtv_server_packets',`
gen_require(`
type mythtv_server_packet_t;
')
allow $1 mythtv_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive mythtv_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_mythtv_server_packets',`
gen_require(`
type mythtv_server_packet_t;
')
dontaudit $1 mythtv_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive mythtv_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_mythtv_server_packets',`
corenet_send_mythtv_server_packets($1)
corenet_receive_mythtv_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive mythtv_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_mythtv_server_packets',`
corenet_dontaudit_send_mythtv_server_packets($1)
corenet_dontaudit_receive_mythtv_server_packets($1)
')
########################################
## <summary>
## Relabel packets to mythtv_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_mythtv_server_packets',`
gen_require(`
type mythtv_server_packet_t;
')
allow $1 mythtv_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_nessus_port',`
gen_require(`
type nessus_port_t;
')
allow $1 nessus_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_nessus_port',`
gen_require(`
type nessus_port_t;
')
allow $1 nessus_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_nessus_port',`
gen_require(`
type nessus_port_t;
')
dontaudit $1 nessus_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_nessus_port',`
gen_require(`
type nessus_port_t;
')
allow $1 nessus_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_nessus_port',`
gen_require(`
type nessus_port_t;
')
dontaudit $1 nessus_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_nessus_port',`
corenet_udp_send_nessus_port($1)
corenet_udp_receive_nessus_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_nessus_port',`
corenet_dontaudit_udp_send_nessus_port($1)
corenet_dontaudit_udp_receive_nessus_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_nessus_port',`
gen_require(`
type nessus_port_t;
')
allow $1 nessus_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_nessus_port',`
gen_require(`
type nessus_port_t;
')
allow $1 nessus_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_nessus_port',`
gen_require(`
type nessus_port_t;
')
dontaudit $1 nessus_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_nessus_port',`
gen_require(`
type nessus_port_t;
')
allow $1 nessus_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to nessus port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_nessus_port',`
gen_require(`
type nessus_port_t;
')
dontaudit $1 nessus_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send nessus_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nessus_client_packets',`
gen_require(`
type nessus_client_packet_t;
')
allow $1 nessus_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nessus_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nessus_client_packets',`
gen_require(`
type nessus_client_packet_t;
')
dontaudit $1 nessus_client_packet_t:packet send;
')
########################################
## <summary>
## Receive nessus_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nessus_client_packets',`
gen_require(`
type nessus_client_packet_t;
')
allow $1 nessus_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nessus_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nessus_client_packets',`
gen_require(`
type nessus_client_packet_t;
')
dontaudit $1 nessus_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nessus_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nessus_client_packets',`
corenet_send_nessus_client_packets($1)
corenet_receive_nessus_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nessus_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nessus_client_packets',`
corenet_dontaudit_send_nessus_client_packets($1)
corenet_dontaudit_receive_nessus_client_packets($1)
')
########################################
## <summary>
## Relabel packets to nessus_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nessus_client_packets',`
gen_require(`
type nessus_client_packet_t;
')
allow $1 nessus_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send nessus_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nessus_server_packets',`
gen_require(`
type nessus_server_packet_t;
')
allow $1 nessus_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nessus_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nessus_server_packets',`
gen_require(`
type nessus_server_packet_t;
')
dontaudit $1 nessus_server_packet_t:packet send;
')
########################################
## <summary>
## Receive nessus_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nessus_server_packets',`
gen_require(`
type nessus_server_packet_t;
')
allow $1 nessus_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nessus_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nessus_server_packets',`
gen_require(`
type nessus_server_packet_t;
')
dontaudit $1 nessus_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nessus_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nessus_server_packets',`
corenet_send_nessus_server_packets($1)
corenet_receive_nessus_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nessus_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nessus_server_packets',`
corenet_dontaudit_send_nessus_server_packets($1)
corenet_dontaudit_receive_nessus_server_packets($1)
')
########################################
## <summary>
## Relabel packets to nessus_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nessus_server_packets',`
gen_require(`
type nessus_server_packet_t;
')
allow $1 nessus_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_netport_port',`
gen_require(`
type netport_port_t;
')
allow $1 netport_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_netport_port',`
gen_require(`
type netport_port_t;
')
allow $1 netport_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_netport_port',`
gen_require(`
type netport_port_t;
')
dontaudit $1 netport_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_netport_port',`
gen_require(`
type netport_port_t;
')
allow $1 netport_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_netport_port',`
gen_require(`
type netport_port_t;
')
dontaudit $1 netport_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_netport_port',`
corenet_udp_send_netport_port($1)
corenet_udp_receive_netport_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_netport_port',`
corenet_dontaudit_udp_send_netport_port($1)
corenet_dontaudit_udp_receive_netport_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_netport_port',`
gen_require(`
type netport_port_t;
')
allow $1 netport_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_netport_port',`
gen_require(`
type netport_port_t;
')
allow $1 netport_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_netport_port',`
gen_require(`
type netport_port_t;
')
dontaudit $1 netport_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_netport_port',`
gen_require(`
type netport_port_t;
')
allow $1 netport_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to netport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_netport_port',`
gen_require(`
type netport_port_t;
')
dontaudit $1 netport_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send netport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_netport_client_packets',`
gen_require(`
type netport_client_packet_t;
')
allow $1 netport_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send netport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_netport_client_packets',`
gen_require(`
type netport_client_packet_t;
')
dontaudit $1 netport_client_packet_t:packet send;
')
########################################
## <summary>
## Receive netport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_netport_client_packets',`
gen_require(`
type netport_client_packet_t;
')
allow $1 netport_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive netport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_netport_client_packets',`
gen_require(`
type netport_client_packet_t;
')
dontaudit $1 netport_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive netport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_netport_client_packets',`
corenet_send_netport_client_packets($1)
corenet_receive_netport_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive netport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_netport_client_packets',`
corenet_dontaudit_send_netport_client_packets($1)
corenet_dontaudit_receive_netport_client_packets($1)
')
########################################
## <summary>
## Relabel packets to netport_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_netport_client_packets',`
gen_require(`
type netport_client_packet_t;
')
allow $1 netport_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send netport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_netport_server_packets',`
gen_require(`
type netport_server_packet_t;
')
allow $1 netport_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send netport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_netport_server_packets',`
gen_require(`
type netport_server_packet_t;
')
dontaudit $1 netport_server_packet_t:packet send;
')
########################################
## <summary>
## Receive netport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_netport_server_packets',`
gen_require(`
type netport_server_packet_t;
')
allow $1 netport_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive netport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_netport_server_packets',`
gen_require(`
type netport_server_packet_t;
')
dontaudit $1 netport_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive netport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_netport_server_packets',`
corenet_send_netport_server_packets($1)
corenet_receive_netport_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive netport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_netport_server_packets',`
corenet_dontaudit_send_netport_server_packets($1)
corenet_dontaudit_receive_netport_server_packets($1)
')
########################################
## <summary>
## Relabel packets to netport_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_netport_server_packets',`
gen_require(`
type netport_server_packet_t;
')
allow $1 netport_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_netsupport_port',`
gen_require(`
type netsupport_port_t;
')
allow $1 netsupport_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_netsupport_port',`
gen_require(`
type netsupport_port_t;
')
allow $1 netsupport_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_netsupport_port',`
gen_require(`
type netsupport_port_t;
')
dontaudit $1 netsupport_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_netsupport_port',`
gen_require(`
type netsupport_port_t;
')
allow $1 netsupport_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_netsupport_port',`
gen_require(`
type netsupport_port_t;
')
dontaudit $1 netsupport_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_netsupport_port',`
corenet_udp_send_netsupport_port($1)
corenet_udp_receive_netsupport_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_netsupport_port',`
corenet_dontaudit_udp_send_netsupport_port($1)
corenet_dontaudit_udp_receive_netsupport_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_netsupport_port',`
gen_require(`
type netsupport_port_t;
')
allow $1 netsupport_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_netsupport_port',`
gen_require(`
type netsupport_port_t;
')
allow $1 netsupport_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_netsupport_port',`
gen_require(`
type netsupport_port_t;
')
dontaudit $1 netsupport_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_netsupport_port',`
gen_require(`
type netsupport_port_t;
')
allow $1 netsupport_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to netsupport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_netsupport_port',`
gen_require(`
type netsupport_port_t;
')
dontaudit $1 netsupport_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send netsupport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_netsupport_client_packets',`
gen_require(`
type netsupport_client_packet_t;
')
allow $1 netsupport_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send netsupport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_netsupport_client_packets',`
gen_require(`
type netsupport_client_packet_t;
')
dontaudit $1 netsupport_client_packet_t:packet send;
')
########################################
## <summary>
## Receive netsupport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_netsupport_client_packets',`
gen_require(`
type netsupport_client_packet_t;
')
allow $1 netsupport_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive netsupport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_netsupport_client_packets',`
gen_require(`
type netsupport_client_packet_t;
')
dontaudit $1 netsupport_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive netsupport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_netsupport_client_packets',`
corenet_send_netsupport_client_packets($1)
corenet_receive_netsupport_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive netsupport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_netsupport_client_packets',`
corenet_dontaudit_send_netsupport_client_packets($1)
corenet_dontaudit_receive_netsupport_client_packets($1)
')
########################################
## <summary>
## Relabel packets to netsupport_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_netsupport_client_packets',`
gen_require(`
type netsupport_client_packet_t;
')
allow $1 netsupport_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send netsupport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_netsupport_server_packets',`
gen_require(`
type netsupport_server_packet_t;
')
allow $1 netsupport_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send netsupport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_netsupport_server_packets',`
gen_require(`
type netsupport_server_packet_t;
')
dontaudit $1 netsupport_server_packet_t:packet send;
')
########################################
## <summary>
## Receive netsupport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_netsupport_server_packets',`
gen_require(`
type netsupport_server_packet_t;
')
allow $1 netsupport_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive netsupport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_netsupport_server_packets',`
gen_require(`
type netsupport_server_packet_t;
')
dontaudit $1 netsupport_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive netsupport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_netsupport_server_packets',`
corenet_send_netsupport_server_packets($1)
corenet_receive_netsupport_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive netsupport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_netsupport_server_packets',`
corenet_dontaudit_send_netsupport_server_packets($1)
corenet_dontaudit_receive_netsupport_server_packets($1)
')
########################################
## <summary>
## Relabel packets to netsupport_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_netsupport_server_packets',`
gen_require(`
type netsupport_server_packet_t;
')
allow $1 netsupport_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_nfs_port',`
gen_require(`
type nfs_port_t;
')
allow $1 nfs_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_nfs_port',`
gen_require(`
type nfs_port_t;
')
allow $1 nfs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_nfs_port',`
gen_require(`
type nfs_port_t;
')
dontaudit $1 nfs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_nfs_port',`
gen_require(`
type nfs_port_t;
')
allow $1 nfs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_nfs_port',`
gen_require(`
type nfs_port_t;
')
dontaudit $1 nfs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_nfs_port',`
corenet_udp_send_nfs_port($1)
corenet_udp_receive_nfs_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_nfs_port',`
corenet_dontaudit_udp_send_nfs_port($1)
corenet_dontaudit_udp_receive_nfs_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_nfs_port',`
gen_require(`
type nfs_port_t;
')
allow $1 nfs_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_nfs_port',`
gen_require(`
type nfs_port_t;
')
allow $1 nfs_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_nfs_port',`
gen_require(`
type nfs_port_t;
')
dontaudit $1 nfs_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_nfs_port',`
gen_require(`
type nfs_port_t;
')
allow $1 nfs_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to nfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_nfs_port',`
gen_require(`
type nfs_port_t;
')
dontaudit $1 nfs_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send nfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nfs_client_packets',`
gen_require(`
type nfs_client_packet_t;
')
allow $1 nfs_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nfs_client_packets',`
gen_require(`
type nfs_client_packet_t;
')
dontaudit $1 nfs_client_packet_t:packet send;
')
########################################
## <summary>
## Receive nfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nfs_client_packets',`
gen_require(`
type nfs_client_packet_t;
')
allow $1 nfs_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nfs_client_packets',`
gen_require(`
type nfs_client_packet_t;
')
dontaudit $1 nfs_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nfs_client_packets',`
corenet_send_nfs_client_packets($1)
corenet_receive_nfs_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nfs_client_packets',`
corenet_dontaudit_send_nfs_client_packets($1)
corenet_dontaudit_receive_nfs_client_packets($1)
')
########################################
## <summary>
## Relabel packets to nfs_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nfs_client_packets',`
gen_require(`
type nfs_client_packet_t;
')
allow $1 nfs_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send nfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nfs_server_packets',`
gen_require(`
type nfs_server_packet_t;
')
allow $1 nfs_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nfs_server_packets',`
gen_require(`
type nfs_server_packet_t;
')
dontaudit $1 nfs_server_packet_t:packet send;
')
########################################
## <summary>
## Receive nfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nfs_server_packets',`
gen_require(`
type nfs_server_packet_t;
')
allow $1 nfs_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nfs_server_packets',`
gen_require(`
type nfs_server_packet_t;
')
dontaudit $1 nfs_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nfs_server_packets',`
corenet_send_nfs_server_packets($1)
corenet_receive_nfs_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nfs_server_packets',`
corenet_dontaudit_send_nfs_server_packets($1)
corenet_dontaudit_receive_nfs_server_packets($1)
')
########################################
## <summary>
## Relabel packets to nfs_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nfs_server_packets',`
gen_require(`
type nfs_server_packet_t;
')
allow $1 nfs_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_nmbd_port',`
gen_require(`
type nmbd_port_t;
')
allow $1 nmbd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_nmbd_port',`
gen_require(`
type nmbd_port_t;
')
allow $1 nmbd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_nmbd_port',`
gen_require(`
type nmbd_port_t;
')
dontaudit $1 nmbd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_nmbd_port',`
gen_require(`
type nmbd_port_t;
')
allow $1 nmbd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_nmbd_port',`
gen_require(`
type nmbd_port_t;
')
dontaudit $1 nmbd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_nmbd_port',`
corenet_udp_send_nmbd_port($1)
corenet_udp_receive_nmbd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_nmbd_port',`
corenet_dontaudit_udp_send_nmbd_port($1)
corenet_dontaudit_udp_receive_nmbd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_nmbd_port',`
gen_require(`
type nmbd_port_t;
')
allow $1 nmbd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_nmbd_port',`
gen_require(`
type nmbd_port_t;
')
allow $1 nmbd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_nmbd_port',`
gen_require(`
type nmbd_port_t;
')
dontaudit $1 nmbd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_nmbd_port',`
gen_require(`
type nmbd_port_t;
')
allow $1 nmbd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to nmbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_nmbd_port',`
gen_require(`
type nmbd_port_t;
')
dontaudit $1 nmbd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send nmbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nmbd_client_packets',`
gen_require(`
type nmbd_client_packet_t;
')
allow $1 nmbd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nmbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nmbd_client_packets',`
gen_require(`
type nmbd_client_packet_t;
')
dontaudit $1 nmbd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive nmbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nmbd_client_packets',`
gen_require(`
type nmbd_client_packet_t;
')
allow $1 nmbd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nmbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nmbd_client_packets',`
gen_require(`
type nmbd_client_packet_t;
')
dontaudit $1 nmbd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nmbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nmbd_client_packets',`
corenet_send_nmbd_client_packets($1)
corenet_receive_nmbd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nmbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nmbd_client_packets',`
corenet_dontaudit_send_nmbd_client_packets($1)
corenet_dontaudit_receive_nmbd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to nmbd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nmbd_client_packets',`
gen_require(`
type nmbd_client_packet_t;
')
allow $1 nmbd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send nmbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nmbd_server_packets',`
gen_require(`
type nmbd_server_packet_t;
')
allow $1 nmbd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nmbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nmbd_server_packets',`
gen_require(`
type nmbd_server_packet_t;
')
dontaudit $1 nmbd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive nmbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nmbd_server_packets',`
gen_require(`
type nmbd_server_packet_t;
')
allow $1 nmbd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nmbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nmbd_server_packets',`
gen_require(`
type nmbd_server_packet_t;
')
dontaudit $1 nmbd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nmbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nmbd_server_packets',`
corenet_send_nmbd_server_packets($1)
corenet_receive_nmbd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nmbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nmbd_server_packets',`
corenet_dontaudit_send_nmbd_server_packets($1)
corenet_dontaudit_receive_nmbd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to nmbd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nmbd_server_packets',`
gen_require(`
type nmbd_server_packet_t;
')
allow $1 nmbd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the nmea port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_nmea_port',`
gen_require(`
type nmea_port_t;
')
allow $1 nmea_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the nmea port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_nmea_port',`
gen_require(`
type nmea_port_t;
')
allow $1 nmea_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the nmea port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_nmea_port',`
gen_require(`
type nmea_port_t;
')
dontaudit $1 nmea_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the nmea port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_nmea_port',`
gen_require(`
type nmea_port_t;
')
allow $1 nmea_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the nmea port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_nmea_port',`
gen_require(`
type nmea_port_t;
')
dontaudit $1 nmea_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the nmea port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_nmea_port',`
corenet_udp_send_nmea_port($1)
corenet_udp_receive_nmea_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the nmea port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_nmea_port',`
corenet_dontaudit_udp_send_nmea_port($1)
corenet_dontaudit_udp_receive_nmea_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the nmea port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_nmea_port',`
gen_require(`
type nmea_port_t;
')
allow $1 nmea_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the nmea port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_nmea_port',`
gen_require(`
type nmea_port_t;
')
allow $1 nmea_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to nmea port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_nmea_port',`
gen_require(`
type nmea_port_t;
')
dontaudit $1 nmea_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the nmea port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_nmea_port',`
gen_require(`
type nmea_port_t;
')
allow $1 nmea_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to nmea port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_nmea_port',`
gen_require(`
type nmea_port_t;
')
dontaudit $1 nmea_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send nmea_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nmea_client_packets',`
gen_require(`
type nmea_client_packet_t;
')
allow $1 nmea_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nmea_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nmea_client_packets',`
gen_require(`
type nmea_client_packet_t;
')
dontaudit $1 nmea_client_packet_t:packet send;
')
########################################
## <summary>
## Receive nmea_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nmea_client_packets',`
gen_require(`
type nmea_client_packet_t;
')
allow $1 nmea_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nmea_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nmea_client_packets',`
gen_require(`
type nmea_client_packet_t;
')
dontaudit $1 nmea_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nmea_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nmea_client_packets',`
corenet_send_nmea_client_packets($1)
corenet_receive_nmea_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nmea_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nmea_client_packets',`
corenet_dontaudit_send_nmea_client_packets($1)
corenet_dontaudit_receive_nmea_client_packets($1)
')
########################################
## <summary>
## Relabel packets to nmea_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nmea_client_packets',`
gen_require(`
type nmea_client_packet_t;
')
allow $1 nmea_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send nmea_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nmea_server_packets',`
gen_require(`
type nmea_server_packet_t;
')
allow $1 nmea_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nmea_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nmea_server_packets',`
gen_require(`
type nmea_server_packet_t;
')
dontaudit $1 nmea_server_packet_t:packet send;
')
########################################
## <summary>
## Receive nmea_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nmea_server_packets',`
gen_require(`
type nmea_server_packet_t;
')
allow $1 nmea_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nmea_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nmea_server_packets',`
gen_require(`
type nmea_server_packet_t;
')
dontaudit $1 nmea_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nmea_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nmea_server_packets',`
corenet_send_nmea_server_packets($1)
corenet_receive_nmea_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nmea_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nmea_server_packets',`
corenet_dontaudit_send_nmea_server_packets($1)
corenet_dontaudit_receive_nmea_server_packets($1)
')
########################################
## <summary>
## Relabel packets to nmea_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nmea_server_packets',`
gen_require(`
type nmea_server_packet_t;
')
allow $1 nmea_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_nodejs_debug_port',`
gen_require(`
type nodejs_debug_port_t;
')
allow $1 nodejs_debug_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_nodejs_debug_port',`
gen_require(`
type nodejs_debug_port_t;
')
allow $1 nodejs_debug_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_nodejs_debug_port',`
gen_require(`
type nodejs_debug_port_t;
')
dontaudit $1 nodejs_debug_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_nodejs_debug_port',`
gen_require(`
type nodejs_debug_port_t;
')
allow $1 nodejs_debug_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_nodejs_debug_port',`
gen_require(`
type nodejs_debug_port_t;
')
dontaudit $1 nodejs_debug_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_nodejs_debug_port',`
corenet_udp_send_nodejs_debug_port($1)
corenet_udp_receive_nodejs_debug_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_nodejs_debug_port',`
corenet_dontaudit_udp_send_nodejs_debug_port($1)
corenet_dontaudit_udp_receive_nodejs_debug_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_nodejs_debug_port',`
gen_require(`
type nodejs_debug_port_t;
')
allow $1 nodejs_debug_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_nodejs_debug_port',`
gen_require(`
type nodejs_debug_port_t;
')
allow $1 nodejs_debug_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_nodejs_debug_port',`
gen_require(`
type nodejs_debug_port_t;
')
dontaudit $1 nodejs_debug_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_nodejs_debug_port',`
gen_require(`
type nodejs_debug_port_t;
')
allow $1 nodejs_debug_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to nodejs_debug port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_nodejs_debug_port',`
gen_require(`
type nodejs_debug_port_t;
')
dontaudit $1 nodejs_debug_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send nodejs_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nodejs_debug_client_packets',`
gen_require(`
type nodejs_debug_client_packet_t;
')
allow $1 nodejs_debug_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nodejs_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nodejs_debug_client_packets',`
gen_require(`
type nodejs_debug_client_packet_t;
')
dontaudit $1 nodejs_debug_client_packet_t:packet send;
')
########################################
## <summary>
## Receive nodejs_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nodejs_debug_client_packets',`
gen_require(`
type nodejs_debug_client_packet_t;
')
allow $1 nodejs_debug_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nodejs_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nodejs_debug_client_packets',`
gen_require(`
type nodejs_debug_client_packet_t;
')
dontaudit $1 nodejs_debug_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nodejs_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nodejs_debug_client_packets',`
corenet_send_nodejs_debug_client_packets($1)
corenet_receive_nodejs_debug_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nodejs_debug_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nodejs_debug_client_packets',`
corenet_dontaudit_send_nodejs_debug_client_packets($1)
corenet_dontaudit_receive_nodejs_debug_client_packets($1)
')
########################################
## <summary>
## Relabel packets to nodejs_debug_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nodejs_debug_client_packets',`
gen_require(`
type nodejs_debug_client_packet_t;
')
allow $1 nodejs_debug_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send nodejs_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nodejs_debug_server_packets',`
gen_require(`
type nodejs_debug_server_packet_t;
')
allow $1 nodejs_debug_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nodejs_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nodejs_debug_server_packets',`
gen_require(`
type nodejs_debug_server_packet_t;
')
dontaudit $1 nodejs_debug_server_packet_t:packet send;
')
########################################
## <summary>
## Receive nodejs_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nodejs_debug_server_packets',`
gen_require(`
type nodejs_debug_server_packet_t;
')
allow $1 nodejs_debug_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nodejs_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nodejs_debug_server_packets',`
gen_require(`
type nodejs_debug_server_packet_t;
')
dontaudit $1 nodejs_debug_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nodejs_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nodejs_debug_server_packets',`
corenet_send_nodejs_debug_server_packets($1)
corenet_receive_nodejs_debug_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nodejs_debug_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nodejs_debug_server_packets',`
corenet_dontaudit_send_nodejs_debug_server_packets($1)
corenet_dontaudit_receive_nodejs_debug_server_packets($1)
')
########################################
## <summary>
## Relabel packets to nodejs_debug_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nodejs_debug_server_packets',`
gen_require(`
type nodejs_debug_server_packet_t;
')
allow $1 nodejs_debug_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the nsca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_nsca_port',`
gen_require(`
type nsca_port_t;
')
allow $1 nsca_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the nsca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_nsca_port',`
gen_require(`
type nsca_port_t;
')
allow $1 nsca_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the nsca port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_nsca_port',`
gen_require(`
type nsca_port_t;
')
dontaudit $1 nsca_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the nsca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_nsca_port',`
gen_require(`
type nsca_port_t;
')
allow $1 nsca_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the nsca port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_nsca_port',`
gen_require(`
type nsca_port_t;
')
dontaudit $1 nsca_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the nsca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_nsca_port',`
corenet_udp_send_nsca_port($1)
corenet_udp_receive_nsca_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the nsca port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_nsca_port',`
corenet_dontaudit_udp_send_nsca_port($1)
corenet_dontaudit_udp_receive_nsca_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the nsca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_nsca_port',`
gen_require(`
type nsca_port_t;
')
allow $1 nsca_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the nsca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_nsca_port',`
gen_require(`
type nsca_port_t;
')
allow $1 nsca_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to nsca port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_nsca_port',`
gen_require(`
type nsca_port_t;
')
dontaudit $1 nsca_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the nsca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_nsca_port',`
gen_require(`
type nsca_port_t;
')
allow $1 nsca_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to nsca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_nsca_port',`
gen_require(`
type nsca_port_t;
')
dontaudit $1 nsca_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send nsca_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nsca_client_packets',`
gen_require(`
type nsca_client_packet_t;
')
allow $1 nsca_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nsca_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nsca_client_packets',`
gen_require(`
type nsca_client_packet_t;
')
dontaudit $1 nsca_client_packet_t:packet send;
')
########################################
## <summary>
## Receive nsca_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nsca_client_packets',`
gen_require(`
type nsca_client_packet_t;
')
allow $1 nsca_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nsca_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nsca_client_packets',`
gen_require(`
type nsca_client_packet_t;
')
dontaudit $1 nsca_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nsca_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nsca_client_packets',`
corenet_send_nsca_client_packets($1)
corenet_receive_nsca_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nsca_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nsca_client_packets',`
corenet_dontaudit_send_nsca_client_packets($1)
corenet_dontaudit_receive_nsca_client_packets($1)
')
########################################
## <summary>
## Relabel packets to nsca_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nsca_client_packets',`
gen_require(`
type nsca_client_packet_t;
')
allow $1 nsca_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send nsca_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nsca_server_packets',`
gen_require(`
type nsca_server_packet_t;
')
allow $1 nsca_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nsca_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nsca_server_packets',`
gen_require(`
type nsca_server_packet_t;
')
dontaudit $1 nsca_server_packet_t:packet send;
')
########################################
## <summary>
## Receive nsca_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nsca_server_packets',`
gen_require(`
type nsca_server_packet_t;
')
allow $1 nsca_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nsca_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nsca_server_packets',`
gen_require(`
type nsca_server_packet_t;
')
dontaudit $1 nsca_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nsca_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nsca_server_packets',`
corenet_send_nsca_server_packets($1)
corenet_receive_nsca_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nsca_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nsca_server_packets',`
corenet_dontaudit_send_nsca_server_packets($1)
corenet_dontaudit_receive_nsca_server_packets($1)
')
########################################
## <summary>
## Relabel packets to nsca_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nsca_server_packets',`
gen_require(`
type nsca_server_packet_t;
')
allow $1 nsca_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ntop_port',`
gen_require(`
type ntop_port_t;
')
allow $1 ntop_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ntop_port',`
gen_require(`
type ntop_port_t;
')
allow $1 ntop_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ntop_port',`
gen_require(`
type ntop_port_t;
')
dontaudit $1 ntop_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ntop_port',`
gen_require(`
type ntop_port_t;
')
allow $1 ntop_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ntop_port',`
gen_require(`
type ntop_port_t;
')
dontaudit $1 ntop_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ntop_port',`
corenet_udp_send_ntop_port($1)
corenet_udp_receive_ntop_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ntop_port',`
corenet_dontaudit_udp_send_ntop_port($1)
corenet_dontaudit_udp_receive_ntop_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ntop_port',`
gen_require(`
type ntop_port_t;
')
allow $1 ntop_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ntop_port',`
gen_require(`
type ntop_port_t;
')
allow $1 ntop_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ntop_port',`
gen_require(`
type ntop_port_t;
')
dontaudit $1 ntop_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ntop_port',`
gen_require(`
type ntop_port_t;
')
allow $1 ntop_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ntop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ntop_port',`
gen_require(`
type ntop_port_t;
')
dontaudit $1 ntop_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ntop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ntop_client_packets',`
gen_require(`
type ntop_client_packet_t;
')
allow $1 ntop_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ntop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ntop_client_packets',`
gen_require(`
type ntop_client_packet_t;
')
dontaudit $1 ntop_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ntop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ntop_client_packets',`
gen_require(`
type ntop_client_packet_t;
')
allow $1 ntop_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ntop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ntop_client_packets',`
gen_require(`
type ntop_client_packet_t;
')
dontaudit $1 ntop_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ntop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ntop_client_packets',`
corenet_send_ntop_client_packets($1)
corenet_receive_ntop_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ntop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ntop_client_packets',`
corenet_dontaudit_send_ntop_client_packets($1)
corenet_dontaudit_receive_ntop_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ntop_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ntop_client_packets',`
gen_require(`
type ntop_client_packet_t;
')
allow $1 ntop_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ntop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ntop_server_packets',`
gen_require(`
type ntop_server_packet_t;
')
allow $1 ntop_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ntop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ntop_server_packets',`
gen_require(`
type ntop_server_packet_t;
')
dontaudit $1 ntop_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ntop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ntop_server_packets',`
gen_require(`
type ntop_server_packet_t;
')
allow $1 ntop_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ntop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ntop_server_packets',`
gen_require(`
type ntop_server_packet_t;
')
dontaudit $1 ntop_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ntop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ntop_server_packets',`
corenet_send_ntop_server_packets($1)
corenet_receive_ntop_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ntop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ntop_server_packets',`
corenet_dontaudit_send_ntop_server_packets($1)
corenet_dontaudit_receive_ntop_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ntop_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ntop_server_packets',`
gen_require(`
type ntop_server_packet_t;
')
allow $1 ntop_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ntp_port',`
gen_require(`
type ntp_port_t;
')
allow $1 ntp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ntp_port',`
gen_require(`
type ntp_port_t;
')
allow $1 ntp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ntp_port',`
gen_require(`
type ntp_port_t;
')
dontaudit $1 ntp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ntp_port',`
gen_require(`
type ntp_port_t;
')
allow $1 ntp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ntp_port',`
gen_require(`
type ntp_port_t;
')
dontaudit $1 ntp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ntp_port',`
corenet_udp_send_ntp_port($1)
corenet_udp_receive_ntp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ntp_port',`
corenet_dontaudit_udp_send_ntp_port($1)
corenet_dontaudit_udp_receive_ntp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ntp_port',`
gen_require(`
type ntp_port_t;
')
allow $1 ntp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ntp_port',`
gen_require(`
type ntp_port_t;
')
allow $1 ntp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ntp_port',`
gen_require(`
type ntp_port_t;
')
dontaudit $1 ntp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ntp_port',`
gen_require(`
type ntp_port_t;
')
allow $1 ntp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ntp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ntp_port',`
gen_require(`
type ntp_port_t;
')
dontaudit $1 ntp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ntp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ntp_client_packets',`
gen_require(`
type ntp_client_packet_t;
')
allow $1 ntp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ntp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ntp_client_packets',`
gen_require(`
type ntp_client_packet_t;
')
dontaudit $1 ntp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ntp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ntp_client_packets',`
gen_require(`
type ntp_client_packet_t;
')
allow $1 ntp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ntp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ntp_client_packets',`
gen_require(`
type ntp_client_packet_t;
')
dontaudit $1 ntp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ntp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ntp_client_packets',`
corenet_send_ntp_client_packets($1)
corenet_receive_ntp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ntp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ntp_client_packets',`
corenet_dontaudit_send_ntp_client_packets($1)
corenet_dontaudit_receive_ntp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ntp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ntp_client_packets',`
gen_require(`
type ntp_client_packet_t;
')
allow $1 ntp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ntp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ntp_server_packets',`
gen_require(`
type ntp_server_packet_t;
')
allow $1 ntp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ntp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ntp_server_packets',`
gen_require(`
type ntp_server_packet_t;
')
dontaudit $1 ntp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ntp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ntp_server_packets',`
gen_require(`
type ntp_server_packet_t;
')
allow $1 ntp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ntp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ntp_server_packets',`
gen_require(`
type ntp_server_packet_t;
')
dontaudit $1 ntp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ntp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ntp_server_packets',`
corenet_send_ntp_server_packets($1)
corenet_receive_ntp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ntp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ntp_server_packets',`
corenet_dontaudit_send_ntp_server_packets($1)
corenet_dontaudit_receive_ntp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ntp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ntp_server_packets',`
gen_require(`
type ntp_server_packet_t;
')
allow $1 ntp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ntske port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ntske_port',`
gen_require(`
type ntske_port_t;
')
allow $1 ntske_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ntske port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ntske_port',`
gen_require(`
type ntske_port_t;
')
allow $1 ntske_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ntske port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ntske_port',`
gen_require(`
type ntske_port_t;
')
dontaudit $1 ntske_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ntske port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ntske_port',`
gen_require(`
type ntske_port_t;
')
allow $1 ntske_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ntske port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ntske_port',`
gen_require(`
type ntske_port_t;
')
dontaudit $1 ntske_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ntske port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ntske_port',`
corenet_udp_send_ntske_port($1)
corenet_udp_receive_ntske_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ntske port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ntske_port',`
corenet_dontaudit_udp_send_ntske_port($1)
corenet_dontaudit_udp_receive_ntske_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ntske port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ntske_port',`
gen_require(`
type ntske_port_t;
')
allow $1 ntske_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ntske port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ntske_port',`
gen_require(`
type ntske_port_t;
')
allow $1 ntske_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to ntske port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ntske_port',`
gen_require(`
type ntske_port_t;
')
dontaudit $1 ntske_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ntske port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ntske_port',`
gen_require(`
type ntske_port_t;
')
allow $1 ntske_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ntske port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ntske_port',`
gen_require(`
type ntske_port_t;
')
dontaudit $1 ntske_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ntske_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ntske_client_packets',`
gen_require(`
type ntske_client_packet_t;
')
allow $1 ntske_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ntske_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ntske_client_packets',`
gen_require(`
type ntske_client_packet_t;
')
dontaudit $1 ntske_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ntske_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ntske_client_packets',`
gen_require(`
type ntske_client_packet_t;
')
allow $1 ntske_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ntske_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ntske_client_packets',`
gen_require(`
type ntske_client_packet_t;
')
dontaudit $1 ntske_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ntske_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ntske_client_packets',`
corenet_send_ntske_client_packets($1)
corenet_receive_ntske_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ntske_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ntske_client_packets',`
corenet_dontaudit_send_ntske_client_packets($1)
corenet_dontaudit_receive_ntske_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ntske_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ntske_client_packets',`
gen_require(`
type ntske_client_packet_t;
')
allow $1 ntske_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ntske_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ntske_server_packets',`
gen_require(`
type ntske_server_packet_t;
')
allow $1 ntske_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ntske_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ntske_server_packets',`
gen_require(`
type ntske_server_packet_t;
')
dontaudit $1 ntske_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ntske_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ntske_server_packets',`
gen_require(`
type ntske_server_packet_t;
')
allow $1 ntske_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ntske_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ntske_server_packets',`
gen_require(`
type ntske_server_packet_t;
')
dontaudit $1 ntske_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ntske_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ntske_server_packets',`
corenet_send_ntske_server_packets($1)
corenet_receive_ntske_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ntske_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ntske_server_packets',`
corenet_dontaudit_send_ntske_server_packets($1)
corenet_dontaudit_receive_ntske_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ntske_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ntske_server_packets',`
gen_require(`
type ntske_server_packet_t;
')
allow $1 ntske_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_oracle_port',`
gen_require(`
type oracle_port_t;
')
allow $1 oracle_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_oracle_port',`
gen_require(`
type oracle_port_t;
')
allow $1 oracle_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_oracle_port',`
gen_require(`
type oracle_port_t;
')
dontaudit $1 oracle_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_oracle_port',`
gen_require(`
type oracle_port_t;
')
allow $1 oracle_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_oracle_port',`
gen_require(`
type oracle_port_t;
')
dontaudit $1 oracle_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_oracle_port',`
corenet_udp_send_oracle_port($1)
corenet_udp_receive_oracle_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_oracle_port',`
corenet_dontaudit_udp_send_oracle_port($1)
corenet_dontaudit_udp_receive_oracle_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_oracle_port',`
gen_require(`
type oracle_port_t;
')
allow $1 oracle_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_oracle_port',`
gen_require(`
type oracle_port_t;
')
allow $1 oracle_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_oracle_port',`
gen_require(`
type oracle_port_t;
')
dontaudit $1 oracle_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_oracle_port',`
gen_require(`
type oracle_port_t;
')
allow $1 oracle_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to oracle port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_oracle_port',`
gen_require(`
type oracle_port_t;
')
dontaudit $1 oracle_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send oracle_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_oracle_client_packets',`
gen_require(`
type oracle_client_packet_t;
')
allow $1 oracle_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send oracle_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_oracle_client_packets',`
gen_require(`
type oracle_client_packet_t;
')
dontaudit $1 oracle_client_packet_t:packet send;
')
########################################
## <summary>
## Receive oracle_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_oracle_client_packets',`
gen_require(`
type oracle_client_packet_t;
')
allow $1 oracle_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive oracle_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_oracle_client_packets',`
gen_require(`
type oracle_client_packet_t;
')
dontaudit $1 oracle_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive oracle_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_oracle_client_packets',`
corenet_send_oracle_client_packets($1)
corenet_receive_oracle_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive oracle_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_oracle_client_packets',`
corenet_dontaudit_send_oracle_client_packets($1)
corenet_dontaudit_receive_oracle_client_packets($1)
')
########################################
## <summary>
## Relabel packets to oracle_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_oracle_client_packets',`
gen_require(`
type oracle_client_packet_t;
')
allow $1 oracle_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send oracle_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_oracle_server_packets',`
gen_require(`
type oracle_server_packet_t;
')
allow $1 oracle_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send oracle_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_oracle_server_packets',`
gen_require(`
type oracle_server_packet_t;
')
dontaudit $1 oracle_server_packet_t:packet send;
')
########################################
## <summary>
## Receive oracle_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_oracle_server_packets',`
gen_require(`
type oracle_server_packet_t;
')
allow $1 oracle_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive oracle_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_oracle_server_packets',`
gen_require(`
type oracle_server_packet_t;
')
dontaudit $1 oracle_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive oracle_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_oracle_server_packets',`
corenet_send_oracle_server_packets($1)
corenet_receive_oracle_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive oracle_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_oracle_server_packets',`
corenet_dontaudit_send_oracle_server_packets($1)
corenet_dontaudit_receive_oracle_server_packets($1)
')
########################################
## <summary>
## Relabel packets to oracle_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_oracle_server_packets',`
gen_require(`
type oracle_server_packet_t;
')
allow $1 oracle_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the oa_system port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_oa_system_port',`
gen_require(`
type oa_system_port_t;
')
allow $1 oa_system_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the oa_system port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_oa_system_port',`
gen_require(`
type oa_system_port_t;
')
allow $1 oa_system_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the oa_system port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_oa_system_port',`
gen_require(`
type oa_system_port_t;
')
dontaudit $1 oa_system_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the oa_system port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_oa_system_port',`
gen_require(`
type oa_system_port_t;
')
allow $1 oa_system_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the oa_system port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_oa_system_port',`
gen_require(`
type oa_system_port_t;
')
dontaudit $1 oa_system_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the oa_system port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_oa_system_port',`
corenet_udp_send_oa_system_port($1)
corenet_udp_receive_oa_system_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the oa_system port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_oa_system_port',`
corenet_dontaudit_udp_send_oa_system_port($1)
corenet_dontaudit_udp_receive_oa_system_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the oa_system port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_oa_system_port',`
gen_require(`
type oa_system_port_t;
')
allow $1 oa_system_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the oa_system port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_oa_system_port',`
gen_require(`
type oa_system_port_t;
')
allow $1 oa_system_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to oa_system port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_oa_system_port',`
gen_require(`
type oa_system_port_t;
')
dontaudit $1 oa_system_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the oa_system port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_oa_system_port',`
gen_require(`
type oa_system_port_t;
')
allow $1 oa_system_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to oa_system port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_oa_system_port',`
gen_require(`
type oa_system_port_t;
')
dontaudit $1 oa_system_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send oa_system_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_oa_system_client_packets',`
gen_require(`
type oa_system_client_packet_t;
')
allow $1 oa_system_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send oa_system_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_oa_system_client_packets',`
gen_require(`
type oa_system_client_packet_t;
')
dontaudit $1 oa_system_client_packet_t:packet send;
')
########################################
## <summary>
## Receive oa_system_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_oa_system_client_packets',`
gen_require(`
type oa_system_client_packet_t;
')
allow $1 oa_system_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive oa_system_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_oa_system_client_packets',`
gen_require(`
type oa_system_client_packet_t;
')
dontaudit $1 oa_system_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive oa_system_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_oa_system_client_packets',`
corenet_send_oa_system_client_packets($1)
corenet_receive_oa_system_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive oa_system_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_oa_system_client_packets',`
corenet_dontaudit_send_oa_system_client_packets($1)
corenet_dontaudit_receive_oa_system_client_packets($1)
')
########################################
## <summary>
## Relabel packets to oa_system_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_oa_system_client_packets',`
gen_require(`
type oa_system_client_packet_t;
')
allow $1 oa_system_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send oa_system_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_oa_system_server_packets',`
gen_require(`
type oa_system_server_packet_t;
')
allow $1 oa_system_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send oa_system_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_oa_system_server_packets',`
gen_require(`
type oa_system_server_packet_t;
')
dontaudit $1 oa_system_server_packet_t:packet send;
')
########################################
## <summary>
## Receive oa_system_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_oa_system_server_packets',`
gen_require(`
type oa_system_server_packet_t;
')
allow $1 oa_system_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive oa_system_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_oa_system_server_packets',`
gen_require(`
type oa_system_server_packet_t;
')
dontaudit $1 oa_system_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive oa_system_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_oa_system_server_packets',`
corenet_send_oa_system_server_packets($1)
corenet_receive_oa_system_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive oa_system_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_oa_system_server_packets',`
corenet_dontaudit_send_oa_system_server_packets($1)
corenet_dontaudit_receive_oa_system_server_packets($1)
')
########################################
## <summary>
## Relabel packets to oa_system_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_oa_system_server_packets',`
gen_require(`
type oa_system_server_packet_t;
')
allow $1 oa_system_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ocsp_port',`
gen_require(`
type ocsp_port_t;
')
allow $1 ocsp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ocsp_port',`
gen_require(`
type ocsp_port_t;
')
allow $1 ocsp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ocsp_port',`
gen_require(`
type ocsp_port_t;
')
dontaudit $1 ocsp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ocsp_port',`
gen_require(`
type ocsp_port_t;
')
allow $1 ocsp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ocsp_port',`
gen_require(`
type ocsp_port_t;
')
dontaudit $1 ocsp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ocsp_port',`
corenet_udp_send_ocsp_port($1)
corenet_udp_receive_ocsp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ocsp_port',`
corenet_dontaudit_udp_send_ocsp_port($1)
corenet_dontaudit_udp_receive_ocsp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ocsp_port',`
gen_require(`
type ocsp_port_t;
')
allow $1 ocsp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ocsp_port',`
gen_require(`
type ocsp_port_t;
')
allow $1 ocsp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ocsp_port',`
gen_require(`
type ocsp_port_t;
')
dontaudit $1 ocsp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ocsp_port',`
gen_require(`
type ocsp_port_t;
')
allow $1 ocsp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ocsp_port',`
gen_require(`
type ocsp_port_t;
')
dontaudit $1 ocsp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ocsp_client_packets',`
gen_require(`
type ocsp_client_packet_t;
')
allow $1 ocsp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ocsp_client_packets',`
gen_require(`
type ocsp_client_packet_t;
')
dontaudit $1 ocsp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ocsp_client_packets',`
gen_require(`
type ocsp_client_packet_t;
')
allow $1 ocsp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ocsp_client_packets',`
gen_require(`
type ocsp_client_packet_t;
')
dontaudit $1 ocsp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ocsp_client_packets',`
corenet_send_ocsp_client_packets($1)
corenet_receive_ocsp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ocsp_client_packets',`
corenet_dontaudit_send_ocsp_client_packets($1)
corenet_dontaudit_receive_ocsp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ocsp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ocsp_client_packets',`
gen_require(`
type ocsp_client_packet_t;
')
allow $1 ocsp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ocsp_server_packets',`
gen_require(`
type ocsp_server_packet_t;
')
allow $1 ocsp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ocsp_server_packets',`
gen_require(`
type ocsp_server_packet_t;
')
dontaudit $1 ocsp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ocsp_server_packets',`
gen_require(`
type ocsp_server_packet_t;
')
allow $1 ocsp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ocsp_server_packets',`
gen_require(`
type ocsp_server_packet_t;
')
dontaudit $1 ocsp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ocsp_server_packets',`
corenet_send_ocsp_server_packets($1)
corenet_receive_ocsp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ocsp_server_packets',`
corenet_dontaudit_send_ocsp_server_packets($1)
corenet_dontaudit_receive_ocsp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ocsp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ocsp_server_packets',`
gen_require(`
type ocsp_server_packet_t;
')
allow $1 ocsp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the opendnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_opendnssec_port',`
gen_require(`
type opendnssec_port_t;
')
allow $1 opendnssec_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the opendnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_opendnssec_port',`
gen_require(`
type opendnssec_port_t;
')
allow $1 opendnssec_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the opendnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_opendnssec_port',`
gen_require(`
type opendnssec_port_t;
')
dontaudit $1 opendnssec_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the opendnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_opendnssec_port',`
gen_require(`
type opendnssec_port_t;
')
allow $1 opendnssec_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the opendnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_opendnssec_port',`
gen_require(`
type opendnssec_port_t;
')
dontaudit $1 opendnssec_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the opendnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_opendnssec_port',`
corenet_udp_send_opendnssec_port($1)
corenet_udp_receive_opendnssec_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the opendnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_opendnssec_port',`
corenet_dontaudit_udp_send_opendnssec_port($1)
corenet_dontaudit_udp_receive_opendnssec_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the opendnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_opendnssec_port',`
gen_require(`
type opendnssec_port_t;
')
allow $1 opendnssec_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the opendnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_opendnssec_port',`
gen_require(`
type opendnssec_port_t;
')
allow $1 opendnssec_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to opendnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_opendnssec_port',`
gen_require(`
type opendnssec_port_t;
')
dontaudit $1 opendnssec_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the opendnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_opendnssec_port',`
gen_require(`
type opendnssec_port_t;
')
allow $1 opendnssec_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to opendnssec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_opendnssec_port',`
gen_require(`
type opendnssec_port_t;
')
dontaudit $1 opendnssec_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send opendnssec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_opendnssec_client_packets',`
gen_require(`
type opendnssec_client_packet_t;
')
allow $1 opendnssec_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send opendnssec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_opendnssec_client_packets',`
gen_require(`
type opendnssec_client_packet_t;
')
dontaudit $1 opendnssec_client_packet_t:packet send;
')
########################################
## <summary>
## Receive opendnssec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_opendnssec_client_packets',`
gen_require(`
type opendnssec_client_packet_t;
')
allow $1 opendnssec_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive opendnssec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_opendnssec_client_packets',`
gen_require(`
type opendnssec_client_packet_t;
')
dontaudit $1 opendnssec_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive opendnssec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_opendnssec_client_packets',`
corenet_send_opendnssec_client_packets($1)
corenet_receive_opendnssec_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive opendnssec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_opendnssec_client_packets',`
corenet_dontaudit_send_opendnssec_client_packets($1)
corenet_dontaudit_receive_opendnssec_client_packets($1)
')
########################################
## <summary>
## Relabel packets to opendnssec_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_opendnssec_client_packets',`
gen_require(`
type opendnssec_client_packet_t;
')
allow $1 opendnssec_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send opendnssec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_opendnssec_server_packets',`
gen_require(`
type opendnssec_server_packet_t;
')
allow $1 opendnssec_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send opendnssec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_opendnssec_server_packets',`
gen_require(`
type opendnssec_server_packet_t;
')
dontaudit $1 opendnssec_server_packet_t:packet send;
')
########################################
## <summary>
## Receive opendnssec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_opendnssec_server_packets',`
gen_require(`
type opendnssec_server_packet_t;
')
allow $1 opendnssec_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive opendnssec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_opendnssec_server_packets',`
gen_require(`
type opendnssec_server_packet_t;
')
dontaudit $1 opendnssec_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive opendnssec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_opendnssec_server_packets',`
corenet_send_opendnssec_server_packets($1)
corenet_receive_opendnssec_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive opendnssec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_opendnssec_server_packets',`
corenet_dontaudit_send_opendnssec_server_packets($1)
corenet_dontaudit_receive_opendnssec_server_packets($1)
')
########################################
## <summary>
## Relabel packets to opendnssec_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_opendnssec_server_packets',`
gen_require(`
type opendnssec_server_packet_t;
')
allow $1 opendnssec_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the openflow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_openflow_port',`
gen_require(`
type openflow_port_t;
')
allow $1 openflow_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the openflow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_openflow_port',`
gen_require(`
type openflow_port_t;
')
allow $1 openflow_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the openflow port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_openflow_port',`
gen_require(`
type openflow_port_t;
')
dontaudit $1 openflow_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the openflow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_openflow_port',`
gen_require(`
type openflow_port_t;
')
allow $1 openflow_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the openflow port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_openflow_port',`
gen_require(`
type openflow_port_t;
')
dontaudit $1 openflow_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the openflow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_openflow_port',`
corenet_udp_send_openflow_port($1)
corenet_udp_receive_openflow_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the openflow port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_openflow_port',`
corenet_dontaudit_udp_send_openflow_port($1)
corenet_dontaudit_udp_receive_openflow_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the openflow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_openflow_port',`
gen_require(`
type openflow_port_t;
')
allow $1 openflow_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the openflow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_openflow_port',`
gen_require(`
type openflow_port_t;
')
allow $1 openflow_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to openflow port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_openflow_port',`
gen_require(`
type openflow_port_t;
')
dontaudit $1 openflow_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the openflow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_openflow_port',`
gen_require(`
type openflow_port_t;
')
allow $1 openflow_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to openflow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_openflow_port',`
gen_require(`
type openflow_port_t;
')
dontaudit $1 openflow_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send openflow_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_openflow_client_packets',`
gen_require(`
type openflow_client_packet_t;
')
allow $1 openflow_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send openflow_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_openflow_client_packets',`
gen_require(`
type openflow_client_packet_t;
')
dontaudit $1 openflow_client_packet_t:packet send;
')
########################################
## <summary>
## Receive openflow_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_openflow_client_packets',`
gen_require(`
type openflow_client_packet_t;
')
allow $1 openflow_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive openflow_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_openflow_client_packets',`
gen_require(`
type openflow_client_packet_t;
')
dontaudit $1 openflow_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive openflow_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_openflow_client_packets',`
corenet_send_openflow_client_packets($1)
corenet_receive_openflow_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive openflow_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_openflow_client_packets',`
corenet_dontaudit_send_openflow_client_packets($1)
corenet_dontaudit_receive_openflow_client_packets($1)
')
########################################
## <summary>
## Relabel packets to openflow_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_openflow_client_packets',`
gen_require(`
type openflow_client_packet_t;
')
allow $1 openflow_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send openflow_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_openflow_server_packets',`
gen_require(`
type openflow_server_packet_t;
')
allow $1 openflow_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send openflow_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_openflow_server_packets',`
gen_require(`
type openflow_server_packet_t;
')
dontaudit $1 openflow_server_packet_t:packet send;
')
########################################
## <summary>
## Receive openflow_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_openflow_server_packets',`
gen_require(`
type openflow_server_packet_t;
')
allow $1 openflow_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive openflow_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_openflow_server_packets',`
gen_require(`
type openflow_server_packet_t;
')
dontaudit $1 openflow_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive openflow_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_openflow_server_packets',`
corenet_send_openflow_server_packets($1)
corenet_receive_openflow_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive openflow_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_openflow_server_packets',`
corenet_dontaudit_send_openflow_server_packets($1)
corenet_dontaudit_receive_openflow_server_packets($1)
')
########################################
## <summary>
## Relabel packets to openflow_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_openflow_server_packets',`
gen_require(`
type openflow_server_packet_t;
')
allow $1 openflow_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_openhpid_port',`
gen_require(`
type openhpid_port_t;
')
allow $1 openhpid_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_openhpid_port',`
gen_require(`
type openhpid_port_t;
')
allow $1 openhpid_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_openhpid_port',`
gen_require(`
type openhpid_port_t;
')
dontaudit $1 openhpid_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_openhpid_port',`
gen_require(`
type openhpid_port_t;
')
allow $1 openhpid_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_openhpid_port',`
gen_require(`
type openhpid_port_t;
')
dontaudit $1 openhpid_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_openhpid_port',`
corenet_udp_send_openhpid_port($1)
corenet_udp_receive_openhpid_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_openhpid_port',`
corenet_dontaudit_udp_send_openhpid_port($1)
corenet_dontaudit_udp_receive_openhpid_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_openhpid_port',`
gen_require(`
type openhpid_port_t;
')
allow $1 openhpid_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_openhpid_port',`
gen_require(`
type openhpid_port_t;
')
allow $1 openhpid_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_openhpid_port',`
gen_require(`
type openhpid_port_t;
')
dontaudit $1 openhpid_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_openhpid_port',`
gen_require(`
type openhpid_port_t;
')
allow $1 openhpid_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to openhpid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_openhpid_port',`
gen_require(`
type openhpid_port_t;
')
dontaudit $1 openhpid_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send openhpid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_openhpid_client_packets',`
gen_require(`
type openhpid_client_packet_t;
')
allow $1 openhpid_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send openhpid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_openhpid_client_packets',`
gen_require(`
type openhpid_client_packet_t;
')
dontaudit $1 openhpid_client_packet_t:packet send;
')
########################################
## <summary>
## Receive openhpid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_openhpid_client_packets',`
gen_require(`
type openhpid_client_packet_t;
')
allow $1 openhpid_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive openhpid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_openhpid_client_packets',`
gen_require(`
type openhpid_client_packet_t;
')
dontaudit $1 openhpid_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive openhpid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_openhpid_client_packets',`
corenet_send_openhpid_client_packets($1)
corenet_receive_openhpid_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive openhpid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_openhpid_client_packets',`
corenet_dontaudit_send_openhpid_client_packets($1)
corenet_dontaudit_receive_openhpid_client_packets($1)
')
########################################
## <summary>
## Relabel packets to openhpid_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_openhpid_client_packets',`
gen_require(`
type openhpid_client_packet_t;
')
allow $1 openhpid_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send openhpid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_openhpid_server_packets',`
gen_require(`
type openhpid_server_packet_t;
')
allow $1 openhpid_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send openhpid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_openhpid_server_packets',`
gen_require(`
type openhpid_server_packet_t;
')
dontaudit $1 openhpid_server_packet_t:packet send;
')
########################################
## <summary>
## Receive openhpid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_openhpid_server_packets',`
gen_require(`
type openhpid_server_packet_t;
')
allow $1 openhpid_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive openhpid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_openhpid_server_packets',`
gen_require(`
type openhpid_server_packet_t;
')
dontaudit $1 openhpid_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive openhpid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_openhpid_server_packets',`
corenet_send_openhpid_server_packets($1)
corenet_receive_openhpid_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive openhpid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_openhpid_server_packets',`
corenet_dontaudit_send_openhpid_server_packets($1)
corenet_dontaudit_receive_openhpid_server_packets($1)
')
########################################
## <summary>
## Relabel packets to openhpid_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_openhpid_server_packets',`
gen_require(`
type openhpid_server_packet_t;
')
allow $1 openhpid_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_openvpn_port',`
gen_require(`
type openvpn_port_t;
')
allow $1 openvpn_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_openvpn_port',`
gen_require(`
type openvpn_port_t;
')
allow $1 openvpn_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_openvpn_port',`
gen_require(`
type openvpn_port_t;
')
dontaudit $1 openvpn_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_openvpn_port',`
gen_require(`
type openvpn_port_t;
')
allow $1 openvpn_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_openvpn_port',`
gen_require(`
type openvpn_port_t;
')
dontaudit $1 openvpn_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_openvpn_port',`
corenet_udp_send_openvpn_port($1)
corenet_udp_receive_openvpn_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_openvpn_port',`
corenet_dontaudit_udp_send_openvpn_port($1)
corenet_dontaudit_udp_receive_openvpn_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_openvpn_port',`
gen_require(`
type openvpn_port_t;
')
allow $1 openvpn_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_openvpn_port',`
gen_require(`
type openvpn_port_t;
')
allow $1 openvpn_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_openvpn_port',`
gen_require(`
type openvpn_port_t;
')
dontaudit $1 openvpn_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_openvpn_port',`
gen_require(`
type openvpn_port_t;
')
allow $1 openvpn_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to openvpn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_openvpn_port',`
gen_require(`
type openvpn_port_t;
')
dontaudit $1 openvpn_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send openvpn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_openvpn_client_packets',`
gen_require(`
type openvpn_client_packet_t;
')
allow $1 openvpn_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send openvpn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_openvpn_client_packets',`
gen_require(`
type openvpn_client_packet_t;
')
dontaudit $1 openvpn_client_packet_t:packet send;
')
########################################
## <summary>
## Receive openvpn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_openvpn_client_packets',`
gen_require(`
type openvpn_client_packet_t;
')
allow $1 openvpn_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive openvpn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_openvpn_client_packets',`
gen_require(`
type openvpn_client_packet_t;
')
dontaudit $1 openvpn_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive openvpn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_openvpn_client_packets',`
corenet_send_openvpn_client_packets($1)
corenet_receive_openvpn_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive openvpn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_openvpn_client_packets',`
corenet_dontaudit_send_openvpn_client_packets($1)
corenet_dontaudit_receive_openvpn_client_packets($1)
')
########################################
## <summary>
## Relabel packets to openvpn_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_openvpn_client_packets',`
gen_require(`
type openvpn_client_packet_t;
')
allow $1 openvpn_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send openvpn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_openvpn_server_packets',`
gen_require(`
type openvpn_server_packet_t;
')
allow $1 openvpn_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send openvpn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_openvpn_server_packets',`
gen_require(`
type openvpn_server_packet_t;
')
dontaudit $1 openvpn_server_packet_t:packet send;
')
########################################
## <summary>
## Receive openvpn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_openvpn_server_packets',`
gen_require(`
type openvpn_server_packet_t;
')
allow $1 openvpn_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive openvpn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_openvpn_server_packets',`
gen_require(`
type openvpn_server_packet_t;
')
dontaudit $1 openvpn_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive openvpn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_openvpn_server_packets',`
corenet_send_openvpn_server_packets($1)
corenet_receive_openvpn_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive openvpn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_openvpn_server_packets',`
corenet_dontaudit_send_openvpn_server_packets($1)
corenet_dontaudit_receive_openvpn_server_packets($1)
')
########################################
## <summary>
## Relabel packets to openvpn_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_openvpn_server_packets',`
gen_require(`
type openvpn_server_packet_t;
')
allow $1 openvpn_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the openvswitch port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_openvswitch_port',`
gen_require(`
type openvswitch_port_t;
')
allow $1 openvswitch_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the openvswitch port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_openvswitch_port',`
gen_require(`
type openvswitch_port_t;
')
allow $1 openvswitch_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the openvswitch port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_openvswitch_port',`
gen_require(`
type openvswitch_port_t;
')
dontaudit $1 openvswitch_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the openvswitch port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_openvswitch_port',`
gen_require(`
type openvswitch_port_t;
')
allow $1 openvswitch_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the openvswitch port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_openvswitch_port',`
gen_require(`
type openvswitch_port_t;
')
dontaudit $1 openvswitch_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the openvswitch port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_openvswitch_port',`
corenet_udp_send_openvswitch_port($1)
corenet_udp_receive_openvswitch_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the openvswitch port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_openvswitch_port',`
corenet_dontaudit_udp_send_openvswitch_port($1)
corenet_dontaudit_udp_receive_openvswitch_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the openvswitch port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_openvswitch_port',`
gen_require(`
type openvswitch_port_t;
')
allow $1 openvswitch_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the openvswitch port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_openvswitch_port',`
gen_require(`
type openvswitch_port_t;
')
allow $1 openvswitch_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to openvswitch port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_openvswitch_port',`
gen_require(`
type openvswitch_port_t;
')
dontaudit $1 openvswitch_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the openvswitch port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_openvswitch_port',`
gen_require(`
type openvswitch_port_t;
')
allow $1 openvswitch_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to openvswitch port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_openvswitch_port',`
gen_require(`
type openvswitch_port_t;
')
dontaudit $1 openvswitch_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send openvswitch_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_openvswitch_client_packets',`
gen_require(`
type openvswitch_client_packet_t;
')
allow $1 openvswitch_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send openvswitch_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_openvswitch_client_packets',`
gen_require(`
type openvswitch_client_packet_t;
')
dontaudit $1 openvswitch_client_packet_t:packet send;
')
########################################
## <summary>
## Receive openvswitch_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_openvswitch_client_packets',`
gen_require(`
type openvswitch_client_packet_t;
')
allow $1 openvswitch_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive openvswitch_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_openvswitch_client_packets',`
gen_require(`
type openvswitch_client_packet_t;
')
dontaudit $1 openvswitch_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive openvswitch_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_openvswitch_client_packets',`
corenet_send_openvswitch_client_packets($1)
corenet_receive_openvswitch_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive openvswitch_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_openvswitch_client_packets',`
corenet_dontaudit_send_openvswitch_client_packets($1)
corenet_dontaudit_receive_openvswitch_client_packets($1)
')
########################################
## <summary>
## Relabel packets to openvswitch_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_openvswitch_client_packets',`
gen_require(`
type openvswitch_client_packet_t;
')
allow $1 openvswitch_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send openvswitch_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_openvswitch_server_packets',`
gen_require(`
type openvswitch_server_packet_t;
')
allow $1 openvswitch_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send openvswitch_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_openvswitch_server_packets',`
gen_require(`
type openvswitch_server_packet_t;
')
dontaudit $1 openvswitch_server_packet_t:packet send;
')
########################################
## <summary>
## Receive openvswitch_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_openvswitch_server_packets',`
gen_require(`
type openvswitch_server_packet_t;
')
allow $1 openvswitch_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive openvswitch_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_openvswitch_server_packets',`
gen_require(`
type openvswitch_server_packet_t;
')
dontaudit $1 openvswitch_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive openvswitch_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_openvswitch_server_packets',`
corenet_send_openvswitch_server_packets($1)
corenet_receive_openvswitch_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive openvswitch_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_openvswitch_server_packets',`
corenet_dontaudit_send_openvswitch_server_packets($1)
corenet_dontaudit_receive_openvswitch_server_packets($1)
')
########################################
## <summary>
## Relabel packets to openvswitch_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_openvswitch_server_packets',`
gen_require(`
type openvswitch_server_packet_t;
')
allow $1 openvswitch_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the openqa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_openqa_port',`
gen_require(`
type openqa_port_t;
')
allow $1 openqa_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the openqa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_openqa_port',`
gen_require(`
type openqa_port_t;
')
allow $1 openqa_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the openqa port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_openqa_port',`
gen_require(`
type openqa_port_t;
')
dontaudit $1 openqa_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the openqa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_openqa_port',`
gen_require(`
type openqa_port_t;
')
allow $1 openqa_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the openqa port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_openqa_port',`
gen_require(`
type openqa_port_t;
')
dontaudit $1 openqa_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the openqa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_openqa_port',`
corenet_udp_send_openqa_port($1)
corenet_udp_receive_openqa_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the openqa port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_openqa_port',`
corenet_dontaudit_udp_send_openqa_port($1)
corenet_dontaudit_udp_receive_openqa_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the openqa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_openqa_port',`
gen_require(`
type openqa_port_t;
')
allow $1 openqa_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the openqa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_openqa_port',`
gen_require(`
type openqa_port_t;
')
allow $1 openqa_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to openqa port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_openqa_port',`
gen_require(`
type openqa_port_t;
')
dontaudit $1 openqa_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the openqa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_openqa_port',`
gen_require(`
type openqa_port_t;
')
allow $1 openqa_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to openqa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_openqa_port',`
gen_require(`
type openqa_port_t;
')
dontaudit $1 openqa_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send openqa_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_openqa_client_packets',`
gen_require(`
type openqa_client_packet_t;
')
allow $1 openqa_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send openqa_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_openqa_client_packets',`
gen_require(`
type openqa_client_packet_t;
')
dontaudit $1 openqa_client_packet_t:packet send;
')
########################################
## <summary>
## Receive openqa_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_openqa_client_packets',`
gen_require(`
type openqa_client_packet_t;
')
allow $1 openqa_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive openqa_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_openqa_client_packets',`
gen_require(`
type openqa_client_packet_t;
')
dontaudit $1 openqa_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive openqa_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_openqa_client_packets',`
corenet_send_openqa_client_packets($1)
corenet_receive_openqa_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive openqa_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_openqa_client_packets',`
corenet_dontaudit_send_openqa_client_packets($1)
corenet_dontaudit_receive_openqa_client_packets($1)
')
########################################
## <summary>
## Relabel packets to openqa_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_openqa_client_packets',`
gen_require(`
type openqa_client_packet_t;
')
allow $1 openqa_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send openqa_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_openqa_server_packets',`
gen_require(`
type openqa_server_packet_t;
')
allow $1 openqa_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send openqa_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_openqa_server_packets',`
gen_require(`
type openqa_server_packet_t;
')
dontaudit $1 openqa_server_packet_t:packet send;
')
########################################
## <summary>
## Receive openqa_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_openqa_server_packets',`
gen_require(`
type openqa_server_packet_t;
')
allow $1 openqa_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive openqa_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_openqa_server_packets',`
gen_require(`
type openqa_server_packet_t;
')
dontaudit $1 openqa_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive openqa_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_openqa_server_packets',`
corenet_send_openqa_server_packets($1)
corenet_receive_openqa_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive openqa_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_openqa_server_packets',`
corenet_dontaudit_send_openqa_server_packets($1)
corenet_dontaudit_receive_openqa_server_packets($1)
')
########################################
## <summary>
## Relabel packets to openqa_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_openqa_server_packets',`
gen_require(`
type openqa_server_packet_t;
')
allow $1 openqa_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the openqa_websockets port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_openqa_websockets_port',`
gen_require(`
type openqa_websockets_port_t;
')
allow $1 openqa_websockets_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the openqa_websockets port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_openqa_websockets_port',`
gen_require(`
type openqa_websockets_port_t;
')
allow $1 openqa_websockets_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the openqa_websockets port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_openqa_websockets_port',`
gen_require(`
type openqa_websockets_port_t;
')
dontaudit $1 openqa_websockets_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the openqa_websockets port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_openqa_websockets_port',`
gen_require(`
type openqa_websockets_port_t;
')
allow $1 openqa_websockets_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the openqa_websockets port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_openqa_websockets_port',`
gen_require(`
type openqa_websockets_port_t;
')
dontaudit $1 openqa_websockets_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the openqa_websockets port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_openqa_websockets_port',`
corenet_udp_send_openqa_websockets_port($1)
corenet_udp_receive_openqa_websockets_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the openqa_websockets port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_openqa_websockets_port',`
corenet_dontaudit_udp_send_openqa_websockets_port($1)
corenet_dontaudit_udp_receive_openqa_websockets_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the openqa_websockets port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_openqa_websockets_port',`
gen_require(`
type openqa_websockets_port_t;
')
allow $1 openqa_websockets_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the openqa_websockets port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_openqa_websockets_port',`
gen_require(`
type openqa_websockets_port_t;
')
allow $1 openqa_websockets_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to openqa_websockets port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_openqa_websockets_port',`
gen_require(`
type openqa_websockets_port_t;
')
dontaudit $1 openqa_websockets_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the openqa_websockets port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_openqa_websockets_port',`
gen_require(`
type openqa_websockets_port_t;
')
allow $1 openqa_websockets_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to openqa_websockets port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_openqa_websockets_port',`
gen_require(`
type openqa_websockets_port_t;
')
dontaudit $1 openqa_websockets_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send openqa_websockets_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_openqa_websockets_client_packets',`
gen_require(`
type openqa_websockets_client_packet_t;
')
allow $1 openqa_websockets_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send openqa_websockets_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_openqa_websockets_client_packets',`
gen_require(`
type openqa_websockets_client_packet_t;
')
dontaudit $1 openqa_websockets_client_packet_t:packet send;
')
########################################
## <summary>
## Receive openqa_websockets_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_openqa_websockets_client_packets',`
gen_require(`
type openqa_websockets_client_packet_t;
')
allow $1 openqa_websockets_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive openqa_websockets_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_openqa_websockets_client_packets',`
gen_require(`
type openqa_websockets_client_packet_t;
')
dontaudit $1 openqa_websockets_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive openqa_websockets_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_openqa_websockets_client_packets',`
corenet_send_openqa_websockets_client_packets($1)
corenet_receive_openqa_websockets_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive openqa_websockets_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_openqa_websockets_client_packets',`
corenet_dontaudit_send_openqa_websockets_client_packets($1)
corenet_dontaudit_receive_openqa_websockets_client_packets($1)
')
########################################
## <summary>
## Relabel packets to openqa_websockets_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_openqa_websockets_client_packets',`
gen_require(`
type openqa_websockets_client_packet_t;
')
allow $1 openqa_websockets_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send openqa_websockets_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_openqa_websockets_server_packets',`
gen_require(`
type openqa_websockets_server_packet_t;
')
allow $1 openqa_websockets_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send openqa_websockets_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_openqa_websockets_server_packets',`
gen_require(`
type openqa_websockets_server_packet_t;
')
dontaudit $1 openqa_websockets_server_packet_t:packet send;
')
########################################
## <summary>
## Receive openqa_websockets_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_openqa_websockets_server_packets',`
gen_require(`
type openqa_websockets_server_packet_t;
')
allow $1 openqa_websockets_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive openqa_websockets_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_openqa_websockets_server_packets',`
gen_require(`
type openqa_websockets_server_packet_t;
')
dontaudit $1 openqa_websockets_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive openqa_websockets_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_openqa_websockets_server_packets',`
corenet_send_openqa_websockets_server_packets($1)
corenet_receive_openqa_websockets_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive openqa_websockets_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_openqa_websockets_server_packets',`
corenet_dontaudit_send_openqa_websockets_server_packets($1)
corenet_dontaudit_receive_openqa_websockets_server_packets($1)
')
########################################
## <summary>
## Relabel packets to openqa_websockets_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_openqa_websockets_server_packets',`
gen_require(`
type openqa_websockets_server_packet_t;
')
allow $1 openqa_websockets_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the openqa_liveview port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_openqa_liveview_port',`
gen_require(`
type openqa_liveview_port_t;
')
allow $1 openqa_liveview_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the openqa_liveview port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_openqa_liveview_port',`
gen_require(`
type openqa_liveview_port_t;
')
allow $1 openqa_liveview_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the openqa_liveview port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_openqa_liveview_port',`
gen_require(`
type openqa_liveview_port_t;
')
dontaudit $1 openqa_liveview_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the openqa_liveview port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_openqa_liveview_port',`
gen_require(`
type openqa_liveview_port_t;
')
allow $1 openqa_liveview_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the openqa_liveview port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_openqa_liveview_port',`
gen_require(`
type openqa_liveview_port_t;
')
dontaudit $1 openqa_liveview_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the openqa_liveview port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_openqa_liveview_port',`
corenet_udp_send_openqa_liveview_port($1)
corenet_udp_receive_openqa_liveview_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the openqa_liveview port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_openqa_liveview_port',`
corenet_dontaudit_udp_send_openqa_liveview_port($1)
corenet_dontaudit_udp_receive_openqa_liveview_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the openqa_liveview port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_openqa_liveview_port',`
gen_require(`
type openqa_liveview_port_t;
')
allow $1 openqa_liveview_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the openqa_liveview port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_openqa_liveview_port',`
gen_require(`
type openqa_liveview_port_t;
')
allow $1 openqa_liveview_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to openqa_liveview port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_openqa_liveview_port',`
gen_require(`
type openqa_liveview_port_t;
')
dontaudit $1 openqa_liveview_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the openqa_liveview port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_openqa_liveview_port',`
gen_require(`
type openqa_liveview_port_t;
')
allow $1 openqa_liveview_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to openqa_liveview port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_openqa_liveview_port',`
gen_require(`
type openqa_liveview_port_t;
')
dontaudit $1 openqa_liveview_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send openqa_liveview_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_openqa_liveview_client_packets',`
gen_require(`
type openqa_liveview_client_packet_t;
')
allow $1 openqa_liveview_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send openqa_liveview_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_openqa_liveview_client_packets',`
gen_require(`
type openqa_liveview_client_packet_t;
')
dontaudit $1 openqa_liveview_client_packet_t:packet send;
')
########################################
## <summary>
## Receive openqa_liveview_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_openqa_liveview_client_packets',`
gen_require(`
type openqa_liveview_client_packet_t;
')
allow $1 openqa_liveview_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive openqa_liveview_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_openqa_liveview_client_packets',`
gen_require(`
type openqa_liveview_client_packet_t;
')
dontaudit $1 openqa_liveview_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive openqa_liveview_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_openqa_liveview_client_packets',`
corenet_send_openqa_liveview_client_packets($1)
corenet_receive_openqa_liveview_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive openqa_liveview_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_openqa_liveview_client_packets',`
corenet_dontaudit_send_openqa_liveview_client_packets($1)
corenet_dontaudit_receive_openqa_liveview_client_packets($1)
')
########################################
## <summary>
## Relabel packets to openqa_liveview_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_openqa_liveview_client_packets',`
gen_require(`
type openqa_liveview_client_packet_t;
')
allow $1 openqa_liveview_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send openqa_liveview_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_openqa_liveview_server_packets',`
gen_require(`
type openqa_liveview_server_packet_t;
')
allow $1 openqa_liveview_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send openqa_liveview_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_openqa_liveview_server_packets',`
gen_require(`
type openqa_liveview_server_packet_t;
')
dontaudit $1 openqa_liveview_server_packet_t:packet send;
')
########################################
## <summary>
## Receive openqa_liveview_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_openqa_liveview_server_packets',`
gen_require(`
type openqa_liveview_server_packet_t;
')
allow $1 openqa_liveview_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive openqa_liveview_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_openqa_liveview_server_packets',`
gen_require(`
type openqa_liveview_server_packet_t;
')
dontaudit $1 openqa_liveview_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive openqa_liveview_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_openqa_liveview_server_packets',`
corenet_send_openqa_liveview_server_packets($1)
corenet_receive_openqa_liveview_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive openqa_liveview_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_openqa_liveview_server_packets',`
corenet_dontaudit_send_openqa_liveview_server_packets($1)
corenet_dontaudit_receive_openqa_liveview_server_packets($1)
')
########################################
## <summary>
## Relabel packets to openqa_liveview_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_openqa_liveview_server_packets',`
gen_require(`
type openqa_liveview_server_packet_t;
')
allow $1 openqa_liveview_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the osapi_compute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_osapi_compute_port',`
gen_require(`
type osapi_compute_port_t;
')
allow $1 osapi_compute_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the osapi_compute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_osapi_compute_port',`
gen_require(`
type osapi_compute_port_t;
')
allow $1 osapi_compute_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the osapi_compute port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_osapi_compute_port',`
gen_require(`
type osapi_compute_port_t;
')
dontaudit $1 osapi_compute_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the osapi_compute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_osapi_compute_port',`
gen_require(`
type osapi_compute_port_t;
')
allow $1 osapi_compute_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the osapi_compute port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_osapi_compute_port',`
gen_require(`
type osapi_compute_port_t;
')
dontaudit $1 osapi_compute_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the osapi_compute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_osapi_compute_port',`
corenet_udp_send_osapi_compute_port($1)
corenet_udp_receive_osapi_compute_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the osapi_compute port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_osapi_compute_port',`
corenet_dontaudit_udp_send_osapi_compute_port($1)
corenet_dontaudit_udp_receive_osapi_compute_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the osapi_compute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_osapi_compute_port',`
gen_require(`
type osapi_compute_port_t;
')
allow $1 osapi_compute_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the osapi_compute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_osapi_compute_port',`
gen_require(`
type osapi_compute_port_t;
')
allow $1 osapi_compute_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to osapi_compute port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_osapi_compute_port',`
gen_require(`
type osapi_compute_port_t;
')
dontaudit $1 osapi_compute_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the osapi_compute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_osapi_compute_port',`
gen_require(`
type osapi_compute_port_t;
')
allow $1 osapi_compute_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to osapi_compute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_osapi_compute_port',`
gen_require(`
type osapi_compute_port_t;
')
dontaudit $1 osapi_compute_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send osapi_compute_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_osapi_compute_client_packets',`
gen_require(`
type osapi_compute_client_packet_t;
')
allow $1 osapi_compute_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send osapi_compute_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_osapi_compute_client_packets',`
gen_require(`
type osapi_compute_client_packet_t;
')
dontaudit $1 osapi_compute_client_packet_t:packet send;
')
########################################
## <summary>
## Receive osapi_compute_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_osapi_compute_client_packets',`
gen_require(`
type osapi_compute_client_packet_t;
')
allow $1 osapi_compute_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive osapi_compute_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_osapi_compute_client_packets',`
gen_require(`
type osapi_compute_client_packet_t;
')
dontaudit $1 osapi_compute_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive osapi_compute_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_osapi_compute_client_packets',`
corenet_send_osapi_compute_client_packets($1)
corenet_receive_osapi_compute_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive osapi_compute_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_osapi_compute_client_packets',`
corenet_dontaudit_send_osapi_compute_client_packets($1)
corenet_dontaudit_receive_osapi_compute_client_packets($1)
')
########################################
## <summary>
## Relabel packets to osapi_compute_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_osapi_compute_client_packets',`
gen_require(`
type osapi_compute_client_packet_t;
')
allow $1 osapi_compute_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send osapi_compute_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_osapi_compute_server_packets',`
gen_require(`
type osapi_compute_server_packet_t;
')
allow $1 osapi_compute_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send osapi_compute_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_osapi_compute_server_packets',`
gen_require(`
type osapi_compute_server_packet_t;
')
dontaudit $1 osapi_compute_server_packet_t:packet send;
')
########################################
## <summary>
## Receive osapi_compute_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_osapi_compute_server_packets',`
gen_require(`
type osapi_compute_server_packet_t;
')
allow $1 osapi_compute_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive osapi_compute_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_osapi_compute_server_packets',`
gen_require(`
type osapi_compute_server_packet_t;
')
dontaudit $1 osapi_compute_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive osapi_compute_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_osapi_compute_server_packets',`
corenet_send_osapi_compute_server_packets($1)
corenet_receive_osapi_compute_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive osapi_compute_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_osapi_compute_server_packets',`
corenet_dontaudit_send_osapi_compute_server_packets($1)
corenet_dontaudit_receive_osapi_compute_server_packets($1)
')
########################################
## <summary>
## Relabel packets to osapi_compute_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_osapi_compute_server_packets',`
gen_require(`
type osapi_compute_server_packet_t;
')
allow $1 osapi_compute_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ovsdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ovsdb_port',`
gen_require(`
type ovsdb_port_t;
')
allow $1 ovsdb_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ovsdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ovsdb_port',`
gen_require(`
type ovsdb_port_t;
')
allow $1 ovsdb_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ovsdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ovsdb_port',`
gen_require(`
type ovsdb_port_t;
')
dontaudit $1 ovsdb_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ovsdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ovsdb_port',`
gen_require(`
type ovsdb_port_t;
')
allow $1 ovsdb_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ovsdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ovsdb_port',`
gen_require(`
type ovsdb_port_t;
')
dontaudit $1 ovsdb_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ovsdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ovsdb_port',`
corenet_udp_send_ovsdb_port($1)
corenet_udp_receive_ovsdb_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ovsdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ovsdb_port',`
corenet_dontaudit_udp_send_ovsdb_port($1)
corenet_dontaudit_udp_receive_ovsdb_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ovsdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ovsdb_port',`
gen_require(`
type ovsdb_port_t;
')
allow $1 ovsdb_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ovsdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ovsdb_port',`
gen_require(`
type ovsdb_port_t;
')
allow $1 ovsdb_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to ovsdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ovsdb_port',`
gen_require(`
type ovsdb_port_t;
')
dontaudit $1 ovsdb_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ovsdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ovsdb_port',`
gen_require(`
type ovsdb_port_t;
')
allow $1 ovsdb_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ovsdb port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ovsdb_port',`
gen_require(`
type ovsdb_port_t;
')
dontaudit $1 ovsdb_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ovsdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ovsdb_client_packets',`
gen_require(`
type ovsdb_client_packet_t;
')
allow $1 ovsdb_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ovsdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ovsdb_client_packets',`
gen_require(`
type ovsdb_client_packet_t;
')
dontaudit $1 ovsdb_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ovsdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ovsdb_client_packets',`
gen_require(`
type ovsdb_client_packet_t;
')
allow $1 ovsdb_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ovsdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ovsdb_client_packets',`
gen_require(`
type ovsdb_client_packet_t;
')
dontaudit $1 ovsdb_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ovsdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ovsdb_client_packets',`
corenet_send_ovsdb_client_packets($1)
corenet_receive_ovsdb_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ovsdb_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ovsdb_client_packets',`
corenet_dontaudit_send_ovsdb_client_packets($1)
corenet_dontaudit_receive_ovsdb_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ovsdb_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ovsdb_client_packets',`
gen_require(`
type ovsdb_client_packet_t;
')
allow $1 ovsdb_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ovsdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ovsdb_server_packets',`
gen_require(`
type ovsdb_server_packet_t;
')
allow $1 ovsdb_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ovsdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ovsdb_server_packets',`
gen_require(`
type ovsdb_server_packet_t;
')
dontaudit $1 ovsdb_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ovsdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ovsdb_server_packets',`
gen_require(`
type ovsdb_server_packet_t;
')
allow $1 ovsdb_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ovsdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ovsdb_server_packets',`
gen_require(`
type ovsdb_server_packet_t;
')
dontaudit $1 ovsdb_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ovsdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ovsdb_server_packets',`
corenet_send_ovsdb_server_packets($1)
corenet_receive_ovsdb_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ovsdb_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ovsdb_server_packets',`
corenet_dontaudit_send_ovsdb_server_packets($1)
corenet_dontaudit_receive_ovsdb_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ovsdb_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ovsdb_server_packets',`
gen_require(`
type ovsdb_server_packet_t;
')
allow $1 ovsdb_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pdps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pdps_port',`
gen_require(`
type pdps_port_t;
')
allow $1 pdps_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pdps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pdps_port',`
gen_require(`
type pdps_port_t;
')
allow $1 pdps_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pdps port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pdps_port',`
gen_require(`
type pdps_port_t;
')
dontaudit $1 pdps_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pdps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pdps_port',`
gen_require(`
type pdps_port_t;
')
allow $1 pdps_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pdps port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pdps_port',`
gen_require(`
type pdps_port_t;
')
dontaudit $1 pdps_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pdps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pdps_port',`
corenet_udp_send_pdps_port($1)
corenet_udp_receive_pdps_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pdps port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pdps_port',`
corenet_dontaudit_udp_send_pdps_port($1)
corenet_dontaudit_udp_receive_pdps_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pdps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pdps_port',`
gen_require(`
type pdps_port_t;
')
allow $1 pdps_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pdps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pdps_port',`
gen_require(`
type pdps_port_t;
')
allow $1 pdps_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to pdps port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_pdps_port',`
gen_require(`
type pdps_port_t;
')
dontaudit $1 pdps_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pdps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pdps_port',`
gen_require(`
type pdps_port_t;
')
allow $1 pdps_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to pdps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_pdps_port',`
gen_require(`
type pdps_port_t;
')
dontaudit $1 pdps_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pdps_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pdps_client_packets',`
gen_require(`
type pdps_client_packet_t;
')
allow $1 pdps_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pdps_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pdps_client_packets',`
gen_require(`
type pdps_client_packet_t;
')
dontaudit $1 pdps_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pdps_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pdps_client_packets',`
gen_require(`
type pdps_client_packet_t;
')
allow $1 pdps_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pdps_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pdps_client_packets',`
gen_require(`
type pdps_client_packet_t;
')
dontaudit $1 pdps_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pdps_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pdps_client_packets',`
corenet_send_pdps_client_packets($1)
corenet_receive_pdps_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pdps_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pdps_client_packets',`
corenet_dontaudit_send_pdps_client_packets($1)
corenet_dontaudit_receive_pdps_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pdps_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pdps_client_packets',`
gen_require(`
type pdps_client_packet_t;
')
allow $1 pdps_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pdps_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pdps_server_packets',`
gen_require(`
type pdps_server_packet_t;
')
allow $1 pdps_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pdps_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pdps_server_packets',`
gen_require(`
type pdps_server_packet_t;
')
dontaudit $1 pdps_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pdps_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pdps_server_packets',`
gen_require(`
type pdps_server_packet_t;
')
allow $1 pdps_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pdps_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pdps_server_packets',`
gen_require(`
type pdps_server_packet_t;
')
dontaudit $1 pdps_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pdps_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pdps_server_packets',`
corenet_send_pdps_server_packets($1)
corenet_receive_pdps_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pdps_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pdps_server_packets',`
corenet_dontaudit_send_pdps_server_packets($1)
corenet_dontaudit_receive_pdps_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pdps_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pdps_server_packets',`
gen_require(`
type pdps_server_packet_t;
')
allow $1 pdps_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pegasus_http_port',`
gen_require(`
type pegasus_http_port_t;
')
allow $1 pegasus_http_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pegasus_http_port',`
gen_require(`
type pegasus_http_port_t;
')
allow $1 pegasus_http_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pegasus_http_port',`
gen_require(`
type pegasus_http_port_t;
')
dontaudit $1 pegasus_http_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pegasus_http_port',`
gen_require(`
type pegasus_http_port_t;
')
allow $1 pegasus_http_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pegasus_http_port',`
gen_require(`
type pegasus_http_port_t;
')
dontaudit $1 pegasus_http_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pegasus_http_port',`
corenet_udp_send_pegasus_http_port($1)
corenet_udp_receive_pegasus_http_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pegasus_http_port',`
corenet_dontaudit_udp_send_pegasus_http_port($1)
corenet_dontaudit_udp_receive_pegasus_http_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pegasus_http_port',`
gen_require(`
type pegasus_http_port_t;
')
allow $1 pegasus_http_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pegasus_http_port',`
gen_require(`
type pegasus_http_port_t;
')
allow $1 pegasus_http_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_pegasus_http_port',`
gen_require(`
type pegasus_http_port_t;
')
dontaudit $1 pegasus_http_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pegasus_http_port',`
gen_require(`
type pegasus_http_port_t;
')
allow $1 pegasus_http_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to pegasus_http port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_pegasus_http_port',`
gen_require(`
type pegasus_http_port_t;
')
dontaudit $1 pegasus_http_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pegasus_http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pegasus_http_client_packets',`
gen_require(`
type pegasus_http_client_packet_t;
')
allow $1 pegasus_http_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pegasus_http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pegasus_http_client_packets',`
gen_require(`
type pegasus_http_client_packet_t;
')
dontaudit $1 pegasus_http_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pegasus_http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pegasus_http_client_packets',`
gen_require(`
type pegasus_http_client_packet_t;
')
allow $1 pegasus_http_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pegasus_http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pegasus_http_client_packets',`
gen_require(`
type pegasus_http_client_packet_t;
')
dontaudit $1 pegasus_http_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pegasus_http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pegasus_http_client_packets',`
corenet_send_pegasus_http_client_packets($1)
corenet_receive_pegasus_http_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pegasus_http_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pegasus_http_client_packets',`
corenet_dontaudit_send_pegasus_http_client_packets($1)
corenet_dontaudit_receive_pegasus_http_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pegasus_http_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pegasus_http_client_packets',`
gen_require(`
type pegasus_http_client_packet_t;
')
allow $1 pegasus_http_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pegasus_http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pegasus_http_server_packets',`
gen_require(`
type pegasus_http_server_packet_t;
')
allow $1 pegasus_http_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pegasus_http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pegasus_http_server_packets',`
gen_require(`
type pegasus_http_server_packet_t;
')
dontaudit $1 pegasus_http_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pegasus_http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pegasus_http_server_packets',`
gen_require(`
type pegasus_http_server_packet_t;
')
allow $1 pegasus_http_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pegasus_http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pegasus_http_server_packets',`
gen_require(`
type pegasus_http_server_packet_t;
')
dontaudit $1 pegasus_http_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pegasus_http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pegasus_http_server_packets',`
corenet_send_pegasus_http_server_packets($1)
corenet_receive_pegasus_http_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pegasus_http_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pegasus_http_server_packets',`
corenet_dontaudit_send_pegasus_http_server_packets($1)
corenet_dontaudit_receive_pegasus_http_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pegasus_http_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pegasus_http_server_packets',`
gen_require(`
type pegasus_http_server_packet_t;
')
allow $1 pegasus_http_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pegasus_https_port',`
gen_require(`
type pegasus_https_port_t;
')
allow $1 pegasus_https_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pegasus_https_port',`
gen_require(`
type pegasus_https_port_t;
')
allow $1 pegasus_https_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pegasus_https_port',`
gen_require(`
type pegasus_https_port_t;
')
dontaudit $1 pegasus_https_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pegasus_https_port',`
gen_require(`
type pegasus_https_port_t;
')
allow $1 pegasus_https_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pegasus_https_port',`
gen_require(`
type pegasus_https_port_t;
')
dontaudit $1 pegasus_https_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pegasus_https_port',`
corenet_udp_send_pegasus_https_port($1)
corenet_udp_receive_pegasus_https_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pegasus_https_port',`
corenet_dontaudit_udp_send_pegasus_https_port($1)
corenet_dontaudit_udp_receive_pegasus_https_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pegasus_https_port',`
gen_require(`
type pegasus_https_port_t;
')
allow $1 pegasus_https_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pegasus_https_port',`
gen_require(`
type pegasus_https_port_t;
')
allow $1 pegasus_https_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_pegasus_https_port',`
gen_require(`
type pegasus_https_port_t;
')
dontaudit $1 pegasus_https_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pegasus_https_port',`
gen_require(`
type pegasus_https_port_t;
')
allow $1 pegasus_https_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to pegasus_https port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_pegasus_https_port',`
gen_require(`
type pegasus_https_port_t;
')
dontaudit $1 pegasus_https_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pegasus_https_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pegasus_https_client_packets',`
gen_require(`
type pegasus_https_client_packet_t;
')
allow $1 pegasus_https_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pegasus_https_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pegasus_https_client_packets',`
gen_require(`
type pegasus_https_client_packet_t;
')
dontaudit $1 pegasus_https_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pegasus_https_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pegasus_https_client_packets',`
gen_require(`
type pegasus_https_client_packet_t;
')
allow $1 pegasus_https_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pegasus_https_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pegasus_https_client_packets',`
gen_require(`
type pegasus_https_client_packet_t;
')
dontaudit $1 pegasus_https_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pegasus_https_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pegasus_https_client_packets',`
corenet_send_pegasus_https_client_packets($1)
corenet_receive_pegasus_https_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pegasus_https_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pegasus_https_client_packets',`
corenet_dontaudit_send_pegasus_https_client_packets($1)
corenet_dontaudit_receive_pegasus_https_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pegasus_https_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pegasus_https_client_packets',`
gen_require(`
type pegasus_https_client_packet_t;
')
allow $1 pegasus_https_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pegasus_https_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pegasus_https_server_packets',`
gen_require(`
type pegasus_https_server_packet_t;
')
allow $1 pegasus_https_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pegasus_https_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pegasus_https_server_packets',`
gen_require(`
type pegasus_https_server_packet_t;
')
dontaudit $1 pegasus_https_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pegasus_https_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pegasus_https_server_packets',`
gen_require(`
type pegasus_https_server_packet_t;
')
allow $1 pegasus_https_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pegasus_https_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pegasus_https_server_packets',`
gen_require(`
type pegasus_https_server_packet_t;
')
dontaudit $1 pegasus_https_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pegasus_https_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pegasus_https_server_packets',`
corenet_send_pegasus_https_server_packets($1)
corenet_receive_pegasus_https_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pegasus_https_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pegasus_https_server_packets',`
corenet_dontaudit_send_pegasus_https_server_packets($1)
corenet_dontaudit_receive_pegasus_https_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pegasus_https_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pegasus_https_server_packets',`
gen_require(`
type pegasus_https_server_packet_t;
')
allow $1 pegasus_https_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pgpkeyserver_port',`
gen_require(`
type pgpkeyserver_port_t;
')
allow $1 pgpkeyserver_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pgpkeyserver_port',`
gen_require(`
type pgpkeyserver_port_t;
')
allow $1 pgpkeyserver_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pgpkeyserver_port',`
gen_require(`
type pgpkeyserver_port_t;
')
dontaudit $1 pgpkeyserver_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pgpkeyserver_port',`
gen_require(`
type pgpkeyserver_port_t;
')
allow $1 pgpkeyserver_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pgpkeyserver_port',`
gen_require(`
type pgpkeyserver_port_t;
')
dontaudit $1 pgpkeyserver_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pgpkeyserver_port',`
corenet_udp_send_pgpkeyserver_port($1)
corenet_udp_receive_pgpkeyserver_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pgpkeyserver_port',`
corenet_dontaudit_udp_send_pgpkeyserver_port($1)
corenet_dontaudit_udp_receive_pgpkeyserver_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pgpkeyserver_port',`
gen_require(`
type pgpkeyserver_port_t;
')
allow $1 pgpkeyserver_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pgpkeyserver_port',`
gen_require(`
type pgpkeyserver_port_t;
')
allow $1 pgpkeyserver_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_pgpkeyserver_port',`
gen_require(`
type pgpkeyserver_port_t;
')
dontaudit $1 pgpkeyserver_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pgpkeyserver_port',`
gen_require(`
type pgpkeyserver_port_t;
')
allow $1 pgpkeyserver_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to pgpkeyserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_pgpkeyserver_port',`
gen_require(`
type pgpkeyserver_port_t;
')
dontaudit $1 pgpkeyserver_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pgpkeyserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pgpkeyserver_client_packets',`
gen_require(`
type pgpkeyserver_client_packet_t;
')
allow $1 pgpkeyserver_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pgpkeyserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pgpkeyserver_client_packets',`
gen_require(`
type pgpkeyserver_client_packet_t;
')
dontaudit $1 pgpkeyserver_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pgpkeyserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pgpkeyserver_client_packets',`
gen_require(`
type pgpkeyserver_client_packet_t;
')
allow $1 pgpkeyserver_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pgpkeyserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pgpkeyserver_client_packets',`
gen_require(`
type pgpkeyserver_client_packet_t;
')
dontaudit $1 pgpkeyserver_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pgpkeyserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pgpkeyserver_client_packets',`
corenet_send_pgpkeyserver_client_packets($1)
corenet_receive_pgpkeyserver_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pgpkeyserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pgpkeyserver_client_packets',`
corenet_dontaudit_send_pgpkeyserver_client_packets($1)
corenet_dontaudit_receive_pgpkeyserver_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pgpkeyserver_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pgpkeyserver_client_packets',`
gen_require(`
type pgpkeyserver_client_packet_t;
')
allow $1 pgpkeyserver_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pgpkeyserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pgpkeyserver_server_packets',`
gen_require(`
type pgpkeyserver_server_packet_t;
')
allow $1 pgpkeyserver_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pgpkeyserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pgpkeyserver_server_packets',`
gen_require(`
type pgpkeyserver_server_packet_t;
')
dontaudit $1 pgpkeyserver_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pgpkeyserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pgpkeyserver_server_packets',`
gen_require(`
type pgpkeyserver_server_packet_t;
')
allow $1 pgpkeyserver_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pgpkeyserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pgpkeyserver_server_packets',`
gen_require(`
type pgpkeyserver_server_packet_t;
')
dontaudit $1 pgpkeyserver_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pgpkeyserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pgpkeyserver_server_packets',`
corenet_send_pgpkeyserver_server_packets($1)
corenet_receive_pgpkeyserver_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pgpkeyserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pgpkeyserver_server_packets',`
corenet_dontaudit_send_pgpkeyserver_server_packets($1)
corenet_dontaudit_receive_pgpkeyserver_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pgpkeyserver_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pgpkeyserver_server_packets',`
gen_require(`
type pgpkeyserver_server_packet_t;
')
allow $1 pgpkeyserver_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pingd_port',`
gen_require(`
type pingd_port_t;
')
allow $1 pingd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pingd_port',`
gen_require(`
type pingd_port_t;
')
allow $1 pingd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pingd_port',`
gen_require(`
type pingd_port_t;
')
dontaudit $1 pingd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pingd_port',`
gen_require(`
type pingd_port_t;
')
allow $1 pingd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pingd_port',`
gen_require(`
type pingd_port_t;
')
dontaudit $1 pingd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pingd_port',`
corenet_udp_send_pingd_port($1)
corenet_udp_receive_pingd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pingd_port',`
corenet_dontaudit_udp_send_pingd_port($1)
corenet_dontaudit_udp_receive_pingd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pingd_port',`
gen_require(`
type pingd_port_t;
')
allow $1 pingd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pingd_port',`
gen_require(`
type pingd_port_t;
')
allow $1 pingd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_pingd_port',`
gen_require(`
type pingd_port_t;
')
dontaudit $1 pingd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pingd_port',`
gen_require(`
type pingd_port_t;
')
allow $1 pingd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to pingd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_pingd_port',`
gen_require(`
type pingd_port_t;
')
dontaudit $1 pingd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pingd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pingd_client_packets',`
gen_require(`
type pingd_client_packet_t;
')
allow $1 pingd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pingd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pingd_client_packets',`
gen_require(`
type pingd_client_packet_t;
')
dontaudit $1 pingd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pingd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pingd_client_packets',`
gen_require(`
type pingd_client_packet_t;
')
allow $1 pingd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pingd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pingd_client_packets',`
gen_require(`
type pingd_client_packet_t;
')
dontaudit $1 pingd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pingd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pingd_client_packets',`
corenet_send_pingd_client_packets($1)
corenet_receive_pingd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pingd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pingd_client_packets',`
corenet_dontaudit_send_pingd_client_packets($1)
corenet_dontaudit_receive_pingd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pingd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pingd_client_packets',`
gen_require(`
type pingd_client_packet_t;
')
allow $1 pingd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pingd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pingd_server_packets',`
gen_require(`
type pingd_server_packet_t;
')
allow $1 pingd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pingd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pingd_server_packets',`
gen_require(`
type pingd_server_packet_t;
')
dontaudit $1 pingd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pingd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pingd_server_packets',`
gen_require(`
type pingd_server_packet_t;
')
allow $1 pingd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pingd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pingd_server_packets',`
gen_require(`
type pingd_server_packet_t;
')
dontaudit $1 pingd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pingd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pingd_server_packets',`
corenet_send_pingd_server_packets($1)
corenet_receive_pingd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pingd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pingd_server_packets',`
corenet_dontaudit_send_pingd_server_packets($1)
corenet_dontaudit_receive_pingd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pingd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pingd_server_packets',`
gen_require(`
type pingd_server_packet_t;
')
allow $1 pingd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pki_ca_port',`
gen_require(`
type pki_ca_port_t;
')
allow $1 pki_ca_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pki_ca_port',`
gen_require(`
type pki_ca_port_t;
')
allow $1 pki_ca_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pki_ca_port',`
gen_require(`
type pki_ca_port_t;
')
dontaudit $1 pki_ca_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pki_ca_port',`
gen_require(`
type pki_ca_port_t;
')
allow $1 pki_ca_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pki_ca_port',`
gen_require(`
type pki_ca_port_t;
')
dontaudit $1 pki_ca_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pki_ca_port',`
corenet_udp_send_pki_ca_port($1)
corenet_udp_receive_pki_ca_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pki_ca_port',`
corenet_dontaudit_udp_send_pki_ca_port($1)
corenet_dontaudit_udp_receive_pki_ca_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pki_ca_port',`
gen_require(`
type pki_ca_port_t;
')
allow $1 pki_ca_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pki_ca_port',`
gen_require(`
type pki_ca_port_t;
')
allow $1 pki_ca_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_pki_ca_port',`
gen_require(`
type pki_ca_port_t;
')
dontaudit $1 pki_ca_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pki_ca_port',`
gen_require(`
type pki_ca_port_t;
')
allow $1 pki_ca_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to pki_ca port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_pki_ca_port',`
gen_require(`
type pki_ca_port_t;
')
dontaudit $1 pki_ca_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pki_ca_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_ca_client_packets',`
gen_require(`
type pki_ca_client_packet_t;
')
allow $1 pki_ca_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_ca_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_ca_client_packets',`
gen_require(`
type pki_ca_client_packet_t;
')
dontaudit $1 pki_ca_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_ca_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_ca_client_packets',`
gen_require(`
type pki_ca_client_packet_t;
')
allow $1 pki_ca_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_ca_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_ca_client_packets',`
gen_require(`
type pki_ca_client_packet_t;
')
dontaudit $1 pki_ca_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_ca_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_ca_client_packets',`
corenet_send_pki_ca_client_packets($1)
corenet_receive_pki_ca_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_ca_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_ca_client_packets',`
corenet_dontaudit_send_pki_ca_client_packets($1)
corenet_dontaudit_receive_pki_ca_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_ca_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_ca_client_packets',`
gen_require(`
type pki_ca_client_packet_t;
')
allow $1 pki_ca_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pki_ca_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_ca_server_packets',`
gen_require(`
type pki_ca_server_packet_t;
')
allow $1 pki_ca_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_ca_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_ca_server_packets',`
gen_require(`
type pki_ca_server_packet_t;
')
dontaudit $1 pki_ca_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_ca_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_ca_server_packets',`
gen_require(`
type pki_ca_server_packet_t;
')
allow $1 pki_ca_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_ca_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_ca_server_packets',`
gen_require(`
type pki_ca_server_packet_t;
')
dontaudit $1 pki_ca_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_ca_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_ca_server_packets',`
corenet_send_pki_ca_server_packets($1)
corenet_receive_pki_ca_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_ca_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_ca_server_packets',`
corenet_dontaudit_send_pki_ca_server_packets($1)
corenet_dontaudit_receive_pki_ca_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_ca_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_ca_server_packets',`
gen_require(`
type pki_ca_server_packet_t;
')
allow $1 pki_ca_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pki_kra_port',`
gen_require(`
type pki_kra_port_t;
')
allow $1 pki_kra_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pki_kra_port',`
gen_require(`
type pki_kra_port_t;
')
allow $1 pki_kra_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pki_kra_port',`
gen_require(`
type pki_kra_port_t;
')
dontaudit $1 pki_kra_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pki_kra_port',`
gen_require(`
type pki_kra_port_t;
')
allow $1 pki_kra_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pki_kra_port',`
gen_require(`
type pki_kra_port_t;
')
dontaudit $1 pki_kra_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pki_kra_port',`
corenet_udp_send_pki_kra_port($1)
corenet_udp_receive_pki_kra_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pki_kra_port',`
corenet_dontaudit_udp_send_pki_kra_port($1)
corenet_dontaudit_udp_receive_pki_kra_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pki_kra_port',`
gen_require(`
type pki_kra_port_t;
')
allow $1 pki_kra_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pki_kra_port',`
gen_require(`
type pki_kra_port_t;
')
allow $1 pki_kra_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_pki_kra_port',`
gen_require(`
type pki_kra_port_t;
')
dontaudit $1 pki_kra_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pki_kra_port',`
gen_require(`
type pki_kra_port_t;
')
allow $1 pki_kra_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to pki_kra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_pki_kra_port',`
gen_require(`
type pki_kra_port_t;
')
dontaudit $1 pki_kra_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pki_kra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_kra_client_packets',`
gen_require(`
type pki_kra_client_packet_t;
')
allow $1 pki_kra_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_kra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_kra_client_packets',`
gen_require(`
type pki_kra_client_packet_t;
')
dontaudit $1 pki_kra_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_kra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_kra_client_packets',`
gen_require(`
type pki_kra_client_packet_t;
')
allow $1 pki_kra_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_kra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_kra_client_packets',`
gen_require(`
type pki_kra_client_packet_t;
')
dontaudit $1 pki_kra_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_kra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_kra_client_packets',`
corenet_send_pki_kra_client_packets($1)
corenet_receive_pki_kra_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_kra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_kra_client_packets',`
corenet_dontaudit_send_pki_kra_client_packets($1)
corenet_dontaudit_receive_pki_kra_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_kra_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_kra_client_packets',`
gen_require(`
type pki_kra_client_packet_t;
')
allow $1 pki_kra_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pki_kra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_kra_server_packets',`
gen_require(`
type pki_kra_server_packet_t;
')
allow $1 pki_kra_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_kra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_kra_server_packets',`
gen_require(`
type pki_kra_server_packet_t;
')
dontaudit $1 pki_kra_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_kra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_kra_server_packets',`
gen_require(`
type pki_kra_server_packet_t;
')
allow $1 pki_kra_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_kra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_kra_server_packets',`
gen_require(`
type pki_kra_server_packet_t;
')
dontaudit $1 pki_kra_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_kra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_kra_server_packets',`
corenet_send_pki_kra_server_packets($1)
corenet_receive_pki_kra_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_kra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_kra_server_packets',`
corenet_dontaudit_send_pki_kra_server_packets($1)
corenet_dontaudit_receive_pki_kra_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_kra_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_kra_server_packets',`
gen_require(`
type pki_kra_server_packet_t;
')
allow $1 pki_kra_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pki_ocsp_port',`
gen_require(`
type pki_ocsp_port_t;
')
allow $1 pki_ocsp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pki_ocsp_port',`
gen_require(`
type pki_ocsp_port_t;
')
allow $1 pki_ocsp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pki_ocsp_port',`
gen_require(`
type pki_ocsp_port_t;
')
dontaudit $1 pki_ocsp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pki_ocsp_port',`
gen_require(`
type pki_ocsp_port_t;
')
allow $1 pki_ocsp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pki_ocsp_port',`
gen_require(`
type pki_ocsp_port_t;
')
dontaudit $1 pki_ocsp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pki_ocsp_port',`
corenet_udp_send_pki_ocsp_port($1)
corenet_udp_receive_pki_ocsp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pki_ocsp_port',`
corenet_dontaudit_udp_send_pki_ocsp_port($1)
corenet_dontaudit_udp_receive_pki_ocsp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pki_ocsp_port',`
gen_require(`
type pki_ocsp_port_t;
')
allow $1 pki_ocsp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pki_ocsp_port',`
gen_require(`
type pki_ocsp_port_t;
')
allow $1 pki_ocsp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_pki_ocsp_port',`
gen_require(`
type pki_ocsp_port_t;
')
dontaudit $1 pki_ocsp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pki_ocsp_port',`
gen_require(`
type pki_ocsp_port_t;
')
allow $1 pki_ocsp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to pki_ocsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_pki_ocsp_port',`
gen_require(`
type pki_ocsp_port_t;
')
dontaudit $1 pki_ocsp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pki_ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_ocsp_client_packets',`
gen_require(`
type pki_ocsp_client_packet_t;
')
allow $1 pki_ocsp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_ocsp_client_packets',`
gen_require(`
type pki_ocsp_client_packet_t;
')
dontaudit $1 pki_ocsp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_ocsp_client_packets',`
gen_require(`
type pki_ocsp_client_packet_t;
')
allow $1 pki_ocsp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_ocsp_client_packets',`
gen_require(`
type pki_ocsp_client_packet_t;
')
dontaudit $1 pki_ocsp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_ocsp_client_packets',`
corenet_send_pki_ocsp_client_packets($1)
corenet_receive_pki_ocsp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_ocsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_ocsp_client_packets',`
corenet_dontaudit_send_pki_ocsp_client_packets($1)
corenet_dontaudit_receive_pki_ocsp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_ocsp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_ocsp_client_packets',`
gen_require(`
type pki_ocsp_client_packet_t;
')
allow $1 pki_ocsp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pki_ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_ocsp_server_packets',`
gen_require(`
type pki_ocsp_server_packet_t;
')
allow $1 pki_ocsp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_ocsp_server_packets',`
gen_require(`
type pki_ocsp_server_packet_t;
')
dontaudit $1 pki_ocsp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_ocsp_server_packets',`
gen_require(`
type pki_ocsp_server_packet_t;
')
allow $1 pki_ocsp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_ocsp_server_packets',`
gen_require(`
type pki_ocsp_server_packet_t;
')
dontaudit $1 pki_ocsp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_ocsp_server_packets',`
corenet_send_pki_ocsp_server_packets($1)
corenet_receive_pki_ocsp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_ocsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_ocsp_server_packets',`
corenet_dontaudit_send_pki_ocsp_server_packets($1)
corenet_dontaudit_receive_pki_ocsp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_ocsp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_ocsp_server_packets',`
gen_require(`
type pki_ocsp_server_packet_t;
')
allow $1 pki_ocsp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pki_tks_port',`
gen_require(`
type pki_tks_port_t;
')
allow $1 pki_tks_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pki_tks_port',`
gen_require(`
type pki_tks_port_t;
')
allow $1 pki_tks_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pki_tks_port',`
gen_require(`
type pki_tks_port_t;
')
dontaudit $1 pki_tks_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pki_tks_port',`
gen_require(`
type pki_tks_port_t;
')
allow $1 pki_tks_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pki_tks_port',`
gen_require(`
type pki_tks_port_t;
')
dontaudit $1 pki_tks_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pki_tks_port',`
corenet_udp_send_pki_tks_port($1)
corenet_udp_receive_pki_tks_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pki_tks_port',`
corenet_dontaudit_udp_send_pki_tks_port($1)
corenet_dontaudit_udp_receive_pki_tks_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pki_tks_port',`
gen_require(`
type pki_tks_port_t;
')
allow $1 pki_tks_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pki_tks_port',`
gen_require(`
type pki_tks_port_t;
')
allow $1 pki_tks_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_pki_tks_port',`
gen_require(`
type pki_tks_port_t;
')
dontaudit $1 pki_tks_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pki_tks_port',`
gen_require(`
type pki_tks_port_t;
')
allow $1 pki_tks_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to pki_tks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_pki_tks_port',`
gen_require(`
type pki_tks_port_t;
')
dontaudit $1 pki_tks_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pki_tks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_tks_client_packets',`
gen_require(`
type pki_tks_client_packet_t;
')
allow $1 pki_tks_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_tks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_tks_client_packets',`
gen_require(`
type pki_tks_client_packet_t;
')
dontaudit $1 pki_tks_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_tks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_tks_client_packets',`
gen_require(`
type pki_tks_client_packet_t;
')
allow $1 pki_tks_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_tks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_tks_client_packets',`
gen_require(`
type pki_tks_client_packet_t;
')
dontaudit $1 pki_tks_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_tks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_tks_client_packets',`
corenet_send_pki_tks_client_packets($1)
corenet_receive_pki_tks_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_tks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_tks_client_packets',`
corenet_dontaudit_send_pki_tks_client_packets($1)
corenet_dontaudit_receive_pki_tks_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_tks_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_tks_client_packets',`
gen_require(`
type pki_tks_client_packet_t;
')
allow $1 pki_tks_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pki_tks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_tks_server_packets',`
gen_require(`
type pki_tks_server_packet_t;
')
allow $1 pki_tks_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_tks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_tks_server_packets',`
gen_require(`
type pki_tks_server_packet_t;
')
dontaudit $1 pki_tks_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_tks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_tks_server_packets',`
gen_require(`
type pki_tks_server_packet_t;
')
allow $1 pki_tks_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_tks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_tks_server_packets',`
gen_require(`
type pki_tks_server_packet_t;
')
dontaudit $1 pki_tks_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_tks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_tks_server_packets',`
corenet_send_pki_tks_server_packets($1)
corenet_receive_pki_tks_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_tks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_tks_server_packets',`
corenet_dontaudit_send_pki_tks_server_packets($1)
corenet_dontaudit_receive_pki_tks_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_tks_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_tks_server_packets',`
gen_require(`
type pki_tks_server_packet_t;
')
allow $1 pki_tks_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pki_ra_port',`
gen_require(`
type pki_ra_port_t;
')
allow $1 pki_ra_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pki_ra_port',`
gen_require(`
type pki_ra_port_t;
')
allow $1 pki_ra_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pki_ra_port',`
gen_require(`
type pki_ra_port_t;
')
dontaudit $1 pki_ra_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pki_ra_port',`
gen_require(`
type pki_ra_port_t;
')
allow $1 pki_ra_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pki_ra_port',`
gen_require(`
type pki_ra_port_t;
')
dontaudit $1 pki_ra_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pki_ra_port',`
corenet_udp_send_pki_ra_port($1)
corenet_udp_receive_pki_ra_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pki_ra_port',`
corenet_dontaudit_udp_send_pki_ra_port($1)
corenet_dontaudit_udp_receive_pki_ra_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pki_ra_port',`
gen_require(`
type pki_ra_port_t;
')
allow $1 pki_ra_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pki_ra_port',`
gen_require(`
type pki_ra_port_t;
')
allow $1 pki_ra_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_pki_ra_port',`
gen_require(`
type pki_ra_port_t;
')
dontaudit $1 pki_ra_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pki_ra_port',`
gen_require(`
type pki_ra_port_t;
')
allow $1 pki_ra_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to pki_ra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_pki_ra_port',`
gen_require(`
type pki_ra_port_t;
')
dontaudit $1 pki_ra_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pki_ra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_ra_client_packets',`
gen_require(`
type pki_ra_client_packet_t;
')
allow $1 pki_ra_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_ra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_ra_client_packets',`
gen_require(`
type pki_ra_client_packet_t;
')
dontaudit $1 pki_ra_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_ra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_ra_client_packets',`
gen_require(`
type pki_ra_client_packet_t;
')
allow $1 pki_ra_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_ra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_ra_client_packets',`
gen_require(`
type pki_ra_client_packet_t;
')
dontaudit $1 pki_ra_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_ra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_ra_client_packets',`
corenet_send_pki_ra_client_packets($1)
corenet_receive_pki_ra_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_ra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_ra_client_packets',`
corenet_dontaudit_send_pki_ra_client_packets($1)
corenet_dontaudit_receive_pki_ra_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_ra_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_ra_client_packets',`
gen_require(`
type pki_ra_client_packet_t;
')
allow $1 pki_ra_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pki_ra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_ra_server_packets',`
gen_require(`
type pki_ra_server_packet_t;
')
allow $1 pki_ra_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_ra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_ra_server_packets',`
gen_require(`
type pki_ra_server_packet_t;
')
dontaudit $1 pki_ra_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_ra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_ra_server_packets',`
gen_require(`
type pki_ra_server_packet_t;
')
allow $1 pki_ra_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_ra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_ra_server_packets',`
gen_require(`
type pki_ra_server_packet_t;
')
dontaudit $1 pki_ra_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_ra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_ra_server_packets',`
corenet_send_pki_ra_server_packets($1)
corenet_receive_pki_ra_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_ra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_ra_server_packets',`
corenet_dontaudit_send_pki_ra_server_packets($1)
corenet_dontaudit_receive_pki_ra_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_ra_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_ra_server_packets',`
gen_require(`
type pki_ra_server_packet_t;
')
allow $1 pki_ra_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pki_tps_port',`
gen_require(`
type pki_tps_port_t;
')
allow $1 pki_tps_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pki_tps_port',`
gen_require(`
type pki_tps_port_t;
')
allow $1 pki_tps_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pki_tps_port',`
gen_require(`
type pki_tps_port_t;
')
dontaudit $1 pki_tps_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pki_tps_port',`
gen_require(`
type pki_tps_port_t;
')
allow $1 pki_tps_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pki_tps_port',`
gen_require(`
type pki_tps_port_t;
')
dontaudit $1 pki_tps_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pki_tps_port',`
corenet_udp_send_pki_tps_port($1)
corenet_udp_receive_pki_tps_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pki_tps_port',`
corenet_dontaudit_udp_send_pki_tps_port($1)
corenet_dontaudit_udp_receive_pki_tps_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pki_tps_port',`
gen_require(`
type pki_tps_port_t;
')
allow $1 pki_tps_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pki_tps_port',`
gen_require(`
type pki_tps_port_t;
')
allow $1 pki_tps_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_pki_tps_port',`
gen_require(`
type pki_tps_port_t;
')
dontaudit $1 pki_tps_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pki_tps_port',`
gen_require(`
type pki_tps_port_t;
')
allow $1 pki_tps_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to pki_tps port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_pki_tps_port',`
gen_require(`
type pki_tps_port_t;
')
dontaudit $1 pki_tps_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pki_tps_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_tps_client_packets',`
gen_require(`
type pki_tps_client_packet_t;
')
allow $1 pki_tps_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_tps_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_tps_client_packets',`
gen_require(`
type pki_tps_client_packet_t;
')
dontaudit $1 pki_tps_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_tps_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_tps_client_packets',`
gen_require(`
type pki_tps_client_packet_t;
')
allow $1 pki_tps_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_tps_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_tps_client_packets',`
gen_require(`
type pki_tps_client_packet_t;
')
dontaudit $1 pki_tps_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_tps_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_tps_client_packets',`
corenet_send_pki_tps_client_packets($1)
corenet_receive_pki_tps_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_tps_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_tps_client_packets',`
corenet_dontaudit_send_pki_tps_client_packets($1)
corenet_dontaudit_receive_pki_tps_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_tps_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_tps_client_packets',`
gen_require(`
type pki_tps_client_packet_t;
')
allow $1 pki_tps_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pki_tps_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pki_tps_server_packets',`
gen_require(`
type pki_tps_server_packet_t;
')
allow $1 pki_tps_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pki_tps_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pki_tps_server_packets',`
gen_require(`
type pki_tps_server_packet_t;
')
dontaudit $1 pki_tps_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pki_tps_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pki_tps_server_packets',`
gen_require(`
type pki_tps_server_packet_t;
')
allow $1 pki_tps_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pki_tps_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pki_tps_server_packets',`
gen_require(`
type pki_tps_server_packet_t;
')
dontaudit $1 pki_tps_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pki_tps_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pki_tps_server_packets',`
corenet_send_pki_tps_server_packets($1)
corenet_receive_pki_tps_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pki_tps_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pki_tps_server_packets',`
corenet_dontaudit_send_pki_tps_server_packets($1)
corenet_dontaudit_receive_pki_tps_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pki_tps_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pki_tps_server_packets',`
gen_require(`
type pki_tps_server_packet_t;
')
allow $1 pki_tps_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pktcable_cops port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pktcable_cops_port',`
gen_require(`
type pktcable_cops_port_t;
')
allow $1 pktcable_cops_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pktcable_cops port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pktcable_cops_port',`
gen_require(`
type pktcable_cops_port_t;
')
allow $1 pktcable_cops_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pktcable_cops port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pktcable_cops_port',`
gen_require(`
type pktcable_cops_port_t;
')
dontaudit $1 pktcable_cops_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pktcable_cops port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pktcable_cops_port',`
gen_require(`
type pktcable_cops_port_t;
')
allow $1 pktcable_cops_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pktcable_cops port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pktcable_cops_port',`
gen_require(`
type pktcable_cops_port_t;
')
dontaudit $1 pktcable_cops_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pktcable_cops port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pktcable_cops_port',`
corenet_udp_send_pktcable_cops_port($1)
corenet_udp_receive_pktcable_cops_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pktcable_cops port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pktcable_cops_port',`
corenet_dontaudit_udp_send_pktcable_cops_port($1)
corenet_dontaudit_udp_receive_pktcable_cops_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pktcable_cops port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pktcable_cops_port',`
gen_require(`
type pktcable_cops_port_t;
')
allow $1 pktcable_cops_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pktcable_cops port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pktcable_cops_port',`
gen_require(`
type pktcable_cops_port_t;
')
allow $1 pktcable_cops_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to pktcable_cops port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_pktcable_cops_port',`
gen_require(`
type pktcable_cops_port_t;
')
dontaudit $1 pktcable_cops_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pktcable_cops port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pktcable_cops_port',`
gen_require(`
type pktcable_cops_port_t;
')
allow $1 pktcable_cops_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to pktcable_cops port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_pktcable_cops_port',`
gen_require(`
type pktcable_cops_port_t;
')
dontaudit $1 pktcable_cops_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pktcable_cops_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pktcable_cops_client_packets',`
gen_require(`
type pktcable_cops_client_packet_t;
')
allow $1 pktcable_cops_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pktcable_cops_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pktcable_cops_client_packets',`
gen_require(`
type pktcable_cops_client_packet_t;
')
dontaudit $1 pktcable_cops_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pktcable_cops_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pktcable_cops_client_packets',`
gen_require(`
type pktcable_cops_client_packet_t;
')
allow $1 pktcable_cops_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pktcable_cops_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pktcable_cops_client_packets',`
gen_require(`
type pktcable_cops_client_packet_t;
')
dontaudit $1 pktcable_cops_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pktcable_cops_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pktcable_cops_client_packets',`
corenet_send_pktcable_cops_client_packets($1)
corenet_receive_pktcable_cops_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pktcable_cops_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pktcable_cops_client_packets',`
corenet_dontaudit_send_pktcable_cops_client_packets($1)
corenet_dontaudit_receive_pktcable_cops_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pktcable_cops_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pktcable_cops_client_packets',`
gen_require(`
type pktcable_cops_client_packet_t;
')
allow $1 pktcable_cops_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pktcable_cops_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pktcable_cops_server_packets',`
gen_require(`
type pktcable_cops_server_packet_t;
')
allow $1 pktcable_cops_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pktcable_cops_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pktcable_cops_server_packets',`
gen_require(`
type pktcable_cops_server_packet_t;
')
dontaudit $1 pktcable_cops_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pktcable_cops_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pktcable_cops_server_packets',`
gen_require(`
type pktcable_cops_server_packet_t;
')
allow $1 pktcable_cops_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pktcable_cops_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pktcable_cops_server_packets',`
gen_require(`
type pktcable_cops_server_packet_t;
')
dontaudit $1 pktcable_cops_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pktcable_cops_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pktcable_cops_server_packets',`
corenet_send_pktcable_cops_server_packets($1)
corenet_receive_pktcable_cops_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pktcable_cops_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pktcable_cops_server_packets',`
corenet_dontaudit_send_pktcable_cops_server_packets($1)
corenet_dontaudit_receive_pktcable_cops_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pktcable_cops_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pktcable_cops_server_packets',`
gen_require(`
type pktcable_cops_server_packet_t;
')
allow $1 pktcable_cops_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pop_port',`
gen_require(`
type pop_port_t;
')
allow $1 pop_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pop_port',`
gen_require(`
type pop_port_t;
')
allow $1 pop_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pop_port',`
gen_require(`
type pop_port_t;
')
dontaudit $1 pop_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pop_port',`
gen_require(`
type pop_port_t;
')
allow $1 pop_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pop_port',`
gen_require(`
type pop_port_t;
')
dontaudit $1 pop_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pop_port',`
corenet_udp_send_pop_port($1)
corenet_udp_receive_pop_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pop_port',`
corenet_dontaudit_udp_send_pop_port($1)
corenet_dontaudit_udp_receive_pop_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pop_port',`
gen_require(`
type pop_port_t;
')
allow $1 pop_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pop_port',`
gen_require(`
type pop_port_t;
')
allow $1 pop_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_pop_port',`
gen_require(`
type pop_port_t;
')
dontaudit $1 pop_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pop_port',`
gen_require(`
type pop_port_t;
')
allow $1 pop_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to pop port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_pop_port',`
gen_require(`
type pop_port_t;
')
dontaudit $1 pop_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pop_client_packets',`
gen_require(`
type pop_client_packet_t;
')
allow $1 pop_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pop_client_packets',`
gen_require(`
type pop_client_packet_t;
')
dontaudit $1 pop_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pop_client_packets',`
gen_require(`
type pop_client_packet_t;
')
allow $1 pop_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pop_client_packets',`
gen_require(`
type pop_client_packet_t;
')
dontaudit $1 pop_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pop_client_packets',`
corenet_send_pop_client_packets($1)
corenet_receive_pop_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pop_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pop_client_packets',`
corenet_dontaudit_send_pop_client_packets($1)
corenet_dontaudit_receive_pop_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pop_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pop_client_packets',`
gen_require(`
type pop_client_packet_t;
')
allow $1 pop_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pop_server_packets',`
gen_require(`
type pop_server_packet_t;
')
allow $1 pop_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pop_server_packets',`
gen_require(`
type pop_server_packet_t;
')
dontaudit $1 pop_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pop_server_packets',`
gen_require(`
type pop_server_packet_t;
')
allow $1 pop_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pop_server_packets',`
gen_require(`
type pop_server_packet_t;
')
dontaudit $1 pop_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pop_server_packets',`
corenet_send_pop_server_packets($1)
corenet_receive_pop_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pop_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pop_server_packets',`
corenet_dontaudit_send_pop_server_packets($1)
corenet_dontaudit_receive_pop_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pop_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pop_server_packets',`
gen_require(`
type pop_server_packet_t;
')
allow $1 pop_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_portmap_port',`
gen_require(`
type portmap_port_t;
')
allow $1 portmap_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_portmap_port',`
gen_require(`
type portmap_port_t;
')
allow $1 portmap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_portmap_port',`
gen_require(`
type portmap_port_t;
')
dontaudit $1 portmap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_portmap_port',`
gen_require(`
type portmap_port_t;
')
allow $1 portmap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_portmap_port',`
gen_require(`
type portmap_port_t;
')
dontaudit $1 portmap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_portmap_port',`
corenet_udp_send_portmap_port($1)
corenet_udp_receive_portmap_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_portmap_port',`
corenet_dontaudit_udp_send_portmap_port($1)
corenet_dontaudit_udp_receive_portmap_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_portmap_port',`
gen_require(`
type portmap_port_t;
')
allow $1 portmap_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_portmap_port',`
gen_require(`
type portmap_port_t;
')
allow $1 portmap_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_portmap_port',`
gen_require(`
type portmap_port_t;
')
dontaudit $1 portmap_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_portmap_port',`
gen_require(`
type portmap_port_t;
')
allow $1 portmap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to portmap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_portmap_port',`
gen_require(`
type portmap_port_t;
')
dontaudit $1 portmap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send portmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_portmap_client_packets',`
gen_require(`
type portmap_client_packet_t;
')
allow $1 portmap_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send portmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_portmap_client_packets',`
gen_require(`
type portmap_client_packet_t;
')
dontaudit $1 portmap_client_packet_t:packet send;
')
########################################
## <summary>
## Receive portmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_portmap_client_packets',`
gen_require(`
type portmap_client_packet_t;
')
allow $1 portmap_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive portmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_portmap_client_packets',`
gen_require(`
type portmap_client_packet_t;
')
dontaudit $1 portmap_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive portmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_portmap_client_packets',`
corenet_send_portmap_client_packets($1)
corenet_receive_portmap_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive portmap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_portmap_client_packets',`
corenet_dontaudit_send_portmap_client_packets($1)
corenet_dontaudit_receive_portmap_client_packets($1)
')
########################################
## <summary>
## Relabel packets to portmap_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_portmap_client_packets',`
gen_require(`
type portmap_client_packet_t;
')
allow $1 portmap_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send portmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_portmap_server_packets',`
gen_require(`
type portmap_server_packet_t;
')
allow $1 portmap_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send portmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_portmap_server_packets',`
gen_require(`
type portmap_server_packet_t;
')
dontaudit $1 portmap_server_packet_t:packet send;
')
########################################
## <summary>
## Receive portmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_portmap_server_packets',`
gen_require(`
type portmap_server_packet_t;
')
allow $1 portmap_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive portmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_portmap_server_packets',`
gen_require(`
type portmap_server_packet_t;
')
dontaudit $1 portmap_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive portmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_portmap_server_packets',`
corenet_send_portmap_server_packets($1)
corenet_receive_portmap_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive portmap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_portmap_server_packets',`
corenet_dontaudit_send_portmap_server_packets($1)
corenet_dontaudit_receive_portmap_server_packets($1)
')
########################################
## <summary>
## Relabel packets to portmap_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_portmap_server_packets',`
gen_require(`
type portmap_server_packet_t;
')
allow $1 portmap_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_postfix_policyd_port',`
gen_require(`
type postfix_policyd_port_t;
')
allow $1 postfix_policyd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_postfix_policyd_port',`
gen_require(`
type postfix_policyd_port_t;
')
allow $1 postfix_policyd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_postfix_policyd_port',`
gen_require(`
type postfix_policyd_port_t;
')
dontaudit $1 postfix_policyd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_postfix_policyd_port',`
gen_require(`
type postfix_policyd_port_t;
')
allow $1 postfix_policyd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_postfix_policyd_port',`
gen_require(`
type postfix_policyd_port_t;
')
dontaudit $1 postfix_policyd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_postfix_policyd_port',`
corenet_udp_send_postfix_policyd_port($1)
corenet_udp_receive_postfix_policyd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_postfix_policyd_port',`
corenet_dontaudit_udp_send_postfix_policyd_port($1)
corenet_dontaudit_udp_receive_postfix_policyd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_postfix_policyd_port',`
gen_require(`
type postfix_policyd_port_t;
')
allow $1 postfix_policyd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_postfix_policyd_port',`
gen_require(`
type postfix_policyd_port_t;
')
allow $1 postfix_policyd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_postfix_policyd_port',`
gen_require(`
type postfix_policyd_port_t;
')
dontaudit $1 postfix_policyd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_postfix_policyd_port',`
gen_require(`
type postfix_policyd_port_t;
')
allow $1 postfix_policyd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to postfix_policyd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_postfix_policyd_port',`
gen_require(`
type postfix_policyd_port_t;
')
dontaudit $1 postfix_policyd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send postfix_policyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_postfix_policyd_client_packets',`
gen_require(`
type postfix_policyd_client_packet_t;
')
allow $1 postfix_policyd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send postfix_policyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_postfix_policyd_client_packets',`
gen_require(`
type postfix_policyd_client_packet_t;
')
dontaudit $1 postfix_policyd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive postfix_policyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_postfix_policyd_client_packets',`
gen_require(`
type postfix_policyd_client_packet_t;
')
allow $1 postfix_policyd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive postfix_policyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_postfix_policyd_client_packets',`
gen_require(`
type postfix_policyd_client_packet_t;
')
dontaudit $1 postfix_policyd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive postfix_policyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_postfix_policyd_client_packets',`
corenet_send_postfix_policyd_client_packets($1)
corenet_receive_postfix_policyd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive postfix_policyd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_postfix_policyd_client_packets',`
corenet_dontaudit_send_postfix_policyd_client_packets($1)
corenet_dontaudit_receive_postfix_policyd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to postfix_policyd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_postfix_policyd_client_packets',`
gen_require(`
type postfix_policyd_client_packet_t;
')
allow $1 postfix_policyd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send postfix_policyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_postfix_policyd_server_packets',`
gen_require(`
type postfix_policyd_server_packet_t;
')
allow $1 postfix_policyd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send postfix_policyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_postfix_policyd_server_packets',`
gen_require(`
type postfix_policyd_server_packet_t;
')
dontaudit $1 postfix_policyd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive postfix_policyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_postfix_policyd_server_packets',`
gen_require(`
type postfix_policyd_server_packet_t;
')
allow $1 postfix_policyd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive postfix_policyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_postfix_policyd_server_packets',`
gen_require(`
type postfix_policyd_server_packet_t;
')
dontaudit $1 postfix_policyd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive postfix_policyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_postfix_policyd_server_packets',`
corenet_send_postfix_policyd_server_packets($1)
corenet_receive_postfix_policyd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive postfix_policyd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_postfix_policyd_server_packets',`
corenet_dontaudit_send_postfix_policyd_server_packets($1)
corenet_dontaudit_receive_postfix_policyd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to postfix_policyd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_postfix_policyd_server_packets',`
gen_require(`
type postfix_policyd_server_packet_t;
')
allow $1 postfix_policyd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_postgresql_port',`
gen_require(`
type postgresql_port_t;
')
allow $1 postgresql_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_postgresql_port',`
gen_require(`
type postgresql_port_t;
')
allow $1 postgresql_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_postgresql_port',`
gen_require(`
type postgresql_port_t;
')
dontaudit $1 postgresql_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_postgresql_port',`
gen_require(`
type postgresql_port_t;
')
allow $1 postgresql_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_postgresql_port',`
gen_require(`
type postgresql_port_t;
')
dontaudit $1 postgresql_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_postgresql_port',`
corenet_udp_send_postgresql_port($1)
corenet_udp_receive_postgresql_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_postgresql_port',`
corenet_dontaudit_udp_send_postgresql_port($1)
corenet_dontaudit_udp_receive_postgresql_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_postgresql_port',`
gen_require(`
type postgresql_port_t;
')
allow $1 postgresql_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_postgresql_port',`
gen_require(`
type postgresql_port_t;
')
allow $1 postgresql_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_postgresql_port',`
gen_require(`
type postgresql_port_t;
')
dontaudit $1 postgresql_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_postgresql_port',`
gen_require(`
type postgresql_port_t;
')
allow $1 postgresql_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to postgresql port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_postgresql_port',`
gen_require(`
type postgresql_port_t;
')
dontaudit $1 postgresql_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send postgresql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_postgresql_client_packets',`
gen_require(`
type postgresql_client_packet_t;
')
allow $1 postgresql_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send postgresql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_postgresql_client_packets',`
gen_require(`
type postgresql_client_packet_t;
')
dontaudit $1 postgresql_client_packet_t:packet send;
')
########################################
## <summary>
## Receive postgresql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_postgresql_client_packets',`
gen_require(`
type postgresql_client_packet_t;
')
allow $1 postgresql_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive postgresql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_postgresql_client_packets',`
gen_require(`
type postgresql_client_packet_t;
')
dontaudit $1 postgresql_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive postgresql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_postgresql_client_packets',`
corenet_send_postgresql_client_packets($1)
corenet_receive_postgresql_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive postgresql_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_postgresql_client_packets',`
corenet_dontaudit_send_postgresql_client_packets($1)
corenet_dontaudit_receive_postgresql_client_packets($1)
')
########################################
## <summary>
## Relabel packets to postgresql_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_postgresql_client_packets',`
gen_require(`
type postgresql_client_packet_t;
')
allow $1 postgresql_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send postgresql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_postgresql_server_packets',`
gen_require(`
type postgresql_server_packet_t;
')
allow $1 postgresql_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send postgresql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_postgresql_server_packets',`
gen_require(`
type postgresql_server_packet_t;
')
dontaudit $1 postgresql_server_packet_t:packet send;
')
########################################
## <summary>
## Receive postgresql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_postgresql_server_packets',`
gen_require(`
type postgresql_server_packet_t;
')
allow $1 postgresql_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive postgresql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_postgresql_server_packets',`
gen_require(`
type postgresql_server_packet_t;
')
dontaudit $1 postgresql_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive postgresql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_postgresql_server_packets',`
corenet_send_postgresql_server_packets($1)
corenet_receive_postgresql_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive postgresql_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_postgresql_server_packets',`
corenet_dontaudit_send_postgresql_server_packets($1)
corenet_dontaudit_receive_postgresql_server_packets($1)
')
########################################
## <summary>
## Relabel packets to postgresql_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_postgresql_server_packets',`
gen_require(`
type postgresql_server_packet_t;
')
allow $1 postgresql_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_postgrey_port',`
gen_require(`
type postgrey_port_t;
')
allow $1 postgrey_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_postgrey_port',`
gen_require(`
type postgrey_port_t;
')
allow $1 postgrey_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_postgrey_port',`
gen_require(`
type postgrey_port_t;
')
dontaudit $1 postgrey_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_postgrey_port',`
gen_require(`
type postgrey_port_t;
')
allow $1 postgrey_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_postgrey_port',`
gen_require(`
type postgrey_port_t;
')
dontaudit $1 postgrey_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_postgrey_port',`
corenet_udp_send_postgrey_port($1)
corenet_udp_receive_postgrey_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_postgrey_port',`
corenet_dontaudit_udp_send_postgrey_port($1)
corenet_dontaudit_udp_receive_postgrey_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_postgrey_port',`
gen_require(`
type postgrey_port_t;
')
allow $1 postgrey_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_postgrey_port',`
gen_require(`
type postgrey_port_t;
')
allow $1 postgrey_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_postgrey_port',`
gen_require(`
type postgrey_port_t;
')
dontaudit $1 postgrey_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_postgrey_port',`
gen_require(`
type postgrey_port_t;
')
allow $1 postgrey_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to postgrey port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_postgrey_port',`
gen_require(`
type postgrey_port_t;
')
dontaudit $1 postgrey_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send postgrey_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_postgrey_client_packets',`
gen_require(`
type postgrey_client_packet_t;
')
allow $1 postgrey_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send postgrey_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_postgrey_client_packets',`
gen_require(`
type postgrey_client_packet_t;
')
dontaudit $1 postgrey_client_packet_t:packet send;
')
########################################
## <summary>
## Receive postgrey_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_postgrey_client_packets',`
gen_require(`
type postgrey_client_packet_t;
')
allow $1 postgrey_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive postgrey_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_postgrey_client_packets',`
gen_require(`
type postgrey_client_packet_t;
')
dontaudit $1 postgrey_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive postgrey_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_postgrey_client_packets',`
corenet_send_postgrey_client_packets($1)
corenet_receive_postgrey_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive postgrey_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_postgrey_client_packets',`
corenet_dontaudit_send_postgrey_client_packets($1)
corenet_dontaudit_receive_postgrey_client_packets($1)
')
########################################
## <summary>
## Relabel packets to postgrey_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_postgrey_client_packets',`
gen_require(`
type postgrey_client_packet_t;
')
allow $1 postgrey_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send postgrey_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_postgrey_server_packets',`
gen_require(`
type postgrey_server_packet_t;
')
allow $1 postgrey_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send postgrey_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_postgrey_server_packets',`
gen_require(`
type postgrey_server_packet_t;
')
dontaudit $1 postgrey_server_packet_t:packet send;
')
########################################
## <summary>
## Receive postgrey_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_postgrey_server_packets',`
gen_require(`
type postgrey_server_packet_t;
')
allow $1 postgrey_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive postgrey_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_postgrey_server_packets',`
gen_require(`
type postgrey_server_packet_t;
')
dontaudit $1 postgrey_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive postgrey_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_postgrey_server_packets',`
corenet_send_postgrey_server_packets($1)
corenet_receive_postgrey_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive postgrey_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_postgrey_server_packets',`
corenet_dontaudit_send_postgrey_server_packets($1)
corenet_dontaudit_receive_postgrey_server_packets($1)
')
########################################
## <summary>
## Relabel packets to postgrey_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_postgrey_server_packets',`
gen_require(`
type postgrey_server_packet_t;
')
allow $1 postgrey_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pptp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pptp_port',`
gen_require(`
type pptp_port_t;
')
allow $1 pptp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pptp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pptp_port',`
gen_require(`
type pptp_port_t;
')
allow $1 pptp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pptp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pptp_port',`
gen_require(`
type pptp_port_t;
')
dontaudit $1 pptp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pptp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pptp_port',`
gen_require(`
type pptp_port_t;
')
allow $1 pptp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pptp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pptp_port',`
gen_require(`
type pptp_port_t;
')
dontaudit $1 pptp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pptp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pptp_port',`
corenet_udp_send_pptp_port($1)
corenet_udp_receive_pptp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pptp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pptp_port',`
corenet_dontaudit_udp_send_pptp_port($1)
corenet_dontaudit_udp_receive_pptp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pptp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pptp_port',`
gen_require(`
type pptp_port_t;
')
allow $1 pptp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pptp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pptp_port',`
gen_require(`
type pptp_port_t;
')
allow $1 pptp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to pptp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_pptp_port',`
gen_require(`
type pptp_port_t;
')
dontaudit $1 pptp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pptp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pptp_port',`
gen_require(`
type pptp_port_t;
')
allow $1 pptp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to pptp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_pptp_port',`
gen_require(`
type pptp_port_t;
')
dontaudit $1 pptp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pptp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pptp_client_packets',`
gen_require(`
type pptp_client_packet_t;
')
allow $1 pptp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pptp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pptp_client_packets',`
gen_require(`
type pptp_client_packet_t;
')
dontaudit $1 pptp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pptp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pptp_client_packets',`
gen_require(`
type pptp_client_packet_t;
')
allow $1 pptp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pptp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pptp_client_packets',`
gen_require(`
type pptp_client_packet_t;
')
dontaudit $1 pptp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pptp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pptp_client_packets',`
corenet_send_pptp_client_packets($1)
corenet_receive_pptp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pptp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pptp_client_packets',`
corenet_dontaudit_send_pptp_client_packets($1)
corenet_dontaudit_receive_pptp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pptp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pptp_client_packets',`
gen_require(`
type pptp_client_packet_t;
')
allow $1 pptp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pptp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pptp_server_packets',`
gen_require(`
type pptp_server_packet_t;
')
allow $1 pptp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pptp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pptp_server_packets',`
gen_require(`
type pptp_server_packet_t;
')
dontaudit $1 pptp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pptp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pptp_server_packets',`
gen_require(`
type pptp_server_packet_t;
')
allow $1 pptp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pptp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pptp_server_packets',`
gen_require(`
type pptp_server_packet_t;
')
dontaudit $1 pptp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pptp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pptp_server_packets',`
corenet_send_pptp_server_packets($1)
corenet_receive_pptp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pptp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pptp_server_packets',`
corenet_dontaudit_send_pptp_server_packets($1)
corenet_dontaudit_receive_pptp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pptp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pptp_server_packets',`
gen_require(`
type pptp_server_packet_t;
')
allow $1 pptp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_prelude_port',`
gen_require(`
type prelude_port_t;
')
allow $1 prelude_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_prelude_port',`
gen_require(`
type prelude_port_t;
')
allow $1 prelude_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_prelude_port',`
gen_require(`
type prelude_port_t;
')
dontaudit $1 prelude_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_prelude_port',`
gen_require(`
type prelude_port_t;
')
allow $1 prelude_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_prelude_port',`
gen_require(`
type prelude_port_t;
')
dontaudit $1 prelude_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_prelude_port',`
corenet_udp_send_prelude_port($1)
corenet_udp_receive_prelude_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_prelude_port',`
corenet_dontaudit_udp_send_prelude_port($1)
corenet_dontaudit_udp_receive_prelude_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_prelude_port',`
gen_require(`
type prelude_port_t;
')
allow $1 prelude_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_prelude_port',`
gen_require(`
type prelude_port_t;
')
allow $1 prelude_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_prelude_port',`
gen_require(`
type prelude_port_t;
')
dontaudit $1 prelude_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_prelude_port',`
gen_require(`
type prelude_port_t;
')
allow $1 prelude_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to prelude port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_prelude_port',`
gen_require(`
type prelude_port_t;
')
dontaudit $1 prelude_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send prelude_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_prelude_client_packets',`
gen_require(`
type prelude_client_packet_t;
')
allow $1 prelude_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send prelude_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_prelude_client_packets',`
gen_require(`
type prelude_client_packet_t;
')
dontaudit $1 prelude_client_packet_t:packet send;
')
########################################
## <summary>
## Receive prelude_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_prelude_client_packets',`
gen_require(`
type prelude_client_packet_t;
')
allow $1 prelude_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive prelude_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_prelude_client_packets',`
gen_require(`
type prelude_client_packet_t;
')
dontaudit $1 prelude_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive prelude_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_prelude_client_packets',`
corenet_send_prelude_client_packets($1)
corenet_receive_prelude_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive prelude_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_prelude_client_packets',`
corenet_dontaudit_send_prelude_client_packets($1)
corenet_dontaudit_receive_prelude_client_packets($1)
')
########################################
## <summary>
## Relabel packets to prelude_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_prelude_client_packets',`
gen_require(`
type prelude_client_packet_t;
')
allow $1 prelude_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send prelude_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_prelude_server_packets',`
gen_require(`
type prelude_server_packet_t;
')
allow $1 prelude_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send prelude_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_prelude_server_packets',`
gen_require(`
type prelude_server_packet_t;
')
dontaudit $1 prelude_server_packet_t:packet send;
')
########################################
## <summary>
## Receive prelude_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_prelude_server_packets',`
gen_require(`
type prelude_server_packet_t;
')
allow $1 prelude_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive prelude_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_prelude_server_packets',`
gen_require(`
type prelude_server_packet_t;
')
dontaudit $1 prelude_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive prelude_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_prelude_server_packets',`
corenet_send_prelude_server_packets($1)
corenet_receive_prelude_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive prelude_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_prelude_server_packets',`
corenet_dontaudit_send_prelude_server_packets($1)
corenet_dontaudit_receive_prelude_server_packets($1)
')
########################################
## <summary>
## Relabel packets to prelude_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_prelude_server_packets',`
gen_require(`
type prelude_server_packet_t;
')
allow $1 prelude_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_presence_port',`
gen_require(`
type presence_port_t;
')
allow $1 presence_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_presence_port',`
gen_require(`
type presence_port_t;
')
allow $1 presence_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_presence_port',`
gen_require(`
type presence_port_t;
')
dontaudit $1 presence_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_presence_port',`
gen_require(`
type presence_port_t;
')
allow $1 presence_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_presence_port',`
gen_require(`
type presence_port_t;
')
dontaudit $1 presence_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_presence_port',`
corenet_udp_send_presence_port($1)
corenet_udp_receive_presence_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_presence_port',`
corenet_dontaudit_udp_send_presence_port($1)
corenet_dontaudit_udp_receive_presence_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_presence_port',`
gen_require(`
type presence_port_t;
')
allow $1 presence_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_presence_port',`
gen_require(`
type presence_port_t;
')
allow $1 presence_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_presence_port',`
gen_require(`
type presence_port_t;
')
dontaudit $1 presence_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_presence_port',`
gen_require(`
type presence_port_t;
')
allow $1 presence_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to presence port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_presence_port',`
gen_require(`
type presence_port_t;
')
dontaudit $1 presence_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send presence_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_presence_client_packets',`
gen_require(`
type presence_client_packet_t;
')
allow $1 presence_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send presence_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_presence_client_packets',`
gen_require(`
type presence_client_packet_t;
')
dontaudit $1 presence_client_packet_t:packet send;
')
########################################
## <summary>
## Receive presence_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_presence_client_packets',`
gen_require(`
type presence_client_packet_t;
')
allow $1 presence_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive presence_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_presence_client_packets',`
gen_require(`
type presence_client_packet_t;
')
dontaudit $1 presence_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive presence_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_presence_client_packets',`
corenet_send_presence_client_packets($1)
corenet_receive_presence_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive presence_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_presence_client_packets',`
corenet_dontaudit_send_presence_client_packets($1)
corenet_dontaudit_receive_presence_client_packets($1)
')
########################################
## <summary>
## Relabel packets to presence_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_presence_client_packets',`
gen_require(`
type presence_client_packet_t;
')
allow $1 presence_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send presence_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_presence_server_packets',`
gen_require(`
type presence_server_packet_t;
')
allow $1 presence_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send presence_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_presence_server_packets',`
gen_require(`
type presence_server_packet_t;
')
dontaudit $1 presence_server_packet_t:packet send;
')
########################################
## <summary>
## Receive presence_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_presence_server_packets',`
gen_require(`
type presence_server_packet_t;
')
allow $1 presence_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive presence_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_presence_server_packets',`
gen_require(`
type presence_server_packet_t;
')
dontaudit $1 presence_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive presence_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_presence_server_packets',`
corenet_send_presence_server_packets($1)
corenet_receive_presence_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive presence_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_presence_server_packets',`
corenet_dontaudit_send_presence_server_packets($1)
corenet_dontaudit_receive_presence_server_packets($1)
')
########################################
## <summary>
## Relabel packets to presence_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_presence_server_packets',`
gen_require(`
type presence_server_packet_t;
')
allow $1 presence_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_preupgrade_port',`
gen_require(`
type preupgrade_port_t;
')
allow $1 preupgrade_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_preupgrade_port',`
gen_require(`
type preupgrade_port_t;
')
allow $1 preupgrade_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_preupgrade_port',`
gen_require(`
type preupgrade_port_t;
')
dontaudit $1 preupgrade_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_preupgrade_port',`
gen_require(`
type preupgrade_port_t;
')
allow $1 preupgrade_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_preupgrade_port',`
gen_require(`
type preupgrade_port_t;
')
dontaudit $1 preupgrade_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_preupgrade_port',`
corenet_udp_send_preupgrade_port($1)
corenet_udp_receive_preupgrade_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_preupgrade_port',`
corenet_dontaudit_udp_send_preupgrade_port($1)
corenet_dontaudit_udp_receive_preupgrade_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_preupgrade_port',`
gen_require(`
type preupgrade_port_t;
')
allow $1 preupgrade_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_preupgrade_port',`
gen_require(`
type preupgrade_port_t;
')
allow $1 preupgrade_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_preupgrade_port',`
gen_require(`
type preupgrade_port_t;
')
dontaudit $1 preupgrade_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_preupgrade_port',`
gen_require(`
type preupgrade_port_t;
')
allow $1 preupgrade_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to preupgrade port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_preupgrade_port',`
gen_require(`
type preupgrade_port_t;
')
dontaudit $1 preupgrade_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send preupgrade_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_preupgrade_client_packets',`
gen_require(`
type preupgrade_client_packet_t;
')
allow $1 preupgrade_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send preupgrade_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_preupgrade_client_packets',`
gen_require(`
type preupgrade_client_packet_t;
')
dontaudit $1 preupgrade_client_packet_t:packet send;
')
########################################
## <summary>
## Receive preupgrade_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_preupgrade_client_packets',`
gen_require(`
type preupgrade_client_packet_t;
')
allow $1 preupgrade_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive preupgrade_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_preupgrade_client_packets',`
gen_require(`
type preupgrade_client_packet_t;
')
dontaudit $1 preupgrade_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive preupgrade_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_preupgrade_client_packets',`
corenet_send_preupgrade_client_packets($1)
corenet_receive_preupgrade_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive preupgrade_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_preupgrade_client_packets',`
corenet_dontaudit_send_preupgrade_client_packets($1)
corenet_dontaudit_receive_preupgrade_client_packets($1)
')
########################################
## <summary>
## Relabel packets to preupgrade_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_preupgrade_client_packets',`
gen_require(`
type preupgrade_client_packet_t;
')
allow $1 preupgrade_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send preupgrade_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_preupgrade_server_packets',`
gen_require(`
type preupgrade_server_packet_t;
')
allow $1 preupgrade_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send preupgrade_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_preupgrade_server_packets',`
gen_require(`
type preupgrade_server_packet_t;
')
dontaudit $1 preupgrade_server_packet_t:packet send;
')
########################################
## <summary>
## Receive preupgrade_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_preupgrade_server_packets',`
gen_require(`
type preupgrade_server_packet_t;
')
allow $1 preupgrade_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive preupgrade_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_preupgrade_server_packets',`
gen_require(`
type preupgrade_server_packet_t;
')
dontaudit $1 preupgrade_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive preupgrade_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_preupgrade_server_packets',`
corenet_send_preupgrade_server_packets($1)
corenet_receive_preupgrade_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive preupgrade_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_preupgrade_server_packets',`
corenet_dontaudit_send_preupgrade_server_packets($1)
corenet_dontaudit_receive_preupgrade_server_packets($1)
')
########################################
## <summary>
## Relabel packets to preupgrade_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_preupgrade_server_packets',`
gen_require(`
type preupgrade_server_packet_t;
')
allow $1 preupgrade_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_printer_port',`
gen_require(`
type printer_port_t;
')
allow $1 printer_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_printer_port',`
gen_require(`
type printer_port_t;
')
allow $1 printer_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_printer_port',`
gen_require(`
type printer_port_t;
')
dontaudit $1 printer_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_printer_port',`
gen_require(`
type printer_port_t;
')
allow $1 printer_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_printer_port',`
gen_require(`
type printer_port_t;
')
dontaudit $1 printer_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_printer_port',`
corenet_udp_send_printer_port($1)
corenet_udp_receive_printer_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_printer_port',`
corenet_dontaudit_udp_send_printer_port($1)
corenet_dontaudit_udp_receive_printer_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_printer_port',`
gen_require(`
type printer_port_t;
')
allow $1 printer_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_printer_port',`
gen_require(`
type printer_port_t;
')
allow $1 printer_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_printer_port',`
gen_require(`
type printer_port_t;
')
dontaudit $1 printer_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_printer_port',`
gen_require(`
type printer_port_t;
')
allow $1 printer_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to printer port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_printer_port',`
gen_require(`
type printer_port_t;
')
dontaudit $1 printer_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send printer_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_printer_client_packets',`
gen_require(`
type printer_client_packet_t;
')
allow $1 printer_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send printer_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_printer_client_packets',`
gen_require(`
type printer_client_packet_t;
')
dontaudit $1 printer_client_packet_t:packet send;
')
########################################
## <summary>
## Receive printer_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_printer_client_packets',`
gen_require(`
type printer_client_packet_t;
')
allow $1 printer_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive printer_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_printer_client_packets',`
gen_require(`
type printer_client_packet_t;
')
dontaudit $1 printer_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive printer_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_printer_client_packets',`
corenet_send_printer_client_packets($1)
corenet_receive_printer_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive printer_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_printer_client_packets',`
corenet_dontaudit_send_printer_client_packets($1)
corenet_dontaudit_receive_printer_client_packets($1)
')
########################################
## <summary>
## Relabel packets to printer_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_printer_client_packets',`
gen_require(`
type printer_client_packet_t;
')
allow $1 printer_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send printer_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_printer_server_packets',`
gen_require(`
type printer_server_packet_t;
')
allow $1 printer_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send printer_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_printer_server_packets',`
gen_require(`
type printer_server_packet_t;
')
dontaudit $1 printer_server_packet_t:packet send;
')
########################################
## <summary>
## Receive printer_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_printer_server_packets',`
gen_require(`
type printer_server_packet_t;
')
allow $1 printer_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive printer_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_printer_server_packets',`
gen_require(`
type printer_server_packet_t;
')
dontaudit $1 printer_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive printer_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_printer_server_packets',`
corenet_send_printer_server_packets($1)
corenet_receive_printer_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive printer_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_printer_server_packets',`
corenet_dontaudit_send_printer_server_packets($1)
corenet_dontaudit_receive_printer_server_packets($1)
')
########################################
## <summary>
## Relabel packets to printer_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_printer_server_packets',`
gen_require(`
type printer_server_packet_t;
')
allow $1 printer_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the priority_e_com port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_priority_e_com_port',`
gen_require(`
type priority_e_com_port_t;
')
allow $1 priority_e_com_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the priority_e_com port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_priority_e_com_port',`
gen_require(`
type priority_e_com_port_t;
')
allow $1 priority_e_com_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the priority_e_com port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_priority_e_com_port',`
gen_require(`
type priority_e_com_port_t;
')
dontaudit $1 priority_e_com_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the priority_e_com port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_priority_e_com_port',`
gen_require(`
type priority_e_com_port_t;
')
allow $1 priority_e_com_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the priority_e_com port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_priority_e_com_port',`
gen_require(`
type priority_e_com_port_t;
')
dontaudit $1 priority_e_com_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the priority_e_com port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_priority_e_com_port',`
corenet_udp_send_priority_e_com_port($1)
corenet_udp_receive_priority_e_com_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the priority_e_com port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_priority_e_com_port',`
corenet_dontaudit_udp_send_priority_e_com_port($1)
corenet_dontaudit_udp_receive_priority_e_com_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the priority_e_com port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_priority_e_com_port',`
gen_require(`
type priority_e_com_port_t;
')
allow $1 priority_e_com_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the priority_e_com port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_priority_e_com_port',`
gen_require(`
type priority_e_com_port_t;
')
allow $1 priority_e_com_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to priority_e_com port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_priority_e_com_port',`
gen_require(`
type priority_e_com_port_t;
')
dontaudit $1 priority_e_com_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the priority_e_com port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_priority_e_com_port',`
gen_require(`
type priority_e_com_port_t;
')
allow $1 priority_e_com_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to priority_e_com port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_priority_e_com_port',`
gen_require(`
type priority_e_com_port_t;
')
dontaudit $1 priority_e_com_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send priority_e_com_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_priority_e_com_client_packets',`
gen_require(`
type priority_e_com_client_packet_t;
')
allow $1 priority_e_com_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send priority_e_com_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_priority_e_com_client_packets',`
gen_require(`
type priority_e_com_client_packet_t;
')
dontaudit $1 priority_e_com_client_packet_t:packet send;
')
########################################
## <summary>
## Receive priority_e_com_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_priority_e_com_client_packets',`
gen_require(`
type priority_e_com_client_packet_t;
')
allow $1 priority_e_com_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive priority_e_com_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_priority_e_com_client_packets',`
gen_require(`
type priority_e_com_client_packet_t;
')
dontaudit $1 priority_e_com_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive priority_e_com_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_priority_e_com_client_packets',`
corenet_send_priority_e_com_client_packets($1)
corenet_receive_priority_e_com_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive priority_e_com_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_priority_e_com_client_packets',`
corenet_dontaudit_send_priority_e_com_client_packets($1)
corenet_dontaudit_receive_priority_e_com_client_packets($1)
')
########################################
## <summary>
## Relabel packets to priority_e_com_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_priority_e_com_client_packets',`
gen_require(`
type priority_e_com_client_packet_t;
')
allow $1 priority_e_com_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send priority_e_com_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_priority_e_com_server_packets',`
gen_require(`
type priority_e_com_server_packet_t;
')
allow $1 priority_e_com_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send priority_e_com_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_priority_e_com_server_packets',`
gen_require(`
type priority_e_com_server_packet_t;
')
dontaudit $1 priority_e_com_server_packet_t:packet send;
')
########################################
## <summary>
## Receive priority_e_com_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_priority_e_com_server_packets',`
gen_require(`
type priority_e_com_server_packet_t;
')
allow $1 priority_e_com_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive priority_e_com_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_priority_e_com_server_packets',`
gen_require(`
type priority_e_com_server_packet_t;
')
dontaudit $1 priority_e_com_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive priority_e_com_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_priority_e_com_server_packets',`
corenet_send_priority_e_com_server_packets($1)
corenet_receive_priority_e_com_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive priority_e_com_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_priority_e_com_server_packets',`
corenet_dontaudit_send_priority_e_com_server_packets($1)
corenet_dontaudit_receive_priority_e_com_server_packets($1)
')
########################################
## <summary>
## Relabel packets to priority_e_com_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_priority_e_com_server_packets',`
gen_require(`
type priority_e_com_server_packet_t;
')
allow $1 priority_e_com_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the prosody port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_prosody_port',`
gen_require(`
type prosody_port_t;
')
allow $1 prosody_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the prosody port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_prosody_port',`
gen_require(`
type prosody_port_t;
')
allow $1 prosody_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the prosody port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_prosody_port',`
gen_require(`
type prosody_port_t;
')
dontaudit $1 prosody_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the prosody port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_prosody_port',`
gen_require(`
type prosody_port_t;
')
allow $1 prosody_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the prosody port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_prosody_port',`
gen_require(`
type prosody_port_t;
')
dontaudit $1 prosody_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the prosody port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_prosody_port',`
corenet_udp_send_prosody_port($1)
corenet_udp_receive_prosody_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the prosody port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_prosody_port',`
corenet_dontaudit_udp_send_prosody_port($1)
corenet_dontaudit_udp_receive_prosody_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the prosody port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_prosody_port',`
gen_require(`
type prosody_port_t;
')
allow $1 prosody_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the prosody port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_prosody_port',`
gen_require(`
type prosody_port_t;
')
allow $1 prosody_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to prosody port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_prosody_port',`
gen_require(`
type prosody_port_t;
')
dontaudit $1 prosody_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the prosody port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_prosody_port',`
gen_require(`
type prosody_port_t;
')
allow $1 prosody_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to prosody port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_prosody_port',`
gen_require(`
type prosody_port_t;
')
dontaudit $1 prosody_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send prosody_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_prosody_client_packets',`
gen_require(`
type prosody_client_packet_t;
')
allow $1 prosody_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send prosody_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_prosody_client_packets',`
gen_require(`
type prosody_client_packet_t;
')
dontaudit $1 prosody_client_packet_t:packet send;
')
########################################
## <summary>
## Receive prosody_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_prosody_client_packets',`
gen_require(`
type prosody_client_packet_t;
')
allow $1 prosody_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive prosody_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_prosody_client_packets',`
gen_require(`
type prosody_client_packet_t;
')
dontaudit $1 prosody_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive prosody_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_prosody_client_packets',`
corenet_send_prosody_client_packets($1)
corenet_receive_prosody_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive prosody_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_prosody_client_packets',`
corenet_dontaudit_send_prosody_client_packets($1)
corenet_dontaudit_receive_prosody_client_packets($1)
')
########################################
## <summary>
## Relabel packets to prosody_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_prosody_client_packets',`
gen_require(`
type prosody_client_packet_t;
')
allow $1 prosody_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send prosody_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_prosody_server_packets',`
gen_require(`
type prosody_server_packet_t;
')
allow $1 prosody_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send prosody_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_prosody_server_packets',`
gen_require(`
type prosody_server_packet_t;
')
dontaudit $1 prosody_server_packet_t:packet send;
')
########################################
## <summary>
## Receive prosody_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_prosody_server_packets',`
gen_require(`
type prosody_server_packet_t;
')
allow $1 prosody_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive prosody_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_prosody_server_packets',`
gen_require(`
type prosody_server_packet_t;
')
dontaudit $1 prosody_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive prosody_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_prosody_server_packets',`
corenet_send_prosody_server_packets($1)
corenet_receive_prosody_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive prosody_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_prosody_server_packets',`
corenet_dontaudit_send_prosody_server_packets($1)
corenet_dontaudit_receive_prosody_server_packets($1)
')
########################################
## <summary>
## Relabel packets to prosody_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_prosody_server_packets',`
gen_require(`
type prosody_server_packet_t;
')
allow $1 prosody_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ptal_port',`
gen_require(`
type ptal_port_t;
')
allow $1 ptal_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ptal_port',`
gen_require(`
type ptal_port_t;
')
allow $1 ptal_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ptal_port',`
gen_require(`
type ptal_port_t;
')
dontaudit $1 ptal_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ptal_port',`
gen_require(`
type ptal_port_t;
')
allow $1 ptal_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ptal_port',`
gen_require(`
type ptal_port_t;
')
dontaudit $1 ptal_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ptal_port',`
corenet_udp_send_ptal_port($1)
corenet_udp_receive_ptal_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ptal_port',`
corenet_dontaudit_udp_send_ptal_port($1)
corenet_dontaudit_udp_receive_ptal_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ptal_port',`
gen_require(`
type ptal_port_t;
')
allow $1 ptal_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ptal_port',`
gen_require(`
type ptal_port_t;
')
allow $1 ptal_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ptal_port',`
gen_require(`
type ptal_port_t;
')
dontaudit $1 ptal_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ptal_port',`
gen_require(`
type ptal_port_t;
')
allow $1 ptal_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ptal port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ptal_port',`
gen_require(`
type ptal_port_t;
')
dontaudit $1 ptal_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ptal_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ptal_client_packets',`
gen_require(`
type ptal_client_packet_t;
')
allow $1 ptal_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ptal_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ptal_client_packets',`
gen_require(`
type ptal_client_packet_t;
')
dontaudit $1 ptal_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ptal_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ptal_client_packets',`
gen_require(`
type ptal_client_packet_t;
')
allow $1 ptal_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ptal_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ptal_client_packets',`
gen_require(`
type ptal_client_packet_t;
')
dontaudit $1 ptal_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ptal_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ptal_client_packets',`
corenet_send_ptal_client_packets($1)
corenet_receive_ptal_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ptal_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ptal_client_packets',`
corenet_dontaudit_send_ptal_client_packets($1)
corenet_dontaudit_receive_ptal_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ptal_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ptal_client_packets',`
gen_require(`
type ptal_client_packet_t;
')
allow $1 ptal_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ptal_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ptal_server_packets',`
gen_require(`
type ptal_server_packet_t;
')
allow $1 ptal_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ptal_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ptal_server_packets',`
gen_require(`
type ptal_server_packet_t;
')
dontaudit $1 ptal_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ptal_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ptal_server_packets',`
gen_require(`
type ptal_server_packet_t;
')
allow $1 ptal_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ptal_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ptal_server_packets',`
gen_require(`
type ptal_server_packet_t;
')
dontaudit $1 ptal_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ptal_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ptal_server_packets',`
corenet_send_ptal_server_packets($1)
corenet_receive_ptal_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ptal_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ptal_server_packets',`
corenet_dontaudit_send_ptal_server_packets($1)
corenet_dontaudit_receive_ptal_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ptal_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ptal_server_packets',`
gen_require(`
type ptal_server_packet_t;
')
allow $1 ptal_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ptp_event port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ptp_event_port',`
gen_require(`
type ptp_event_port_t;
')
allow $1 ptp_event_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ptp_event port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ptp_event_port',`
gen_require(`
type ptp_event_port_t;
')
allow $1 ptp_event_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ptp_event port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ptp_event_port',`
gen_require(`
type ptp_event_port_t;
')
dontaudit $1 ptp_event_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ptp_event port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ptp_event_port',`
gen_require(`
type ptp_event_port_t;
')
allow $1 ptp_event_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ptp_event port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ptp_event_port',`
gen_require(`
type ptp_event_port_t;
')
dontaudit $1 ptp_event_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ptp_event port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ptp_event_port',`
corenet_udp_send_ptp_event_port($1)
corenet_udp_receive_ptp_event_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ptp_event port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ptp_event_port',`
corenet_dontaudit_udp_send_ptp_event_port($1)
corenet_dontaudit_udp_receive_ptp_event_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ptp_event port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ptp_event_port',`
gen_require(`
type ptp_event_port_t;
')
allow $1 ptp_event_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the ptp_event port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ptp_event_port',`
gen_require(`
type ptp_event_port_t;
')
allow $1 ptp_event_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to ptp_event port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ptp_event_port',`
gen_require(`
type ptp_event_port_t;
')
dontaudit $1 ptp_event_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the ptp_event port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ptp_event_port',`
gen_require(`
type ptp_event_port_t;
')
allow $1 ptp_event_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ptp_event port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ptp_event_port',`
gen_require(`
type ptp_event_port_t;
')
dontaudit $1 ptp_event_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ptp_event_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ptp_event_client_packets',`
gen_require(`
type ptp_event_client_packet_t;
')
allow $1 ptp_event_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ptp_event_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ptp_event_client_packets',`
gen_require(`
type ptp_event_client_packet_t;
')
dontaudit $1 ptp_event_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ptp_event_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ptp_event_client_packets',`
gen_require(`
type ptp_event_client_packet_t;
')
allow $1 ptp_event_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ptp_event_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ptp_event_client_packets',`
gen_require(`
type ptp_event_client_packet_t;
')
dontaudit $1 ptp_event_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ptp_event_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ptp_event_client_packets',`
corenet_send_ptp_event_client_packets($1)
corenet_receive_ptp_event_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ptp_event_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ptp_event_client_packets',`
corenet_dontaudit_send_ptp_event_client_packets($1)
corenet_dontaudit_receive_ptp_event_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ptp_event_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ptp_event_client_packets',`
gen_require(`
type ptp_event_client_packet_t;
')
allow $1 ptp_event_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ptp_event_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ptp_event_server_packets',`
gen_require(`
type ptp_event_server_packet_t;
')
allow $1 ptp_event_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ptp_event_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ptp_event_server_packets',`
gen_require(`
type ptp_event_server_packet_t;
')
dontaudit $1 ptp_event_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ptp_event_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ptp_event_server_packets',`
gen_require(`
type ptp_event_server_packet_t;
')
allow $1 ptp_event_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ptp_event_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ptp_event_server_packets',`
gen_require(`
type ptp_event_server_packet_t;
')
dontaudit $1 ptp_event_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ptp_event_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ptp_event_server_packets',`
corenet_send_ptp_event_server_packets($1)
corenet_receive_ptp_event_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ptp_event_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ptp_event_server_packets',`
corenet_dontaudit_send_ptp_event_server_packets($1)
corenet_dontaudit_receive_ptp_event_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ptp_event_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ptp_event_server_packets',`
gen_require(`
type ptp_event_server_packet_t;
')
allow $1 ptp_event_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pulseaudio_port',`
gen_require(`
type pulseaudio_port_t;
')
allow $1 pulseaudio_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pulseaudio_port',`
gen_require(`
type pulseaudio_port_t;
')
allow $1 pulseaudio_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pulseaudio_port',`
gen_require(`
type pulseaudio_port_t;
')
dontaudit $1 pulseaudio_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pulseaudio_port',`
gen_require(`
type pulseaudio_port_t;
')
allow $1 pulseaudio_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pulseaudio_port',`
gen_require(`
type pulseaudio_port_t;
')
dontaudit $1 pulseaudio_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pulseaudio_port',`
corenet_udp_send_pulseaudio_port($1)
corenet_udp_receive_pulseaudio_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pulseaudio_port',`
corenet_dontaudit_udp_send_pulseaudio_port($1)
corenet_dontaudit_udp_receive_pulseaudio_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pulseaudio_port',`
gen_require(`
type pulseaudio_port_t;
')
allow $1 pulseaudio_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pulseaudio_port',`
gen_require(`
type pulseaudio_port_t;
')
allow $1 pulseaudio_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_pulseaudio_port',`
gen_require(`
type pulseaudio_port_t;
')
dontaudit $1 pulseaudio_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pulseaudio_port',`
gen_require(`
type pulseaudio_port_t;
')
allow $1 pulseaudio_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to pulseaudio port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_pulseaudio_port',`
gen_require(`
type pulseaudio_port_t;
')
dontaudit $1 pulseaudio_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pulseaudio_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pulseaudio_client_packets',`
gen_require(`
type pulseaudio_client_packet_t;
')
allow $1 pulseaudio_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pulseaudio_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pulseaudio_client_packets',`
gen_require(`
type pulseaudio_client_packet_t;
')
dontaudit $1 pulseaudio_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pulseaudio_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pulseaudio_client_packets',`
gen_require(`
type pulseaudio_client_packet_t;
')
allow $1 pulseaudio_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pulseaudio_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pulseaudio_client_packets',`
gen_require(`
type pulseaudio_client_packet_t;
')
dontaudit $1 pulseaudio_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pulseaudio_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pulseaudio_client_packets',`
corenet_send_pulseaudio_client_packets($1)
corenet_receive_pulseaudio_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pulseaudio_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pulseaudio_client_packets',`
corenet_dontaudit_send_pulseaudio_client_packets($1)
corenet_dontaudit_receive_pulseaudio_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pulseaudio_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pulseaudio_client_packets',`
gen_require(`
type pulseaudio_client_packet_t;
')
allow $1 pulseaudio_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pulseaudio_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pulseaudio_server_packets',`
gen_require(`
type pulseaudio_server_packet_t;
')
allow $1 pulseaudio_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pulseaudio_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pulseaudio_server_packets',`
gen_require(`
type pulseaudio_server_packet_t;
')
dontaudit $1 pulseaudio_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pulseaudio_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pulseaudio_server_packets',`
gen_require(`
type pulseaudio_server_packet_t;
')
allow $1 pulseaudio_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pulseaudio_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pulseaudio_server_packets',`
gen_require(`
type pulseaudio_server_packet_t;
')
dontaudit $1 pulseaudio_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pulseaudio_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pulseaudio_server_packets',`
corenet_send_pulseaudio_server_packets($1)
corenet_receive_pulseaudio_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pulseaudio_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pulseaudio_server_packets',`
corenet_dontaudit_send_pulseaudio_server_packets($1)
corenet_dontaudit_receive_pulseaudio_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pulseaudio_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pulseaudio_server_packets',`
gen_require(`
type pulseaudio_server_packet_t;
')
allow $1 pulseaudio_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pulp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pulp_port',`
gen_require(`
type pulp_port_t;
')
allow $1 pulp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pulp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pulp_port',`
gen_require(`
type pulp_port_t;
')
allow $1 pulp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pulp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pulp_port',`
gen_require(`
type pulp_port_t;
')
dontaudit $1 pulp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pulp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pulp_port',`
gen_require(`
type pulp_port_t;
')
allow $1 pulp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pulp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pulp_port',`
gen_require(`
type pulp_port_t;
')
dontaudit $1 pulp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pulp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pulp_port',`
corenet_udp_send_pulp_port($1)
corenet_udp_receive_pulp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pulp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pulp_port',`
corenet_dontaudit_udp_send_pulp_port($1)
corenet_dontaudit_udp_receive_pulp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pulp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pulp_port',`
gen_require(`
type pulp_port_t;
')
allow $1 pulp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pulp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pulp_port',`
gen_require(`
type pulp_port_t;
')
allow $1 pulp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to pulp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_pulp_port',`
gen_require(`
type pulp_port_t;
')
dontaudit $1 pulp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pulp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pulp_port',`
gen_require(`
type pulp_port_t;
')
allow $1 pulp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to pulp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_pulp_port',`
gen_require(`
type pulp_port_t;
')
dontaudit $1 pulp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pulp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pulp_client_packets',`
gen_require(`
type pulp_client_packet_t;
')
allow $1 pulp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pulp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pulp_client_packets',`
gen_require(`
type pulp_client_packet_t;
')
dontaudit $1 pulp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pulp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pulp_client_packets',`
gen_require(`
type pulp_client_packet_t;
')
allow $1 pulp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pulp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pulp_client_packets',`
gen_require(`
type pulp_client_packet_t;
')
dontaudit $1 pulp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pulp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pulp_client_packets',`
corenet_send_pulp_client_packets($1)
corenet_receive_pulp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pulp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pulp_client_packets',`
corenet_dontaudit_send_pulp_client_packets($1)
corenet_dontaudit_receive_pulp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pulp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pulp_client_packets',`
gen_require(`
type pulp_client_packet_t;
')
allow $1 pulp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pulp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pulp_server_packets',`
gen_require(`
type pulp_server_packet_t;
')
allow $1 pulp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pulp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pulp_server_packets',`
gen_require(`
type pulp_server_packet_t;
')
dontaudit $1 pulp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pulp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pulp_server_packets',`
gen_require(`
type pulp_server_packet_t;
')
allow $1 pulp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pulp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pulp_server_packets',`
gen_require(`
type pulp_server_packet_t;
')
dontaudit $1 pulp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pulp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pulp_server_packets',`
corenet_send_pulp_server_packets($1)
corenet_receive_pulp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pulp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pulp_server_packets',`
corenet_dontaudit_send_pulp_server_packets($1)
corenet_dontaudit_receive_pulp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pulp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pulp_server_packets',`
gen_require(`
type pulp_server_packet_t;
')
allow $1 pulp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_puppet_port',`
gen_require(`
type puppet_port_t;
')
allow $1 puppet_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_puppet_port',`
gen_require(`
type puppet_port_t;
')
allow $1 puppet_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_puppet_port',`
gen_require(`
type puppet_port_t;
')
dontaudit $1 puppet_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_puppet_port',`
gen_require(`
type puppet_port_t;
')
allow $1 puppet_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_puppet_port',`
gen_require(`
type puppet_port_t;
')
dontaudit $1 puppet_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_puppet_port',`
corenet_udp_send_puppet_port($1)
corenet_udp_receive_puppet_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_puppet_port',`
corenet_dontaudit_udp_send_puppet_port($1)
corenet_dontaudit_udp_receive_puppet_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_puppet_port',`
gen_require(`
type puppet_port_t;
')
allow $1 puppet_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_puppet_port',`
gen_require(`
type puppet_port_t;
')
allow $1 puppet_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_puppet_port',`
gen_require(`
type puppet_port_t;
')
dontaudit $1 puppet_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_puppet_port',`
gen_require(`
type puppet_port_t;
')
allow $1 puppet_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to puppet port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_puppet_port',`
gen_require(`
type puppet_port_t;
')
dontaudit $1 puppet_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send puppet_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_puppet_client_packets',`
gen_require(`
type puppet_client_packet_t;
')
allow $1 puppet_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send puppet_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_puppet_client_packets',`
gen_require(`
type puppet_client_packet_t;
')
dontaudit $1 puppet_client_packet_t:packet send;
')
########################################
## <summary>
## Receive puppet_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_puppet_client_packets',`
gen_require(`
type puppet_client_packet_t;
')
allow $1 puppet_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive puppet_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_puppet_client_packets',`
gen_require(`
type puppet_client_packet_t;
')
dontaudit $1 puppet_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive puppet_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_puppet_client_packets',`
corenet_send_puppet_client_packets($1)
corenet_receive_puppet_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive puppet_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_puppet_client_packets',`
corenet_dontaudit_send_puppet_client_packets($1)
corenet_dontaudit_receive_puppet_client_packets($1)
')
########################################
## <summary>
## Relabel packets to puppet_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_puppet_client_packets',`
gen_require(`
type puppet_client_packet_t;
')
allow $1 puppet_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send puppet_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_puppet_server_packets',`
gen_require(`
type puppet_server_packet_t;
')
allow $1 puppet_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send puppet_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_puppet_server_packets',`
gen_require(`
type puppet_server_packet_t;
')
dontaudit $1 puppet_server_packet_t:packet send;
')
########################################
## <summary>
## Receive puppet_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_puppet_server_packets',`
gen_require(`
type puppet_server_packet_t;
')
allow $1 puppet_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive puppet_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_puppet_server_packets',`
gen_require(`
type puppet_server_packet_t;
')
dontaudit $1 puppet_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive puppet_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_puppet_server_packets',`
corenet_send_puppet_server_packets($1)
corenet_receive_puppet_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive puppet_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_puppet_server_packets',`
corenet_dontaudit_send_puppet_server_packets($1)
corenet_dontaudit_receive_puppet_server_packets($1)
')
########################################
## <summary>
## Relabel packets to puppet_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_puppet_server_packets',`
gen_require(`
type puppet_server_packet_t;
')
allow $1 puppet_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pxe_port',`
gen_require(`
type pxe_port_t;
')
allow $1 pxe_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pxe_port',`
gen_require(`
type pxe_port_t;
')
allow $1 pxe_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pxe_port',`
gen_require(`
type pxe_port_t;
')
dontaudit $1 pxe_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pxe_port',`
gen_require(`
type pxe_port_t;
')
allow $1 pxe_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pxe_port',`
gen_require(`
type pxe_port_t;
')
dontaudit $1 pxe_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pxe_port',`
corenet_udp_send_pxe_port($1)
corenet_udp_receive_pxe_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pxe_port',`
corenet_dontaudit_udp_send_pxe_port($1)
corenet_dontaudit_udp_receive_pxe_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pxe_port',`
gen_require(`
type pxe_port_t;
')
allow $1 pxe_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pxe_port',`
gen_require(`
type pxe_port_t;
')
allow $1 pxe_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_pxe_port',`
gen_require(`
type pxe_port_t;
')
dontaudit $1 pxe_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pxe_port',`
gen_require(`
type pxe_port_t;
')
allow $1 pxe_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to pxe port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_pxe_port',`
gen_require(`
type pxe_port_t;
')
dontaudit $1 pxe_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pxe_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pxe_client_packets',`
gen_require(`
type pxe_client_packet_t;
')
allow $1 pxe_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pxe_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pxe_client_packets',`
gen_require(`
type pxe_client_packet_t;
')
dontaudit $1 pxe_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pxe_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pxe_client_packets',`
gen_require(`
type pxe_client_packet_t;
')
allow $1 pxe_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pxe_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pxe_client_packets',`
gen_require(`
type pxe_client_packet_t;
')
dontaudit $1 pxe_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pxe_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pxe_client_packets',`
corenet_send_pxe_client_packets($1)
corenet_receive_pxe_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pxe_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pxe_client_packets',`
corenet_dontaudit_send_pxe_client_packets($1)
corenet_dontaudit_receive_pxe_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pxe_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pxe_client_packets',`
gen_require(`
type pxe_client_packet_t;
')
allow $1 pxe_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pxe_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pxe_server_packets',`
gen_require(`
type pxe_server_packet_t;
')
allow $1 pxe_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pxe_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pxe_server_packets',`
gen_require(`
type pxe_server_packet_t;
')
dontaudit $1 pxe_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pxe_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pxe_server_packets',`
gen_require(`
type pxe_server_packet_t;
')
allow $1 pxe_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pxe_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pxe_server_packets',`
gen_require(`
type pxe_server_packet_t;
')
dontaudit $1 pxe_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pxe_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pxe_server_packets',`
corenet_send_pxe_server_packets($1)
corenet_receive_pxe_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pxe_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pxe_server_packets',`
corenet_dontaudit_send_pxe_server_packets($1)
corenet_dontaudit_receive_pxe_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pxe_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pxe_server_packets',`
gen_require(`
type pxe_server_packet_t;
')
allow $1 pxe_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_pyzor_port',`
gen_require(`
type pyzor_port_t;
')
allow $1 pyzor_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_pyzor_port',`
gen_require(`
type pyzor_port_t;
')
allow $1 pyzor_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_pyzor_port',`
gen_require(`
type pyzor_port_t;
')
dontaudit $1 pyzor_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_pyzor_port',`
gen_require(`
type pyzor_port_t;
')
allow $1 pyzor_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_pyzor_port',`
gen_require(`
type pyzor_port_t;
')
dontaudit $1 pyzor_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_pyzor_port',`
corenet_udp_send_pyzor_port($1)
corenet_udp_receive_pyzor_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_pyzor_port',`
corenet_dontaudit_udp_send_pyzor_port($1)
corenet_dontaudit_udp_receive_pyzor_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_pyzor_port',`
gen_require(`
type pyzor_port_t;
')
allow $1 pyzor_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_pyzor_port',`
gen_require(`
type pyzor_port_t;
')
allow $1 pyzor_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_pyzor_port',`
gen_require(`
type pyzor_port_t;
')
dontaudit $1 pyzor_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_pyzor_port',`
gen_require(`
type pyzor_port_t;
')
allow $1 pyzor_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to pyzor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_pyzor_port',`
gen_require(`
type pyzor_port_t;
')
dontaudit $1 pyzor_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send pyzor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pyzor_client_packets',`
gen_require(`
type pyzor_client_packet_t;
')
allow $1 pyzor_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pyzor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pyzor_client_packets',`
gen_require(`
type pyzor_client_packet_t;
')
dontaudit $1 pyzor_client_packet_t:packet send;
')
########################################
## <summary>
## Receive pyzor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pyzor_client_packets',`
gen_require(`
type pyzor_client_packet_t;
')
allow $1 pyzor_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pyzor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pyzor_client_packets',`
gen_require(`
type pyzor_client_packet_t;
')
dontaudit $1 pyzor_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pyzor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pyzor_client_packets',`
corenet_send_pyzor_client_packets($1)
corenet_receive_pyzor_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pyzor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pyzor_client_packets',`
corenet_dontaudit_send_pyzor_client_packets($1)
corenet_dontaudit_receive_pyzor_client_packets($1)
')
########################################
## <summary>
## Relabel packets to pyzor_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pyzor_client_packets',`
gen_require(`
type pyzor_client_packet_t;
')
allow $1 pyzor_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send pyzor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_pyzor_server_packets',`
gen_require(`
type pyzor_server_packet_t;
')
allow $1 pyzor_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send pyzor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_pyzor_server_packets',`
gen_require(`
type pyzor_server_packet_t;
')
dontaudit $1 pyzor_server_packet_t:packet send;
')
########################################
## <summary>
## Receive pyzor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_pyzor_server_packets',`
gen_require(`
type pyzor_server_packet_t;
')
allow $1 pyzor_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive pyzor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_pyzor_server_packets',`
gen_require(`
type pyzor_server_packet_t;
')
dontaudit $1 pyzor_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive pyzor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_pyzor_server_packets',`
corenet_send_pyzor_server_packets($1)
corenet_receive_pyzor_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive pyzor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_pyzor_server_packets',`
corenet_dontaudit_send_pyzor_server_packets($1)
corenet_dontaudit_receive_pyzor_server_packets($1)
')
########################################
## <summary>
## Relabel packets to pyzor_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_pyzor_server_packets',`
gen_require(`
type pyzor_server_packet_t;
')
allow $1 pyzor_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_neutron_port',`
gen_require(`
type neutron_port_t;
')
allow $1 neutron_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_neutron_port',`
gen_require(`
type neutron_port_t;
')
allow $1 neutron_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_neutron_port',`
gen_require(`
type neutron_port_t;
')
dontaudit $1 neutron_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_neutron_port',`
gen_require(`
type neutron_port_t;
')
allow $1 neutron_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_neutron_port',`
gen_require(`
type neutron_port_t;
')
dontaudit $1 neutron_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_neutron_port',`
corenet_udp_send_neutron_port($1)
corenet_udp_receive_neutron_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_neutron_port',`
corenet_dontaudit_udp_send_neutron_port($1)
corenet_dontaudit_udp_receive_neutron_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_neutron_port',`
gen_require(`
type neutron_port_t;
')
allow $1 neutron_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_neutron_port',`
gen_require(`
type neutron_port_t;
')
allow $1 neutron_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_neutron_port',`
gen_require(`
type neutron_port_t;
')
dontaudit $1 neutron_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_neutron_port',`
gen_require(`
type neutron_port_t;
')
allow $1 neutron_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to neutron port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_neutron_port',`
gen_require(`
type neutron_port_t;
')
dontaudit $1 neutron_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send neutron_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_neutron_client_packets',`
gen_require(`
type neutron_client_packet_t;
')
allow $1 neutron_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send neutron_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_neutron_client_packets',`
gen_require(`
type neutron_client_packet_t;
')
dontaudit $1 neutron_client_packet_t:packet send;
')
########################################
## <summary>
## Receive neutron_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_neutron_client_packets',`
gen_require(`
type neutron_client_packet_t;
')
allow $1 neutron_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive neutron_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_neutron_client_packets',`
gen_require(`
type neutron_client_packet_t;
')
dontaudit $1 neutron_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive neutron_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_neutron_client_packets',`
corenet_send_neutron_client_packets($1)
corenet_receive_neutron_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive neutron_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_neutron_client_packets',`
corenet_dontaudit_send_neutron_client_packets($1)
corenet_dontaudit_receive_neutron_client_packets($1)
')
########################################
## <summary>
## Relabel packets to neutron_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_neutron_client_packets',`
gen_require(`
type neutron_client_packet_t;
')
allow $1 neutron_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send neutron_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_neutron_server_packets',`
gen_require(`
type neutron_server_packet_t;
')
allow $1 neutron_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send neutron_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_neutron_server_packets',`
gen_require(`
type neutron_server_packet_t;
')
dontaudit $1 neutron_server_packet_t:packet send;
')
########################################
## <summary>
## Receive neutron_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_neutron_server_packets',`
gen_require(`
type neutron_server_packet_t;
')
allow $1 neutron_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive neutron_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_neutron_server_packets',`
gen_require(`
type neutron_server_packet_t;
')
dontaudit $1 neutron_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive neutron_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_neutron_server_packets',`
corenet_send_neutron_server_packets($1)
corenet_receive_neutron_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive neutron_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_neutron_server_packets',`
corenet_dontaudit_send_neutron_server_packets($1)
corenet_dontaudit_receive_neutron_server_packets($1)
')
########################################
## <summary>
## Relabel packets to neutron_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_neutron_server_packets',`
gen_require(`
type neutron_server_packet_t;
')
allow $1 neutron_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the nsd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_nsd_control_port',`
gen_require(`
type nsd_control_port_t;
')
allow $1 nsd_control_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the nsd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_nsd_control_port',`
gen_require(`
type nsd_control_port_t;
')
allow $1 nsd_control_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the nsd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_nsd_control_port',`
gen_require(`
type nsd_control_port_t;
')
dontaudit $1 nsd_control_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the nsd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_nsd_control_port',`
gen_require(`
type nsd_control_port_t;
')
allow $1 nsd_control_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the nsd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_nsd_control_port',`
gen_require(`
type nsd_control_port_t;
')
dontaudit $1 nsd_control_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the nsd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_nsd_control_port',`
corenet_udp_send_nsd_control_port($1)
corenet_udp_receive_nsd_control_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the nsd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_nsd_control_port',`
corenet_dontaudit_udp_send_nsd_control_port($1)
corenet_dontaudit_udp_receive_nsd_control_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the nsd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_nsd_control_port',`
gen_require(`
type nsd_control_port_t;
')
allow $1 nsd_control_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the nsd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_nsd_control_port',`
gen_require(`
type nsd_control_port_t;
')
allow $1 nsd_control_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to nsd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_nsd_control_port',`
gen_require(`
type nsd_control_port_t;
')
dontaudit $1 nsd_control_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the nsd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_nsd_control_port',`
gen_require(`
type nsd_control_port_t;
')
allow $1 nsd_control_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to nsd_control port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_nsd_control_port',`
gen_require(`
type nsd_control_port_t;
')
dontaudit $1 nsd_control_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send nsd_control_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nsd_control_client_packets',`
gen_require(`
type nsd_control_client_packet_t;
')
allow $1 nsd_control_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nsd_control_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nsd_control_client_packets',`
gen_require(`
type nsd_control_client_packet_t;
')
dontaudit $1 nsd_control_client_packet_t:packet send;
')
########################################
## <summary>
## Receive nsd_control_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nsd_control_client_packets',`
gen_require(`
type nsd_control_client_packet_t;
')
allow $1 nsd_control_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nsd_control_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nsd_control_client_packets',`
gen_require(`
type nsd_control_client_packet_t;
')
dontaudit $1 nsd_control_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nsd_control_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nsd_control_client_packets',`
corenet_send_nsd_control_client_packets($1)
corenet_receive_nsd_control_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nsd_control_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nsd_control_client_packets',`
corenet_dontaudit_send_nsd_control_client_packets($1)
corenet_dontaudit_receive_nsd_control_client_packets($1)
')
########################################
## <summary>
## Relabel packets to nsd_control_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nsd_control_client_packets',`
gen_require(`
type nsd_control_client_packet_t;
')
allow $1 nsd_control_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send nsd_control_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_nsd_control_server_packets',`
gen_require(`
type nsd_control_server_packet_t;
')
allow $1 nsd_control_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send nsd_control_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_nsd_control_server_packets',`
gen_require(`
type nsd_control_server_packet_t;
')
dontaudit $1 nsd_control_server_packet_t:packet send;
')
########################################
## <summary>
## Receive nsd_control_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_nsd_control_server_packets',`
gen_require(`
type nsd_control_server_packet_t;
')
allow $1 nsd_control_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive nsd_control_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_nsd_control_server_packets',`
gen_require(`
type nsd_control_server_packet_t;
')
dontaudit $1 nsd_control_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive nsd_control_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_nsd_control_server_packets',`
corenet_send_nsd_control_server_packets($1)
corenet_receive_nsd_control_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive nsd_control_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_nsd_control_server_packets',`
corenet_dontaudit_send_nsd_control_server_packets($1)
corenet_dontaudit_receive_nsd_control_server_packets($1)
')
########################################
## <summary>
## Relabel packets to nsd_control_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_nsd_control_server_packets',`
gen_require(`
type nsd_control_server_packet_t;
')
allow $1 nsd_control_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_radacct_port',`
gen_require(`
type radacct_port_t;
')
allow $1 radacct_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_radacct_port',`
gen_require(`
type radacct_port_t;
')
allow $1 radacct_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_radacct_port',`
gen_require(`
type radacct_port_t;
')
dontaudit $1 radacct_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_radacct_port',`
gen_require(`
type radacct_port_t;
')
allow $1 radacct_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_radacct_port',`
gen_require(`
type radacct_port_t;
')
dontaudit $1 radacct_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_radacct_port',`
corenet_udp_send_radacct_port($1)
corenet_udp_receive_radacct_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_radacct_port',`
corenet_dontaudit_udp_send_radacct_port($1)
corenet_dontaudit_udp_receive_radacct_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_radacct_port',`
gen_require(`
type radacct_port_t;
')
allow $1 radacct_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_radacct_port',`
gen_require(`
type radacct_port_t;
')
allow $1 radacct_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_radacct_port',`
gen_require(`
type radacct_port_t;
')
dontaudit $1 radacct_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_radacct_port',`
gen_require(`
type radacct_port_t;
')
allow $1 radacct_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to radacct port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_radacct_port',`
gen_require(`
type radacct_port_t;
')
dontaudit $1 radacct_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send radacct_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_radacct_client_packets',`
gen_require(`
type radacct_client_packet_t;
')
allow $1 radacct_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send radacct_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_radacct_client_packets',`
gen_require(`
type radacct_client_packet_t;
')
dontaudit $1 radacct_client_packet_t:packet send;
')
########################################
## <summary>
## Receive radacct_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_radacct_client_packets',`
gen_require(`
type radacct_client_packet_t;
')
allow $1 radacct_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive radacct_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_radacct_client_packets',`
gen_require(`
type radacct_client_packet_t;
')
dontaudit $1 radacct_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive radacct_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_radacct_client_packets',`
corenet_send_radacct_client_packets($1)
corenet_receive_radacct_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive radacct_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_radacct_client_packets',`
corenet_dontaudit_send_radacct_client_packets($1)
corenet_dontaudit_receive_radacct_client_packets($1)
')
########################################
## <summary>
## Relabel packets to radacct_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_radacct_client_packets',`
gen_require(`
type radacct_client_packet_t;
')
allow $1 radacct_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send radacct_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_radacct_server_packets',`
gen_require(`
type radacct_server_packet_t;
')
allow $1 radacct_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send radacct_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_radacct_server_packets',`
gen_require(`
type radacct_server_packet_t;
')
dontaudit $1 radacct_server_packet_t:packet send;
')
########################################
## <summary>
## Receive radacct_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_radacct_server_packets',`
gen_require(`
type radacct_server_packet_t;
')
allow $1 radacct_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive radacct_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_radacct_server_packets',`
gen_require(`
type radacct_server_packet_t;
')
dontaudit $1 radacct_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive radacct_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_radacct_server_packets',`
corenet_send_radacct_server_packets($1)
corenet_receive_radacct_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive radacct_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_radacct_server_packets',`
corenet_dontaudit_send_radacct_server_packets($1)
corenet_dontaudit_receive_radacct_server_packets($1)
')
########################################
## <summary>
## Relabel packets to radacct_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_radacct_server_packets',`
gen_require(`
type radacct_server_packet_t;
')
allow $1 radacct_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_radius_port',`
gen_require(`
type radius_port_t;
')
allow $1 radius_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_radius_port',`
gen_require(`
type radius_port_t;
')
allow $1 radius_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_radius_port',`
gen_require(`
type radius_port_t;
')
dontaudit $1 radius_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_radius_port',`
gen_require(`
type radius_port_t;
')
allow $1 radius_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_radius_port',`
gen_require(`
type radius_port_t;
')
dontaudit $1 radius_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_radius_port',`
corenet_udp_send_radius_port($1)
corenet_udp_receive_radius_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_radius_port',`
corenet_dontaudit_udp_send_radius_port($1)
corenet_dontaudit_udp_receive_radius_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_radius_port',`
gen_require(`
type radius_port_t;
')
allow $1 radius_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_radius_port',`
gen_require(`
type radius_port_t;
')
allow $1 radius_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_radius_port',`
gen_require(`
type radius_port_t;
')
dontaudit $1 radius_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_radius_port',`
gen_require(`
type radius_port_t;
')
allow $1 radius_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to radius port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_radius_port',`
gen_require(`
type radius_port_t;
')
dontaudit $1 radius_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send radius_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_radius_client_packets',`
gen_require(`
type radius_client_packet_t;
')
allow $1 radius_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send radius_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_radius_client_packets',`
gen_require(`
type radius_client_packet_t;
')
dontaudit $1 radius_client_packet_t:packet send;
')
########################################
## <summary>
## Receive radius_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_radius_client_packets',`
gen_require(`
type radius_client_packet_t;
')
allow $1 radius_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive radius_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_radius_client_packets',`
gen_require(`
type radius_client_packet_t;
')
dontaudit $1 radius_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive radius_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_radius_client_packets',`
corenet_send_radius_client_packets($1)
corenet_receive_radius_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive radius_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_radius_client_packets',`
corenet_dontaudit_send_radius_client_packets($1)
corenet_dontaudit_receive_radius_client_packets($1)
')
########################################
## <summary>
## Relabel packets to radius_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_radius_client_packets',`
gen_require(`
type radius_client_packet_t;
')
allow $1 radius_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send radius_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_radius_server_packets',`
gen_require(`
type radius_server_packet_t;
')
allow $1 radius_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send radius_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_radius_server_packets',`
gen_require(`
type radius_server_packet_t;
')
dontaudit $1 radius_server_packet_t:packet send;
')
########################################
## <summary>
## Receive radius_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_radius_server_packets',`
gen_require(`
type radius_server_packet_t;
')
allow $1 radius_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive radius_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_radius_server_packets',`
gen_require(`
type radius_server_packet_t;
')
dontaudit $1 radius_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive radius_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_radius_server_packets',`
corenet_send_radius_server_packets($1)
corenet_receive_radius_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive radius_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_radius_server_packets',`
corenet_dontaudit_send_radius_server_packets($1)
corenet_dontaudit_receive_radius_server_packets($1)
')
########################################
## <summary>
## Relabel packets to radius_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_radius_server_packets',`
gen_require(`
type radius_server_packet_t;
')
allow $1 radius_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_radsec_port',`
gen_require(`
type radsec_port_t;
')
allow $1 radsec_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_radsec_port',`
gen_require(`
type radsec_port_t;
')
allow $1 radsec_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_radsec_port',`
gen_require(`
type radsec_port_t;
')
dontaudit $1 radsec_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_radsec_port',`
gen_require(`
type radsec_port_t;
')
allow $1 radsec_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_radsec_port',`
gen_require(`
type radsec_port_t;
')
dontaudit $1 radsec_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_radsec_port',`
corenet_udp_send_radsec_port($1)
corenet_udp_receive_radsec_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_radsec_port',`
corenet_dontaudit_udp_send_radsec_port($1)
corenet_dontaudit_udp_receive_radsec_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_radsec_port',`
gen_require(`
type radsec_port_t;
')
allow $1 radsec_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_radsec_port',`
gen_require(`
type radsec_port_t;
')
allow $1 radsec_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_radsec_port',`
gen_require(`
type radsec_port_t;
')
dontaudit $1 radsec_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_radsec_port',`
gen_require(`
type radsec_port_t;
')
allow $1 radsec_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to radsec port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_radsec_port',`
gen_require(`
type radsec_port_t;
')
dontaudit $1 radsec_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send radsec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_radsec_client_packets',`
gen_require(`
type radsec_client_packet_t;
')
allow $1 radsec_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send radsec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_radsec_client_packets',`
gen_require(`
type radsec_client_packet_t;
')
dontaudit $1 radsec_client_packet_t:packet send;
')
########################################
## <summary>
## Receive radsec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_radsec_client_packets',`
gen_require(`
type radsec_client_packet_t;
')
allow $1 radsec_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive radsec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_radsec_client_packets',`
gen_require(`
type radsec_client_packet_t;
')
dontaudit $1 radsec_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive radsec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_radsec_client_packets',`
corenet_send_radsec_client_packets($1)
corenet_receive_radsec_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive radsec_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_radsec_client_packets',`
corenet_dontaudit_send_radsec_client_packets($1)
corenet_dontaudit_receive_radsec_client_packets($1)
')
########################################
## <summary>
## Relabel packets to radsec_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_radsec_client_packets',`
gen_require(`
type radsec_client_packet_t;
')
allow $1 radsec_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send radsec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_radsec_server_packets',`
gen_require(`
type radsec_server_packet_t;
')
allow $1 radsec_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send radsec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_radsec_server_packets',`
gen_require(`
type radsec_server_packet_t;
')
dontaudit $1 radsec_server_packet_t:packet send;
')
########################################
## <summary>
## Receive radsec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_radsec_server_packets',`
gen_require(`
type radsec_server_packet_t;
')
allow $1 radsec_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive radsec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_radsec_server_packets',`
gen_require(`
type radsec_server_packet_t;
')
dontaudit $1 radsec_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive radsec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_radsec_server_packets',`
corenet_send_radsec_server_packets($1)
corenet_receive_radsec_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive radsec_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_radsec_server_packets',`
corenet_dontaudit_send_radsec_server_packets($1)
corenet_dontaudit_receive_radsec_server_packets($1)
')
########################################
## <summary>
## Relabel packets to radsec_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_radsec_server_packets',`
gen_require(`
type radsec_server_packet_t;
')
allow $1 radsec_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_razor_port',`
gen_require(`
type razor_port_t;
')
allow $1 razor_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_razor_port',`
gen_require(`
type razor_port_t;
')
allow $1 razor_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_razor_port',`
gen_require(`
type razor_port_t;
')
dontaudit $1 razor_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_razor_port',`
gen_require(`
type razor_port_t;
')
allow $1 razor_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_razor_port',`
gen_require(`
type razor_port_t;
')
dontaudit $1 razor_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_razor_port',`
corenet_udp_send_razor_port($1)
corenet_udp_receive_razor_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_razor_port',`
corenet_dontaudit_udp_send_razor_port($1)
corenet_dontaudit_udp_receive_razor_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_razor_port',`
gen_require(`
type razor_port_t;
')
allow $1 razor_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_razor_port',`
gen_require(`
type razor_port_t;
')
allow $1 razor_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_razor_port',`
gen_require(`
type razor_port_t;
')
dontaudit $1 razor_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_razor_port',`
gen_require(`
type razor_port_t;
')
allow $1 razor_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to razor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_razor_port',`
gen_require(`
type razor_port_t;
')
dontaudit $1 razor_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send razor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_razor_client_packets',`
gen_require(`
type razor_client_packet_t;
')
allow $1 razor_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send razor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_razor_client_packets',`
gen_require(`
type razor_client_packet_t;
')
dontaudit $1 razor_client_packet_t:packet send;
')
########################################
## <summary>
## Receive razor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_razor_client_packets',`
gen_require(`
type razor_client_packet_t;
')
allow $1 razor_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive razor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_razor_client_packets',`
gen_require(`
type razor_client_packet_t;
')
dontaudit $1 razor_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive razor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_razor_client_packets',`
corenet_send_razor_client_packets($1)
corenet_receive_razor_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive razor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_razor_client_packets',`
corenet_dontaudit_send_razor_client_packets($1)
corenet_dontaudit_receive_razor_client_packets($1)
')
########################################
## <summary>
## Relabel packets to razor_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_razor_client_packets',`
gen_require(`
type razor_client_packet_t;
')
allow $1 razor_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send razor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_razor_server_packets',`
gen_require(`
type razor_server_packet_t;
')
allow $1 razor_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send razor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_razor_server_packets',`
gen_require(`
type razor_server_packet_t;
')
dontaudit $1 razor_server_packet_t:packet send;
')
########################################
## <summary>
## Receive razor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_razor_server_packets',`
gen_require(`
type razor_server_packet_t;
')
allow $1 razor_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive razor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_razor_server_packets',`
gen_require(`
type razor_server_packet_t;
')
dontaudit $1 razor_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive razor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_razor_server_packets',`
corenet_send_razor_server_packets($1)
corenet_receive_razor_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive razor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_razor_server_packets',`
corenet_dontaudit_send_razor_server_packets($1)
corenet_dontaudit_receive_razor_server_packets($1)
')
########################################
## <summary>
## Relabel packets to razor_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_razor_server_packets',`
gen_require(`
type razor_server_packet_t;
')
allow $1 razor_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the time port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_time_port',`
gen_require(`
type time_port_t;
')
allow $1 time_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the time port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_time_port',`
gen_require(`
type time_port_t;
')
allow $1 time_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the time port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_time_port',`
gen_require(`
type time_port_t;
')
dontaudit $1 time_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the time port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_time_port',`
gen_require(`
type time_port_t;
')
allow $1 time_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the time port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_time_port',`
gen_require(`
type time_port_t;
')
dontaudit $1 time_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the time port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_time_port',`
corenet_udp_send_time_port($1)
corenet_udp_receive_time_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the time port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_time_port',`
corenet_dontaudit_udp_send_time_port($1)
corenet_dontaudit_udp_receive_time_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the time port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_time_port',`
gen_require(`
type time_port_t;
')
allow $1 time_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the time port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_time_port',`
gen_require(`
type time_port_t;
')
allow $1 time_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to time port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_time_port',`
gen_require(`
type time_port_t;
')
dontaudit $1 time_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the time port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_time_port',`
gen_require(`
type time_port_t;
')
allow $1 time_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to time port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_time_port',`
gen_require(`
type time_port_t;
')
dontaudit $1 time_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send time_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_time_client_packets',`
gen_require(`
type time_client_packet_t;
')
allow $1 time_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send time_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_time_client_packets',`
gen_require(`
type time_client_packet_t;
')
dontaudit $1 time_client_packet_t:packet send;
')
########################################
## <summary>
## Receive time_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_time_client_packets',`
gen_require(`
type time_client_packet_t;
')
allow $1 time_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive time_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_time_client_packets',`
gen_require(`
type time_client_packet_t;
')
dontaudit $1 time_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive time_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_time_client_packets',`
corenet_send_time_client_packets($1)
corenet_receive_time_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive time_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_time_client_packets',`
corenet_dontaudit_send_time_client_packets($1)
corenet_dontaudit_receive_time_client_packets($1)
')
########################################
## <summary>
## Relabel packets to time_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_time_client_packets',`
gen_require(`
type time_client_packet_t;
')
allow $1 time_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send time_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_time_server_packets',`
gen_require(`
type time_server_packet_t;
')
allow $1 time_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send time_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_time_server_packets',`
gen_require(`
type time_server_packet_t;
')
dontaudit $1 time_server_packet_t:packet send;
')
########################################
## <summary>
## Receive time_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_time_server_packets',`
gen_require(`
type time_server_packet_t;
')
allow $1 time_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive time_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_time_server_packets',`
gen_require(`
type time_server_packet_t;
')
dontaudit $1 time_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive time_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_time_server_packets',`
corenet_send_time_server_packets($1)
corenet_receive_time_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive time_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_time_server_packets',`
corenet_dontaudit_send_time_server_packets($1)
corenet_dontaudit_receive_time_server_packets($1)
')
########################################
## <summary>
## Relabel packets to time_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_time_server_packets',`
gen_require(`
type time_server_packet_t;
')
allow $1 time_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the redis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_redis_port',`
gen_require(`
type redis_port_t;
')
allow $1 redis_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the redis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_redis_port',`
gen_require(`
type redis_port_t;
')
allow $1 redis_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the redis port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_redis_port',`
gen_require(`
type redis_port_t;
')
dontaudit $1 redis_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the redis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_redis_port',`
gen_require(`
type redis_port_t;
')
allow $1 redis_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the redis port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_redis_port',`
gen_require(`
type redis_port_t;
')
dontaudit $1 redis_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the redis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_redis_port',`
corenet_udp_send_redis_port($1)
corenet_udp_receive_redis_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the redis port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_redis_port',`
corenet_dontaudit_udp_send_redis_port($1)
corenet_dontaudit_udp_receive_redis_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the redis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_redis_port',`
gen_require(`
type redis_port_t;
')
allow $1 redis_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the redis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_redis_port',`
gen_require(`
type redis_port_t;
')
allow $1 redis_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to redis port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_redis_port',`
gen_require(`
type redis_port_t;
')
dontaudit $1 redis_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the redis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_redis_port',`
gen_require(`
type redis_port_t;
')
allow $1 redis_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to redis port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_redis_port',`
gen_require(`
type redis_port_t;
')
dontaudit $1 redis_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send redis_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_redis_client_packets',`
gen_require(`
type redis_client_packet_t;
')
allow $1 redis_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send redis_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_redis_client_packets',`
gen_require(`
type redis_client_packet_t;
')
dontaudit $1 redis_client_packet_t:packet send;
')
########################################
## <summary>
## Receive redis_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_redis_client_packets',`
gen_require(`
type redis_client_packet_t;
')
allow $1 redis_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive redis_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_redis_client_packets',`
gen_require(`
type redis_client_packet_t;
')
dontaudit $1 redis_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive redis_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_redis_client_packets',`
corenet_send_redis_client_packets($1)
corenet_receive_redis_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive redis_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_redis_client_packets',`
corenet_dontaudit_send_redis_client_packets($1)
corenet_dontaudit_receive_redis_client_packets($1)
')
########################################
## <summary>
## Relabel packets to redis_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_redis_client_packets',`
gen_require(`
type redis_client_packet_t;
')
allow $1 redis_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send redis_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_redis_server_packets',`
gen_require(`
type redis_server_packet_t;
')
allow $1 redis_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send redis_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_redis_server_packets',`
gen_require(`
type redis_server_packet_t;
')
dontaudit $1 redis_server_packet_t:packet send;
')
########################################
## <summary>
## Receive redis_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_redis_server_packets',`
gen_require(`
type redis_server_packet_t;
')
allow $1 redis_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive redis_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_redis_server_packets',`
gen_require(`
type redis_server_packet_t;
')
dontaudit $1 redis_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive redis_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_redis_server_packets',`
corenet_send_redis_server_packets($1)
corenet_receive_redis_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive redis_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_redis_server_packets',`
corenet_dontaudit_send_redis_server_packets($1)
corenet_dontaudit_receive_redis_server_packets($1)
')
########################################
## <summary>
## Relabel packets to redis_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_redis_server_packets',`
gen_require(`
type redis_server_packet_t;
')
allow $1 redis_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_repository_port',`
gen_require(`
type repository_port_t;
')
allow $1 repository_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_repository_port',`
gen_require(`
type repository_port_t;
')
allow $1 repository_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_repository_port',`
gen_require(`
type repository_port_t;
')
dontaudit $1 repository_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_repository_port',`
gen_require(`
type repository_port_t;
')
allow $1 repository_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_repository_port',`
gen_require(`
type repository_port_t;
')
dontaudit $1 repository_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_repository_port',`
corenet_udp_send_repository_port($1)
corenet_udp_receive_repository_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_repository_port',`
corenet_dontaudit_udp_send_repository_port($1)
corenet_dontaudit_udp_receive_repository_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_repository_port',`
gen_require(`
type repository_port_t;
')
allow $1 repository_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_repository_port',`
gen_require(`
type repository_port_t;
')
allow $1 repository_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_repository_port',`
gen_require(`
type repository_port_t;
')
dontaudit $1 repository_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_repository_port',`
gen_require(`
type repository_port_t;
')
allow $1 repository_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to repository port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_repository_port',`
gen_require(`
type repository_port_t;
')
dontaudit $1 repository_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send repository_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_repository_client_packets',`
gen_require(`
type repository_client_packet_t;
')
allow $1 repository_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send repository_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_repository_client_packets',`
gen_require(`
type repository_client_packet_t;
')
dontaudit $1 repository_client_packet_t:packet send;
')
########################################
## <summary>
## Receive repository_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_repository_client_packets',`
gen_require(`
type repository_client_packet_t;
')
allow $1 repository_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive repository_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_repository_client_packets',`
gen_require(`
type repository_client_packet_t;
')
dontaudit $1 repository_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive repository_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_repository_client_packets',`
corenet_send_repository_client_packets($1)
corenet_receive_repository_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive repository_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_repository_client_packets',`
corenet_dontaudit_send_repository_client_packets($1)
corenet_dontaudit_receive_repository_client_packets($1)
')
########################################
## <summary>
## Relabel packets to repository_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_repository_client_packets',`
gen_require(`
type repository_client_packet_t;
')
allow $1 repository_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send repository_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_repository_server_packets',`
gen_require(`
type repository_server_packet_t;
')
allow $1 repository_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send repository_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_repository_server_packets',`
gen_require(`
type repository_server_packet_t;
')
dontaudit $1 repository_server_packet_t:packet send;
')
########################################
## <summary>
## Receive repository_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_repository_server_packets',`
gen_require(`
type repository_server_packet_t;
')
allow $1 repository_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive repository_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_repository_server_packets',`
gen_require(`
type repository_server_packet_t;
')
dontaudit $1 repository_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive repository_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_repository_server_packets',`
corenet_send_repository_server_packets($1)
corenet_receive_repository_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive repository_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_repository_server_packets',`
corenet_dontaudit_send_repository_server_packets($1)
corenet_dontaudit_receive_repository_server_packets($1)
')
########################################
## <summary>
## Relabel packets to repository_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_repository_server_packets',`
gen_require(`
type repository_server_packet_t;
')
allow $1 repository_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ricci_port',`
gen_require(`
type ricci_port_t;
')
allow $1 ricci_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ricci_port',`
gen_require(`
type ricci_port_t;
')
allow $1 ricci_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ricci_port',`
gen_require(`
type ricci_port_t;
')
dontaudit $1 ricci_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ricci_port',`
gen_require(`
type ricci_port_t;
')
allow $1 ricci_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ricci_port',`
gen_require(`
type ricci_port_t;
')
dontaudit $1 ricci_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ricci_port',`
corenet_udp_send_ricci_port($1)
corenet_udp_receive_ricci_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ricci_port',`
corenet_dontaudit_udp_send_ricci_port($1)
corenet_dontaudit_udp_receive_ricci_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ricci_port',`
gen_require(`
type ricci_port_t;
')
allow $1 ricci_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ricci_port',`
gen_require(`
type ricci_port_t;
')
allow $1 ricci_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ricci_port',`
gen_require(`
type ricci_port_t;
')
dontaudit $1 ricci_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ricci_port',`
gen_require(`
type ricci_port_t;
')
allow $1 ricci_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ricci port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ricci_port',`
gen_require(`
type ricci_port_t;
')
dontaudit $1 ricci_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ricci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ricci_client_packets',`
gen_require(`
type ricci_client_packet_t;
')
allow $1 ricci_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ricci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ricci_client_packets',`
gen_require(`
type ricci_client_packet_t;
')
dontaudit $1 ricci_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ricci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ricci_client_packets',`
gen_require(`
type ricci_client_packet_t;
')
allow $1 ricci_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ricci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ricci_client_packets',`
gen_require(`
type ricci_client_packet_t;
')
dontaudit $1 ricci_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ricci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ricci_client_packets',`
corenet_send_ricci_client_packets($1)
corenet_receive_ricci_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ricci_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ricci_client_packets',`
corenet_dontaudit_send_ricci_client_packets($1)
corenet_dontaudit_receive_ricci_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ricci_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ricci_client_packets',`
gen_require(`
type ricci_client_packet_t;
')
allow $1 ricci_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ricci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ricci_server_packets',`
gen_require(`
type ricci_server_packet_t;
')
allow $1 ricci_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ricci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ricci_server_packets',`
gen_require(`
type ricci_server_packet_t;
')
dontaudit $1 ricci_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ricci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ricci_server_packets',`
gen_require(`
type ricci_server_packet_t;
')
allow $1 ricci_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ricci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ricci_server_packets',`
gen_require(`
type ricci_server_packet_t;
')
dontaudit $1 ricci_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ricci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ricci_server_packets',`
corenet_send_ricci_server_packets($1)
corenet_receive_ricci_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ricci_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ricci_server_packets',`
corenet_dontaudit_send_ricci_server_packets($1)
corenet_dontaudit_receive_ricci_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ricci_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ricci_server_packets',`
gen_require(`
type ricci_server_packet_t;
')
allow $1 ricci_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ricci_modcluster_port',`
gen_require(`
type ricci_modcluster_port_t;
')
allow $1 ricci_modcluster_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ricci_modcluster_port',`
gen_require(`
type ricci_modcluster_port_t;
')
allow $1 ricci_modcluster_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ricci_modcluster_port',`
gen_require(`
type ricci_modcluster_port_t;
')
dontaudit $1 ricci_modcluster_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ricci_modcluster_port',`
gen_require(`
type ricci_modcluster_port_t;
')
allow $1 ricci_modcluster_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ricci_modcluster_port',`
gen_require(`
type ricci_modcluster_port_t;
')
dontaudit $1 ricci_modcluster_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ricci_modcluster_port',`
corenet_udp_send_ricci_modcluster_port($1)
corenet_udp_receive_ricci_modcluster_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ricci_modcluster_port',`
corenet_dontaudit_udp_send_ricci_modcluster_port($1)
corenet_dontaudit_udp_receive_ricci_modcluster_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ricci_modcluster_port',`
gen_require(`
type ricci_modcluster_port_t;
')
allow $1 ricci_modcluster_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ricci_modcluster_port',`
gen_require(`
type ricci_modcluster_port_t;
')
allow $1 ricci_modcluster_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ricci_modcluster_port',`
gen_require(`
type ricci_modcluster_port_t;
')
dontaudit $1 ricci_modcluster_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ricci_modcluster_port',`
gen_require(`
type ricci_modcluster_port_t;
')
allow $1 ricci_modcluster_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ricci_modcluster port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ricci_modcluster_port',`
gen_require(`
type ricci_modcluster_port_t;
')
dontaudit $1 ricci_modcluster_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ricci_modcluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ricci_modcluster_client_packets',`
gen_require(`
type ricci_modcluster_client_packet_t;
')
allow $1 ricci_modcluster_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ricci_modcluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ricci_modcluster_client_packets',`
gen_require(`
type ricci_modcluster_client_packet_t;
')
dontaudit $1 ricci_modcluster_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ricci_modcluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ricci_modcluster_client_packets',`
gen_require(`
type ricci_modcluster_client_packet_t;
')
allow $1 ricci_modcluster_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ricci_modcluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ricci_modcluster_client_packets',`
gen_require(`
type ricci_modcluster_client_packet_t;
')
dontaudit $1 ricci_modcluster_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ricci_modcluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ricci_modcluster_client_packets',`
corenet_send_ricci_modcluster_client_packets($1)
corenet_receive_ricci_modcluster_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ricci_modcluster_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ricci_modcluster_client_packets',`
corenet_dontaudit_send_ricci_modcluster_client_packets($1)
corenet_dontaudit_receive_ricci_modcluster_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ricci_modcluster_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ricci_modcluster_client_packets',`
gen_require(`
type ricci_modcluster_client_packet_t;
')
allow $1 ricci_modcluster_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ricci_modcluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ricci_modcluster_server_packets',`
gen_require(`
type ricci_modcluster_server_packet_t;
')
allow $1 ricci_modcluster_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ricci_modcluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ricci_modcluster_server_packets',`
gen_require(`
type ricci_modcluster_server_packet_t;
')
dontaudit $1 ricci_modcluster_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ricci_modcluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ricci_modcluster_server_packets',`
gen_require(`
type ricci_modcluster_server_packet_t;
')
allow $1 ricci_modcluster_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ricci_modcluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ricci_modcluster_server_packets',`
gen_require(`
type ricci_modcluster_server_packet_t;
')
dontaudit $1 ricci_modcluster_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ricci_modcluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ricci_modcluster_server_packets',`
corenet_send_ricci_modcluster_server_packets($1)
corenet_receive_ricci_modcluster_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ricci_modcluster_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ricci_modcluster_server_packets',`
corenet_dontaudit_send_ricci_modcluster_server_packets($1)
corenet_dontaudit_receive_ricci_modcluster_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ricci_modcluster_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ricci_modcluster_server_packets',`
gen_require(`
type ricci_modcluster_server_packet_t;
')
allow $1 ricci_modcluster_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_rlogind_port',`
gen_require(`
type rlogind_port_t;
')
allow $1 rlogind_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_rlogind_port',`
gen_require(`
type rlogind_port_t;
')
allow $1 rlogind_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_rlogind_port',`
gen_require(`
type rlogind_port_t;
')
dontaudit $1 rlogind_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_rlogind_port',`
gen_require(`
type rlogind_port_t;
')
allow $1 rlogind_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_rlogind_port',`
gen_require(`
type rlogind_port_t;
')
dontaudit $1 rlogind_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_rlogind_port',`
corenet_udp_send_rlogind_port($1)
corenet_udp_receive_rlogind_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_rlogind_port',`
corenet_dontaudit_udp_send_rlogind_port($1)
corenet_dontaudit_udp_receive_rlogind_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_rlogind_port',`
gen_require(`
type rlogind_port_t;
')
allow $1 rlogind_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_rlogind_port',`
gen_require(`
type rlogind_port_t;
')
allow $1 rlogind_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_rlogind_port',`
gen_require(`
type rlogind_port_t;
')
dontaudit $1 rlogind_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_rlogind_port',`
gen_require(`
type rlogind_port_t;
')
allow $1 rlogind_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to rlogind port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_rlogind_port',`
gen_require(`
type rlogind_port_t;
')
dontaudit $1 rlogind_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send rlogind_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rlogind_client_packets',`
gen_require(`
type rlogind_client_packet_t;
')
allow $1 rlogind_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rlogind_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rlogind_client_packets',`
gen_require(`
type rlogind_client_packet_t;
')
dontaudit $1 rlogind_client_packet_t:packet send;
')
########################################
## <summary>
## Receive rlogind_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rlogind_client_packets',`
gen_require(`
type rlogind_client_packet_t;
')
allow $1 rlogind_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rlogind_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rlogind_client_packets',`
gen_require(`
type rlogind_client_packet_t;
')
dontaudit $1 rlogind_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rlogind_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rlogind_client_packets',`
corenet_send_rlogind_client_packets($1)
corenet_receive_rlogind_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rlogind_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rlogind_client_packets',`
corenet_dontaudit_send_rlogind_client_packets($1)
corenet_dontaudit_receive_rlogind_client_packets($1)
')
########################################
## <summary>
## Relabel packets to rlogind_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rlogind_client_packets',`
gen_require(`
type rlogind_client_packet_t;
')
allow $1 rlogind_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send rlogind_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rlogind_server_packets',`
gen_require(`
type rlogind_server_packet_t;
')
allow $1 rlogind_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rlogind_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rlogind_server_packets',`
gen_require(`
type rlogind_server_packet_t;
')
dontaudit $1 rlogind_server_packet_t:packet send;
')
########################################
## <summary>
## Receive rlogind_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rlogind_server_packets',`
gen_require(`
type rlogind_server_packet_t;
')
allow $1 rlogind_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rlogind_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rlogind_server_packets',`
gen_require(`
type rlogind_server_packet_t;
')
dontaudit $1 rlogind_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rlogind_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rlogind_server_packets',`
corenet_send_rlogind_server_packets($1)
corenet_receive_rlogind_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rlogind_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rlogind_server_packets',`
corenet_dontaudit_send_rlogind_server_packets($1)
corenet_dontaudit_receive_rlogind_server_packets($1)
')
########################################
## <summary>
## Relabel packets to rlogind_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rlogind_server_packets',`
gen_require(`
type rlogind_server_packet_t;
')
allow $1 rlogind_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_rndc_port',`
gen_require(`
type rndc_port_t;
')
allow $1 rndc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_rndc_port',`
gen_require(`
type rndc_port_t;
')
allow $1 rndc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_rndc_port',`
gen_require(`
type rndc_port_t;
')
dontaudit $1 rndc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_rndc_port',`
gen_require(`
type rndc_port_t;
')
allow $1 rndc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_rndc_port',`
gen_require(`
type rndc_port_t;
')
dontaudit $1 rndc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_rndc_port',`
corenet_udp_send_rndc_port($1)
corenet_udp_receive_rndc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_rndc_port',`
corenet_dontaudit_udp_send_rndc_port($1)
corenet_dontaudit_udp_receive_rndc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_rndc_port',`
gen_require(`
type rndc_port_t;
')
allow $1 rndc_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_rndc_port',`
gen_require(`
type rndc_port_t;
')
allow $1 rndc_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_rndc_port',`
gen_require(`
type rndc_port_t;
')
dontaudit $1 rndc_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_rndc_port',`
gen_require(`
type rndc_port_t;
')
allow $1 rndc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to rndc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_rndc_port',`
gen_require(`
type rndc_port_t;
')
dontaudit $1 rndc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send rndc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rndc_client_packets',`
gen_require(`
type rndc_client_packet_t;
')
allow $1 rndc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rndc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rndc_client_packets',`
gen_require(`
type rndc_client_packet_t;
')
dontaudit $1 rndc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive rndc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rndc_client_packets',`
gen_require(`
type rndc_client_packet_t;
')
allow $1 rndc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rndc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rndc_client_packets',`
gen_require(`
type rndc_client_packet_t;
')
dontaudit $1 rndc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rndc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rndc_client_packets',`
corenet_send_rndc_client_packets($1)
corenet_receive_rndc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rndc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rndc_client_packets',`
corenet_dontaudit_send_rndc_client_packets($1)
corenet_dontaudit_receive_rndc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to rndc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rndc_client_packets',`
gen_require(`
type rndc_client_packet_t;
')
allow $1 rndc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send rndc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rndc_server_packets',`
gen_require(`
type rndc_server_packet_t;
')
allow $1 rndc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rndc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rndc_server_packets',`
gen_require(`
type rndc_server_packet_t;
')
dontaudit $1 rndc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive rndc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rndc_server_packets',`
gen_require(`
type rndc_server_packet_t;
')
allow $1 rndc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rndc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rndc_server_packets',`
gen_require(`
type rndc_server_packet_t;
')
dontaudit $1 rndc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rndc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rndc_server_packets',`
corenet_send_rndc_server_packets($1)
corenet_receive_rndc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rndc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rndc_server_packets',`
corenet_dontaudit_send_rndc_server_packets($1)
corenet_dontaudit_receive_rndc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to rndc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rndc_server_packets',`
gen_require(`
type rndc_server_packet_t;
')
allow $1 rndc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_router_port',`
gen_require(`
type router_port_t;
')
allow $1 router_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_router_port',`
gen_require(`
type router_port_t;
')
allow $1 router_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_router_port',`
gen_require(`
type router_port_t;
')
dontaudit $1 router_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_router_port',`
gen_require(`
type router_port_t;
')
allow $1 router_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_router_port',`
gen_require(`
type router_port_t;
')
dontaudit $1 router_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_router_port',`
corenet_udp_send_router_port($1)
corenet_udp_receive_router_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_router_port',`
corenet_dontaudit_udp_send_router_port($1)
corenet_dontaudit_udp_receive_router_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_router_port',`
gen_require(`
type router_port_t;
')
allow $1 router_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_router_port',`
gen_require(`
type router_port_t;
')
allow $1 router_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to router port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_router_port',`
gen_require(`
type router_port_t;
')
dontaudit $1 router_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_router_port',`
gen_require(`
type router_port_t;
')
allow $1 router_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to router port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_router_port',`
gen_require(`
type router_port_t;
')
dontaudit $1 router_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_router_client_packets',`
gen_require(`
type router_client_packet_t;
')
allow $1 router_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_router_client_packets',`
gen_require(`
type router_client_packet_t;
')
dontaudit $1 router_client_packet_t:packet send;
')
########################################
## <summary>
## Receive router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_router_client_packets',`
gen_require(`
type router_client_packet_t;
')
allow $1 router_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_router_client_packets',`
gen_require(`
type router_client_packet_t;
')
dontaudit $1 router_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_router_client_packets',`
corenet_send_router_client_packets($1)
corenet_receive_router_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive router_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_router_client_packets',`
corenet_dontaudit_send_router_client_packets($1)
corenet_dontaudit_receive_router_client_packets($1)
')
########################################
## <summary>
## Relabel packets to router_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_router_client_packets',`
gen_require(`
type router_client_packet_t;
')
allow $1 router_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_router_server_packets',`
gen_require(`
type router_server_packet_t;
')
allow $1 router_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_router_server_packets',`
gen_require(`
type router_server_packet_t;
')
dontaudit $1 router_server_packet_t:packet send;
')
########################################
## <summary>
## Receive router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_router_server_packets',`
gen_require(`
type router_server_packet_t;
')
allow $1 router_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_router_server_packets',`
gen_require(`
type router_server_packet_t;
')
dontaudit $1 router_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_router_server_packets',`
corenet_send_router_server_packets($1)
corenet_receive_router_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive router_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_router_server_packets',`
corenet_dontaudit_send_router_server_packets($1)
corenet_dontaudit_receive_router_server_packets($1)
')
########################################
## <summary>
## Relabel packets to router_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_router_server_packets',`
gen_require(`
type router_server_packet_t;
')
allow $1 router_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_rsh_port',`
gen_require(`
type rsh_port_t;
')
allow $1 rsh_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_rsh_port',`
gen_require(`
type rsh_port_t;
')
allow $1 rsh_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_rsh_port',`
gen_require(`
type rsh_port_t;
')
dontaudit $1 rsh_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_rsh_port',`
gen_require(`
type rsh_port_t;
')
allow $1 rsh_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_rsh_port',`
gen_require(`
type rsh_port_t;
')
dontaudit $1 rsh_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_rsh_port',`
corenet_udp_send_rsh_port($1)
corenet_udp_receive_rsh_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_rsh_port',`
corenet_dontaudit_udp_send_rsh_port($1)
corenet_dontaudit_udp_receive_rsh_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_rsh_port',`
gen_require(`
type rsh_port_t;
')
allow $1 rsh_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_rsh_port',`
gen_require(`
type rsh_port_t;
')
allow $1 rsh_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_rsh_port',`
gen_require(`
type rsh_port_t;
')
dontaudit $1 rsh_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_rsh_port',`
gen_require(`
type rsh_port_t;
')
allow $1 rsh_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to rsh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_rsh_port',`
gen_require(`
type rsh_port_t;
')
dontaudit $1 rsh_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send rsh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rsh_client_packets',`
gen_require(`
type rsh_client_packet_t;
')
allow $1 rsh_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rsh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rsh_client_packets',`
gen_require(`
type rsh_client_packet_t;
')
dontaudit $1 rsh_client_packet_t:packet send;
')
########################################
## <summary>
## Receive rsh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rsh_client_packets',`
gen_require(`
type rsh_client_packet_t;
')
allow $1 rsh_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rsh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rsh_client_packets',`
gen_require(`
type rsh_client_packet_t;
')
dontaudit $1 rsh_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rsh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rsh_client_packets',`
corenet_send_rsh_client_packets($1)
corenet_receive_rsh_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rsh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rsh_client_packets',`
corenet_dontaudit_send_rsh_client_packets($1)
corenet_dontaudit_receive_rsh_client_packets($1)
')
########################################
## <summary>
## Relabel packets to rsh_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rsh_client_packets',`
gen_require(`
type rsh_client_packet_t;
')
allow $1 rsh_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send rsh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rsh_server_packets',`
gen_require(`
type rsh_server_packet_t;
')
allow $1 rsh_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rsh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rsh_server_packets',`
gen_require(`
type rsh_server_packet_t;
')
dontaudit $1 rsh_server_packet_t:packet send;
')
########################################
## <summary>
## Receive rsh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rsh_server_packets',`
gen_require(`
type rsh_server_packet_t;
')
allow $1 rsh_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rsh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rsh_server_packets',`
gen_require(`
type rsh_server_packet_t;
')
dontaudit $1 rsh_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rsh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rsh_server_packets',`
corenet_send_rsh_server_packets($1)
corenet_receive_rsh_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rsh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rsh_server_packets',`
corenet_dontaudit_send_rsh_server_packets($1)
corenet_dontaudit_receive_rsh_server_packets($1)
')
########################################
## <summary>
## Relabel packets to rsh_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rsh_server_packets',`
gen_require(`
type rsh_server_packet_t;
')
allow $1 rsh_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_rsync_port',`
gen_require(`
type rsync_port_t;
')
allow $1 rsync_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_rsync_port',`
gen_require(`
type rsync_port_t;
')
allow $1 rsync_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_rsync_port',`
gen_require(`
type rsync_port_t;
')
dontaudit $1 rsync_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_rsync_port',`
gen_require(`
type rsync_port_t;
')
allow $1 rsync_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_rsync_port',`
gen_require(`
type rsync_port_t;
')
dontaudit $1 rsync_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_rsync_port',`
corenet_udp_send_rsync_port($1)
corenet_udp_receive_rsync_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_rsync_port',`
corenet_dontaudit_udp_send_rsync_port($1)
corenet_dontaudit_udp_receive_rsync_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_rsync_port',`
gen_require(`
type rsync_port_t;
')
allow $1 rsync_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_rsync_port',`
gen_require(`
type rsync_port_t;
')
allow $1 rsync_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_rsync_port',`
gen_require(`
type rsync_port_t;
')
dontaudit $1 rsync_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_rsync_port',`
gen_require(`
type rsync_port_t;
')
allow $1 rsync_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to rsync port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_rsync_port',`
gen_require(`
type rsync_port_t;
')
dontaudit $1 rsync_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send rsync_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rsync_client_packets',`
gen_require(`
type rsync_client_packet_t;
')
allow $1 rsync_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rsync_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rsync_client_packets',`
gen_require(`
type rsync_client_packet_t;
')
dontaudit $1 rsync_client_packet_t:packet send;
')
########################################
## <summary>
## Receive rsync_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rsync_client_packets',`
gen_require(`
type rsync_client_packet_t;
')
allow $1 rsync_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rsync_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rsync_client_packets',`
gen_require(`
type rsync_client_packet_t;
')
dontaudit $1 rsync_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rsync_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rsync_client_packets',`
corenet_send_rsync_client_packets($1)
corenet_receive_rsync_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rsync_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rsync_client_packets',`
corenet_dontaudit_send_rsync_client_packets($1)
corenet_dontaudit_receive_rsync_client_packets($1)
')
########################################
## <summary>
## Relabel packets to rsync_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rsync_client_packets',`
gen_require(`
type rsync_client_packet_t;
')
allow $1 rsync_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send rsync_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rsync_server_packets',`
gen_require(`
type rsync_server_packet_t;
')
allow $1 rsync_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rsync_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rsync_server_packets',`
gen_require(`
type rsync_server_packet_t;
')
dontaudit $1 rsync_server_packet_t:packet send;
')
########################################
## <summary>
## Receive rsync_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rsync_server_packets',`
gen_require(`
type rsync_server_packet_t;
')
allow $1 rsync_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rsync_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rsync_server_packets',`
gen_require(`
type rsync_server_packet_t;
')
dontaudit $1 rsync_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rsync_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rsync_server_packets',`
corenet_send_rsync_server_packets($1)
corenet_receive_rsync_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rsync_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rsync_server_packets',`
corenet_dontaudit_send_rsync_server_packets($1)
corenet_dontaudit_receive_rsync_server_packets($1)
')
########################################
## <summary>
## Relabel packets to rsync_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rsync_server_packets',`
gen_require(`
type rsync_server_packet_t;
')
allow $1 rsync_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the rtp_media port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_rtp_media_port',`
gen_require(`
type rtp_media_port_t;
')
allow $1 rtp_media_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the rtp_media port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_rtp_media_port',`
gen_require(`
type rtp_media_port_t;
')
allow $1 rtp_media_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the rtp_media port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_rtp_media_port',`
gen_require(`
type rtp_media_port_t;
')
dontaudit $1 rtp_media_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the rtp_media port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_rtp_media_port',`
gen_require(`
type rtp_media_port_t;
')
allow $1 rtp_media_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the rtp_media port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_rtp_media_port',`
gen_require(`
type rtp_media_port_t;
')
dontaudit $1 rtp_media_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the rtp_media port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_rtp_media_port',`
corenet_udp_send_rtp_media_port($1)
corenet_udp_receive_rtp_media_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the rtp_media port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_rtp_media_port',`
corenet_dontaudit_udp_send_rtp_media_port($1)
corenet_dontaudit_udp_receive_rtp_media_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the rtp_media port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_rtp_media_port',`
gen_require(`
type rtp_media_port_t;
')
allow $1 rtp_media_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the rtp_media port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_rtp_media_port',`
gen_require(`
type rtp_media_port_t;
')
allow $1 rtp_media_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to rtp_media port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_rtp_media_port',`
gen_require(`
type rtp_media_port_t;
')
dontaudit $1 rtp_media_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the rtp_media port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_rtp_media_port',`
gen_require(`
type rtp_media_port_t;
')
allow $1 rtp_media_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to rtp_media port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_rtp_media_port',`
gen_require(`
type rtp_media_port_t;
')
dontaudit $1 rtp_media_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send rtp_media_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rtp_media_client_packets',`
gen_require(`
type rtp_media_client_packet_t;
')
allow $1 rtp_media_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rtp_media_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rtp_media_client_packets',`
gen_require(`
type rtp_media_client_packet_t;
')
dontaudit $1 rtp_media_client_packet_t:packet send;
')
########################################
## <summary>
## Receive rtp_media_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rtp_media_client_packets',`
gen_require(`
type rtp_media_client_packet_t;
')
allow $1 rtp_media_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rtp_media_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rtp_media_client_packets',`
gen_require(`
type rtp_media_client_packet_t;
')
dontaudit $1 rtp_media_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rtp_media_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rtp_media_client_packets',`
corenet_send_rtp_media_client_packets($1)
corenet_receive_rtp_media_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rtp_media_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rtp_media_client_packets',`
corenet_dontaudit_send_rtp_media_client_packets($1)
corenet_dontaudit_receive_rtp_media_client_packets($1)
')
########################################
## <summary>
## Relabel packets to rtp_media_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rtp_media_client_packets',`
gen_require(`
type rtp_media_client_packet_t;
')
allow $1 rtp_media_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send rtp_media_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rtp_media_server_packets',`
gen_require(`
type rtp_media_server_packet_t;
')
allow $1 rtp_media_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rtp_media_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rtp_media_server_packets',`
gen_require(`
type rtp_media_server_packet_t;
')
dontaudit $1 rtp_media_server_packet_t:packet send;
')
########################################
## <summary>
## Receive rtp_media_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rtp_media_server_packets',`
gen_require(`
type rtp_media_server_packet_t;
')
allow $1 rtp_media_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rtp_media_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rtp_media_server_packets',`
gen_require(`
type rtp_media_server_packet_t;
')
dontaudit $1 rtp_media_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rtp_media_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rtp_media_server_packets',`
corenet_send_rtp_media_server_packets($1)
corenet_receive_rtp_media_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rtp_media_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rtp_media_server_packets',`
corenet_dontaudit_send_rtp_media_server_packets($1)
corenet_dontaudit_receive_rtp_media_server_packets($1)
')
########################################
## <summary>
## Relabel packets to rtp_media_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rtp_media_server_packets',`
gen_require(`
type rtp_media_server_packet_t;
')
allow $1 rtp_media_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the rtsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_rtsp_port',`
gen_require(`
type rtsp_port_t;
')
allow $1 rtsp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the rtsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_rtsp_port',`
gen_require(`
type rtsp_port_t;
')
allow $1 rtsp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the rtsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_rtsp_port',`
gen_require(`
type rtsp_port_t;
')
dontaudit $1 rtsp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the rtsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_rtsp_port',`
gen_require(`
type rtsp_port_t;
')
allow $1 rtsp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the rtsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_rtsp_port',`
gen_require(`
type rtsp_port_t;
')
dontaudit $1 rtsp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the rtsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_rtsp_port',`
corenet_udp_send_rtsp_port($1)
corenet_udp_receive_rtsp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the rtsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_rtsp_port',`
corenet_dontaudit_udp_send_rtsp_port($1)
corenet_dontaudit_udp_receive_rtsp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the rtsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_rtsp_port',`
gen_require(`
type rtsp_port_t;
')
allow $1 rtsp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the rtsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_rtsp_port',`
gen_require(`
type rtsp_port_t;
')
allow $1 rtsp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to rtsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_rtsp_port',`
gen_require(`
type rtsp_port_t;
')
dontaudit $1 rtsp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the rtsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_rtsp_port',`
gen_require(`
type rtsp_port_t;
')
allow $1 rtsp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to rtsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_rtsp_port',`
gen_require(`
type rtsp_port_t;
')
dontaudit $1 rtsp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send rtsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rtsp_client_packets',`
gen_require(`
type rtsp_client_packet_t;
')
allow $1 rtsp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rtsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rtsp_client_packets',`
gen_require(`
type rtsp_client_packet_t;
')
dontaudit $1 rtsp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive rtsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rtsp_client_packets',`
gen_require(`
type rtsp_client_packet_t;
')
allow $1 rtsp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rtsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rtsp_client_packets',`
gen_require(`
type rtsp_client_packet_t;
')
dontaudit $1 rtsp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rtsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rtsp_client_packets',`
corenet_send_rtsp_client_packets($1)
corenet_receive_rtsp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rtsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rtsp_client_packets',`
corenet_dontaudit_send_rtsp_client_packets($1)
corenet_dontaudit_receive_rtsp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to rtsp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rtsp_client_packets',`
gen_require(`
type rtsp_client_packet_t;
')
allow $1 rtsp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send rtsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rtsp_server_packets',`
gen_require(`
type rtsp_server_packet_t;
')
allow $1 rtsp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rtsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rtsp_server_packets',`
gen_require(`
type rtsp_server_packet_t;
')
dontaudit $1 rtsp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive rtsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rtsp_server_packets',`
gen_require(`
type rtsp_server_packet_t;
')
allow $1 rtsp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rtsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rtsp_server_packets',`
gen_require(`
type rtsp_server_packet_t;
')
dontaudit $1 rtsp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rtsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rtsp_server_packets',`
corenet_send_rtsp_server_packets($1)
corenet_receive_rtsp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rtsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rtsp_server_packets',`
corenet_dontaudit_send_rtsp_server_packets($1)
corenet_dontaudit_receive_rtsp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to rtsp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rtsp_server_packets',`
gen_require(`
type rtsp_server_packet_t;
')
allow $1 rtsp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_rwho_port',`
gen_require(`
type rwho_port_t;
')
allow $1 rwho_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_rwho_port',`
gen_require(`
type rwho_port_t;
')
allow $1 rwho_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_rwho_port',`
gen_require(`
type rwho_port_t;
')
dontaudit $1 rwho_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_rwho_port',`
gen_require(`
type rwho_port_t;
')
allow $1 rwho_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_rwho_port',`
gen_require(`
type rwho_port_t;
')
dontaudit $1 rwho_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_rwho_port',`
corenet_udp_send_rwho_port($1)
corenet_udp_receive_rwho_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_rwho_port',`
corenet_dontaudit_udp_send_rwho_port($1)
corenet_dontaudit_udp_receive_rwho_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_rwho_port',`
gen_require(`
type rwho_port_t;
')
allow $1 rwho_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_rwho_port',`
gen_require(`
type rwho_port_t;
')
allow $1 rwho_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_rwho_port',`
gen_require(`
type rwho_port_t;
')
dontaudit $1 rwho_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_rwho_port',`
gen_require(`
type rwho_port_t;
')
allow $1 rwho_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to rwho port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_rwho_port',`
gen_require(`
type rwho_port_t;
')
dontaudit $1 rwho_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send rwho_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rwho_client_packets',`
gen_require(`
type rwho_client_packet_t;
')
allow $1 rwho_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rwho_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rwho_client_packets',`
gen_require(`
type rwho_client_packet_t;
')
dontaudit $1 rwho_client_packet_t:packet send;
')
########################################
## <summary>
## Receive rwho_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rwho_client_packets',`
gen_require(`
type rwho_client_packet_t;
')
allow $1 rwho_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rwho_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rwho_client_packets',`
gen_require(`
type rwho_client_packet_t;
')
dontaudit $1 rwho_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rwho_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rwho_client_packets',`
corenet_send_rwho_client_packets($1)
corenet_receive_rwho_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rwho_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rwho_client_packets',`
corenet_dontaudit_send_rwho_client_packets($1)
corenet_dontaudit_receive_rwho_client_packets($1)
')
########################################
## <summary>
## Relabel packets to rwho_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rwho_client_packets',`
gen_require(`
type rwho_client_packet_t;
')
allow $1 rwho_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send rwho_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_rwho_server_packets',`
gen_require(`
type rwho_server_packet_t;
')
allow $1 rwho_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send rwho_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_rwho_server_packets',`
gen_require(`
type rwho_server_packet_t;
')
dontaudit $1 rwho_server_packet_t:packet send;
')
########################################
## <summary>
## Receive rwho_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_rwho_server_packets',`
gen_require(`
type rwho_server_packet_t;
')
allow $1 rwho_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive rwho_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_rwho_server_packets',`
gen_require(`
type rwho_server_packet_t;
')
dontaudit $1 rwho_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive rwho_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_rwho_server_packets',`
corenet_send_rwho_server_packets($1)
corenet_receive_rwho_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive rwho_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_rwho_server_packets',`
corenet_dontaudit_send_rwho_server_packets($1)
corenet_dontaudit_receive_rwho_server_packets($1)
')
########################################
## <summary>
## Relabel packets to rwho_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_rwho_server_packets',`
gen_require(`
type rwho_server_packet_t;
')
allow $1 rwho_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the salt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_salt_port',`
gen_require(`
type salt_port_t;
')
allow $1 salt_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the salt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_salt_port',`
gen_require(`
type salt_port_t;
')
allow $1 salt_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the salt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_salt_port',`
gen_require(`
type salt_port_t;
')
dontaudit $1 salt_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the salt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_salt_port',`
gen_require(`
type salt_port_t;
')
allow $1 salt_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the salt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_salt_port',`
gen_require(`
type salt_port_t;
')
dontaudit $1 salt_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the salt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_salt_port',`
corenet_udp_send_salt_port($1)
corenet_udp_receive_salt_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the salt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_salt_port',`
corenet_dontaudit_udp_send_salt_port($1)
corenet_dontaudit_udp_receive_salt_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the salt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_salt_port',`
gen_require(`
type salt_port_t;
')
allow $1 salt_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the salt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_salt_port',`
gen_require(`
type salt_port_t;
')
allow $1 salt_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to salt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_salt_port',`
gen_require(`
type salt_port_t;
')
dontaudit $1 salt_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the salt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_salt_port',`
gen_require(`
type salt_port_t;
')
allow $1 salt_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to salt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_salt_port',`
gen_require(`
type salt_port_t;
')
dontaudit $1 salt_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send salt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_salt_client_packets',`
gen_require(`
type salt_client_packet_t;
')
allow $1 salt_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send salt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_salt_client_packets',`
gen_require(`
type salt_client_packet_t;
')
dontaudit $1 salt_client_packet_t:packet send;
')
########################################
## <summary>
## Receive salt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_salt_client_packets',`
gen_require(`
type salt_client_packet_t;
')
allow $1 salt_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive salt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_salt_client_packets',`
gen_require(`
type salt_client_packet_t;
')
dontaudit $1 salt_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive salt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_salt_client_packets',`
corenet_send_salt_client_packets($1)
corenet_receive_salt_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive salt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_salt_client_packets',`
corenet_dontaudit_send_salt_client_packets($1)
corenet_dontaudit_receive_salt_client_packets($1)
')
########################################
## <summary>
## Relabel packets to salt_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_salt_client_packets',`
gen_require(`
type salt_client_packet_t;
')
allow $1 salt_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send salt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_salt_server_packets',`
gen_require(`
type salt_server_packet_t;
')
allow $1 salt_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send salt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_salt_server_packets',`
gen_require(`
type salt_server_packet_t;
')
dontaudit $1 salt_server_packet_t:packet send;
')
########################################
## <summary>
## Receive salt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_salt_server_packets',`
gen_require(`
type salt_server_packet_t;
')
allow $1 salt_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive salt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_salt_server_packets',`
gen_require(`
type salt_server_packet_t;
')
dontaudit $1 salt_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive salt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_salt_server_packets',`
corenet_send_salt_server_packets($1)
corenet_receive_salt_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive salt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_salt_server_packets',`
corenet_dontaudit_send_salt_server_packets($1)
corenet_dontaudit_receive_salt_server_packets($1)
')
########################################
## <summary>
## Relabel packets to salt_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_salt_server_packets',`
gen_require(`
type salt_server_packet_t;
')
allow $1 salt_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_sap_port',`
gen_require(`
type sap_port_t;
')
allow $1 sap_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_sap_port',`
gen_require(`
type sap_port_t;
')
allow $1 sap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_sap_port',`
gen_require(`
type sap_port_t;
')
dontaudit $1 sap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_sap_port',`
gen_require(`
type sap_port_t;
')
allow $1 sap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_sap_port',`
gen_require(`
type sap_port_t;
')
dontaudit $1 sap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_sap_port',`
corenet_udp_send_sap_port($1)
corenet_udp_receive_sap_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_sap_port',`
corenet_dontaudit_udp_send_sap_port($1)
corenet_dontaudit_udp_receive_sap_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_sap_port',`
gen_require(`
type sap_port_t;
')
allow $1 sap_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_sap_port',`
gen_require(`
type sap_port_t;
')
allow $1 sap_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_sap_port',`
gen_require(`
type sap_port_t;
')
dontaudit $1 sap_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_sap_port',`
gen_require(`
type sap_port_t;
')
allow $1 sap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to sap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_sap_port',`
gen_require(`
type sap_port_t;
')
dontaudit $1 sap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send sap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sap_client_packets',`
gen_require(`
type sap_client_packet_t;
')
allow $1 sap_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sap_client_packets',`
gen_require(`
type sap_client_packet_t;
')
dontaudit $1 sap_client_packet_t:packet send;
')
########################################
## <summary>
## Receive sap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sap_client_packets',`
gen_require(`
type sap_client_packet_t;
')
allow $1 sap_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sap_client_packets',`
gen_require(`
type sap_client_packet_t;
')
dontaudit $1 sap_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sap_client_packets',`
corenet_send_sap_client_packets($1)
corenet_receive_sap_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sap_client_packets',`
corenet_dontaudit_send_sap_client_packets($1)
corenet_dontaudit_receive_sap_client_packets($1)
')
########################################
## <summary>
## Relabel packets to sap_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sap_client_packets',`
gen_require(`
type sap_client_packet_t;
')
allow $1 sap_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send sap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sap_server_packets',`
gen_require(`
type sap_server_packet_t;
')
allow $1 sap_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sap_server_packets',`
gen_require(`
type sap_server_packet_t;
')
dontaudit $1 sap_server_packet_t:packet send;
')
########################################
## <summary>
## Receive sap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sap_server_packets',`
gen_require(`
type sap_server_packet_t;
')
allow $1 sap_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sap_server_packets',`
gen_require(`
type sap_server_packet_t;
')
dontaudit $1 sap_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sap_server_packets',`
corenet_send_sap_server_packets($1)
corenet_receive_sap_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sap_server_packets',`
corenet_dontaudit_send_sap_server_packets($1)
corenet_dontaudit_receive_sap_server_packets($1)
')
########################################
## <summary>
## Relabel packets to sap_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sap_server_packets',`
gen_require(`
type sap_server_packet_t;
')
allow $1 sap_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_saphostctrl_port',`
gen_require(`
type saphostctrl_port_t;
')
allow $1 saphostctrl_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_saphostctrl_port',`
gen_require(`
type saphostctrl_port_t;
')
allow $1 saphostctrl_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_saphostctrl_port',`
gen_require(`
type saphostctrl_port_t;
')
dontaudit $1 saphostctrl_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_saphostctrl_port',`
gen_require(`
type saphostctrl_port_t;
')
allow $1 saphostctrl_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_saphostctrl_port',`
gen_require(`
type saphostctrl_port_t;
')
dontaudit $1 saphostctrl_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_saphostctrl_port',`
corenet_udp_send_saphostctrl_port($1)
corenet_udp_receive_saphostctrl_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_saphostctrl_port',`
corenet_dontaudit_udp_send_saphostctrl_port($1)
corenet_dontaudit_udp_receive_saphostctrl_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_saphostctrl_port',`
gen_require(`
type saphostctrl_port_t;
')
allow $1 saphostctrl_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_saphostctrl_port',`
gen_require(`
type saphostctrl_port_t;
')
allow $1 saphostctrl_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_saphostctrl_port',`
gen_require(`
type saphostctrl_port_t;
')
dontaudit $1 saphostctrl_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_saphostctrl_port',`
gen_require(`
type saphostctrl_port_t;
')
allow $1 saphostctrl_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to saphostctrl port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_saphostctrl_port',`
gen_require(`
type saphostctrl_port_t;
')
dontaudit $1 saphostctrl_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send saphostctrl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_saphostctrl_client_packets',`
gen_require(`
type saphostctrl_client_packet_t;
')
allow $1 saphostctrl_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send saphostctrl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_saphostctrl_client_packets',`
gen_require(`
type saphostctrl_client_packet_t;
')
dontaudit $1 saphostctrl_client_packet_t:packet send;
')
########################################
## <summary>
## Receive saphostctrl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_saphostctrl_client_packets',`
gen_require(`
type saphostctrl_client_packet_t;
')
allow $1 saphostctrl_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive saphostctrl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_saphostctrl_client_packets',`
gen_require(`
type saphostctrl_client_packet_t;
')
dontaudit $1 saphostctrl_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive saphostctrl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_saphostctrl_client_packets',`
corenet_send_saphostctrl_client_packets($1)
corenet_receive_saphostctrl_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive saphostctrl_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_saphostctrl_client_packets',`
corenet_dontaudit_send_saphostctrl_client_packets($1)
corenet_dontaudit_receive_saphostctrl_client_packets($1)
')
########################################
## <summary>
## Relabel packets to saphostctrl_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_saphostctrl_client_packets',`
gen_require(`
type saphostctrl_client_packet_t;
')
allow $1 saphostctrl_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send saphostctrl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_saphostctrl_server_packets',`
gen_require(`
type saphostctrl_server_packet_t;
')
allow $1 saphostctrl_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send saphostctrl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_saphostctrl_server_packets',`
gen_require(`
type saphostctrl_server_packet_t;
')
dontaudit $1 saphostctrl_server_packet_t:packet send;
')
########################################
## <summary>
## Receive saphostctrl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_saphostctrl_server_packets',`
gen_require(`
type saphostctrl_server_packet_t;
')
allow $1 saphostctrl_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive saphostctrl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_saphostctrl_server_packets',`
gen_require(`
type saphostctrl_server_packet_t;
')
dontaudit $1 saphostctrl_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive saphostctrl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_saphostctrl_server_packets',`
corenet_send_saphostctrl_server_packets($1)
corenet_receive_saphostctrl_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive saphostctrl_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_saphostctrl_server_packets',`
corenet_dontaudit_send_saphostctrl_server_packets($1)
corenet_dontaudit_receive_saphostctrl_server_packets($1)
')
########################################
## <summary>
## Relabel packets to saphostctrl_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_saphostctrl_server_packets',`
gen_require(`
type saphostctrl_server_packet_t;
')
allow $1 saphostctrl_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the servistaitsm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_servistaitsm_port',`
gen_require(`
type servistaitsm_port_t;
')
allow $1 servistaitsm_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the servistaitsm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_servistaitsm_port',`
gen_require(`
type servistaitsm_port_t;
')
allow $1 servistaitsm_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the servistaitsm port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_servistaitsm_port',`
gen_require(`
type servistaitsm_port_t;
')
dontaudit $1 servistaitsm_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the servistaitsm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_servistaitsm_port',`
gen_require(`
type servistaitsm_port_t;
')
allow $1 servistaitsm_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the servistaitsm port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_servistaitsm_port',`
gen_require(`
type servistaitsm_port_t;
')
dontaudit $1 servistaitsm_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the servistaitsm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_servistaitsm_port',`
corenet_udp_send_servistaitsm_port($1)
corenet_udp_receive_servistaitsm_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the servistaitsm port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_servistaitsm_port',`
corenet_dontaudit_udp_send_servistaitsm_port($1)
corenet_dontaudit_udp_receive_servistaitsm_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the servistaitsm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_servistaitsm_port',`
gen_require(`
type servistaitsm_port_t;
')
allow $1 servistaitsm_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the servistaitsm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_servistaitsm_port',`
gen_require(`
type servistaitsm_port_t;
')
allow $1 servistaitsm_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to servistaitsm port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_servistaitsm_port',`
gen_require(`
type servistaitsm_port_t;
')
dontaudit $1 servistaitsm_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the servistaitsm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_servistaitsm_port',`
gen_require(`
type servistaitsm_port_t;
')
allow $1 servistaitsm_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to servistaitsm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_servistaitsm_port',`
gen_require(`
type servistaitsm_port_t;
')
dontaudit $1 servistaitsm_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send servistaitsm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_servistaitsm_client_packets',`
gen_require(`
type servistaitsm_client_packet_t;
')
allow $1 servistaitsm_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send servistaitsm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_servistaitsm_client_packets',`
gen_require(`
type servistaitsm_client_packet_t;
')
dontaudit $1 servistaitsm_client_packet_t:packet send;
')
########################################
## <summary>
## Receive servistaitsm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_servistaitsm_client_packets',`
gen_require(`
type servistaitsm_client_packet_t;
')
allow $1 servistaitsm_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive servistaitsm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_servistaitsm_client_packets',`
gen_require(`
type servistaitsm_client_packet_t;
')
dontaudit $1 servistaitsm_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive servistaitsm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_servistaitsm_client_packets',`
corenet_send_servistaitsm_client_packets($1)
corenet_receive_servistaitsm_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive servistaitsm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_servistaitsm_client_packets',`
corenet_dontaudit_send_servistaitsm_client_packets($1)
corenet_dontaudit_receive_servistaitsm_client_packets($1)
')
########################################
## <summary>
## Relabel packets to servistaitsm_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_servistaitsm_client_packets',`
gen_require(`
type servistaitsm_client_packet_t;
')
allow $1 servistaitsm_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send servistaitsm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_servistaitsm_server_packets',`
gen_require(`
type servistaitsm_server_packet_t;
')
allow $1 servistaitsm_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send servistaitsm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_servistaitsm_server_packets',`
gen_require(`
type servistaitsm_server_packet_t;
')
dontaudit $1 servistaitsm_server_packet_t:packet send;
')
########################################
## <summary>
## Receive servistaitsm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_servistaitsm_server_packets',`
gen_require(`
type servistaitsm_server_packet_t;
')
allow $1 servistaitsm_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive servistaitsm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_servistaitsm_server_packets',`
gen_require(`
type servistaitsm_server_packet_t;
')
dontaudit $1 servistaitsm_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive servistaitsm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_servistaitsm_server_packets',`
corenet_send_servistaitsm_server_packets($1)
corenet_receive_servistaitsm_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive servistaitsm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_servistaitsm_server_packets',`
corenet_dontaudit_send_servistaitsm_server_packets($1)
corenet_dontaudit_receive_servistaitsm_server_packets($1)
')
########################################
## <summary>
## Relabel packets to servistaitsm_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_servistaitsm_server_packets',`
gen_require(`
type servistaitsm_server_packet_t;
')
allow $1 servistaitsm_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the sge port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_sge_port',`
gen_require(`
type sge_port_t;
')
allow $1 sge_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the sge port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_sge_port',`
gen_require(`
type sge_port_t;
')
allow $1 sge_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the sge port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_sge_port',`
gen_require(`
type sge_port_t;
')
dontaudit $1 sge_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the sge port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_sge_port',`
gen_require(`
type sge_port_t;
')
allow $1 sge_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the sge port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_sge_port',`
gen_require(`
type sge_port_t;
')
dontaudit $1 sge_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the sge port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_sge_port',`
corenet_udp_send_sge_port($1)
corenet_udp_receive_sge_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the sge port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_sge_port',`
corenet_dontaudit_udp_send_sge_port($1)
corenet_dontaudit_udp_receive_sge_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the sge port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_sge_port',`
gen_require(`
type sge_port_t;
')
allow $1 sge_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the sge port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_sge_port',`
gen_require(`
type sge_port_t;
')
allow $1 sge_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to sge port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_sge_port',`
gen_require(`
type sge_port_t;
')
dontaudit $1 sge_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the sge port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_sge_port',`
gen_require(`
type sge_port_t;
')
allow $1 sge_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to sge port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_sge_port',`
gen_require(`
type sge_port_t;
')
dontaudit $1 sge_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send sge_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sge_client_packets',`
gen_require(`
type sge_client_packet_t;
')
allow $1 sge_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sge_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sge_client_packets',`
gen_require(`
type sge_client_packet_t;
')
dontaudit $1 sge_client_packet_t:packet send;
')
########################################
## <summary>
## Receive sge_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sge_client_packets',`
gen_require(`
type sge_client_packet_t;
')
allow $1 sge_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sge_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sge_client_packets',`
gen_require(`
type sge_client_packet_t;
')
dontaudit $1 sge_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sge_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sge_client_packets',`
corenet_send_sge_client_packets($1)
corenet_receive_sge_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sge_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sge_client_packets',`
corenet_dontaudit_send_sge_client_packets($1)
corenet_dontaudit_receive_sge_client_packets($1)
')
########################################
## <summary>
## Relabel packets to sge_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sge_client_packets',`
gen_require(`
type sge_client_packet_t;
')
allow $1 sge_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send sge_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sge_server_packets',`
gen_require(`
type sge_server_packet_t;
')
allow $1 sge_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sge_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sge_server_packets',`
gen_require(`
type sge_server_packet_t;
')
dontaudit $1 sge_server_packet_t:packet send;
')
########################################
## <summary>
## Receive sge_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sge_server_packets',`
gen_require(`
type sge_server_packet_t;
')
allow $1 sge_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sge_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sge_server_packets',`
gen_require(`
type sge_server_packet_t;
')
dontaudit $1 sge_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sge_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sge_server_packets',`
corenet_send_sge_server_packets($1)
corenet_receive_sge_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sge_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sge_server_packets',`
corenet_dontaudit_send_sge_server_packets($1)
corenet_dontaudit_receive_sge_server_packets($1)
')
########################################
## <summary>
## Relabel packets to sge_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sge_server_packets',`
gen_require(`
type sge_server_packet_t;
')
allow $1 sge_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the shellinaboxd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_shellinaboxd_port',`
gen_require(`
type shellinaboxd_port_t;
')
allow $1 shellinaboxd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the shellinaboxd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_shellinaboxd_port',`
gen_require(`
type shellinaboxd_port_t;
')
allow $1 shellinaboxd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the shellinaboxd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_shellinaboxd_port',`
gen_require(`
type shellinaboxd_port_t;
')
dontaudit $1 shellinaboxd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the shellinaboxd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_shellinaboxd_port',`
gen_require(`
type shellinaboxd_port_t;
')
allow $1 shellinaboxd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the shellinaboxd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_shellinaboxd_port',`
gen_require(`
type shellinaboxd_port_t;
')
dontaudit $1 shellinaboxd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the shellinaboxd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_shellinaboxd_port',`
corenet_udp_send_shellinaboxd_port($1)
corenet_udp_receive_shellinaboxd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the shellinaboxd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_shellinaboxd_port',`
corenet_dontaudit_udp_send_shellinaboxd_port($1)
corenet_dontaudit_udp_receive_shellinaboxd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the shellinaboxd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_shellinaboxd_port',`
gen_require(`
type shellinaboxd_port_t;
')
allow $1 shellinaboxd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the shellinaboxd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_shellinaboxd_port',`
gen_require(`
type shellinaboxd_port_t;
')
allow $1 shellinaboxd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to shellinaboxd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_shellinaboxd_port',`
gen_require(`
type shellinaboxd_port_t;
')
dontaudit $1 shellinaboxd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the shellinaboxd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_shellinaboxd_port',`
gen_require(`
type shellinaboxd_port_t;
')
allow $1 shellinaboxd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to shellinaboxd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_shellinaboxd_port',`
gen_require(`
type shellinaboxd_port_t;
')
dontaudit $1 shellinaboxd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send shellinaboxd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_shellinaboxd_client_packets',`
gen_require(`
type shellinaboxd_client_packet_t;
')
allow $1 shellinaboxd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send shellinaboxd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_shellinaboxd_client_packets',`
gen_require(`
type shellinaboxd_client_packet_t;
')
dontaudit $1 shellinaboxd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive shellinaboxd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_shellinaboxd_client_packets',`
gen_require(`
type shellinaboxd_client_packet_t;
')
allow $1 shellinaboxd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive shellinaboxd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_shellinaboxd_client_packets',`
gen_require(`
type shellinaboxd_client_packet_t;
')
dontaudit $1 shellinaboxd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive shellinaboxd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_shellinaboxd_client_packets',`
corenet_send_shellinaboxd_client_packets($1)
corenet_receive_shellinaboxd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive shellinaboxd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_shellinaboxd_client_packets',`
corenet_dontaudit_send_shellinaboxd_client_packets($1)
corenet_dontaudit_receive_shellinaboxd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to shellinaboxd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_shellinaboxd_client_packets',`
gen_require(`
type shellinaboxd_client_packet_t;
')
allow $1 shellinaboxd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send shellinaboxd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_shellinaboxd_server_packets',`
gen_require(`
type shellinaboxd_server_packet_t;
')
allow $1 shellinaboxd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send shellinaboxd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_shellinaboxd_server_packets',`
gen_require(`
type shellinaboxd_server_packet_t;
')
dontaudit $1 shellinaboxd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive shellinaboxd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_shellinaboxd_server_packets',`
gen_require(`
type shellinaboxd_server_packet_t;
')
allow $1 shellinaboxd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive shellinaboxd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_shellinaboxd_server_packets',`
gen_require(`
type shellinaboxd_server_packet_t;
')
dontaudit $1 shellinaboxd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive shellinaboxd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_shellinaboxd_server_packets',`
corenet_send_shellinaboxd_server_packets($1)
corenet_receive_shellinaboxd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive shellinaboxd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_shellinaboxd_server_packets',`
corenet_dontaudit_send_shellinaboxd_server_packets($1)
corenet_dontaudit_receive_shellinaboxd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to shellinaboxd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_shellinaboxd_server_packets',`
gen_require(`
type shellinaboxd_server_packet_t;
')
allow $1 shellinaboxd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_sieve_port',`
gen_require(`
type sieve_port_t;
')
allow $1 sieve_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_sieve_port',`
gen_require(`
type sieve_port_t;
')
allow $1 sieve_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_sieve_port',`
gen_require(`
type sieve_port_t;
')
dontaudit $1 sieve_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_sieve_port',`
gen_require(`
type sieve_port_t;
')
allow $1 sieve_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_sieve_port',`
gen_require(`
type sieve_port_t;
')
dontaudit $1 sieve_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_sieve_port',`
corenet_udp_send_sieve_port($1)
corenet_udp_receive_sieve_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_sieve_port',`
corenet_dontaudit_udp_send_sieve_port($1)
corenet_dontaudit_udp_receive_sieve_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_sieve_port',`
gen_require(`
type sieve_port_t;
')
allow $1 sieve_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_sieve_port',`
gen_require(`
type sieve_port_t;
')
allow $1 sieve_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_sieve_port',`
gen_require(`
type sieve_port_t;
')
dontaudit $1 sieve_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_sieve_port',`
gen_require(`
type sieve_port_t;
')
allow $1 sieve_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to sieve port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_sieve_port',`
gen_require(`
type sieve_port_t;
')
dontaudit $1 sieve_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send sieve_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sieve_client_packets',`
gen_require(`
type sieve_client_packet_t;
')
allow $1 sieve_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sieve_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sieve_client_packets',`
gen_require(`
type sieve_client_packet_t;
')
dontaudit $1 sieve_client_packet_t:packet send;
')
########################################
## <summary>
## Receive sieve_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sieve_client_packets',`
gen_require(`
type sieve_client_packet_t;
')
allow $1 sieve_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sieve_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sieve_client_packets',`
gen_require(`
type sieve_client_packet_t;
')
dontaudit $1 sieve_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sieve_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sieve_client_packets',`
corenet_send_sieve_client_packets($1)
corenet_receive_sieve_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sieve_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sieve_client_packets',`
corenet_dontaudit_send_sieve_client_packets($1)
corenet_dontaudit_receive_sieve_client_packets($1)
')
########################################
## <summary>
## Relabel packets to sieve_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sieve_client_packets',`
gen_require(`
type sieve_client_packet_t;
')
allow $1 sieve_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send sieve_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sieve_server_packets',`
gen_require(`
type sieve_server_packet_t;
')
allow $1 sieve_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sieve_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sieve_server_packets',`
gen_require(`
type sieve_server_packet_t;
')
dontaudit $1 sieve_server_packet_t:packet send;
')
########################################
## <summary>
## Receive sieve_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sieve_server_packets',`
gen_require(`
type sieve_server_packet_t;
')
allow $1 sieve_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sieve_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sieve_server_packets',`
gen_require(`
type sieve_server_packet_t;
')
dontaudit $1 sieve_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sieve_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sieve_server_packets',`
corenet_send_sieve_server_packets($1)
corenet_receive_sieve_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sieve_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sieve_server_packets',`
corenet_dontaudit_send_sieve_server_packets($1)
corenet_dontaudit_receive_sieve_server_packets($1)
')
########################################
## <summary>
## Relabel packets to sieve_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sieve_server_packets',`
gen_require(`
type sieve_server_packet_t;
')
allow $1 sieve_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_sip_port',`
gen_require(`
type sip_port_t;
')
allow $1 sip_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_sip_port',`
gen_require(`
type sip_port_t;
')
allow $1 sip_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_sip_port',`
gen_require(`
type sip_port_t;
')
dontaudit $1 sip_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_sip_port',`
gen_require(`
type sip_port_t;
')
allow $1 sip_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_sip_port',`
gen_require(`
type sip_port_t;
')
dontaudit $1 sip_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_sip_port',`
corenet_udp_send_sip_port($1)
corenet_udp_receive_sip_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_sip_port',`
corenet_dontaudit_udp_send_sip_port($1)
corenet_dontaudit_udp_receive_sip_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_sip_port',`
gen_require(`
type sip_port_t;
')
allow $1 sip_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_sip_port',`
gen_require(`
type sip_port_t;
')
allow $1 sip_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_sip_port',`
gen_require(`
type sip_port_t;
')
dontaudit $1 sip_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_sip_port',`
gen_require(`
type sip_port_t;
')
allow $1 sip_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to sip port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_sip_port',`
gen_require(`
type sip_port_t;
')
dontaudit $1 sip_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send sip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sip_client_packets',`
gen_require(`
type sip_client_packet_t;
')
allow $1 sip_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sip_client_packets',`
gen_require(`
type sip_client_packet_t;
')
dontaudit $1 sip_client_packet_t:packet send;
')
########################################
## <summary>
## Receive sip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sip_client_packets',`
gen_require(`
type sip_client_packet_t;
')
allow $1 sip_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sip_client_packets',`
gen_require(`
type sip_client_packet_t;
')
dontaudit $1 sip_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sip_client_packets',`
corenet_send_sip_client_packets($1)
corenet_receive_sip_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sip_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sip_client_packets',`
corenet_dontaudit_send_sip_client_packets($1)
corenet_dontaudit_receive_sip_client_packets($1)
')
########################################
## <summary>
## Relabel packets to sip_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sip_client_packets',`
gen_require(`
type sip_client_packet_t;
')
allow $1 sip_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send sip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sip_server_packets',`
gen_require(`
type sip_server_packet_t;
')
allow $1 sip_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sip_server_packets',`
gen_require(`
type sip_server_packet_t;
')
dontaudit $1 sip_server_packet_t:packet send;
')
########################################
## <summary>
## Receive sip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sip_server_packets',`
gen_require(`
type sip_server_packet_t;
')
allow $1 sip_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sip_server_packets',`
gen_require(`
type sip_server_packet_t;
')
dontaudit $1 sip_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sip_server_packets',`
corenet_send_sip_server_packets($1)
corenet_receive_sip_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sip_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sip_server_packets',`
corenet_dontaudit_send_sip_server_packets($1)
corenet_dontaudit_receive_sip_server_packets($1)
')
########################################
## <summary>
## Relabel packets to sip_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sip_server_packets',`
gen_require(`
type sip_server_packet_t;
')
allow $1 sip_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_sixxsconfig_port',`
gen_require(`
type sixxsconfig_port_t;
')
allow $1 sixxsconfig_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_sixxsconfig_port',`
gen_require(`
type sixxsconfig_port_t;
')
allow $1 sixxsconfig_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_sixxsconfig_port',`
gen_require(`
type sixxsconfig_port_t;
')
dontaudit $1 sixxsconfig_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_sixxsconfig_port',`
gen_require(`
type sixxsconfig_port_t;
')
allow $1 sixxsconfig_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_sixxsconfig_port',`
gen_require(`
type sixxsconfig_port_t;
')
dontaudit $1 sixxsconfig_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_sixxsconfig_port',`
corenet_udp_send_sixxsconfig_port($1)
corenet_udp_receive_sixxsconfig_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_sixxsconfig_port',`
corenet_dontaudit_udp_send_sixxsconfig_port($1)
corenet_dontaudit_udp_receive_sixxsconfig_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_sixxsconfig_port',`
gen_require(`
type sixxsconfig_port_t;
')
allow $1 sixxsconfig_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_sixxsconfig_port',`
gen_require(`
type sixxsconfig_port_t;
')
allow $1 sixxsconfig_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_sixxsconfig_port',`
gen_require(`
type sixxsconfig_port_t;
')
dontaudit $1 sixxsconfig_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_sixxsconfig_port',`
gen_require(`
type sixxsconfig_port_t;
')
allow $1 sixxsconfig_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to sixxsconfig port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_sixxsconfig_port',`
gen_require(`
type sixxsconfig_port_t;
')
dontaudit $1 sixxsconfig_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send sixxsconfig_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sixxsconfig_client_packets',`
gen_require(`
type sixxsconfig_client_packet_t;
')
allow $1 sixxsconfig_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sixxsconfig_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sixxsconfig_client_packets',`
gen_require(`
type sixxsconfig_client_packet_t;
')
dontaudit $1 sixxsconfig_client_packet_t:packet send;
')
########################################
## <summary>
## Receive sixxsconfig_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sixxsconfig_client_packets',`
gen_require(`
type sixxsconfig_client_packet_t;
')
allow $1 sixxsconfig_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sixxsconfig_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sixxsconfig_client_packets',`
gen_require(`
type sixxsconfig_client_packet_t;
')
dontaudit $1 sixxsconfig_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sixxsconfig_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sixxsconfig_client_packets',`
corenet_send_sixxsconfig_client_packets($1)
corenet_receive_sixxsconfig_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sixxsconfig_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sixxsconfig_client_packets',`
corenet_dontaudit_send_sixxsconfig_client_packets($1)
corenet_dontaudit_receive_sixxsconfig_client_packets($1)
')
########################################
## <summary>
## Relabel packets to sixxsconfig_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sixxsconfig_client_packets',`
gen_require(`
type sixxsconfig_client_packet_t;
')
allow $1 sixxsconfig_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send sixxsconfig_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sixxsconfig_server_packets',`
gen_require(`
type sixxsconfig_server_packet_t;
')
allow $1 sixxsconfig_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sixxsconfig_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sixxsconfig_server_packets',`
gen_require(`
type sixxsconfig_server_packet_t;
')
dontaudit $1 sixxsconfig_server_packet_t:packet send;
')
########################################
## <summary>
## Receive sixxsconfig_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sixxsconfig_server_packets',`
gen_require(`
type sixxsconfig_server_packet_t;
')
allow $1 sixxsconfig_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sixxsconfig_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sixxsconfig_server_packets',`
gen_require(`
type sixxsconfig_server_packet_t;
')
dontaudit $1 sixxsconfig_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sixxsconfig_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sixxsconfig_server_packets',`
corenet_send_sixxsconfig_server_packets($1)
corenet_receive_sixxsconfig_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sixxsconfig_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sixxsconfig_server_packets',`
corenet_dontaudit_send_sixxsconfig_server_packets($1)
corenet_dontaudit_receive_sixxsconfig_server_packets($1)
')
########################################
## <summary>
## Relabel packets to sixxsconfig_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sixxsconfig_server_packets',`
gen_require(`
type sixxsconfig_server_packet_t;
')
allow $1 sixxsconfig_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_smbd_port',`
gen_require(`
type smbd_port_t;
')
allow $1 smbd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_smbd_port',`
gen_require(`
type smbd_port_t;
')
allow $1 smbd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_smbd_port',`
gen_require(`
type smbd_port_t;
')
dontaudit $1 smbd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_smbd_port',`
gen_require(`
type smbd_port_t;
')
allow $1 smbd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_smbd_port',`
gen_require(`
type smbd_port_t;
')
dontaudit $1 smbd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_smbd_port',`
corenet_udp_send_smbd_port($1)
corenet_udp_receive_smbd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_smbd_port',`
corenet_dontaudit_udp_send_smbd_port($1)
corenet_dontaudit_udp_receive_smbd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_smbd_port',`
gen_require(`
type smbd_port_t;
')
allow $1 smbd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_smbd_port',`
gen_require(`
type smbd_port_t;
')
allow $1 smbd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_smbd_port',`
gen_require(`
type smbd_port_t;
')
dontaudit $1 smbd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_smbd_port',`
gen_require(`
type smbd_port_t;
')
allow $1 smbd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to smbd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_smbd_port',`
gen_require(`
type smbd_port_t;
')
dontaudit $1 smbd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send smbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_smbd_client_packets',`
gen_require(`
type smbd_client_packet_t;
')
allow $1 smbd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send smbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_smbd_client_packets',`
gen_require(`
type smbd_client_packet_t;
')
dontaudit $1 smbd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive smbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_smbd_client_packets',`
gen_require(`
type smbd_client_packet_t;
')
allow $1 smbd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive smbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_smbd_client_packets',`
gen_require(`
type smbd_client_packet_t;
')
dontaudit $1 smbd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive smbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_smbd_client_packets',`
corenet_send_smbd_client_packets($1)
corenet_receive_smbd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive smbd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_smbd_client_packets',`
corenet_dontaudit_send_smbd_client_packets($1)
corenet_dontaudit_receive_smbd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to smbd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_smbd_client_packets',`
gen_require(`
type smbd_client_packet_t;
')
allow $1 smbd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send smbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_smbd_server_packets',`
gen_require(`
type smbd_server_packet_t;
')
allow $1 smbd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send smbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_smbd_server_packets',`
gen_require(`
type smbd_server_packet_t;
')
dontaudit $1 smbd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive smbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_smbd_server_packets',`
gen_require(`
type smbd_server_packet_t;
')
allow $1 smbd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive smbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_smbd_server_packets',`
gen_require(`
type smbd_server_packet_t;
')
dontaudit $1 smbd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive smbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_smbd_server_packets',`
corenet_send_smbd_server_packets($1)
corenet_receive_smbd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive smbd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_smbd_server_packets',`
corenet_dontaudit_send_smbd_server_packets($1)
corenet_dontaudit_receive_smbd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to smbd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_smbd_server_packets',`
gen_require(`
type smbd_server_packet_t;
')
allow $1 smbd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_smtp_port',`
gen_require(`
type smtp_port_t;
')
allow $1 smtp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_smtp_port',`
gen_require(`
type smtp_port_t;
')
allow $1 smtp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_smtp_port',`
gen_require(`
type smtp_port_t;
')
dontaudit $1 smtp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_smtp_port',`
gen_require(`
type smtp_port_t;
')
allow $1 smtp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_smtp_port',`
gen_require(`
type smtp_port_t;
')
dontaudit $1 smtp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_smtp_port',`
corenet_udp_send_smtp_port($1)
corenet_udp_receive_smtp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_smtp_port',`
corenet_dontaudit_udp_send_smtp_port($1)
corenet_dontaudit_udp_receive_smtp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_smtp_port',`
gen_require(`
type smtp_port_t;
')
allow $1 smtp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_smtp_port',`
gen_require(`
type smtp_port_t;
')
allow $1 smtp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_smtp_port',`
gen_require(`
type smtp_port_t;
')
dontaudit $1 smtp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_smtp_port',`
gen_require(`
type smtp_port_t;
')
allow $1 smtp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to smtp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_smtp_port',`
gen_require(`
type smtp_port_t;
')
dontaudit $1 smtp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send smtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_smtp_client_packets',`
gen_require(`
type smtp_client_packet_t;
')
allow $1 smtp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send smtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_smtp_client_packets',`
gen_require(`
type smtp_client_packet_t;
')
dontaudit $1 smtp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive smtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_smtp_client_packets',`
gen_require(`
type smtp_client_packet_t;
')
allow $1 smtp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive smtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_smtp_client_packets',`
gen_require(`
type smtp_client_packet_t;
')
dontaudit $1 smtp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive smtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_smtp_client_packets',`
corenet_send_smtp_client_packets($1)
corenet_receive_smtp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive smtp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_smtp_client_packets',`
corenet_dontaudit_send_smtp_client_packets($1)
corenet_dontaudit_receive_smtp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to smtp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_smtp_client_packets',`
gen_require(`
type smtp_client_packet_t;
')
allow $1 smtp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send smtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_smtp_server_packets',`
gen_require(`
type smtp_server_packet_t;
')
allow $1 smtp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send smtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_smtp_server_packets',`
gen_require(`
type smtp_server_packet_t;
')
dontaudit $1 smtp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive smtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_smtp_server_packets',`
gen_require(`
type smtp_server_packet_t;
')
allow $1 smtp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive smtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_smtp_server_packets',`
gen_require(`
type smtp_server_packet_t;
')
dontaudit $1 smtp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive smtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_smtp_server_packets',`
corenet_send_smtp_server_packets($1)
corenet_receive_smtp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive smtp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_smtp_server_packets',`
corenet_dontaudit_send_smtp_server_packets($1)
corenet_dontaudit_receive_smtp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to smtp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_smtp_server_packets',`
gen_require(`
type smtp_server_packet_t;
')
allow $1 smtp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_snmp_port',`
gen_require(`
type snmp_port_t;
')
allow $1 snmp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_snmp_port',`
gen_require(`
type snmp_port_t;
')
allow $1 snmp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_snmp_port',`
gen_require(`
type snmp_port_t;
')
dontaudit $1 snmp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_snmp_port',`
gen_require(`
type snmp_port_t;
')
allow $1 snmp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_snmp_port',`
gen_require(`
type snmp_port_t;
')
dontaudit $1 snmp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_snmp_port',`
corenet_udp_send_snmp_port($1)
corenet_udp_receive_snmp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_snmp_port',`
corenet_dontaudit_udp_send_snmp_port($1)
corenet_dontaudit_udp_receive_snmp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_snmp_port',`
gen_require(`
type snmp_port_t;
')
allow $1 snmp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_snmp_port',`
gen_require(`
type snmp_port_t;
')
allow $1 snmp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_snmp_port',`
gen_require(`
type snmp_port_t;
')
dontaudit $1 snmp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_snmp_port',`
gen_require(`
type snmp_port_t;
')
allow $1 snmp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to snmp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_snmp_port',`
gen_require(`
type snmp_port_t;
')
dontaudit $1 snmp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send snmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_snmp_client_packets',`
gen_require(`
type snmp_client_packet_t;
')
allow $1 snmp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send snmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_snmp_client_packets',`
gen_require(`
type snmp_client_packet_t;
')
dontaudit $1 snmp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive snmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_snmp_client_packets',`
gen_require(`
type snmp_client_packet_t;
')
allow $1 snmp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive snmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_snmp_client_packets',`
gen_require(`
type snmp_client_packet_t;
')
dontaudit $1 snmp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive snmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_snmp_client_packets',`
corenet_send_snmp_client_packets($1)
corenet_receive_snmp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive snmp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_snmp_client_packets',`
corenet_dontaudit_send_snmp_client_packets($1)
corenet_dontaudit_receive_snmp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to snmp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_snmp_client_packets',`
gen_require(`
type snmp_client_packet_t;
')
allow $1 snmp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send snmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_snmp_server_packets',`
gen_require(`
type snmp_server_packet_t;
')
allow $1 snmp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send snmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_snmp_server_packets',`
gen_require(`
type snmp_server_packet_t;
')
dontaudit $1 snmp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive snmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_snmp_server_packets',`
gen_require(`
type snmp_server_packet_t;
')
allow $1 snmp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive snmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_snmp_server_packets',`
gen_require(`
type snmp_server_packet_t;
')
dontaudit $1 snmp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive snmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_snmp_server_packets',`
corenet_send_snmp_server_packets($1)
corenet_receive_snmp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive snmp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_snmp_server_packets',`
corenet_dontaudit_send_snmp_server_packets($1)
corenet_dontaudit_receive_snmp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to snmp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_snmp_server_packets',`
gen_require(`
type snmp_server_packet_t;
')
allow $1 snmp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the smntubootstrap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_smntubootstrap_port',`
gen_require(`
type smntubootstrap_port_t;
')
allow $1 smntubootstrap_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the smntubootstrap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_smntubootstrap_port',`
gen_require(`
type smntubootstrap_port_t;
')
allow $1 smntubootstrap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the smntubootstrap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_smntubootstrap_port',`
gen_require(`
type smntubootstrap_port_t;
')
dontaudit $1 smntubootstrap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the smntubootstrap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_smntubootstrap_port',`
gen_require(`
type smntubootstrap_port_t;
')
allow $1 smntubootstrap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the smntubootstrap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_smntubootstrap_port',`
gen_require(`
type smntubootstrap_port_t;
')
dontaudit $1 smntubootstrap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the smntubootstrap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_smntubootstrap_port',`
corenet_udp_send_smntubootstrap_port($1)
corenet_udp_receive_smntubootstrap_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the smntubootstrap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_smntubootstrap_port',`
corenet_dontaudit_udp_send_smntubootstrap_port($1)
corenet_dontaudit_udp_receive_smntubootstrap_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the smntubootstrap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_smntubootstrap_port',`
gen_require(`
type smntubootstrap_port_t;
')
allow $1 smntubootstrap_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the smntubootstrap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_smntubootstrap_port',`
gen_require(`
type smntubootstrap_port_t;
')
allow $1 smntubootstrap_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to smntubootstrap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_smntubootstrap_port',`
gen_require(`
type smntubootstrap_port_t;
')
dontaudit $1 smntubootstrap_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the smntubootstrap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_smntubootstrap_port',`
gen_require(`
type smntubootstrap_port_t;
')
allow $1 smntubootstrap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to smntubootstrap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_smntubootstrap_port',`
gen_require(`
type smntubootstrap_port_t;
')
dontaudit $1 smntubootstrap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send smntubootstrap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_smntubootstrap_client_packets',`
gen_require(`
type smntubootstrap_client_packet_t;
')
allow $1 smntubootstrap_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send smntubootstrap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_smntubootstrap_client_packets',`
gen_require(`
type smntubootstrap_client_packet_t;
')
dontaudit $1 smntubootstrap_client_packet_t:packet send;
')
########################################
## <summary>
## Receive smntubootstrap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_smntubootstrap_client_packets',`
gen_require(`
type smntubootstrap_client_packet_t;
')
allow $1 smntubootstrap_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive smntubootstrap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_smntubootstrap_client_packets',`
gen_require(`
type smntubootstrap_client_packet_t;
')
dontaudit $1 smntubootstrap_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive smntubootstrap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_smntubootstrap_client_packets',`
corenet_send_smntubootstrap_client_packets($1)
corenet_receive_smntubootstrap_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive smntubootstrap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_smntubootstrap_client_packets',`
corenet_dontaudit_send_smntubootstrap_client_packets($1)
corenet_dontaudit_receive_smntubootstrap_client_packets($1)
')
########################################
## <summary>
## Relabel packets to smntubootstrap_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_smntubootstrap_client_packets',`
gen_require(`
type smntubootstrap_client_packet_t;
')
allow $1 smntubootstrap_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send smntubootstrap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_smntubootstrap_server_packets',`
gen_require(`
type smntubootstrap_server_packet_t;
')
allow $1 smntubootstrap_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send smntubootstrap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_smntubootstrap_server_packets',`
gen_require(`
type smntubootstrap_server_packet_t;
')
dontaudit $1 smntubootstrap_server_packet_t:packet send;
')
########################################
## <summary>
## Receive smntubootstrap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_smntubootstrap_server_packets',`
gen_require(`
type smntubootstrap_server_packet_t;
')
allow $1 smntubootstrap_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive smntubootstrap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_smntubootstrap_server_packets',`
gen_require(`
type smntubootstrap_server_packet_t;
')
dontaudit $1 smntubootstrap_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive smntubootstrap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_smntubootstrap_server_packets',`
corenet_send_smntubootstrap_server_packets($1)
corenet_receive_smntubootstrap_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive smntubootstrap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_smntubootstrap_server_packets',`
corenet_dontaudit_send_smntubootstrap_server_packets($1)
corenet_dontaudit_receive_smntubootstrap_server_packets($1)
')
########################################
## <summary>
## Relabel packets to smntubootstrap_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_smntubootstrap_server_packets',`
gen_require(`
type smntubootstrap_server_packet_t;
')
allow $1 smntubootstrap_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_socks_port',`
gen_require(`
type socks_port_t;
')
allow $1 socks_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_socks_port',`
gen_require(`
type socks_port_t;
')
allow $1 socks_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_socks_port',`
gen_require(`
type socks_port_t;
')
dontaudit $1 socks_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_socks_port',`
gen_require(`
type socks_port_t;
')
allow $1 socks_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_socks_port',`
gen_require(`
type socks_port_t;
')
dontaudit $1 socks_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_socks_port',`
corenet_udp_send_socks_port($1)
corenet_udp_receive_socks_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_socks_port',`
corenet_dontaudit_udp_send_socks_port($1)
corenet_dontaudit_udp_receive_socks_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_socks_port',`
gen_require(`
type socks_port_t;
')
allow $1 socks_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_socks_port',`
gen_require(`
type socks_port_t;
')
allow $1 socks_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_socks_port',`
gen_require(`
type socks_port_t;
')
dontaudit $1 socks_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_socks_port',`
gen_require(`
type socks_port_t;
')
allow $1 socks_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to socks port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_socks_port',`
gen_require(`
type socks_port_t;
')
dontaudit $1 socks_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send socks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_socks_client_packets',`
gen_require(`
type socks_client_packet_t;
')
allow $1 socks_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send socks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_socks_client_packets',`
gen_require(`
type socks_client_packet_t;
')
dontaudit $1 socks_client_packet_t:packet send;
')
########################################
## <summary>
## Receive socks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_socks_client_packets',`
gen_require(`
type socks_client_packet_t;
')
allow $1 socks_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive socks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_socks_client_packets',`
gen_require(`
type socks_client_packet_t;
')
dontaudit $1 socks_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive socks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_socks_client_packets',`
corenet_send_socks_client_packets($1)
corenet_receive_socks_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive socks_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_socks_client_packets',`
corenet_dontaudit_send_socks_client_packets($1)
corenet_dontaudit_receive_socks_client_packets($1)
')
########################################
## <summary>
## Relabel packets to socks_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_socks_client_packets',`
gen_require(`
type socks_client_packet_t;
')
allow $1 socks_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send socks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_socks_server_packets',`
gen_require(`
type socks_server_packet_t;
')
allow $1 socks_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send socks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_socks_server_packets',`
gen_require(`
type socks_server_packet_t;
')
dontaudit $1 socks_server_packet_t:packet send;
')
########################################
## <summary>
## Receive socks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_socks_server_packets',`
gen_require(`
type socks_server_packet_t;
')
allow $1 socks_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive socks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_socks_server_packets',`
gen_require(`
type socks_server_packet_t;
')
dontaudit $1 socks_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive socks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_socks_server_packets',`
corenet_send_socks_server_packets($1)
corenet_receive_socks_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive socks_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_socks_server_packets',`
corenet_dontaudit_send_socks_server_packets($1)
corenet_dontaudit_receive_socks_server_packets($1)
')
########################################
## <summary>
## Relabel packets to socks_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_socks_server_packets',`
gen_require(`
type socks_server_packet_t;
')
allow $1 socks_server_packet_t:packet relabelto;
')
# no defined portcon
########################################
## <summary>
## Send and receive TCP traffic on the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_soundd_port',`
gen_require(`
type soundd_port_t;
')
allow $1 soundd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_soundd_port',`
gen_require(`
type soundd_port_t;
')
allow $1 soundd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_soundd_port',`
gen_require(`
type soundd_port_t;
')
dontaudit $1 soundd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_soundd_port',`
gen_require(`
type soundd_port_t;
')
allow $1 soundd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_soundd_port',`
gen_require(`
type soundd_port_t;
')
dontaudit $1 soundd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_soundd_port',`
corenet_udp_send_soundd_port($1)
corenet_udp_receive_soundd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_soundd_port',`
corenet_dontaudit_udp_send_soundd_port($1)
corenet_dontaudit_udp_receive_soundd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_soundd_port',`
gen_require(`
type soundd_port_t;
')
allow $1 soundd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_soundd_port',`
gen_require(`
type soundd_port_t;
')
allow $1 soundd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_soundd_port',`
gen_require(`
type soundd_port_t;
')
dontaudit $1 soundd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_soundd_port',`
gen_require(`
type soundd_port_t;
')
allow $1 soundd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to soundd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_soundd_port',`
gen_require(`
type soundd_port_t;
')
dontaudit $1 soundd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send soundd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_soundd_client_packets',`
gen_require(`
type soundd_client_packet_t;
')
allow $1 soundd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send soundd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_soundd_client_packets',`
gen_require(`
type soundd_client_packet_t;
')
dontaudit $1 soundd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive soundd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_soundd_client_packets',`
gen_require(`
type soundd_client_packet_t;
')
allow $1 soundd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive soundd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_soundd_client_packets',`
gen_require(`
type soundd_client_packet_t;
')
dontaudit $1 soundd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive soundd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_soundd_client_packets',`
corenet_send_soundd_client_packets($1)
corenet_receive_soundd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive soundd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_soundd_client_packets',`
corenet_dontaudit_send_soundd_client_packets($1)
corenet_dontaudit_receive_soundd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to soundd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_soundd_client_packets',`
gen_require(`
type soundd_client_packet_t;
')
allow $1 soundd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send soundd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_soundd_server_packets',`
gen_require(`
type soundd_server_packet_t;
')
allow $1 soundd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send soundd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_soundd_server_packets',`
gen_require(`
type soundd_server_packet_t;
')
dontaudit $1 soundd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive soundd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_soundd_server_packets',`
gen_require(`
type soundd_server_packet_t;
')
allow $1 soundd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive soundd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_soundd_server_packets',`
gen_require(`
type soundd_server_packet_t;
')
dontaudit $1 soundd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive soundd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_soundd_server_packets',`
corenet_send_soundd_server_packets($1)
corenet_receive_soundd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive soundd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_soundd_server_packets',`
corenet_dontaudit_send_soundd_server_packets($1)
corenet_dontaudit_receive_soundd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to soundd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_soundd_server_packets',`
gen_require(`
type soundd_server_packet_t;
')
allow $1 soundd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_spamd_port',`
gen_require(`
type spamd_port_t;
')
allow $1 spamd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_spamd_port',`
gen_require(`
type spamd_port_t;
')
allow $1 spamd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_spamd_port',`
gen_require(`
type spamd_port_t;
')
dontaudit $1 spamd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_spamd_port',`
gen_require(`
type spamd_port_t;
')
allow $1 spamd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_spamd_port',`
gen_require(`
type spamd_port_t;
')
dontaudit $1 spamd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_spamd_port',`
corenet_udp_send_spamd_port($1)
corenet_udp_receive_spamd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_spamd_port',`
corenet_dontaudit_udp_send_spamd_port($1)
corenet_dontaudit_udp_receive_spamd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_spamd_port',`
gen_require(`
type spamd_port_t;
')
allow $1 spamd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_spamd_port',`
gen_require(`
type spamd_port_t;
')
allow $1 spamd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_spamd_port',`
gen_require(`
type spamd_port_t;
')
dontaudit $1 spamd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_spamd_port',`
gen_require(`
type spamd_port_t;
')
allow $1 spamd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to spamd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_spamd_port',`
gen_require(`
type spamd_port_t;
')
dontaudit $1 spamd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send spamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_spamd_client_packets',`
gen_require(`
type spamd_client_packet_t;
')
allow $1 spamd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send spamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_spamd_client_packets',`
gen_require(`
type spamd_client_packet_t;
')
dontaudit $1 spamd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive spamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_spamd_client_packets',`
gen_require(`
type spamd_client_packet_t;
')
allow $1 spamd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive spamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_spamd_client_packets',`
gen_require(`
type spamd_client_packet_t;
')
dontaudit $1 spamd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive spamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_spamd_client_packets',`
corenet_send_spamd_client_packets($1)
corenet_receive_spamd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive spamd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_spamd_client_packets',`
corenet_dontaudit_send_spamd_client_packets($1)
corenet_dontaudit_receive_spamd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to spamd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_spamd_client_packets',`
gen_require(`
type spamd_client_packet_t;
')
allow $1 spamd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send spamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_spamd_server_packets',`
gen_require(`
type spamd_server_packet_t;
')
allow $1 spamd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send spamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_spamd_server_packets',`
gen_require(`
type spamd_server_packet_t;
')
dontaudit $1 spamd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive spamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_spamd_server_packets',`
gen_require(`
type spamd_server_packet_t;
')
allow $1 spamd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive spamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_spamd_server_packets',`
gen_require(`
type spamd_server_packet_t;
')
dontaudit $1 spamd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive spamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_spamd_server_packets',`
corenet_send_spamd_server_packets($1)
corenet_receive_spamd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive spamd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_spamd_server_packets',`
corenet_dontaudit_send_spamd_server_packets($1)
corenet_dontaudit_receive_spamd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to spamd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_spamd_server_packets',`
gen_require(`
type spamd_server_packet_t;
')
allow $1 spamd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_speech_port',`
gen_require(`
type speech_port_t;
')
allow $1 speech_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_speech_port',`
gen_require(`
type speech_port_t;
')
allow $1 speech_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_speech_port',`
gen_require(`
type speech_port_t;
')
dontaudit $1 speech_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_speech_port',`
gen_require(`
type speech_port_t;
')
allow $1 speech_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_speech_port',`
gen_require(`
type speech_port_t;
')
dontaudit $1 speech_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_speech_port',`
corenet_udp_send_speech_port($1)
corenet_udp_receive_speech_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_speech_port',`
corenet_dontaudit_udp_send_speech_port($1)
corenet_dontaudit_udp_receive_speech_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_speech_port',`
gen_require(`
type speech_port_t;
')
allow $1 speech_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_speech_port',`
gen_require(`
type speech_port_t;
')
allow $1 speech_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_speech_port',`
gen_require(`
type speech_port_t;
')
dontaudit $1 speech_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_speech_port',`
gen_require(`
type speech_port_t;
')
allow $1 speech_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to speech port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_speech_port',`
gen_require(`
type speech_port_t;
')
dontaudit $1 speech_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send speech_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_speech_client_packets',`
gen_require(`
type speech_client_packet_t;
')
allow $1 speech_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send speech_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_speech_client_packets',`
gen_require(`
type speech_client_packet_t;
')
dontaudit $1 speech_client_packet_t:packet send;
')
########################################
## <summary>
## Receive speech_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_speech_client_packets',`
gen_require(`
type speech_client_packet_t;
')
allow $1 speech_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive speech_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_speech_client_packets',`
gen_require(`
type speech_client_packet_t;
')
dontaudit $1 speech_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive speech_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_speech_client_packets',`
corenet_send_speech_client_packets($1)
corenet_receive_speech_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive speech_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_speech_client_packets',`
corenet_dontaudit_send_speech_client_packets($1)
corenet_dontaudit_receive_speech_client_packets($1)
')
########################################
## <summary>
## Relabel packets to speech_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_speech_client_packets',`
gen_require(`
type speech_client_packet_t;
')
allow $1 speech_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send speech_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_speech_server_packets',`
gen_require(`
type speech_server_packet_t;
')
allow $1 speech_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send speech_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_speech_server_packets',`
gen_require(`
type speech_server_packet_t;
')
dontaudit $1 speech_server_packet_t:packet send;
')
########################################
## <summary>
## Receive speech_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_speech_server_packets',`
gen_require(`
type speech_server_packet_t;
')
allow $1 speech_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive speech_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_speech_server_packets',`
gen_require(`
type speech_server_packet_t;
')
dontaudit $1 speech_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive speech_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_speech_server_packets',`
corenet_send_speech_server_packets($1)
corenet_receive_speech_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive speech_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_speech_server_packets',`
corenet_dontaudit_send_speech_server_packets($1)
corenet_dontaudit_receive_speech_server_packets($1)
')
########################################
## <summary>
## Relabel packets to speech_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_speech_server_packets',`
gen_require(`
type speech_server_packet_t;
')
allow $1 speech_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_squid_port',`
gen_require(`
type squid_port_t;
')
allow $1 squid_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_squid_port',`
gen_require(`
type squid_port_t;
')
allow $1 squid_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_squid_port',`
gen_require(`
type squid_port_t;
')
dontaudit $1 squid_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_squid_port',`
gen_require(`
type squid_port_t;
')
allow $1 squid_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_squid_port',`
gen_require(`
type squid_port_t;
')
dontaudit $1 squid_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_squid_port',`
corenet_udp_send_squid_port($1)
corenet_udp_receive_squid_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_squid_port',`
corenet_dontaudit_udp_send_squid_port($1)
corenet_dontaudit_udp_receive_squid_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_squid_port',`
gen_require(`
type squid_port_t;
')
allow $1 squid_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_squid_port',`
gen_require(`
type squid_port_t;
')
allow $1 squid_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_squid_port',`
gen_require(`
type squid_port_t;
')
dontaudit $1 squid_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_squid_port',`
gen_require(`
type squid_port_t;
')
allow $1 squid_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to squid port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_squid_port',`
gen_require(`
type squid_port_t;
')
dontaudit $1 squid_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send squid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_squid_client_packets',`
gen_require(`
type squid_client_packet_t;
')
allow $1 squid_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send squid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_squid_client_packets',`
gen_require(`
type squid_client_packet_t;
')
dontaudit $1 squid_client_packet_t:packet send;
')
########################################
## <summary>
## Receive squid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_squid_client_packets',`
gen_require(`
type squid_client_packet_t;
')
allow $1 squid_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive squid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_squid_client_packets',`
gen_require(`
type squid_client_packet_t;
')
dontaudit $1 squid_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive squid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_squid_client_packets',`
corenet_send_squid_client_packets($1)
corenet_receive_squid_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive squid_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_squid_client_packets',`
corenet_dontaudit_send_squid_client_packets($1)
corenet_dontaudit_receive_squid_client_packets($1)
')
########################################
## <summary>
## Relabel packets to squid_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_squid_client_packets',`
gen_require(`
type squid_client_packet_t;
')
allow $1 squid_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send squid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_squid_server_packets',`
gen_require(`
type squid_server_packet_t;
')
allow $1 squid_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send squid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_squid_server_packets',`
gen_require(`
type squid_server_packet_t;
')
dontaudit $1 squid_server_packet_t:packet send;
')
########################################
## <summary>
## Receive squid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_squid_server_packets',`
gen_require(`
type squid_server_packet_t;
')
allow $1 squid_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive squid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_squid_server_packets',`
gen_require(`
type squid_server_packet_t;
')
dontaudit $1 squid_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive squid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_squid_server_packets',`
corenet_send_squid_server_packets($1)
corenet_receive_squid_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive squid_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_squid_server_packets',`
corenet_dontaudit_send_squid_server_packets($1)
corenet_dontaudit_receive_squid_server_packets($1)
')
########################################
## <summary>
## Relabel packets to squid_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_squid_server_packets',`
gen_require(`
type squid_server_packet_t;
')
allow $1 squid_server_packet_t:packet relabelto;
')
# snmp and htcp
########################################
## <summary>
## Send and receive TCP traffic on the ssdp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ssdp_port',`
gen_require(`
type ssdp_port_t;
')
allow $1 ssdp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ssdp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ssdp_port',`
gen_require(`
type ssdp_port_t;
')
allow $1 ssdp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ssdp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ssdp_port',`
gen_require(`
type ssdp_port_t;
')
dontaudit $1 ssdp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ssdp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ssdp_port',`
gen_require(`
type ssdp_port_t;
')
allow $1 ssdp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ssdp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ssdp_port',`
gen_require(`
type ssdp_port_t;
')
dontaudit $1 ssdp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ssdp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ssdp_port',`
corenet_udp_send_ssdp_port($1)
corenet_udp_receive_ssdp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ssdp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ssdp_port',`
corenet_dontaudit_udp_send_ssdp_port($1)
corenet_dontaudit_udp_receive_ssdp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ssdp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ssdp_port',`
gen_require(`
type ssdp_port_t;
')
allow $1 ssdp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ssdp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ssdp_port',`
gen_require(`
type ssdp_port_t;
')
allow $1 ssdp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to ssdp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ssdp_port',`
gen_require(`
type ssdp_port_t;
')
dontaudit $1 ssdp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ssdp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ssdp_port',`
gen_require(`
type ssdp_port_t;
')
allow $1 ssdp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ssdp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ssdp_port',`
gen_require(`
type ssdp_port_t;
')
dontaudit $1 ssdp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ssdp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ssdp_client_packets',`
gen_require(`
type ssdp_client_packet_t;
')
allow $1 ssdp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ssdp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ssdp_client_packets',`
gen_require(`
type ssdp_client_packet_t;
')
dontaudit $1 ssdp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ssdp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ssdp_client_packets',`
gen_require(`
type ssdp_client_packet_t;
')
allow $1 ssdp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ssdp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ssdp_client_packets',`
gen_require(`
type ssdp_client_packet_t;
')
dontaudit $1 ssdp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ssdp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ssdp_client_packets',`
corenet_send_ssdp_client_packets($1)
corenet_receive_ssdp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ssdp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ssdp_client_packets',`
corenet_dontaudit_send_ssdp_client_packets($1)
corenet_dontaudit_receive_ssdp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ssdp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ssdp_client_packets',`
gen_require(`
type ssdp_client_packet_t;
')
allow $1 ssdp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ssdp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ssdp_server_packets',`
gen_require(`
type ssdp_server_packet_t;
')
allow $1 ssdp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ssdp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ssdp_server_packets',`
gen_require(`
type ssdp_server_packet_t;
')
dontaudit $1 ssdp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ssdp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ssdp_server_packets',`
gen_require(`
type ssdp_server_packet_t;
')
allow $1 ssdp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ssdp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ssdp_server_packets',`
gen_require(`
type ssdp_server_packet_t;
')
dontaudit $1 ssdp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ssdp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ssdp_server_packets',`
corenet_send_ssdp_server_packets($1)
corenet_receive_ssdp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ssdp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ssdp_server_packets',`
corenet_dontaudit_send_ssdp_server_packets($1)
corenet_dontaudit_receive_ssdp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ssdp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ssdp_server_packets',`
gen_require(`
type ssdp_server_packet_t;
')
allow $1 ssdp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ssh_port',`
gen_require(`
type ssh_port_t;
')
allow $1 ssh_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ssh_port',`
gen_require(`
type ssh_port_t;
')
allow $1 ssh_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ssh_port',`
gen_require(`
type ssh_port_t;
')
dontaudit $1 ssh_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ssh_port',`
gen_require(`
type ssh_port_t;
')
allow $1 ssh_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ssh_port',`
gen_require(`
type ssh_port_t;
')
dontaudit $1 ssh_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ssh_port',`
corenet_udp_send_ssh_port($1)
corenet_udp_receive_ssh_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ssh_port',`
corenet_dontaudit_udp_send_ssh_port($1)
corenet_dontaudit_udp_receive_ssh_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ssh_port',`
gen_require(`
type ssh_port_t;
')
allow $1 ssh_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ssh_port',`
gen_require(`
type ssh_port_t;
')
allow $1 ssh_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ssh_port',`
gen_require(`
type ssh_port_t;
')
dontaudit $1 ssh_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ssh_port',`
gen_require(`
type ssh_port_t;
')
allow $1 ssh_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ssh port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ssh_port',`
gen_require(`
type ssh_port_t;
')
dontaudit $1 ssh_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ssh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ssh_client_packets',`
gen_require(`
type ssh_client_packet_t;
')
allow $1 ssh_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ssh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ssh_client_packets',`
gen_require(`
type ssh_client_packet_t;
')
dontaudit $1 ssh_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ssh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ssh_client_packets',`
gen_require(`
type ssh_client_packet_t;
')
allow $1 ssh_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ssh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ssh_client_packets',`
gen_require(`
type ssh_client_packet_t;
')
dontaudit $1 ssh_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ssh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ssh_client_packets',`
corenet_send_ssh_client_packets($1)
corenet_receive_ssh_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ssh_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ssh_client_packets',`
corenet_dontaudit_send_ssh_client_packets($1)
corenet_dontaudit_receive_ssh_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ssh_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ssh_client_packets',`
gen_require(`
type ssh_client_packet_t;
')
allow $1 ssh_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ssh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ssh_server_packets',`
gen_require(`
type ssh_server_packet_t;
')
allow $1 ssh_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ssh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ssh_server_packets',`
gen_require(`
type ssh_server_packet_t;
')
dontaudit $1 ssh_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ssh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ssh_server_packets',`
gen_require(`
type ssh_server_packet_t;
')
allow $1 ssh_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ssh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ssh_server_packets',`
gen_require(`
type ssh_server_packet_t;
')
dontaudit $1 ssh_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ssh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ssh_server_packets',`
corenet_send_ssh_server_packets($1)
corenet_receive_ssh_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ssh_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ssh_server_packets',`
corenet_dontaudit_send_ssh_server_packets($1)
corenet_dontaudit_receive_ssh_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ssh_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ssh_server_packets',`
gen_require(`
type ssh_server_packet_t;
')
allow $1 ssh_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the stunnel port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_stunnel_port',`
gen_require(`
type stunnel_port_t;
')
allow $1 stunnel_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the stunnel port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_stunnel_port',`
gen_require(`
type stunnel_port_t;
')
allow $1 stunnel_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the stunnel port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_stunnel_port',`
gen_require(`
type stunnel_port_t;
')
dontaudit $1 stunnel_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the stunnel port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_stunnel_port',`
gen_require(`
type stunnel_port_t;
')
allow $1 stunnel_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the stunnel port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_stunnel_port',`
gen_require(`
type stunnel_port_t;
')
dontaudit $1 stunnel_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the stunnel port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_stunnel_port',`
corenet_udp_send_stunnel_port($1)
corenet_udp_receive_stunnel_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the stunnel port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_stunnel_port',`
corenet_dontaudit_udp_send_stunnel_port($1)
corenet_dontaudit_udp_receive_stunnel_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the stunnel port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_stunnel_port',`
gen_require(`
type stunnel_port_t;
')
allow $1 stunnel_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the stunnel port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_stunnel_port',`
gen_require(`
type stunnel_port_t;
')
allow $1 stunnel_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to stunnel port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_stunnel_port',`
gen_require(`
type stunnel_port_t;
')
dontaudit $1 stunnel_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the stunnel port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_stunnel_port',`
gen_require(`
type stunnel_port_t;
')
allow $1 stunnel_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to stunnel port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_stunnel_port',`
gen_require(`
type stunnel_port_t;
')
dontaudit $1 stunnel_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send stunnel_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_stunnel_client_packets',`
gen_require(`
type stunnel_client_packet_t;
')
allow $1 stunnel_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send stunnel_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_stunnel_client_packets',`
gen_require(`
type stunnel_client_packet_t;
')
dontaudit $1 stunnel_client_packet_t:packet send;
')
########################################
## <summary>
## Receive stunnel_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_stunnel_client_packets',`
gen_require(`
type stunnel_client_packet_t;
')
allow $1 stunnel_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive stunnel_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_stunnel_client_packets',`
gen_require(`
type stunnel_client_packet_t;
')
dontaudit $1 stunnel_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive stunnel_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_stunnel_client_packets',`
corenet_send_stunnel_client_packets($1)
corenet_receive_stunnel_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive stunnel_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_stunnel_client_packets',`
corenet_dontaudit_send_stunnel_client_packets($1)
corenet_dontaudit_receive_stunnel_client_packets($1)
')
########################################
## <summary>
## Relabel packets to stunnel_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_stunnel_client_packets',`
gen_require(`
type stunnel_client_packet_t;
')
allow $1 stunnel_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send stunnel_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_stunnel_server_packets',`
gen_require(`
type stunnel_server_packet_t;
')
allow $1 stunnel_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send stunnel_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_stunnel_server_packets',`
gen_require(`
type stunnel_server_packet_t;
')
dontaudit $1 stunnel_server_packet_t:packet send;
')
########################################
## <summary>
## Receive stunnel_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_stunnel_server_packets',`
gen_require(`
type stunnel_server_packet_t;
')
allow $1 stunnel_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive stunnel_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_stunnel_server_packets',`
gen_require(`
type stunnel_server_packet_t;
')
dontaudit $1 stunnel_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive stunnel_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_stunnel_server_packets',`
corenet_send_stunnel_server_packets($1)
corenet_receive_stunnel_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive stunnel_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_stunnel_server_packets',`
corenet_dontaudit_send_stunnel_server_packets($1)
corenet_dontaudit_receive_stunnel_server_packets($1)
')
########################################
## <summary>
## Relabel packets to stunnel_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_stunnel_server_packets',`
gen_require(`
type stunnel_server_packet_t;
')
allow $1 stunnel_server_packet_t:packet relabelto;
')
# no defined portcon
########################################
## <summary>
## Send and receive TCP traffic on the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_svn_port',`
gen_require(`
type svn_port_t;
')
allow $1 svn_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_svn_port',`
gen_require(`
type svn_port_t;
')
allow $1 svn_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_svn_port',`
gen_require(`
type svn_port_t;
')
dontaudit $1 svn_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_svn_port',`
gen_require(`
type svn_port_t;
')
allow $1 svn_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_svn_port',`
gen_require(`
type svn_port_t;
')
dontaudit $1 svn_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_svn_port',`
corenet_udp_send_svn_port($1)
corenet_udp_receive_svn_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_svn_port',`
corenet_dontaudit_udp_send_svn_port($1)
corenet_dontaudit_udp_receive_svn_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_svn_port',`
gen_require(`
type svn_port_t;
')
allow $1 svn_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_svn_port',`
gen_require(`
type svn_port_t;
')
allow $1 svn_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_svn_port',`
gen_require(`
type svn_port_t;
')
dontaudit $1 svn_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_svn_port',`
gen_require(`
type svn_port_t;
')
allow $1 svn_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to svn port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_svn_port',`
gen_require(`
type svn_port_t;
')
dontaudit $1 svn_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send svn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_svn_client_packets',`
gen_require(`
type svn_client_packet_t;
')
allow $1 svn_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send svn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_svn_client_packets',`
gen_require(`
type svn_client_packet_t;
')
dontaudit $1 svn_client_packet_t:packet send;
')
########################################
## <summary>
## Receive svn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_svn_client_packets',`
gen_require(`
type svn_client_packet_t;
')
allow $1 svn_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive svn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_svn_client_packets',`
gen_require(`
type svn_client_packet_t;
')
dontaudit $1 svn_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive svn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_svn_client_packets',`
corenet_send_svn_client_packets($1)
corenet_receive_svn_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive svn_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_svn_client_packets',`
corenet_dontaudit_send_svn_client_packets($1)
corenet_dontaudit_receive_svn_client_packets($1)
')
########################################
## <summary>
## Relabel packets to svn_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_svn_client_packets',`
gen_require(`
type svn_client_packet_t;
')
allow $1 svn_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send svn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_svn_server_packets',`
gen_require(`
type svn_server_packet_t;
')
allow $1 svn_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send svn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_svn_server_packets',`
gen_require(`
type svn_server_packet_t;
')
dontaudit $1 svn_server_packet_t:packet send;
')
########################################
## <summary>
## Receive svn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_svn_server_packets',`
gen_require(`
type svn_server_packet_t;
')
allow $1 svn_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive svn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_svn_server_packets',`
gen_require(`
type svn_server_packet_t;
')
dontaudit $1 svn_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive svn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_svn_server_packets',`
corenet_send_svn_server_packets($1)
corenet_receive_svn_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive svn_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_svn_server_packets',`
corenet_dontaudit_send_svn_server_packets($1)
corenet_dontaudit_receive_svn_server_packets($1)
')
########################################
## <summary>
## Relabel packets to svn_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_svn_server_packets',`
gen_require(`
type svn_server_packet_t;
')
allow $1 svn_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the svrloc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_svrloc_port',`
gen_require(`
type svrloc_port_t;
')
allow $1 svrloc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the svrloc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_svrloc_port',`
gen_require(`
type svrloc_port_t;
')
allow $1 svrloc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the svrloc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_svrloc_port',`
gen_require(`
type svrloc_port_t;
')
dontaudit $1 svrloc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the svrloc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_svrloc_port',`
gen_require(`
type svrloc_port_t;
')
allow $1 svrloc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the svrloc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_svrloc_port',`
gen_require(`
type svrloc_port_t;
')
dontaudit $1 svrloc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the svrloc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_svrloc_port',`
corenet_udp_send_svrloc_port($1)
corenet_udp_receive_svrloc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the svrloc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_svrloc_port',`
corenet_dontaudit_udp_send_svrloc_port($1)
corenet_dontaudit_udp_receive_svrloc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the svrloc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_svrloc_port',`
gen_require(`
type svrloc_port_t;
')
allow $1 svrloc_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the svrloc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_svrloc_port',`
gen_require(`
type svrloc_port_t;
')
allow $1 svrloc_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to svrloc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_svrloc_port',`
gen_require(`
type svrloc_port_t;
')
dontaudit $1 svrloc_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the svrloc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_svrloc_port',`
gen_require(`
type svrloc_port_t;
')
allow $1 svrloc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to svrloc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_svrloc_port',`
gen_require(`
type svrloc_port_t;
')
dontaudit $1 svrloc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send svrloc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_svrloc_client_packets',`
gen_require(`
type svrloc_client_packet_t;
')
allow $1 svrloc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send svrloc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_svrloc_client_packets',`
gen_require(`
type svrloc_client_packet_t;
')
dontaudit $1 svrloc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive svrloc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_svrloc_client_packets',`
gen_require(`
type svrloc_client_packet_t;
')
allow $1 svrloc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive svrloc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_svrloc_client_packets',`
gen_require(`
type svrloc_client_packet_t;
')
dontaudit $1 svrloc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive svrloc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_svrloc_client_packets',`
corenet_send_svrloc_client_packets($1)
corenet_receive_svrloc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive svrloc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_svrloc_client_packets',`
corenet_dontaudit_send_svrloc_client_packets($1)
corenet_dontaudit_receive_svrloc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to svrloc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_svrloc_client_packets',`
gen_require(`
type svrloc_client_packet_t;
')
allow $1 svrloc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send svrloc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_svrloc_server_packets',`
gen_require(`
type svrloc_server_packet_t;
')
allow $1 svrloc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send svrloc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_svrloc_server_packets',`
gen_require(`
type svrloc_server_packet_t;
')
dontaudit $1 svrloc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive svrloc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_svrloc_server_packets',`
gen_require(`
type svrloc_server_packet_t;
')
allow $1 svrloc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive svrloc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_svrloc_server_packets',`
gen_require(`
type svrloc_server_packet_t;
')
dontaudit $1 svrloc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive svrloc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_svrloc_server_packets',`
corenet_send_svrloc_server_packets($1)
corenet_receive_svrloc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive svrloc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_svrloc_server_packets',`
corenet_dontaudit_send_svrloc_server_packets($1)
corenet_dontaudit_receive_svrloc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to svrloc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_svrloc_server_packets',`
gen_require(`
type svrloc_server_packet_t;
')
allow $1 svrloc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_swat_port',`
gen_require(`
type swat_port_t;
')
allow $1 swat_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_swat_port',`
gen_require(`
type swat_port_t;
')
allow $1 swat_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_swat_port',`
gen_require(`
type swat_port_t;
')
dontaudit $1 swat_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_swat_port',`
gen_require(`
type swat_port_t;
')
allow $1 swat_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_swat_port',`
gen_require(`
type swat_port_t;
')
dontaudit $1 swat_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_swat_port',`
corenet_udp_send_swat_port($1)
corenet_udp_receive_swat_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_swat_port',`
corenet_dontaudit_udp_send_swat_port($1)
corenet_dontaudit_udp_receive_swat_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_swat_port',`
gen_require(`
type swat_port_t;
')
allow $1 swat_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_swat_port',`
gen_require(`
type swat_port_t;
')
allow $1 swat_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_swat_port',`
gen_require(`
type swat_port_t;
')
dontaudit $1 swat_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_swat_port',`
gen_require(`
type swat_port_t;
')
allow $1 swat_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to swat port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_swat_port',`
gen_require(`
type swat_port_t;
')
dontaudit $1 swat_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send swat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_swat_client_packets',`
gen_require(`
type swat_client_packet_t;
')
allow $1 swat_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send swat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_swat_client_packets',`
gen_require(`
type swat_client_packet_t;
')
dontaudit $1 swat_client_packet_t:packet send;
')
########################################
## <summary>
## Receive swat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_swat_client_packets',`
gen_require(`
type swat_client_packet_t;
')
allow $1 swat_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive swat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_swat_client_packets',`
gen_require(`
type swat_client_packet_t;
')
dontaudit $1 swat_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive swat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_swat_client_packets',`
corenet_send_swat_client_packets($1)
corenet_receive_swat_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive swat_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_swat_client_packets',`
corenet_dontaudit_send_swat_client_packets($1)
corenet_dontaudit_receive_swat_client_packets($1)
')
########################################
## <summary>
## Relabel packets to swat_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_swat_client_packets',`
gen_require(`
type swat_client_packet_t;
')
allow $1 swat_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send swat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_swat_server_packets',`
gen_require(`
type swat_server_packet_t;
')
allow $1 swat_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send swat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_swat_server_packets',`
gen_require(`
type swat_server_packet_t;
')
dontaudit $1 swat_server_packet_t:packet send;
')
########################################
## <summary>
## Receive swat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_swat_server_packets',`
gen_require(`
type swat_server_packet_t;
')
allow $1 swat_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive swat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_swat_server_packets',`
gen_require(`
type swat_server_packet_t;
')
dontaudit $1 swat_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive swat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_swat_server_packets',`
corenet_send_swat_server_packets($1)
corenet_receive_swat_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive swat_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_swat_server_packets',`
corenet_dontaudit_send_swat_server_packets($1)
corenet_dontaudit_receive_swat_server_packets($1)
')
########################################
## <summary>
## Relabel packets to swat_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_swat_server_packets',`
gen_require(`
type swat_server_packet_t;
')
allow $1 swat_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the swift port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_swift_port',`
gen_require(`
type swift_port_t;
')
allow $1 swift_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the swift port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_swift_port',`
gen_require(`
type swift_port_t;
')
allow $1 swift_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the swift port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_swift_port',`
gen_require(`
type swift_port_t;
')
dontaudit $1 swift_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the swift port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_swift_port',`
gen_require(`
type swift_port_t;
')
allow $1 swift_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the swift port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_swift_port',`
gen_require(`
type swift_port_t;
')
dontaudit $1 swift_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the swift port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_swift_port',`
corenet_udp_send_swift_port($1)
corenet_udp_receive_swift_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the swift port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_swift_port',`
corenet_dontaudit_udp_send_swift_port($1)
corenet_dontaudit_udp_receive_swift_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the swift port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_swift_port',`
gen_require(`
type swift_port_t;
')
allow $1 swift_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the swift port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_swift_port',`
gen_require(`
type swift_port_t;
')
allow $1 swift_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to swift port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_swift_port',`
gen_require(`
type swift_port_t;
')
dontaudit $1 swift_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the swift port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_swift_port',`
gen_require(`
type swift_port_t;
')
allow $1 swift_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to swift port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_swift_port',`
gen_require(`
type swift_port_t;
')
dontaudit $1 swift_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send swift_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_swift_client_packets',`
gen_require(`
type swift_client_packet_t;
')
allow $1 swift_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send swift_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_swift_client_packets',`
gen_require(`
type swift_client_packet_t;
')
dontaudit $1 swift_client_packet_t:packet send;
')
########################################
## <summary>
## Receive swift_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_swift_client_packets',`
gen_require(`
type swift_client_packet_t;
')
allow $1 swift_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive swift_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_swift_client_packets',`
gen_require(`
type swift_client_packet_t;
')
dontaudit $1 swift_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive swift_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_swift_client_packets',`
corenet_send_swift_client_packets($1)
corenet_receive_swift_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive swift_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_swift_client_packets',`
corenet_dontaudit_send_swift_client_packets($1)
corenet_dontaudit_receive_swift_client_packets($1)
')
########################################
## <summary>
## Relabel packets to swift_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_swift_client_packets',`
gen_require(`
type swift_client_packet_t;
')
allow $1 swift_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send swift_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_swift_server_packets',`
gen_require(`
type swift_server_packet_t;
')
allow $1 swift_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send swift_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_swift_server_packets',`
gen_require(`
type swift_server_packet_t;
')
dontaudit $1 swift_server_packet_t:packet send;
')
########################################
## <summary>
## Receive swift_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_swift_server_packets',`
gen_require(`
type swift_server_packet_t;
')
allow $1 swift_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive swift_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_swift_server_packets',`
gen_require(`
type swift_server_packet_t;
')
dontaudit $1 swift_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive swift_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_swift_server_packets',`
corenet_send_swift_server_packets($1)
corenet_receive_swift_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive swift_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_swift_server_packets',`
corenet_dontaudit_send_swift_server_packets($1)
corenet_dontaudit_receive_swift_server_packets($1)
')
########################################
## <summary>
## Relabel packets to swift_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_swift_server_packets',`
gen_require(`
type swift_server_packet_t;
')
allow $1 swift_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the sype_transport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_sype_transport_port',`
gen_require(`
type sype_transport_port_t;
')
allow $1 sype_transport_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the sype_transport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_sype_transport_port',`
gen_require(`
type sype_transport_port_t;
')
allow $1 sype_transport_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the sype_transport port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_sype_transport_port',`
gen_require(`
type sype_transport_port_t;
')
dontaudit $1 sype_transport_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the sype_transport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_sype_transport_port',`
gen_require(`
type sype_transport_port_t;
')
allow $1 sype_transport_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the sype_transport port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_sype_transport_port',`
gen_require(`
type sype_transport_port_t;
')
dontaudit $1 sype_transport_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the sype_transport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_sype_transport_port',`
corenet_udp_send_sype_transport_port($1)
corenet_udp_receive_sype_transport_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the sype_transport port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_sype_transport_port',`
corenet_dontaudit_udp_send_sype_transport_port($1)
corenet_dontaudit_udp_receive_sype_transport_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the sype_transport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_sype_transport_port',`
gen_require(`
type sype_transport_port_t;
')
allow $1 sype_transport_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the sype_transport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_sype_transport_port',`
gen_require(`
type sype_transport_port_t;
')
allow $1 sype_transport_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to sype_transport port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_sype_transport_port',`
gen_require(`
type sype_transport_port_t;
')
dontaudit $1 sype_transport_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the sype_transport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_sype_transport_port',`
gen_require(`
type sype_transport_port_t;
')
allow $1 sype_transport_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to sype_transport port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_sype_transport_port',`
gen_require(`
type sype_transport_port_t;
')
dontaudit $1 sype_transport_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send sype_transport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sype_transport_client_packets',`
gen_require(`
type sype_transport_client_packet_t;
')
allow $1 sype_transport_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sype_transport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sype_transport_client_packets',`
gen_require(`
type sype_transport_client_packet_t;
')
dontaudit $1 sype_transport_client_packet_t:packet send;
')
########################################
## <summary>
## Receive sype_transport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sype_transport_client_packets',`
gen_require(`
type sype_transport_client_packet_t;
')
allow $1 sype_transport_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sype_transport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sype_transport_client_packets',`
gen_require(`
type sype_transport_client_packet_t;
')
dontaudit $1 sype_transport_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sype_transport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sype_transport_client_packets',`
corenet_send_sype_transport_client_packets($1)
corenet_receive_sype_transport_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sype_transport_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sype_transport_client_packets',`
corenet_dontaudit_send_sype_transport_client_packets($1)
corenet_dontaudit_receive_sype_transport_client_packets($1)
')
########################################
## <summary>
## Relabel packets to sype_transport_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sype_transport_client_packets',`
gen_require(`
type sype_transport_client_packet_t;
')
allow $1 sype_transport_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send sype_transport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_sype_transport_server_packets',`
gen_require(`
type sype_transport_server_packet_t;
')
allow $1 sype_transport_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send sype_transport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_sype_transport_server_packets',`
gen_require(`
type sype_transport_server_packet_t;
')
dontaudit $1 sype_transport_server_packet_t:packet send;
')
########################################
## <summary>
## Receive sype_transport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_sype_transport_server_packets',`
gen_require(`
type sype_transport_server_packet_t;
')
allow $1 sype_transport_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive sype_transport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_sype_transport_server_packets',`
gen_require(`
type sype_transport_server_packet_t;
')
dontaudit $1 sype_transport_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive sype_transport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_sype_transport_server_packets',`
corenet_send_sype_transport_server_packets($1)
corenet_receive_sype_transport_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive sype_transport_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_sype_transport_server_packets',`
corenet_dontaudit_send_sype_transport_server_packets($1)
corenet_dontaudit_receive_sype_transport_server_packets($1)
')
########################################
## <summary>
## Relabel packets to sype_transport_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_sype_transport_server_packets',`
gen_require(`
type sype_transport_server_packet_t;
')
allow $1 sype_transport_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_syslogd_port',`
gen_require(`
type syslogd_port_t;
')
allow $1 syslogd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_syslogd_port',`
gen_require(`
type syslogd_port_t;
')
allow $1 syslogd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_syslogd_port',`
gen_require(`
type syslogd_port_t;
')
dontaudit $1 syslogd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_syslogd_port',`
gen_require(`
type syslogd_port_t;
')
allow $1 syslogd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_syslogd_port',`
gen_require(`
type syslogd_port_t;
')
dontaudit $1 syslogd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_syslogd_port',`
corenet_udp_send_syslogd_port($1)
corenet_udp_receive_syslogd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_syslogd_port',`
corenet_dontaudit_udp_send_syslogd_port($1)
corenet_dontaudit_udp_receive_syslogd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_syslogd_port',`
gen_require(`
type syslogd_port_t;
')
allow $1 syslogd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_syslogd_port',`
gen_require(`
type syslogd_port_t;
')
allow $1 syslogd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_syslogd_port',`
gen_require(`
type syslogd_port_t;
')
dontaudit $1 syslogd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_syslogd_port',`
gen_require(`
type syslogd_port_t;
')
allow $1 syslogd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to syslogd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_syslogd_port',`
gen_require(`
type syslogd_port_t;
')
dontaudit $1 syslogd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send syslogd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_syslogd_client_packets',`
gen_require(`
type syslogd_client_packet_t;
')
allow $1 syslogd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send syslogd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_syslogd_client_packets',`
gen_require(`
type syslogd_client_packet_t;
')
dontaudit $1 syslogd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive syslogd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_syslogd_client_packets',`
gen_require(`
type syslogd_client_packet_t;
')
allow $1 syslogd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive syslogd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_syslogd_client_packets',`
gen_require(`
type syslogd_client_packet_t;
')
dontaudit $1 syslogd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive syslogd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_syslogd_client_packets',`
corenet_send_syslogd_client_packets($1)
corenet_receive_syslogd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive syslogd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_syslogd_client_packets',`
corenet_dontaudit_send_syslogd_client_packets($1)
corenet_dontaudit_receive_syslogd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to syslogd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_syslogd_client_packets',`
gen_require(`
type syslogd_client_packet_t;
')
allow $1 syslogd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send syslogd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_syslogd_server_packets',`
gen_require(`
type syslogd_server_packet_t;
')
allow $1 syslogd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send syslogd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_syslogd_server_packets',`
gen_require(`
type syslogd_server_packet_t;
')
dontaudit $1 syslogd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive syslogd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_syslogd_server_packets',`
gen_require(`
type syslogd_server_packet_t;
')
allow $1 syslogd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive syslogd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_syslogd_server_packets',`
gen_require(`
type syslogd_server_packet_t;
')
dontaudit $1 syslogd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive syslogd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_syslogd_server_packets',`
corenet_send_syslogd_server_packets($1)
corenet_receive_syslogd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive syslogd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_syslogd_server_packets',`
corenet_dontaudit_send_syslogd_server_packets($1)
corenet_dontaudit_receive_syslogd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to syslogd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_syslogd_server_packets',`
gen_require(`
type syslogd_server_packet_t;
')
allow $1 syslogd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the syslog_tls port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_syslog_tls_port',`
gen_require(`
type syslog_tls_port_t;
')
allow $1 syslog_tls_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the syslog_tls port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_syslog_tls_port',`
gen_require(`
type syslog_tls_port_t;
')
allow $1 syslog_tls_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the syslog_tls port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_syslog_tls_port',`
gen_require(`
type syslog_tls_port_t;
')
dontaudit $1 syslog_tls_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the syslog_tls port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_syslog_tls_port',`
gen_require(`
type syslog_tls_port_t;
')
allow $1 syslog_tls_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the syslog_tls port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_syslog_tls_port',`
gen_require(`
type syslog_tls_port_t;
')
dontaudit $1 syslog_tls_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the syslog_tls port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_syslog_tls_port',`
corenet_udp_send_syslog_tls_port($1)
corenet_udp_receive_syslog_tls_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the syslog_tls port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_syslog_tls_port',`
corenet_dontaudit_udp_send_syslog_tls_port($1)
corenet_dontaudit_udp_receive_syslog_tls_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the syslog_tls port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_syslog_tls_port',`
gen_require(`
type syslog_tls_port_t;
')
allow $1 syslog_tls_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the syslog_tls port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_syslog_tls_port',`
gen_require(`
type syslog_tls_port_t;
')
allow $1 syslog_tls_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to syslog_tls port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_syslog_tls_port',`
gen_require(`
type syslog_tls_port_t;
')
dontaudit $1 syslog_tls_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the syslog_tls port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_syslog_tls_port',`
gen_require(`
type syslog_tls_port_t;
')
allow $1 syslog_tls_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to syslog_tls port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_syslog_tls_port',`
gen_require(`
type syslog_tls_port_t;
')
dontaudit $1 syslog_tls_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send syslog_tls_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_syslog_tls_client_packets',`
gen_require(`
type syslog_tls_client_packet_t;
')
allow $1 syslog_tls_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send syslog_tls_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_syslog_tls_client_packets',`
gen_require(`
type syslog_tls_client_packet_t;
')
dontaudit $1 syslog_tls_client_packet_t:packet send;
')
########################################
## <summary>
## Receive syslog_tls_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_syslog_tls_client_packets',`
gen_require(`
type syslog_tls_client_packet_t;
')
allow $1 syslog_tls_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive syslog_tls_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_syslog_tls_client_packets',`
gen_require(`
type syslog_tls_client_packet_t;
')
dontaudit $1 syslog_tls_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive syslog_tls_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_syslog_tls_client_packets',`
corenet_send_syslog_tls_client_packets($1)
corenet_receive_syslog_tls_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive syslog_tls_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_syslog_tls_client_packets',`
corenet_dontaudit_send_syslog_tls_client_packets($1)
corenet_dontaudit_receive_syslog_tls_client_packets($1)
')
########################################
## <summary>
## Relabel packets to syslog_tls_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_syslog_tls_client_packets',`
gen_require(`
type syslog_tls_client_packet_t;
')
allow $1 syslog_tls_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send syslog_tls_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_syslog_tls_server_packets',`
gen_require(`
type syslog_tls_server_packet_t;
')
allow $1 syslog_tls_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send syslog_tls_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_syslog_tls_server_packets',`
gen_require(`
type syslog_tls_server_packet_t;
')
dontaudit $1 syslog_tls_server_packet_t:packet send;
')
########################################
## <summary>
## Receive syslog_tls_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_syslog_tls_server_packets',`
gen_require(`
type syslog_tls_server_packet_t;
')
allow $1 syslog_tls_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive syslog_tls_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_syslog_tls_server_packets',`
gen_require(`
type syslog_tls_server_packet_t;
')
dontaudit $1 syslog_tls_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive syslog_tls_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_syslog_tls_server_packets',`
corenet_send_syslog_tls_server_packets($1)
corenet_receive_syslog_tls_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive syslog_tls_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_syslog_tls_server_packets',`
corenet_dontaudit_send_syslog_tls_server_packets($1)
corenet_dontaudit_receive_syslog_tls_server_packets($1)
')
########################################
## <summary>
## Relabel packets to syslog_tls_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_syslog_tls_server_packets',`
gen_require(`
type syslog_tls_server_packet_t;
')
allow $1 syslog_tls_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the statsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_statsd_port',`
gen_require(`
type statsd_port_t;
')
allow $1 statsd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the statsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_statsd_port',`
gen_require(`
type statsd_port_t;
')
allow $1 statsd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the statsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_statsd_port',`
gen_require(`
type statsd_port_t;
')
dontaudit $1 statsd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the statsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_statsd_port',`
gen_require(`
type statsd_port_t;
')
allow $1 statsd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the statsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_statsd_port',`
gen_require(`
type statsd_port_t;
')
dontaudit $1 statsd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the statsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_statsd_port',`
corenet_udp_send_statsd_port($1)
corenet_udp_receive_statsd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the statsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_statsd_port',`
corenet_dontaudit_udp_send_statsd_port($1)
corenet_dontaudit_udp_receive_statsd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the statsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_statsd_port',`
gen_require(`
type statsd_port_t;
')
allow $1 statsd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the statsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_statsd_port',`
gen_require(`
type statsd_port_t;
')
allow $1 statsd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to statsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_statsd_port',`
gen_require(`
type statsd_port_t;
')
dontaudit $1 statsd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the statsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_statsd_port',`
gen_require(`
type statsd_port_t;
')
allow $1 statsd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to statsd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_statsd_port',`
gen_require(`
type statsd_port_t;
')
dontaudit $1 statsd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send statsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_statsd_client_packets',`
gen_require(`
type statsd_client_packet_t;
')
allow $1 statsd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send statsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_statsd_client_packets',`
gen_require(`
type statsd_client_packet_t;
')
dontaudit $1 statsd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive statsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_statsd_client_packets',`
gen_require(`
type statsd_client_packet_t;
')
allow $1 statsd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive statsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_statsd_client_packets',`
gen_require(`
type statsd_client_packet_t;
')
dontaudit $1 statsd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive statsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_statsd_client_packets',`
corenet_send_statsd_client_packets($1)
corenet_receive_statsd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive statsd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_statsd_client_packets',`
corenet_dontaudit_send_statsd_client_packets($1)
corenet_dontaudit_receive_statsd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to statsd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_statsd_client_packets',`
gen_require(`
type statsd_client_packet_t;
')
allow $1 statsd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send statsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_statsd_server_packets',`
gen_require(`
type statsd_server_packet_t;
')
allow $1 statsd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send statsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_statsd_server_packets',`
gen_require(`
type statsd_server_packet_t;
')
dontaudit $1 statsd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive statsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_statsd_server_packets',`
gen_require(`
type statsd_server_packet_t;
')
allow $1 statsd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive statsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_statsd_server_packets',`
gen_require(`
type statsd_server_packet_t;
')
dontaudit $1 statsd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive statsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_statsd_server_packets',`
corenet_send_statsd_server_packets($1)
corenet_receive_statsd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive statsd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_statsd_server_packets',`
corenet_dontaudit_send_statsd_server_packets($1)
corenet_dontaudit_receive_statsd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to statsd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_statsd_server_packets',`
gen_require(`
type statsd_server_packet_t;
')
allow $1 statsd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the tangd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_tangd_port',`
gen_require(`
type tangd_port_t;
')
allow $1 tangd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the tangd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_tangd_port',`
gen_require(`
type tangd_port_t;
')
allow $1 tangd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the tangd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_tangd_port',`
gen_require(`
type tangd_port_t;
')
dontaudit $1 tangd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the tangd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_tangd_port',`
gen_require(`
type tangd_port_t;
')
allow $1 tangd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the tangd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_tangd_port',`
gen_require(`
type tangd_port_t;
')
dontaudit $1 tangd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the tangd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_tangd_port',`
corenet_udp_send_tangd_port($1)
corenet_udp_receive_tangd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the tangd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_tangd_port',`
corenet_dontaudit_udp_send_tangd_port($1)
corenet_dontaudit_udp_receive_tangd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the tangd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_tangd_port',`
gen_require(`
type tangd_port_t;
')
allow $1 tangd_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the tangd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_tangd_port',`
gen_require(`
type tangd_port_t;
')
allow $1 tangd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to tangd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_tangd_port',`
gen_require(`
type tangd_port_t;
')
dontaudit $1 tangd_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the tangd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_tangd_port',`
gen_require(`
type tangd_port_t;
')
allow $1 tangd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to tangd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_tangd_port',`
gen_require(`
type tangd_port_t;
')
dontaudit $1 tangd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send tangd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_tangd_client_packets',`
gen_require(`
type tangd_client_packet_t;
')
allow $1 tangd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send tangd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_tangd_client_packets',`
gen_require(`
type tangd_client_packet_t;
')
dontaudit $1 tangd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive tangd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_tangd_client_packets',`
gen_require(`
type tangd_client_packet_t;
')
allow $1 tangd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive tangd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_tangd_client_packets',`
gen_require(`
type tangd_client_packet_t;
')
dontaudit $1 tangd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive tangd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_tangd_client_packets',`
corenet_send_tangd_client_packets($1)
corenet_receive_tangd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive tangd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_tangd_client_packets',`
corenet_dontaudit_send_tangd_client_packets($1)
corenet_dontaudit_receive_tangd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to tangd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_tangd_client_packets',`
gen_require(`
type tangd_client_packet_t;
')
allow $1 tangd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send tangd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_tangd_server_packets',`
gen_require(`
type tangd_server_packet_t;
')
allow $1 tangd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send tangd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_tangd_server_packets',`
gen_require(`
type tangd_server_packet_t;
')
dontaudit $1 tangd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive tangd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_tangd_server_packets',`
gen_require(`
type tangd_server_packet_t;
')
allow $1 tangd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive tangd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_tangd_server_packets',`
gen_require(`
type tangd_server_packet_t;
')
dontaudit $1 tangd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive tangd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_tangd_server_packets',`
corenet_send_tangd_server_packets($1)
corenet_receive_tangd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive tangd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_tangd_server_packets',`
corenet_dontaudit_send_tangd_server_packets($1)
corenet_dontaudit_receive_tangd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to tangd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_tangd_server_packets',`
gen_require(`
type tangd_server_packet_t;
')
allow $1 tangd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the tcs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_tcs_port',`
gen_require(`
type tcs_port_t;
')
allow $1 tcs_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the tcs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_tcs_port',`
gen_require(`
type tcs_port_t;
')
allow $1 tcs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the tcs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_tcs_port',`
gen_require(`
type tcs_port_t;
')
dontaudit $1 tcs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the tcs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_tcs_port',`
gen_require(`
type tcs_port_t;
')
allow $1 tcs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the tcs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_tcs_port',`
gen_require(`
type tcs_port_t;
')
dontaudit $1 tcs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the tcs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_tcs_port',`
corenet_udp_send_tcs_port($1)
corenet_udp_receive_tcs_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the tcs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_tcs_port',`
corenet_dontaudit_udp_send_tcs_port($1)
corenet_dontaudit_udp_receive_tcs_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the tcs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_tcs_port',`
gen_require(`
type tcs_port_t;
')
allow $1 tcs_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the tcs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_tcs_port',`
gen_require(`
type tcs_port_t;
')
allow $1 tcs_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to tcs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_tcs_port',`
gen_require(`
type tcs_port_t;
')
dontaudit $1 tcs_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the tcs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_tcs_port',`
gen_require(`
type tcs_port_t;
')
allow $1 tcs_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to tcs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_tcs_port',`
gen_require(`
type tcs_port_t;
')
dontaudit $1 tcs_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send tcs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_tcs_client_packets',`
gen_require(`
type tcs_client_packet_t;
')
allow $1 tcs_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send tcs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_tcs_client_packets',`
gen_require(`
type tcs_client_packet_t;
')
dontaudit $1 tcs_client_packet_t:packet send;
')
########################################
## <summary>
## Receive tcs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_tcs_client_packets',`
gen_require(`
type tcs_client_packet_t;
')
allow $1 tcs_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive tcs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_tcs_client_packets',`
gen_require(`
type tcs_client_packet_t;
')
dontaudit $1 tcs_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive tcs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_tcs_client_packets',`
corenet_send_tcs_client_packets($1)
corenet_receive_tcs_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive tcs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_tcs_client_packets',`
corenet_dontaudit_send_tcs_client_packets($1)
corenet_dontaudit_receive_tcs_client_packets($1)
')
########################################
## <summary>
## Relabel packets to tcs_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_tcs_client_packets',`
gen_require(`
type tcs_client_packet_t;
')
allow $1 tcs_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send tcs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_tcs_server_packets',`
gen_require(`
type tcs_server_packet_t;
')
allow $1 tcs_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send tcs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_tcs_server_packets',`
gen_require(`
type tcs_server_packet_t;
')
dontaudit $1 tcs_server_packet_t:packet send;
')
########################################
## <summary>
## Receive tcs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_tcs_server_packets',`
gen_require(`
type tcs_server_packet_t;
')
allow $1 tcs_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive tcs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_tcs_server_packets',`
gen_require(`
type tcs_server_packet_t;
')
dontaudit $1 tcs_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive tcs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_tcs_server_packets',`
corenet_send_tcs_server_packets($1)
corenet_receive_tcs_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive tcs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_tcs_server_packets',`
corenet_dontaudit_send_tcs_server_packets($1)
corenet_dontaudit_receive_tcs_server_packets($1)
')
########################################
## <summary>
## Relabel packets to tcs_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_tcs_server_packets',`
gen_require(`
type tcs_server_packet_t;
')
allow $1 tcs_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_telnetd_port',`
gen_require(`
type telnetd_port_t;
')
allow $1 telnetd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_telnetd_port',`
gen_require(`
type telnetd_port_t;
')
allow $1 telnetd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_telnetd_port',`
gen_require(`
type telnetd_port_t;
')
dontaudit $1 telnetd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_telnetd_port',`
gen_require(`
type telnetd_port_t;
')
allow $1 telnetd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_telnetd_port',`
gen_require(`
type telnetd_port_t;
')
dontaudit $1 telnetd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_telnetd_port',`
corenet_udp_send_telnetd_port($1)
corenet_udp_receive_telnetd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_telnetd_port',`
corenet_dontaudit_udp_send_telnetd_port($1)
corenet_dontaudit_udp_receive_telnetd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_telnetd_port',`
gen_require(`
type telnetd_port_t;
')
allow $1 telnetd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_telnetd_port',`
gen_require(`
type telnetd_port_t;
')
allow $1 telnetd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_telnetd_port',`
gen_require(`
type telnetd_port_t;
')
dontaudit $1 telnetd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_telnetd_port',`
gen_require(`
type telnetd_port_t;
')
allow $1 telnetd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to telnetd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_telnetd_port',`
gen_require(`
type telnetd_port_t;
')
dontaudit $1 telnetd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send telnetd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_telnetd_client_packets',`
gen_require(`
type telnetd_client_packet_t;
')
allow $1 telnetd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send telnetd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_telnetd_client_packets',`
gen_require(`
type telnetd_client_packet_t;
')
dontaudit $1 telnetd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive telnetd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_telnetd_client_packets',`
gen_require(`
type telnetd_client_packet_t;
')
allow $1 telnetd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive telnetd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_telnetd_client_packets',`
gen_require(`
type telnetd_client_packet_t;
')
dontaudit $1 telnetd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive telnetd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_telnetd_client_packets',`
corenet_send_telnetd_client_packets($1)
corenet_receive_telnetd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive telnetd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_telnetd_client_packets',`
corenet_dontaudit_send_telnetd_client_packets($1)
corenet_dontaudit_receive_telnetd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to telnetd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_telnetd_client_packets',`
gen_require(`
type telnetd_client_packet_t;
')
allow $1 telnetd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send telnetd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_telnetd_server_packets',`
gen_require(`
type telnetd_server_packet_t;
')
allow $1 telnetd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send telnetd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_telnetd_server_packets',`
gen_require(`
type telnetd_server_packet_t;
')
dontaudit $1 telnetd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive telnetd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_telnetd_server_packets',`
gen_require(`
type telnetd_server_packet_t;
')
allow $1 telnetd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive telnetd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_telnetd_server_packets',`
gen_require(`
type telnetd_server_packet_t;
')
dontaudit $1 telnetd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive telnetd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_telnetd_server_packets',`
corenet_send_telnetd_server_packets($1)
corenet_receive_telnetd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive telnetd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_telnetd_server_packets',`
corenet_dontaudit_send_telnetd_server_packets($1)
corenet_dontaudit_receive_telnetd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to telnetd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_telnetd_server_packets',`
gen_require(`
type telnetd_server_packet_t;
')
allow $1 telnetd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_tftp_port',`
gen_require(`
type tftp_port_t;
')
allow $1 tftp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_tftp_port',`
gen_require(`
type tftp_port_t;
')
allow $1 tftp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_tftp_port',`
gen_require(`
type tftp_port_t;
')
dontaudit $1 tftp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_tftp_port',`
gen_require(`
type tftp_port_t;
')
allow $1 tftp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_tftp_port',`
gen_require(`
type tftp_port_t;
')
dontaudit $1 tftp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_tftp_port',`
corenet_udp_send_tftp_port($1)
corenet_udp_receive_tftp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_tftp_port',`
corenet_dontaudit_udp_send_tftp_port($1)
corenet_dontaudit_udp_receive_tftp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_tftp_port',`
gen_require(`
type tftp_port_t;
')
allow $1 tftp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_tftp_port',`
gen_require(`
type tftp_port_t;
')
allow $1 tftp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_tftp_port',`
gen_require(`
type tftp_port_t;
')
dontaudit $1 tftp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_tftp_port',`
gen_require(`
type tftp_port_t;
')
allow $1 tftp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to tftp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_tftp_port',`
gen_require(`
type tftp_port_t;
')
dontaudit $1 tftp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send tftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_tftp_client_packets',`
gen_require(`
type tftp_client_packet_t;
')
allow $1 tftp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send tftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_tftp_client_packets',`
gen_require(`
type tftp_client_packet_t;
')
dontaudit $1 tftp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive tftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_tftp_client_packets',`
gen_require(`
type tftp_client_packet_t;
')
allow $1 tftp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive tftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_tftp_client_packets',`
gen_require(`
type tftp_client_packet_t;
')
dontaudit $1 tftp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive tftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_tftp_client_packets',`
corenet_send_tftp_client_packets($1)
corenet_receive_tftp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive tftp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_tftp_client_packets',`
corenet_dontaudit_send_tftp_client_packets($1)
corenet_dontaudit_receive_tftp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to tftp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_tftp_client_packets',`
gen_require(`
type tftp_client_packet_t;
')
allow $1 tftp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send tftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_tftp_server_packets',`
gen_require(`
type tftp_server_packet_t;
')
allow $1 tftp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send tftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_tftp_server_packets',`
gen_require(`
type tftp_server_packet_t;
')
dontaudit $1 tftp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive tftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_tftp_server_packets',`
gen_require(`
type tftp_server_packet_t;
')
allow $1 tftp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive tftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_tftp_server_packets',`
gen_require(`
type tftp_server_packet_t;
')
dontaudit $1 tftp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive tftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_tftp_server_packets',`
corenet_send_tftp_server_packets($1)
corenet_receive_tftp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive tftp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_tftp_server_packets',`
corenet_dontaudit_send_tftp_server_packets($1)
corenet_dontaudit_receive_tftp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to tftp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_tftp_server_packets',`
gen_require(`
type tftp_server_packet_t;
')
allow $1 tftp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_tor_port',`
gen_require(`
type tor_port_t;
')
allow $1 tor_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_tor_port',`
gen_require(`
type tor_port_t;
')
allow $1 tor_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_tor_port',`
gen_require(`
type tor_port_t;
')
dontaudit $1 tor_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_tor_port',`
gen_require(`
type tor_port_t;
')
allow $1 tor_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_tor_port',`
gen_require(`
type tor_port_t;
')
dontaudit $1 tor_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_tor_port',`
corenet_udp_send_tor_port($1)
corenet_udp_receive_tor_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_tor_port',`
corenet_dontaudit_udp_send_tor_port($1)
corenet_dontaudit_udp_receive_tor_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_tor_port',`
gen_require(`
type tor_port_t;
')
allow $1 tor_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_tor_port',`
gen_require(`
type tor_port_t;
')
allow $1 tor_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_tor_port',`
gen_require(`
type tor_port_t;
')
dontaudit $1 tor_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_tor_port',`
gen_require(`
type tor_port_t;
')
allow $1 tor_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to tor port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_tor_port',`
gen_require(`
type tor_port_t;
')
dontaudit $1 tor_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send tor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_tor_client_packets',`
gen_require(`
type tor_client_packet_t;
')
allow $1 tor_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send tor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_tor_client_packets',`
gen_require(`
type tor_client_packet_t;
')
dontaudit $1 tor_client_packet_t:packet send;
')
########################################
## <summary>
## Receive tor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_tor_client_packets',`
gen_require(`
type tor_client_packet_t;
')
allow $1 tor_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive tor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_tor_client_packets',`
gen_require(`
type tor_client_packet_t;
')
dontaudit $1 tor_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive tor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_tor_client_packets',`
corenet_send_tor_client_packets($1)
corenet_receive_tor_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive tor_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_tor_client_packets',`
corenet_dontaudit_send_tor_client_packets($1)
corenet_dontaudit_receive_tor_client_packets($1)
')
########################################
## <summary>
## Relabel packets to tor_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_tor_client_packets',`
gen_require(`
type tor_client_packet_t;
')
allow $1 tor_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send tor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_tor_server_packets',`
gen_require(`
type tor_server_packet_t;
')
allow $1 tor_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send tor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_tor_server_packets',`
gen_require(`
type tor_server_packet_t;
')
dontaudit $1 tor_server_packet_t:packet send;
')
########################################
## <summary>
## Receive tor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_tor_server_packets',`
gen_require(`
type tor_server_packet_t;
')
allow $1 tor_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive tor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_tor_server_packets',`
gen_require(`
type tor_server_packet_t;
')
dontaudit $1 tor_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive tor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_tor_server_packets',`
corenet_send_tor_server_packets($1)
corenet_receive_tor_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive tor_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_tor_server_packets',`
corenet_dontaudit_send_tor_server_packets($1)
corenet_dontaudit_receive_tor_server_packets($1)
')
########################################
## <summary>
## Relabel packets to tor_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_tor_server_packets',`
gen_require(`
type tor_server_packet_t;
')
allow $1 tor_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_traceroute_port',`
gen_require(`
type traceroute_port_t;
')
allow $1 traceroute_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_traceroute_port',`
gen_require(`
type traceroute_port_t;
')
allow $1 traceroute_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_traceroute_port',`
gen_require(`
type traceroute_port_t;
')
dontaudit $1 traceroute_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_traceroute_port',`
gen_require(`
type traceroute_port_t;
')
allow $1 traceroute_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_traceroute_port',`
gen_require(`
type traceroute_port_t;
')
dontaudit $1 traceroute_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_traceroute_port',`
corenet_udp_send_traceroute_port($1)
corenet_udp_receive_traceroute_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_traceroute_port',`
corenet_dontaudit_udp_send_traceroute_port($1)
corenet_dontaudit_udp_receive_traceroute_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_traceroute_port',`
gen_require(`
type traceroute_port_t;
')
allow $1 traceroute_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_traceroute_port',`
gen_require(`
type traceroute_port_t;
')
allow $1 traceroute_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_traceroute_port',`
gen_require(`
type traceroute_port_t;
')
dontaudit $1 traceroute_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_traceroute_port',`
gen_require(`
type traceroute_port_t;
')
allow $1 traceroute_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to traceroute port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_traceroute_port',`
gen_require(`
type traceroute_port_t;
')
dontaudit $1 traceroute_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send traceroute_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_traceroute_client_packets',`
gen_require(`
type traceroute_client_packet_t;
')
allow $1 traceroute_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send traceroute_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_traceroute_client_packets',`
gen_require(`
type traceroute_client_packet_t;
')
dontaudit $1 traceroute_client_packet_t:packet send;
')
########################################
## <summary>
## Receive traceroute_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_traceroute_client_packets',`
gen_require(`
type traceroute_client_packet_t;
')
allow $1 traceroute_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive traceroute_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_traceroute_client_packets',`
gen_require(`
type traceroute_client_packet_t;
')
dontaudit $1 traceroute_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive traceroute_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_traceroute_client_packets',`
corenet_send_traceroute_client_packets($1)
corenet_receive_traceroute_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive traceroute_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_traceroute_client_packets',`
corenet_dontaudit_send_traceroute_client_packets($1)
corenet_dontaudit_receive_traceroute_client_packets($1)
')
########################################
## <summary>
## Relabel packets to traceroute_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_traceroute_client_packets',`
gen_require(`
type traceroute_client_packet_t;
')
allow $1 traceroute_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send traceroute_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_traceroute_server_packets',`
gen_require(`
type traceroute_server_packet_t;
')
allow $1 traceroute_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send traceroute_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_traceroute_server_packets',`
gen_require(`
type traceroute_server_packet_t;
')
dontaudit $1 traceroute_server_packet_t:packet send;
')
########################################
## <summary>
## Receive traceroute_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_traceroute_server_packets',`
gen_require(`
type traceroute_server_packet_t;
')
allow $1 traceroute_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive traceroute_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_traceroute_server_packets',`
gen_require(`
type traceroute_server_packet_t;
')
dontaudit $1 traceroute_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive traceroute_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_traceroute_server_packets',`
corenet_send_traceroute_server_packets($1)
corenet_receive_traceroute_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive traceroute_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_traceroute_server_packets',`
corenet_dontaudit_send_traceroute_server_packets($1)
corenet_dontaudit_receive_traceroute_server_packets($1)
')
########################################
## <summary>
## Relabel packets to traceroute_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_traceroute_server_packets',`
gen_require(`
type traceroute_server_packet_t;
')
allow $1 traceroute_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the tram port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_tram_port',`
gen_require(`
type tram_port_t;
')
allow $1 tram_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the tram port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_tram_port',`
gen_require(`
type tram_port_t;
')
allow $1 tram_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the tram port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_tram_port',`
gen_require(`
type tram_port_t;
')
dontaudit $1 tram_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the tram port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_tram_port',`
gen_require(`
type tram_port_t;
')
allow $1 tram_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the tram port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_tram_port',`
gen_require(`
type tram_port_t;
')
dontaudit $1 tram_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the tram port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_tram_port',`
corenet_udp_send_tram_port($1)
corenet_udp_receive_tram_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the tram port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_tram_port',`
corenet_dontaudit_udp_send_tram_port($1)
corenet_dontaudit_udp_receive_tram_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the tram port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_tram_port',`
gen_require(`
type tram_port_t;
')
allow $1 tram_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the tram port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_tram_port',`
gen_require(`
type tram_port_t;
')
allow $1 tram_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to tram port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_tram_port',`
gen_require(`
type tram_port_t;
')
dontaudit $1 tram_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the tram port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_tram_port',`
gen_require(`
type tram_port_t;
')
allow $1 tram_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to tram port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_tram_port',`
gen_require(`
type tram_port_t;
')
dontaudit $1 tram_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send tram_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_tram_client_packets',`
gen_require(`
type tram_client_packet_t;
')
allow $1 tram_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send tram_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_tram_client_packets',`
gen_require(`
type tram_client_packet_t;
')
dontaudit $1 tram_client_packet_t:packet send;
')
########################################
## <summary>
## Receive tram_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_tram_client_packets',`
gen_require(`
type tram_client_packet_t;
')
allow $1 tram_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive tram_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_tram_client_packets',`
gen_require(`
type tram_client_packet_t;
')
dontaudit $1 tram_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive tram_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_tram_client_packets',`
corenet_send_tram_client_packets($1)
corenet_receive_tram_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive tram_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_tram_client_packets',`
corenet_dontaudit_send_tram_client_packets($1)
corenet_dontaudit_receive_tram_client_packets($1)
')
########################################
## <summary>
## Relabel packets to tram_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_tram_client_packets',`
gen_require(`
type tram_client_packet_t;
')
allow $1 tram_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send tram_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_tram_server_packets',`
gen_require(`
type tram_server_packet_t;
')
allow $1 tram_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send tram_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_tram_server_packets',`
gen_require(`
type tram_server_packet_t;
')
dontaudit $1 tram_server_packet_t:packet send;
')
########################################
## <summary>
## Receive tram_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_tram_server_packets',`
gen_require(`
type tram_server_packet_t;
')
allow $1 tram_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive tram_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_tram_server_packets',`
gen_require(`
type tram_server_packet_t;
')
dontaudit $1 tram_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive tram_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_tram_server_packets',`
corenet_send_tram_server_packets($1)
corenet_receive_tram_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive tram_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_tram_server_packets',`
corenet_dontaudit_send_tram_server_packets($1)
corenet_dontaudit_receive_tram_server_packets($1)
')
########################################
## <summary>
## Relabel packets to tram_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_tram_server_packets',`
gen_require(`
type tram_server_packet_t;
')
allow $1 tram_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_transproxy_port',`
gen_require(`
type transproxy_port_t;
')
allow $1 transproxy_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_transproxy_port',`
gen_require(`
type transproxy_port_t;
')
allow $1 transproxy_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_transproxy_port',`
gen_require(`
type transproxy_port_t;
')
dontaudit $1 transproxy_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_transproxy_port',`
gen_require(`
type transproxy_port_t;
')
allow $1 transproxy_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_transproxy_port',`
gen_require(`
type transproxy_port_t;
')
dontaudit $1 transproxy_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_transproxy_port',`
corenet_udp_send_transproxy_port($1)
corenet_udp_receive_transproxy_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_transproxy_port',`
corenet_dontaudit_udp_send_transproxy_port($1)
corenet_dontaudit_udp_receive_transproxy_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_transproxy_port',`
gen_require(`
type transproxy_port_t;
')
allow $1 transproxy_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_transproxy_port',`
gen_require(`
type transproxy_port_t;
')
allow $1 transproxy_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_transproxy_port',`
gen_require(`
type transproxy_port_t;
')
dontaudit $1 transproxy_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_transproxy_port',`
gen_require(`
type transproxy_port_t;
')
allow $1 transproxy_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to transproxy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_transproxy_port',`
gen_require(`
type transproxy_port_t;
')
dontaudit $1 transproxy_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send transproxy_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_transproxy_client_packets',`
gen_require(`
type transproxy_client_packet_t;
')
allow $1 transproxy_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send transproxy_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_transproxy_client_packets',`
gen_require(`
type transproxy_client_packet_t;
')
dontaudit $1 transproxy_client_packet_t:packet send;
')
########################################
## <summary>
## Receive transproxy_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_transproxy_client_packets',`
gen_require(`
type transproxy_client_packet_t;
')
allow $1 transproxy_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive transproxy_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_transproxy_client_packets',`
gen_require(`
type transproxy_client_packet_t;
')
dontaudit $1 transproxy_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive transproxy_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_transproxy_client_packets',`
corenet_send_transproxy_client_packets($1)
corenet_receive_transproxy_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive transproxy_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_transproxy_client_packets',`
corenet_dontaudit_send_transproxy_client_packets($1)
corenet_dontaudit_receive_transproxy_client_packets($1)
')
########################################
## <summary>
## Relabel packets to transproxy_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_transproxy_client_packets',`
gen_require(`
type transproxy_client_packet_t;
')
allow $1 transproxy_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send transproxy_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_transproxy_server_packets',`
gen_require(`
type transproxy_server_packet_t;
')
allow $1 transproxy_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send transproxy_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_transproxy_server_packets',`
gen_require(`
type transproxy_server_packet_t;
')
dontaudit $1 transproxy_server_packet_t:packet send;
')
########################################
## <summary>
## Receive transproxy_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_transproxy_server_packets',`
gen_require(`
type transproxy_server_packet_t;
')
allow $1 transproxy_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive transproxy_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_transproxy_server_packets',`
gen_require(`
type transproxy_server_packet_t;
')
dontaudit $1 transproxy_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive transproxy_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_transproxy_server_packets',`
corenet_send_transproxy_server_packets($1)
corenet_receive_transproxy_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive transproxy_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_transproxy_server_packets',`
corenet_dontaudit_send_transproxy_server_packets($1)
corenet_dontaudit_receive_transproxy_server_packets($1)
')
########################################
## <summary>
## Relabel packets to transproxy_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_transproxy_server_packets',`
gen_require(`
type transproxy_server_packet_t;
')
allow $1 transproxy_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the trisoap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_trisoap_port',`
gen_require(`
type trisoap_port_t;
')
allow $1 trisoap_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the trisoap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_trisoap_port',`
gen_require(`
type trisoap_port_t;
')
allow $1 trisoap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the trisoap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_trisoap_port',`
gen_require(`
type trisoap_port_t;
')
dontaudit $1 trisoap_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the trisoap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_trisoap_port',`
gen_require(`
type trisoap_port_t;
')
allow $1 trisoap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the trisoap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_trisoap_port',`
gen_require(`
type trisoap_port_t;
')
dontaudit $1 trisoap_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the trisoap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_trisoap_port',`
corenet_udp_send_trisoap_port($1)
corenet_udp_receive_trisoap_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the trisoap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_trisoap_port',`
corenet_dontaudit_udp_send_trisoap_port($1)
corenet_dontaudit_udp_receive_trisoap_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the trisoap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_trisoap_port',`
gen_require(`
type trisoap_port_t;
')
allow $1 trisoap_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the trisoap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_trisoap_port',`
gen_require(`
type trisoap_port_t;
')
allow $1 trisoap_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to trisoap port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_trisoap_port',`
gen_require(`
type trisoap_port_t;
')
dontaudit $1 trisoap_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the trisoap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_trisoap_port',`
gen_require(`
type trisoap_port_t;
')
allow $1 trisoap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to trisoap port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_trisoap_port',`
gen_require(`
type trisoap_port_t;
')
dontaudit $1 trisoap_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send trisoap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_trisoap_client_packets',`
gen_require(`
type trisoap_client_packet_t;
')
allow $1 trisoap_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send trisoap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_trisoap_client_packets',`
gen_require(`
type trisoap_client_packet_t;
')
dontaudit $1 trisoap_client_packet_t:packet send;
')
########################################
## <summary>
## Receive trisoap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_trisoap_client_packets',`
gen_require(`
type trisoap_client_packet_t;
')
allow $1 trisoap_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive trisoap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_trisoap_client_packets',`
gen_require(`
type trisoap_client_packet_t;
')
dontaudit $1 trisoap_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive trisoap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_trisoap_client_packets',`
corenet_send_trisoap_client_packets($1)
corenet_receive_trisoap_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive trisoap_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_trisoap_client_packets',`
corenet_dontaudit_send_trisoap_client_packets($1)
corenet_dontaudit_receive_trisoap_client_packets($1)
')
########################################
## <summary>
## Relabel packets to trisoap_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_trisoap_client_packets',`
gen_require(`
type trisoap_client_packet_t;
')
allow $1 trisoap_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send trisoap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_trisoap_server_packets',`
gen_require(`
type trisoap_server_packet_t;
')
allow $1 trisoap_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send trisoap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_trisoap_server_packets',`
gen_require(`
type trisoap_server_packet_t;
')
dontaudit $1 trisoap_server_packet_t:packet send;
')
########################################
## <summary>
## Receive trisoap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_trisoap_server_packets',`
gen_require(`
type trisoap_server_packet_t;
')
allow $1 trisoap_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive trisoap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_trisoap_server_packets',`
gen_require(`
type trisoap_server_packet_t;
')
dontaudit $1 trisoap_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive trisoap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_trisoap_server_packets',`
corenet_send_trisoap_server_packets($1)
corenet_receive_trisoap_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive trisoap_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_trisoap_server_packets',`
corenet_dontaudit_send_trisoap_server_packets($1)
corenet_dontaudit_receive_trisoap_server_packets($1)
')
########################################
## <summary>
## Relabel packets to trisoap_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_trisoap_server_packets',`
gen_require(`
type trisoap_server_packet_t;
')
allow $1 trisoap_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the trivnet1 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_trivnet1_port',`
gen_require(`
type trivnet1_port_t;
')
allow $1 trivnet1_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the trivnet1 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_trivnet1_port',`
gen_require(`
type trivnet1_port_t;
')
allow $1 trivnet1_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the trivnet1 port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_trivnet1_port',`
gen_require(`
type trivnet1_port_t;
')
dontaudit $1 trivnet1_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the trivnet1 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_trivnet1_port',`
gen_require(`
type trivnet1_port_t;
')
allow $1 trivnet1_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the trivnet1 port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_trivnet1_port',`
gen_require(`
type trivnet1_port_t;
')
dontaudit $1 trivnet1_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the trivnet1 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_trivnet1_port',`
corenet_udp_send_trivnet1_port($1)
corenet_udp_receive_trivnet1_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the trivnet1 port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_trivnet1_port',`
corenet_dontaudit_udp_send_trivnet1_port($1)
corenet_dontaudit_udp_receive_trivnet1_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the trivnet1 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_trivnet1_port',`
gen_require(`
type trivnet1_port_t;
')
allow $1 trivnet1_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the trivnet1 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_trivnet1_port',`
gen_require(`
type trivnet1_port_t;
')
allow $1 trivnet1_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to trivnet1 port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_trivnet1_port',`
gen_require(`
type trivnet1_port_t;
')
dontaudit $1 trivnet1_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the trivnet1 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_trivnet1_port',`
gen_require(`
type trivnet1_port_t;
')
allow $1 trivnet1_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to trivnet1 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_trivnet1_port',`
gen_require(`
type trivnet1_port_t;
')
dontaudit $1 trivnet1_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send trivnet1_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_trivnet1_client_packets',`
gen_require(`
type trivnet1_client_packet_t;
')
allow $1 trivnet1_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send trivnet1_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_trivnet1_client_packets',`
gen_require(`
type trivnet1_client_packet_t;
')
dontaudit $1 trivnet1_client_packet_t:packet send;
')
########################################
## <summary>
## Receive trivnet1_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_trivnet1_client_packets',`
gen_require(`
type trivnet1_client_packet_t;
')
allow $1 trivnet1_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive trivnet1_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_trivnet1_client_packets',`
gen_require(`
type trivnet1_client_packet_t;
')
dontaudit $1 trivnet1_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive trivnet1_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_trivnet1_client_packets',`
corenet_send_trivnet1_client_packets($1)
corenet_receive_trivnet1_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive trivnet1_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_trivnet1_client_packets',`
corenet_dontaudit_send_trivnet1_client_packets($1)
corenet_dontaudit_receive_trivnet1_client_packets($1)
')
########################################
## <summary>
## Relabel packets to trivnet1_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_trivnet1_client_packets',`
gen_require(`
type trivnet1_client_packet_t;
')
allow $1 trivnet1_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send trivnet1_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_trivnet1_server_packets',`
gen_require(`
type trivnet1_server_packet_t;
')
allow $1 trivnet1_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send trivnet1_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_trivnet1_server_packets',`
gen_require(`
type trivnet1_server_packet_t;
')
dontaudit $1 trivnet1_server_packet_t:packet send;
')
########################################
## <summary>
## Receive trivnet1_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_trivnet1_server_packets',`
gen_require(`
type trivnet1_server_packet_t;
')
allow $1 trivnet1_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive trivnet1_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_trivnet1_server_packets',`
gen_require(`
type trivnet1_server_packet_t;
')
dontaudit $1 trivnet1_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive trivnet1_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_trivnet1_server_packets',`
corenet_send_trivnet1_server_packets($1)
corenet_receive_trivnet1_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive trivnet1_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_trivnet1_server_packets',`
corenet_dontaudit_send_trivnet1_server_packets($1)
corenet_dontaudit_receive_trivnet1_server_packets($1)
')
########################################
## <summary>
## Relabel packets to trivnet1_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_trivnet1_server_packets',`
gen_require(`
type trivnet1_server_packet_t;
')
allow $1 trivnet1_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_ups_port',`
gen_require(`
type ups_port_t;
')
allow $1 ups_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_ups_port',`
gen_require(`
type ups_port_t;
')
allow $1 ups_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_ups_port',`
gen_require(`
type ups_port_t;
')
dontaudit $1 ups_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_ups_port',`
gen_require(`
type ups_port_t;
')
allow $1 ups_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_ups_port',`
gen_require(`
type ups_port_t;
')
dontaudit $1 ups_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_ups_port',`
corenet_udp_send_ups_port($1)
corenet_udp_receive_ups_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_ups_port',`
corenet_dontaudit_udp_send_ups_port($1)
corenet_dontaudit_udp_receive_ups_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_ups_port',`
gen_require(`
type ups_port_t;
')
allow $1 ups_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_ups_port',`
gen_require(`
type ups_port_t;
')
allow $1 ups_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_ups_port',`
gen_require(`
type ups_port_t;
')
dontaudit $1 ups_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_ups_port',`
gen_require(`
type ups_port_t;
')
allow $1 ups_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to ups port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_ups_port',`
gen_require(`
type ups_port_t;
')
dontaudit $1 ups_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send ups_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ups_client_packets',`
gen_require(`
type ups_client_packet_t;
')
allow $1 ups_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ups_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ups_client_packets',`
gen_require(`
type ups_client_packet_t;
')
dontaudit $1 ups_client_packet_t:packet send;
')
########################################
## <summary>
## Receive ups_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ups_client_packets',`
gen_require(`
type ups_client_packet_t;
')
allow $1 ups_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ups_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ups_client_packets',`
gen_require(`
type ups_client_packet_t;
')
dontaudit $1 ups_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ups_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ups_client_packets',`
corenet_send_ups_client_packets($1)
corenet_receive_ups_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ups_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ups_client_packets',`
corenet_dontaudit_send_ups_client_packets($1)
corenet_dontaudit_receive_ups_client_packets($1)
')
########################################
## <summary>
## Relabel packets to ups_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ups_client_packets',`
gen_require(`
type ups_client_packet_t;
')
allow $1 ups_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send ups_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_ups_server_packets',`
gen_require(`
type ups_server_packet_t;
')
allow $1 ups_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send ups_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_ups_server_packets',`
gen_require(`
type ups_server_packet_t;
')
dontaudit $1 ups_server_packet_t:packet send;
')
########################################
## <summary>
## Receive ups_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_ups_server_packets',`
gen_require(`
type ups_server_packet_t;
')
allow $1 ups_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive ups_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_ups_server_packets',`
gen_require(`
type ups_server_packet_t;
')
dontaudit $1 ups_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive ups_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_ups_server_packets',`
corenet_send_ups_server_packets($1)
corenet_receive_ups_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive ups_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_ups_server_packets',`
corenet_dontaudit_send_ups_server_packets($1)
corenet_dontaudit_receive_ups_server_packets($1)
')
########################################
## <summary>
## Relabel packets to ups_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_ups_server_packets',`
gen_require(`
type ups_server_packet_t;
')
allow $1 ups_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the utcpserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_utcpserver_port',`
gen_require(`
type utcpserver_port_t;
')
allow $1 utcpserver_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the utcpserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_utcpserver_port',`
gen_require(`
type utcpserver_port_t;
')
allow $1 utcpserver_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the utcpserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_utcpserver_port',`
gen_require(`
type utcpserver_port_t;
')
dontaudit $1 utcpserver_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the utcpserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_utcpserver_port',`
gen_require(`
type utcpserver_port_t;
')
allow $1 utcpserver_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the utcpserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_utcpserver_port',`
gen_require(`
type utcpserver_port_t;
')
dontaudit $1 utcpserver_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the utcpserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_utcpserver_port',`
corenet_udp_send_utcpserver_port($1)
corenet_udp_receive_utcpserver_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the utcpserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_utcpserver_port',`
corenet_dontaudit_udp_send_utcpserver_port($1)
corenet_dontaudit_udp_receive_utcpserver_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the utcpserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_utcpserver_port',`
gen_require(`
type utcpserver_port_t;
')
allow $1 utcpserver_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the utcpserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_utcpserver_port',`
gen_require(`
type utcpserver_port_t;
')
allow $1 utcpserver_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to utcpserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_utcpserver_port',`
gen_require(`
type utcpserver_port_t;
')
dontaudit $1 utcpserver_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the utcpserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_utcpserver_port',`
gen_require(`
type utcpserver_port_t;
')
allow $1 utcpserver_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to utcpserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_utcpserver_port',`
gen_require(`
type utcpserver_port_t;
')
dontaudit $1 utcpserver_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send utcpserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_utcpserver_client_packets',`
gen_require(`
type utcpserver_client_packet_t;
')
allow $1 utcpserver_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send utcpserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_utcpserver_client_packets',`
gen_require(`
type utcpserver_client_packet_t;
')
dontaudit $1 utcpserver_client_packet_t:packet send;
')
########################################
## <summary>
## Receive utcpserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_utcpserver_client_packets',`
gen_require(`
type utcpserver_client_packet_t;
')
allow $1 utcpserver_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive utcpserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_utcpserver_client_packets',`
gen_require(`
type utcpserver_client_packet_t;
')
dontaudit $1 utcpserver_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive utcpserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_utcpserver_client_packets',`
corenet_send_utcpserver_client_packets($1)
corenet_receive_utcpserver_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive utcpserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_utcpserver_client_packets',`
corenet_dontaudit_send_utcpserver_client_packets($1)
corenet_dontaudit_receive_utcpserver_client_packets($1)
')
########################################
## <summary>
## Relabel packets to utcpserver_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_utcpserver_client_packets',`
gen_require(`
type utcpserver_client_packet_t;
')
allow $1 utcpserver_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send utcpserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_utcpserver_server_packets',`
gen_require(`
type utcpserver_server_packet_t;
')
allow $1 utcpserver_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send utcpserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_utcpserver_server_packets',`
gen_require(`
type utcpserver_server_packet_t;
')
dontaudit $1 utcpserver_server_packet_t:packet send;
')
########################################
## <summary>
## Receive utcpserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_utcpserver_server_packets',`
gen_require(`
type utcpserver_server_packet_t;
')
allow $1 utcpserver_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive utcpserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_utcpserver_server_packets',`
gen_require(`
type utcpserver_server_packet_t;
')
dontaudit $1 utcpserver_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive utcpserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_utcpserver_server_packets',`
corenet_send_utcpserver_server_packets($1)
corenet_receive_utcpserver_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive utcpserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_utcpserver_server_packets',`
corenet_dontaudit_send_utcpserver_server_packets($1)
corenet_dontaudit_receive_utcpserver_server_packets($1)
')
########################################
## <summary>
## Relabel packets to utcpserver_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_utcpserver_server_packets',`
gen_require(`
type utcpserver_server_packet_t;
')
allow $1 utcpserver_server_packet_t:packet relabelto;
')
# no defined portcon
########################################
## <summary>
## Send and receive TCP traffic on the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_uucpd_port',`
gen_require(`
type uucpd_port_t;
')
allow $1 uucpd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_uucpd_port',`
gen_require(`
type uucpd_port_t;
')
allow $1 uucpd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_uucpd_port',`
gen_require(`
type uucpd_port_t;
')
dontaudit $1 uucpd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_uucpd_port',`
gen_require(`
type uucpd_port_t;
')
allow $1 uucpd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_uucpd_port',`
gen_require(`
type uucpd_port_t;
')
dontaudit $1 uucpd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_uucpd_port',`
corenet_udp_send_uucpd_port($1)
corenet_udp_receive_uucpd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_uucpd_port',`
corenet_dontaudit_udp_send_uucpd_port($1)
corenet_dontaudit_udp_receive_uucpd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_uucpd_port',`
gen_require(`
type uucpd_port_t;
')
allow $1 uucpd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_uucpd_port',`
gen_require(`
type uucpd_port_t;
')
allow $1 uucpd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_uucpd_port',`
gen_require(`
type uucpd_port_t;
')
dontaudit $1 uucpd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_uucpd_port',`
gen_require(`
type uucpd_port_t;
')
allow $1 uucpd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to uucpd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_uucpd_port',`
gen_require(`
type uucpd_port_t;
')
dontaudit $1 uucpd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send uucpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_uucpd_client_packets',`
gen_require(`
type uucpd_client_packet_t;
')
allow $1 uucpd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send uucpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_uucpd_client_packets',`
gen_require(`
type uucpd_client_packet_t;
')
dontaudit $1 uucpd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive uucpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_uucpd_client_packets',`
gen_require(`
type uucpd_client_packet_t;
')
allow $1 uucpd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive uucpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_uucpd_client_packets',`
gen_require(`
type uucpd_client_packet_t;
')
dontaudit $1 uucpd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive uucpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_uucpd_client_packets',`
corenet_send_uucpd_client_packets($1)
corenet_receive_uucpd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive uucpd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_uucpd_client_packets',`
corenet_dontaudit_send_uucpd_client_packets($1)
corenet_dontaudit_receive_uucpd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to uucpd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_uucpd_client_packets',`
gen_require(`
type uucpd_client_packet_t;
')
allow $1 uucpd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send uucpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_uucpd_server_packets',`
gen_require(`
type uucpd_server_packet_t;
')
allow $1 uucpd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send uucpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_uucpd_server_packets',`
gen_require(`
type uucpd_server_packet_t;
')
dontaudit $1 uucpd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive uucpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_uucpd_server_packets',`
gen_require(`
type uucpd_server_packet_t;
')
allow $1 uucpd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive uucpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_uucpd_server_packets',`
gen_require(`
type uucpd_server_packet_t;
')
dontaudit $1 uucpd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive uucpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_uucpd_server_packets',`
corenet_send_uucpd_server_packets($1)
corenet_receive_uucpd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive uucpd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_uucpd_server_packets',`
corenet_dontaudit_send_uucpd_server_packets($1)
corenet_dontaudit_receive_uucpd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to uucpd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_uucpd_server_packets',`
gen_require(`
type uucpd_server_packet_t;
')
allow $1 uucpd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the us_cli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_us_cli_port',`
gen_require(`
type us_cli_port_t;
')
allow $1 us_cli_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the us_cli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_us_cli_port',`
gen_require(`
type us_cli_port_t;
')
allow $1 us_cli_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the us_cli port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_us_cli_port',`
gen_require(`
type us_cli_port_t;
')
dontaudit $1 us_cli_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the us_cli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_us_cli_port',`
gen_require(`
type us_cli_port_t;
')
allow $1 us_cli_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the us_cli port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_us_cli_port',`
gen_require(`
type us_cli_port_t;
')
dontaudit $1 us_cli_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the us_cli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_us_cli_port',`
corenet_udp_send_us_cli_port($1)
corenet_udp_receive_us_cli_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the us_cli port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_us_cli_port',`
corenet_dontaudit_udp_send_us_cli_port($1)
corenet_dontaudit_udp_receive_us_cli_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the us_cli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_us_cli_port',`
gen_require(`
type us_cli_port_t;
')
allow $1 us_cli_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the us_cli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_us_cli_port',`
gen_require(`
type us_cli_port_t;
')
allow $1 us_cli_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to us_cli port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_us_cli_port',`
gen_require(`
type us_cli_port_t;
')
dontaudit $1 us_cli_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the us_cli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_us_cli_port',`
gen_require(`
type us_cli_port_t;
')
allow $1 us_cli_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to us_cli port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_us_cli_port',`
gen_require(`
type us_cli_port_t;
')
dontaudit $1 us_cli_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send us_cli_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_us_cli_client_packets',`
gen_require(`
type us_cli_client_packet_t;
')
allow $1 us_cli_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send us_cli_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_us_cli_client_packets',`
gen_require(`
type us_cli_client_packet_t;
')
dontaudit $1 us_cli_client_packet_t:packet send;
')
########################################
## <summary>
## Receive us_cli_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_us_cli_client_packets',`
gen_require(`
type us_cli_client_packet_t;
')
allow $1 us_cli_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive us_cli_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_us_cli_client_packets',`
gen_require(`
type us_cli_client_packet_t;
')
dontaudit $1 us_cli_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive us_cli_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_us_cli_client_packets',`
corenet_send_us_cli_client_packets($1)
corenet_receive_us_cli_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive us_cli_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_us_cli_client_packets',`
corenet_dontaudit_send_us_cli_client_packets($1)
corenet_dontaudit_receive_us_cli_client_packets($1)
')
########################################
## <summary>
## Relabel packets to us_cli_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_us_cli_client_packets',`
gen_require(`
type us_cli_client_packet_t;
')
allow $1 us_cli_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send us_cli_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_us_cli_server_packets',`
gen_require(`
type us_cli_server_packet_t;
')
allow $1 us_cli_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send us_cli_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_us_cli_server_packets',`
gen_require(`
type us_cli_server_packet_t;
')
dontaudit $1 us_cli_server_packet_t:packet send;
')
########################################
## <summary>
## Receive us_cli_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_us_cli_server_packets',`
gen_require(`
type us_cli_server_packet_t;
')
allow $1 us_cli_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive us_cli_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_us_cli_server_packets',`
gen_require(`
type us_cli_server_packet_t;
')
dontaudit $1 us_cli_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive us_cli_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_us_cli_server_packets',`
corenet_send_us_cli_server_packets($1)
corenet_receive_us_cli_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive us_cli_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_us_cli_server_packets',`
corenet_dontaudit_send_us_cli_server_packets($1)
corenet_dontaudit_receive_us_cli_server_packets($1)
')
########################################
## <summary>
## Relabel packets to us_cli_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_us_cli_server_packets',`
gen_require(`
type us_cli_server_packet_t;
')
allow $1 us_cli_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_varnishd_port',`
gen_require(`
type varnishd_port_t;
')
allow $1 varnishd_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_varnishd_port',`
gen_require(`
type varnishd_port_t;
')
allow $1 varnishd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_varnishd_port',`
gen_require(`
type varnishd_port_t;
')
dontaudit $1 varnishd_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_varnishd_port',`
gen_require(`
type varnishd_port_t;
')
allow $1 varnishd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_varnishd_port',`
gen_require(`
type varnishd_port_t;
')
dontaudit $1 varnishd_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_varnishd_port',`
corenet_udp_send_varnishd_port($1)
corenet_udp_receive_varnishd_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_varnishd_port',`
corenet_dontaudit_udp_send_varnishd_port($1)
corenet_dontaudit_udp_receive_varnishd_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_varnishd_port',`
gen_require(`
type varnishd_port_t;
')
allow $1 varnishd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_varnishd_port',`
gen_require(`
type varnishd_port_t;
')
allow $1 varnishd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_varnishd_port',`
gen_require(`
type varnishd_port_t;
')
dontaudit $1 varnishd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_varnishd_port',`
gen_require(`
type varnishd_port_t;
')
allow $1 varnishd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to varnishd port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_varnishd_port',`
gen_require(`
type varnishd_port_t;
')
dontaudit $1 varnishd_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send varnishd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_varnishd_client_packets',`
gen_require(`
type varnishd_client_packet_t;
')
allow $1 varnishd_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send varnishd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_varnishd_client_packets',`
gen_require(`
type varnishd_client_packet_t;
')
dontaudit $1 varnishd_client_packet_t:packet send;
')
########################################
## <summary>
## Receive varnishd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_varnishd_client_packets',`
gen_require(`
type varnishd_client_packet_t;
')
allow $1 varnishd_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive varnishd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_varnishd_client_packets',`
gen_require(`
type varnishd_client_packet_t;
')
dontaudit $1 varnishd_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive varnishd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_varnishd_client_packets',`
corenet_send_varnishd_client_packets($1)
corenet_receive_varnishd_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive varnishd_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_varnishd_client_packets',`
corenet_dontaudit_send_varnishd_client_packets($1)
corenet_dontaudit_receive_varnishd_client_packets($1)
')
########################################
## <summary>
## Relabel packets to varnishd_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_varnishd_client_packets',`
gen_require(`
type varnishd_client_packet_t;
')
allow $1 varnishd_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send varnishd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_varnishd_server_packets',`
gen_require(`
type varnishd_server_packet_t;
')
allow $1 varnishd_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send varnishd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_varnishd_server_packets',`
gen_require(`
type varnishd_server_packet_t;
')
dontaudit $1 varnishd_server_packet_t:packet send;
')
########################################
## <summary>
## Receive varnishd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_varnishd_server_packets',`
gen_require(`
type varnishd_server_packet_t;
')
allow $1 varnishd_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive varnishd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_varnishd_server_packets',`
gen_require(`
type varnishd_server_packet_t;
')
dontaudit $1 varnishd_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive varnishd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_varnishd_server_packets',`
corenet_send_varnishd_server_packets($1)
corenet_receive_varnishd_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive varnishd_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_varnishd_server_packets',`
corenet_dontaudit_send_varnishd_server_packets($1)
corenet_dontaudit_receive_varnishd_server_packets($1)
')
########################################
## <summary>
## Relabel packets to varnishd_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_varnishd_server_packets',`
gen_require(`
type varnishd_server_packet_t;
')
allow $1 varnishd_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the versa_tek port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_versa_tek_port',`
gen_require(`
type versa_tek_port_t;
')
allow $1 versa_tek_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the versa_tek port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_versa_tek_port',`
gen_require(`
type versa_tek_port_t;
')
allow $1 versa_tek_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the versa_tek port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_versa_tek_port',`
gen_require(`
type versa_tek_port_t;
')
dontaudit $1 versa_tek_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the versa_tek port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_versa_tek_port',`
gen_require(`
type versa_tek_port_t;
')
allow $1 versa_tek_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the versa_tek port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_versa_tek_port',`
gen_require(`
type versa_tek_port_t;
')
dontaudit $1 versa_tek_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the versa_tek port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_versa_tek_port',`
corenet_udp_send_versa_tek_port($1)
corenet_udp_receive_versa_tek_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the versa_tek port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_versa_tek_port',`
corenet_dontaudit_udp_send_versa_tek_port($1)
corenet_dontaudit_udp_receive_versa_tek_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the versa_tek port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_versa_tek_port',`
gen_require(`
type versa_tek_port_t;
')
allow $1 versa_tek_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the versa_tek port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_versa_tek_port',`
gen_require(`
type versa_tek_port_t;
')
allow $1 versa_tek_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to versa_tek port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_versa_tek_port',`
gen_require(`
type versa_tek_port_t;
')
dontaudit $1 versa_tek_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the versa_tek port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_versa_tek_port',`
gen_require(`
type versa_tek_port_t;
')
allow $1 versa_tek_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to versa_tek port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_versa_tek_port',`
gen_require(`
type versa_tek_port_t;
')
dontaudit $1 versa_tek_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send versa_tek_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_versa_tek_client_packets',`
gen_require(`
type versa_tek_client_packet_t;
')
allow $1 versa_tek_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send versa_tek_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_versa_tek_client_packets',`
gen_require(`
type versa_tek_client_packet_t;
')
dontaudit $1 versa_tek_client_packet_t:packet send;
')
########################################
## <summary>
## Receive versa_tek_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_versa_tek_client_packets',`
gen_require(`
type versa_tek_client_packet_t;
')
allow $1 versa_tek_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive versa_tek_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_versa_tek_client_packets',`
gen_require(`
type versa_tek_client_packet_t;
')
dontaudit $1 versa_tek_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive versa_tek_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_versa_tek_client_packets',`
corenet_send_versa_tek_client_packets($1)
corenet_receive_versa_tek_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive versa_tek_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_versa_tek_client_packets',`
corenet_dontaudit_send_versa_tek_client_packets($1)
corenet_dontaudit_receive_versa_tek_client_packets($1)
')
########################################
## <summary>
## Relabel packets to versa_tek_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_versa_tek_client_packets',`
gen_require(`
type versa_tek_client_packet_t;
')
allow $1 versa_tek_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send versa_tek_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_versa_tek_server_packets',`
gen_require(`
type versa_tek_server_packet_t;
')
allow $1 versa_tek_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send versa_tek_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_versa_tek_server_packets',`
gen_require(`
type versa_tek_server_packet_t;
')
dontaudit $1 versa_tek_server_packet_t:packet send;
')
########################################
## <summary>
## Receive versa_tek_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_versa_tek_server_packets',`
gen_require(`
type versa_tek_server_packet_t;
')
allow $1 versa_tek_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive versa_tek_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_versa_tek_server_packets',`
gen_require(`
type versa_tek_server_packet_t;
')
dontaudit $1 versa_tek_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive versa_tek_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_versa_tek_server_packets',`
corenet_send_versa_tek_server_packets($1)
corenet_receive_versa_tek_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive versa_tek_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_versa_tek_server_packets',`
corenet_dontaudit_send_versa_tek_server_packets($1)
corenet_dontaudit_receive_versa_tek_server_packets($1)
')
########################################
## <summary>
## Relabel packets to versa_tek_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_versa_tek_server_packets',`
gen_require(`
type versa_tek_server_packet_t;
')
allow $1 versa_tek_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_virt_port',`
gen_require(`
type virt_port_t;
')
allow $1 virt_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_virt_port',`
gen_require(`
type virt_port_t;
')
allow $1 virt_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_virt_port',`
gen_require(`
type virt_port_t;
')
dontaudit $1 virt_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_virt_port',`
gen_require(`
type virt_port_t;
')
allow $1 virt_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_virt_port',`
gen_require(`
type virt_port_t;
')
dontaudit $1 virt_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_virt_port',`
corenet_udp_send_virt_port($1)
corenet_udp_receive_virt_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_virt_port',`
corenet_dontaudit_udp_send_virt_port($1)
corenet_dontaudit_udp_receive_virt_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_virt_port',`
gen_require(`
type virt_port_t;
')
allow $1 virt_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_virt_port',`
gen_require(`
type virt_port_t;
')
allow $1 virt_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_virt_port',`
gen_require(`
type virt_port_t;
')
dontaudit $1 virt_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_virt_port',`
gen_require(`
type virt_port_t;
')
allow $1 virt_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to virt port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_virt_port',`
gen_require(`
type virt_port_t;
')
dontaudit $1 virt_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send virt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_virt_client_packets',`
gen_require(`
type virt_client_packet_t;
')
allow $1 virt_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send virt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_virt_client_packets',`
gen_require(`
type virt_client_packet_t;
')
dontaudit $1 virt_client_packet_t:packet send;
')
########################################
## <summary>
## Receive virt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_virt_client_packets',`
gen_require(`
type virt_client_packet_t;
')
allow $1 virt_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive virt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_virt_client_packets',`
gen_require(`
type virt_client_packet_t;
')
dontaudit $1 virt_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive virt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_virt_client_packets',`
corenet_send_virt_client_packets($1)
corenet_receive_virt_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive virt_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_virt_client_packets',`
corenet_dontaudit_send_virt_client_packets($1)
corenet_dontaudit_receive_virt_client_packets($1)
')
########################################
## <summary>
## Relabel packets to virt_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_virt_client_packets',`
gen_require(`
type virt_client_packet_t;
')
allow $1 virt_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send virt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_virt_server_packets',`
gen_require(`
type virt_server_packet_t;
')
allow $1 virt_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send virt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_virt_server_packets',`
gen_require(`
type virt_server_packet_t;
')
dontaudit $1 virt_server_packet_t:packet send;
')
########################################
## <summary>
## Receive virt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_virt_server_packets',`
gen_require(`
type virt_server_packet_t;
')
allow $1 virt_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive virt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_virt_server_packets',`
gen_require(`
type virt_server_packet_t;
')
dontaudit $1 virt_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive virt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_virt_server_packets',`
corenet_send_virt_server_packets($1)
corenet_receive_virt_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive virt_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_virt_server_packets',`
corenet_dontaudit_send_virt_server_packets($1)
corenet_dontaudit_receive_virt_server_packets($1)
')
########################################
## <summary>
## Relabel packets to virt_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_virt_server_packets',`
gen_require(`
type virt_server_packet_t;
')
allow $1 virt_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the virtual_places port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_virtual_places_port',`
gen_require(`
type virtual_places_port_t;
')
allow $1 virtual_places_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the virtual_places port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_virtual_places_port',`
gen_require(`
type virtual_places_port_t;
')
allow $1 virtual_places_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the virtual_places port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_virtual_places_port',`
gen_require(`
type virtual_places_port_t;
')
dontaudit $1 virtual_places_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the virtual_places port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_virtual_places_port',`
gen_require(`
type virtual_places_port_t;
')
allow $1 virtual_places_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the virtual_places port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_virtual_places_port',`
gen_require(`
type virtual_places_port_t;
')
dontaudit $1 virtual_places_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the virtual_places port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_virtual_places_port',`
corenet_udp_send_virtual_places_port($1)
corenet_udp_receive_virtual_places_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the virtual_places port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_virtual_places_port',`
corenet_dontaudit_udp_send_virtual_places_port($1)
corenet_dontaudit_udp_receive_virtual_places_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the virtual_places port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_virtual_places_port',`
gen_require(`
type virtual_places_port_t;
')
allow $1 virtual_places_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the virtual_places port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_virtual_places_port',`
gen_require(`
type virtual_places_port_t;
')
allow $1 virtual_places_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to virtual_places port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_virtual_places_port',`
gen_require(`
type virtual_places_port_t;
')
dontaudit $1 virtual_places_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the virtual_places port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_virtual_places_port',`
gen_require(`
type virtual_places_port_t;
')
allow $1 virtual_places_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to virtual_places port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_virtual_places_port',`
gen_require(`
type virtual_places_port_t;
')
dontaudit $1 virtual_places_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send virtual_places_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_virtual_places_client_packets',`
gen_require(`
type virtual_places_client_packet_t;
')
allow $1 virtual_places_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send virtual_places_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_virtual_places_client_packets',`
gen_require(`
type virtual_places_client_packet_t;
')
dontaudit $1 virtual_places_client_packet_t:packet send;
')
########################################
## <summary>
## Receive virtual_places_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_virtual_places_client_packets',`
gen_require(`
type virtual_places_client_packet_t;
')
allow $1 virtual_places_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive virtual_places_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_virtual_places_client_packets',`
gen_require(`
type virtual_places_client_packet_t;
')
dontaudit $1 virtual_places_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive virtual_places_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_virtual_places_client_packets',`
corenet_send_virtual_places_client_packets($1)
corenet_receive_virtual_places_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive virtual_places_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_virtual_places_client_packets',`
corenet_dontaudit_send_virtual_places_client_packets($1)
corenet_dontaudit_receive_virtual_places_client_packets($1)
')
########################################
## <summary>
## Relabel packets to virtual_places_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_virtual_places_client_packets',`
gen_require(`
type virtual_places_client_packet_t;
')
allow $1 virtual_places_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send virtual_places_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_virtual_places_server_packets',`
gen_require(`
type virtual_places_server_packet_t;
')
allow $1 virtual_places_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send virtual_places_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_virtual_places_server_packets',`
gen_require(`
type virtual_places_server_packet_t;
')
dontaudit $1 virtual_places_server_packet_t:packet send;
')
########################################
## <summary>
## Receive virtual_places_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_virtual_places_server_packets',`
gen_require(`
type virtual_places_server_packet_t;
')
allow $1 virtual_places_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive virtual_places_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_virtual_places_server_packets',`
gen_require(`
type virtual_places_server_packet_t;
')
dontaudit $1 virtual_places_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive virtual_places_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_virtual_places_server_packets',`
corenet_send_virtual_places_server_packets($1)
corenet_receive_virtual_places_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive virtual_places_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_virtual_places_server_packets',`
corenet_dontaudit_send_virtual_places_server_packets($1)
corenet_dontaudit_receive_virtual_places_server_packets($1)
')
########################################
## <summary>
## Relabel packets to virtual_places_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_virtual_places_server_packets',`
gen_require(`
type virtual_places_server_packet_t;
')
allow $1 virtual_places_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_virt_migration_port',`
gen_require(`
type virt_migration_port_t;
')
allow $1 virt_migration_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_virt_migration_port',`
gen_require(`
type virt_migration_port_t;
')
allow $1 virt_migration_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_virt_migration_port',`
gen_require(`
type virt_migration_port_t;
')
dontaudit $1 virt_migration_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_virt_migration_port',`
gen_require(`
type virt_migration_port_t;
')
allow $1 virt_migration_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_virt_migration_port',`
gen_require(`
type virt_migration_port_t;
')
dontaudit $1 virt_migration_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_virt_migration_port',`
corenet_udp_send_virt_migration_port($1)
corenet_udp_receive_virt_migration_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_virt_migration_port',`
corenet_dontaudit_udp_send_virt_migration_port($1)
corenet_dontaudit_udp_receive_virt_migration_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_virt_migration_port',`
gen_require(`
type virt_migration_port_t;
')
allow $1 virt_migration_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_virt_migration_port',`
gen_require(`
type virt_migration_port_t;
')
allow $1 virt_migration_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_virt_migration_port',`
gen_require(`
type virt_migration_port_t;
')
dontaudit $1 virt_migration_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_virt_migration_port',`
gen_require(`
type virt_migration_port_t;
')
allow $1 virt_migration_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to virt_migration port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_virt_migration_port',`
gen_require(`
type virt_migration_port_t;
')
dontaudit $1 virt_migration_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send virt_migration_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_virt_migration_client_packets',`
gen_require(`
type virt_migration_client_packet_t;
')
allow $1 virt_migration_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send virt_migration_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_virt_migration_client_packets',`
gen_require(`
type virt_migration_client_packet_t;
')
dontaudit $1 virt_migration_client_packet_t:packet send;
')
########################################
## <summary>
## Receive virt_migration_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_virt_migration_client_packets',`
gen_require(`
type virt_migration_client_packet_t;
')
allow $1 virt_migration_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive virt_migration_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_virt_migration_client_packets',`
gen_require(`
type virt_migration_client_packet_t;
')
dontaudit $1 virt_migration_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive virt_migration_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_virt_migration_client_packets',`
corenet_send_virt_migration_client_packets($1)
corenet_receive_virt_migration_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive virt_migration_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_virt_migration_client_packets',`
corenet_dontaudit_send_virt_migration_client_packets($1)
corenet_dontaudit_receive_virt_migration_client_packets($1)
')
########################################
## <summary>
## Relabel packets to virt_migration_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_virt_migration_client_packets',`
gen_require(`
type virt_migration_client_packet_t;
')
allow $1 virt_migration_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send virt_migration_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_virt_migration_server_packets',`
gen_require(`
type virt_migration_server_packet_t;
')
allow $1 virt_migration_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send virt_migration_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_virt_migration_server_packets',`
gen_require(`
type virt_migration_server_packet_t;
')
dontaudit $1 virt_migration_server_packet_t:packet send;
')
########################################
## <summary>
## Receive virt_migration_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_virt_migration_server_packets',`
gen_require(`
type virt_migration_server_packet_t;
')
allow $1 virt_migration_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive virt_migration_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_virt_migration_server_packets',`
gen_require(`
type virt_migration_server_packet_t;
')
dontaudit $1 virt_migration_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive virt_migration_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_virt_migration_server_packets',`
corenet_send_virt_migration_server_packets($1)
corenet_receive_virt_migration_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive virt_migration_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_virt_migration_server_packets',`
corenet_dontaudit_send_virt_migration_server_packets($1)
corenet_dontaudit_receive_virt_migration_server_packets($1)
')
########################################
## <summary>
## Relabel packets to virt_migration_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_virt_migration_server_packets',`
gen_require(`
type virt_migration_server_packet_t;
')
allow $1 virt_migration_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_vnc_port',`
gen_require(`
type vnc_port_t;
')
allow $1 vnc_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_vnc_port',`
gen_require(`
type vnc_port_t;
')
allow $1 vnc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_vnc_port',`
gen_require(`
type vnc_port_t;
')
dontaudit $1 vnc_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_vnc_port',`
gen_require(`
type vnc_port_t;
')
allow $1 vnc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_vnc_port',`
gen_require(`
type vnc_port_t;
')
dontaudit $1 vnc_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_vnc_port',`
corenet_udp_send_vnc_port($1)
corenet_udp_receive_vnc_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_vnc_port',`
corenet_dontaudit_udp_send_vnc_port($1)
corenet_dontaudit_udp_receive_vnc_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_vnc_port',`
gen_require(`
type vnc_port_t;
')
allow $1 vnc_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_vnc_port',`
gen_require(`
type vnc_port_t;
')
allow $1 vnc_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_vnc_port',`
gen_require(`
type vnc_port_t;
')
dontaudit $1 vnc_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_vnc_port',`
gen_require(`
type vnc_port_t;
')
allow $1 vnc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to vnc port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_vnc_port',`
gen_require(`
type vnc_port_t;
')
dontaudit $1 vnc_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send vnc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_vnc_client_packets',`
gen_require(`
type vnc_client_packet_t;
')
allow $1 vnc_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send vnc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_vnc_client_packets',`
gen_require(`
type vnc_client_packet_t;
')
dontaudit $1 vnc_client_packet_t:packet send;
')
########################################
## <summary>
## Receive vnc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_vnc_client_packets',`
gen_require(`
type vnc_client_packet_t;
')
allow $1 vnc_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive vnc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_vnc_client_packets',`
gen_require(`
type vnc_client_packet_t;
')
dontaudit $1 vnc_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive vnc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_vnc_client_packets',`
corenet_send_vnc_client_packets($1)
corenet_receive_vnc_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive vnc_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_vnc_client_packets',`
corenet_dontaudit_send_vnc_client_packets($1)
corenet_dontaudit_receive_vnc_client_packets($1)
')
########################################
## <summary>
## Relabel packets to vnc_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_vnc_client_packets',`
gen_require(`
type vnc_client_packet_t;
')
allow $1 vnc_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send vnc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_vnc_server_packets',`
gen_require(`
type vnc_server_packet_t;
')
allow $1 vnc_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send vnc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_vnc_server_packets',`
gen_require(`
type vnc_server_packet_t;
')
dontaudit $1 vnc_server_packet_t:packet send;
')
########################################
## <summary>
## Receive vnc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_vnc_server_packets',`
gen_require(`
type vnc_server_packet_t;
')
allow $1 vnc_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive vnc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_vnc_server_packets',`
gen_require(`
type vnc_server_packet_t;
')
dontaudit $1 vnc_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive vnc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_vnc_server_packets',`
corenet_send_vnc_server_packets($1)
corenet_receive_vnc_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive vnc_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_vnc_server_packets',`
corenet_dontaudit_send_vnc_server_packets($1)
corenet_dontaudit_receive_vnc_server_packets($1)
')
########################################
## <summary>
## Relabel packets to vnc_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_vnc_server_packets',`
gen_require(`
type vnc_server_packet_t;
')
allow $1 vnc_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the vqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_vqp_port',`
gen_require(`
type vqp_port_t;
')
allow $1 vqp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the vqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_vqp_port',`
gen_require(`
type vqp_port_t;
')
allow $1 vqp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the vqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_vqp_port',`
gen_require(`
type vqp_port_t;
')
dontaudit $1 vqp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the vqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_vqp_port',`
gen_require(`
type vqp_port_t;
')
allow $1 vqp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the vqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_vqp_port',`
gen_require(`
type vqp_port_t;
')
dontaudit $1 vqp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the vqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_vqp_port',`
corenet_udp_send_vqp_port($1)
corenet_udp_receive_vqp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the vqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_vqp_port',`
corenet_dontaudit_udp_send_vqp_port($1)
corenet_dontaudit_udp_receive_vqp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the vqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_vqp_port',`
gen_require(`
type vqp_port_t;
')
allow $1 vqp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the vqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_vqp_port',`
gen_require(`
type vqp_port_t;
')
allow $1 vqp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to vqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_vqp_port',`
gen_require(`
type vqp_port_t;
')
dontaudit $1 vqp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the vqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_vqp_port',`
gen_require(`
type vqp_port_t;
')
allow $1 vqp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to vqp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_vqp_port',`
gen_require(`
type vqp_port_t;
')
dontaudit $1 vqp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send vqp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_vqp_client_packets',`
gen_require(`
type vqp_client_packet_t;
')
allow $1 vqp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send vqp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_vqp_client_packets',`
gen_require(`
type vqp_client_packet_t;
')
dontaudit $1 vqp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive vqp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_vqp_client_packets',`
gen_require(`
type vqp_client_packet_t;
')
allow $1 vqp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive vqp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_vqp_client_packets',`
gen_require(`
type vqp_client_packet_t;
')
dontaudit $1 vqp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive vqp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_vqp_client_packets',`
corenet_send_vqp_client_packets($1)
corenet_receive_vqp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive vqp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_vqp_client_packets',`
corenet_dontaudit_send_vqp_client_packets($1)
corenet_dontaudit_receive_vqp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to vqp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_vqp_client_packets',`
gen_require(`
type vqp_client_packet_t;
')
allow $1 vqp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send vqp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_vqp_server_packets',`
gen_require(`
type vqp_server_packet_t;
')
allow $1 vqp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send vqp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_vqp_server_packets',`
gen_require(`
type vqp_server_packet_t;
')
dontaudit $1 vqp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive vqp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_vqp_server_packets',`
gen_require(`
type vqp_server_packet_t;
')
allow $1 vqp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive vqp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_vqp_server_packets',`
gen_require(`
type vqp_server_packet_t;
')
dontaudit $1 vqp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive vqp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_vqp_server_packets',`
corenet_send_vqp_server_packets($1)
corenet_receive_vqp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive vqp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_vqp_server_packets',`
corenet_dontaudit_send_vqp_server_packets($1)
corenet_dontaudit_receive_vqp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to vqp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_vqp_server_packets',`
gen_require(`
type vqp_server_packet_t;
')
allow $1 vqp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_wccp_port',`
gen_require(`
type wccp_port_t;
')
allow $1 wccp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_wccp_port',`
gen_require(`
type wccp_port_t;
')
allow $1 wccp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_wccp_port',`
gen_require(`
type wccp_port_t;
')
dontaudit $1 wccp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_wccp_port',`
gen_require(`
type wccp_port_t;
')
allow $1 wccp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_wccp_port',`
gen_require(`
type wccp_port_t;
')
dontaudit $1 wccp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_wccp_port',`
corenet_udp_send_wccp_port($1)
corenet_udp_receive_wccp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_wccp_port',`
corenet_dontaudit_udp_send_wccp_port($1)
corenet_dontaudit_udp_receive_wccp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_wccp_port',`
gen_require(`
type wccp_port_t;
')
allow $1 wccp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_wccp_port',`
gen_require(`
type wccp_port_t;
')
allow $1 wccp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_wccp_port',`
gen_require(`
type wccp_port_t;
')
dontaudit $1 wccp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_wccp_port',`
gen_require(`
type wccp_port_t;
')
allow $1 wccp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to wccp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_wccp_port',`
gen_require(`
type wccp_port_t;
')
dontaudit $1 wccp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send wccp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_wccp_client_packets',`
gen_require(`
type wccp_client_packet_t;
')
allow $1 wccp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send wccp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_wccp_client_packets',`
gen_require(`
type wccp_client_packet_t;
')
dontaudit $1 wccp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive wccp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_wccp_client_packets',`
gen_require(`
type wccp_client_packet_t;
')
allow $1 wccp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive wccp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_wccp_client_packets',`
gen_require(`
type wccp_client_packet_t;
')
dontaudit $1 wccp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive wccp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_wccp_client_packets',`
corenet_send_wccp_client_packets($1)
corenet_receive_wccp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive wccp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_wccp_client_packets',`
corenet_dontaudit_send_wccp_client_packets($1)
corenet_dontaudit_receive_wccp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to wccp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_wccp_client_packets',`
gen_require(`
type wccp_client_packet_t;
')
allow $1 wccp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send wccp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_wccp_server_packets',`
gen_require(`
type wccp_server_packet_t;
')
allow $1 wccp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send wccp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_wccp_server_packets',`
gen_require(`
type wccp_server_packet_t;
')
dontaudit $1 wccp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive wccp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_wccp_server_packets',`
gen_require(`
type wccp_server_packet_t;
')
allow $1 wccp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive wccp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_wccp_server_packets',`
gen_require(`
type wccp_server_packet_t;
')
dontaudit $1 wccp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive wccp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_wccp_server_packets',`
corenet_send_wccp_server_packets($1)
corenet_receive_wccp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive wccp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_wccp_server_packets',`
corenet_dontaudit_send_wccp_server_packets($1)
corenet_dontaudit_receive_wccp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to wccp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_wccp_server_packets',`
gen_require(`
type wccp_server_packet_t;
')
allow $1 wccp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_websm_port',`
gen_require(`
type websm_port_t;
')
allow $1 websm_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_websm_port',`
gen_require(`
type websm_port_t;
')
allow $1 websm_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_websm_port',`
gen_require(`
type websm_port_t;
')
dontaudit $1 websm_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_websm_port',`
gen_require(`
type websm_port_t;
')
allow $1 websm_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_websm_port',`
gen_require(`
type websm_port_t;
')
dontaudit $1 websm_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_websm_port',`
corenet_udp_send_websm_port($1)
corenet_udp_receive_websm_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_websm_port',`
corenet_dontaudit_udp_send_websm_port($1)
corenet_dontaudit_udp_receive_websm_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_websm_port',`
gen_require(`
type websm_port_t;
')
allow $1 websm_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_websm_port',`
gen_require(`
type websm_port_t;
')
allow $1 websm_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_websm_port',`
gen_require(`
type websm_port_t;
')
dontaudit $1 websm_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_websm_port',`
gen_require(`
type websm_port_t;
')
allow $1 websm_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to websm port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_websm_port',`
gen_require(`
type websm_port_t;
')
dontaudit $1 websm_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send websm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_websm_client_packets',`
gen_require(`
type websm_client_packet_t;
')
allow $1 websm_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send websm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_websm_client_packets',`
gen_require(`
type websm_client_packet_t;
')
dontaudit $1 websm_client_packet_t:packet send;
')
########################################
## <summary>
## Receive websm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_websm_client_packets',`
gen_require(`
type websm_client_packet_t;
')
allow $1 websm_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive websm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_websm_client_packets',`
gen_require(`
type websm_client_packet_t;
')
dontaudit $1 websm_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive websm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_websm_client_packets',`
corenet_send_websm_client_packets($1)
corenet_receive_websm_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive websm_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_websm_client_packets',`
corenet_dontaudit_send_websm_client_packets($1)
corenet_dontaudit_receive_websm_client_packets($1)
')
########################################
## <summary>
## Relabel packets to websm_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_websm_client_packets',`
gen_require(`
type websm_client_packet_t;
')
allow $1 websm_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send websm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_websm_server_packets',`
gen_require(`
type websm_server_packet_t;
')
allow $1 websm_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send websm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_websm_server_packets',`
gen_require(`
type websm_server_packet_t;
')
dontaudit $1 websm_server_packet_t:packet send;
')
########################################
## <summary>
## Receive websm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_websm_server_packets',`
gen_require(`
type websm_server_packet_t;
')
allow $1 websm_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive websm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_websm_server_packets',`
gen_require(`
type websm_server_packet_t;
')
dontaudit $1 websm_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive websm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_websm_server_packets',`
corenet_send_websm_server_packets($1)
corenet_receive_websm_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive websm_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_websm_server_packets',`
corenet_dontaudit_send_websm_server_packets($1)
corenet_dontaudit_receive_websm_server_packets($1)
')
########################################
## <summary>
## Relabel packets to websm_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_websm_server_packets',`
gen_require(`
type websm_server_packet_t;
')
allow $1 websm_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_whois_port',`
gen_require(`
type whois_port_t;
')
allow $1 whois_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_whois_port',`
gen_require(`
type whois_port_t;
')
allow $1 whois_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_whois_port',`
gen_require(`
type whois_port_t;
')
dontaudit $1 whois_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_whois_port',`
gen_require(`
type whois_port_t;
')
allow $1 whois_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_whois_port',`
gen_require(`
type whois_port_t;
')
dontaudit $1 whois_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_whois_port',`
corenet_udp_send_whois_port($1)
corenet_udp_receive_whois_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_whois_port',`
corenet_dontaudit_udp_send_whois_port($1)
corenet_dontaudit_udp_receive_whois_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_whois_port',`
gen_require(`
type whois_port_t;
')
allow $1 whois_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_whois_port',`
gen_require(`
type whois_port_t;
')
allow $1 whois_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_whois_port',`
gen_require(`
type whois_port_t;
')
dontaudit $1 whois_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_whois_port',`
gen_require(`
type whois_port_t;
')
allow $1 whois_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to whois port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_whois_port',`
gen_require(`
type whois_port_t;
')
dontaudit $1 whois_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send whois_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_whois_client_packets',`
gen_require(`
type whois_client_packet_t;
')
allow $1 whois_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send whois_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_whois_client_packets',`
gen_require(`
type whois_client_packet_t;
')
dontaudit $1 whois_client_packet_t:packet send;
')
########################################
## <summary>
## Receive whois_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_whois_client_packets',`
gen_require(`
type whois_client_packet_t;
')
allow $1 whois_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive whois_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_whois_client_packets',`
gen_require(`
type whois_client_packet_t;
')
dontaudit $1 whois_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive whois_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_whois_client_packets',`
corenet_send_whois_client_packets($1)
corenet_receive_whois_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive whois_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_whois_client_packets',`
corenet_dontaudit_send_whois_client_packets($1)
corenet_dontaudit_receive_whois_client_packets($1)
')
########################################
## <summary>
## Relabel packets to whois_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_whois_client_packets',`
gen_require(`
type whois_client_packet_t;
')
allow $1 whois_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send whois_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_whois_server_packets',`
gen_require(`
type whois_server_packet_t;
')
allow $1 whois_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send whois_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_whois_server_packets',`
gen_require(`
type whois_server_packet_t;
')
dontaudit $1 whois_server_packet_t:packet send;
')
########################################
## <summary>
## Receive whois_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_whois_server_packets',`
gen_require(`
type whois_server_packet_t;
')
allow $1 whois_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive whois_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_whois_server_packets',`
gen_require(`
type whois_server_packet_t;
')
dontaudit $1 whois_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive whois_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_whois_server_packets',`
corenet_send_whois_server_packets($1)
corenet_receive_whois_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive whois_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_whois_server_packets',`
corenet_dontaudit_send_whois_server_packets($1)
corenet_dontaudit_receive_whois_server_packets($1)
')
########################################
## <summary>
## Relabel packets to whois_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_whois_server_packets',`
gen_require(`
type whois_server_packet_t;
')
allow $1 whois_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_winshadow_port',`
gen_require(`
type winshadow_port_t;
')
allow $1 winshadow_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_winshadow_port',`
gen_require(`
type winshadow_port_t;
')
allow $1 winshadow_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_winshadow_port',`
gen_require(`
type winshadow_port_t;
')
dontaudit $1 winshadow_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_winshadow_port',`
gen_require(`
type winshadow_port_t;
')
allow $1 winshadow_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_winshadow_port',`
gen_require(`
type winshadow_port_t;
')
dontaudit $1 winshadow_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_winshadow_port',`
corenet_udp_send_winshadow_port($1)
corenet_udp_receive_winshadow_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_winshadow_port',`
corenet_dontaudit_udp_send_winshadow_port($1)
corenet_dontaudit_udp_receive_winshadow_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_winshadow_port',`
gen_require(`
type winshadow_port_t;
')
allow $1 winshadow_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_winshadow_port',`
gen_require(`
type winshadow_port_t;
')
allow $1 winshadow_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_winshadow_port',`
gen_require(`
type winshadow_port_t;
')
dontaudit $1 winshadow_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_winshadow_port',`
gen_require(`
type winshadow_port_t;
')
allow $1 winshadow_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to winshadow port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_winshadow_port',`
gen_require(`
type winshadow_port_t;
')
dontaudit $1 winshadow_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send winshadow_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_winshadow_client_packets',`
gen_require(`
type winshadow_client_packet_t;
')
allow $1 winshadow_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send winshadow_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_winshadow_client_packets',`
gen_require(`
type winshadow_client_packet_t;
')
dontaudit $1 winshadow_client_packet_t:packet send;
')
########################################
## <summary>
## Receive winshadow_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_winshadow_client_packets',`
gen_require(`
type winshadow_client_packet_t;
')
allow $1 winshadow_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive winshadow_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_winshadow_client_packets',`
gen_require(`
type winshadow_client_packet_t;
')
dontaudit $1 winshadow_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive winshadow_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_winshadow_client_packets',`
corenet_send_winshadow_client_packets($1)
corenet_receive_winshadow_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive winshadow_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_winshadow_client_packets',`
corenet_dontaudit_send_winshadow_client_packets($1)
corenet_dontaudit_receive_winshadow_client_packets($1)
')
########################################
## <summary>
## Relabel packets to winshadow_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_winshadow_client_packets',`
gen_require(`
type winshadow_client_packet_t;
')
allow $1 winshadow_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send winshadow_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_winshadow_server_packets',`
gen_require(`
type winshadow_server_packet_t;
')
allow $1 winshadow_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send winshadow_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_winshadow_server_packets',`
gen_require(`
type winshadow_server_packet_t;
')
dontaudit $1 winshadow_server_packet_t:packet send;
')
########################################
## <summary>
## Receive winshadow_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_winshadow_server_packets',`
gen_require(`
type winshadow_server_packet_t;
')
allow $1 winshadow_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive winshadow_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_winshadow_server_packets',`
gen_require(`
type winshadow_server_packet_t;
')
dontaudit $1 winshadow_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive winshadow_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_winshadow_server_packets',`
corenet_send_winshadow_server_packets($1)
corenet_receive_winshadow_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive winshadow_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_winshadow_server_packets',`
corenet_dontaudit_send_winshadow_server_packets($1)
corenet_dontaudit_receive_winshadow_server_packets($1)
')
########################################
## <summary>
## Relabel packets to winshadow_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_winshadow_server_packets',`
gen_require(`
type winshadow_server_packet_t;
')
allow $1 winshadow_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the wap_wsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_wap_wsp_port',`
gen_require(`
type wap_wsp_port_t;
')
allow $1 wap_wsp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the wap_wsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_wap_wsp_port',`
gen_require(`
type wap_wsp_port_t;
')
allow $1 wap_wsp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the wap_wsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_wap_wsp_port',`
gen_require(`
type wap_wsp_port_t;
')
dontaudit $1 wap_wsp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the wap_wsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_wap_wsp_port',`
gen_require(`
type wap_wsp_port_t;
')
allow $1 wap_wsp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the wap_wsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_wap_wsp_port',`
gen_require(`
type wap_wsp_port_t;
')
dontaudit $1 wap_wsp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the wap_wsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_wap_wsp_port',`
corenet_udp_send_wap_wsp_port($1)
corenet_udp_receive_wap_wsp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the wap_wsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_wap_wsp_port',`
corenet_dontaudit_udp_send_wap_wsp_port($1)
corenet_dontaudit_udp_receive_wap_wsp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the wap_wsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_wap_wsp_port',`
gen_require(`
type wap_wsp_port_t;
')
allow $1 wap_wsp_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the wap_wsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_wap_wsp_port',`
gen_require(`
type wap_wsp_port_t;
')
allow $1 wap_wsp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to wap_wsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_wap_wsp_port',`
gen_require(`
type wap_wsp_port_t;
')
dontaudit $1 wap_wsp_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the wap_wsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_wap_wsp_port',`
gen_require(`
type wap_wsp_port_t;
')
allow $1 wap_wsp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to wap_wsp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_wap_wsp_port',`
gen_require(`
type wap_wsp_port_t;
')
dontaudit $1 wap_wsp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send wap_wsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_wap_wsp_client_packets',`
gen_require(`
type wap_wsp_client_packet_t;
')
allow $1 wap_wsp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send wap_wsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_wap_wsp_client_packets',`
gen_require(`
type wap_wsp_client_packet_t;
')
dontaudit $1 wap_wsp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive wap_wsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_wap_wsp_client_packets',`
gen_require(`
type wap_wsp_client_packet_t;
')
allow $1 wap_wsp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive wap_wsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_wap_wsp_client_packets',`
gen_require(`
type wap_wsp_client_packet_t;
')
dontaudit $1 wap_wsp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive wap_wsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_wap_wsp_client_packets',`
corenet_send_wap_wsp_client_packets($1)
corenet_receive_wap_wsp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive wap_wsp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_wap_wsp_client_packets',`
corenet_dontaudit_send_wap_wsp_client_packets($1)
corenet_dontaudit_receive_wap_wsp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to wap_wsp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_wap_wsp_client_packets',`
gen_require(`
type wap_wsp_client_packet_t;
')
allow $1 wap_wsp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send wap_wsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_wap_wsp_server_packets',`
gen_require(`
type wap_wsp_server_packet_t;
')
allow $1 wap_wsp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send wap_wsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_wap_wsp_server_packets',`
gen_require(`
type wap_wsp_server_packet_t;
')
dontaudit $1 wap_wsp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive wap_wsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_wap_wsp_server_packets',`
gen_require(`
type wap_wsp_server_packet_t;
')
allow $1 wap_wsp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive wap_wsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_wap_wsp_server_packets',`
gen_require(`
type wap_wsp_server_packet_t;
')
dontaudit $1 wap_wsp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive wap_wsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_wap_wsp_server_packets',`
corenet_send_wap_wsp_server_packets($1)
corenet_receive_wap_wsp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive wap_wsp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_wap_wsp_server_packets',`
corenet_dontaudit_send_wap_wsp_server_packets($1)
corenet_dontaudit_receive_wap_wsp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to wap_wsp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_wap_wsp_server_packets',`
gen_require(`
type wap_wsp_server_packet_t;
')
allow $1 wap_wsp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the wsdapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_wsdapi_port',`
gen_require(`
type wsdapi_port_t;
')
allow $1 wsdapi_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the wsdapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_wsdapi_port',`
gen_require(`
type wsdapi_port_t;
')
allow $1 wsdapi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the wsdapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_wsdapi_port',`
gen_require(`
type wsdapi_port_t;
')
dontaudit $1 wsdapi_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the wsdapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_wsdapi_port',`
gen_require(`
type wsdapi_port_t;
')
allow $1 wsdapi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the wsdapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_wsdapi_port',`
gen_require(`
type wsdapi_port_t;
')
dontaudit $1 wsdapi_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the wsdapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_wsdapi_port',`
corenet_udp_send_wsdapi_port($1)
corenet_udp_receive_wsdapi_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the wsdapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_wsdapi_port',`
corenet_dontaudit_udp_send_wsdapi_port($1)
corenet_dontaudit_udp_receive_wsdapi_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the wsdapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_wsdapi_port',`
gen_require(`
type wsdapi_port_t;
')
allow $1 wsdapi_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the wsdapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_wsdapi_port',`
gen_require(`
type wsdapi_port_t;
')
allow $1 wsdapi_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to wsdapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_wsdapi_port',`
gen_require(`
type wsdapi_port_t;
')
dontaudit $1 wsdapi_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the wsdapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_wsdapi_port',`
gen_require(`
type wsdapi_port_t;
')
allow $1 wsdapi_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to wsdapi port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_wsdapi_port',`
gen_require(`
type wsdapi_port_t;
')
dontaudit $1 wsdapi_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send wsdapi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_wsdapi_client_packets',`
gen_require(`
type wsdapi_client_packet_t;
')
allow $1 wsdapi_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send wsdapi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_wsdapi_client_packets',`
gen_require(`
type wsdapi_client_packet_t;
')
dontaudit $1 wsdapi_client_packet_t:packet send;
')
########################################
## <summary>
## Receive wsdapi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_wsdapi_client_packets',`
gen_require(`
type wsdapi_client_packet_t;
')
allow $1 wsdapi_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive wsdapi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_wsdapi_client_packets',`
gen_require(`
type wsdapi_client_packet_t;
')
dontaudit $1 wsdapi_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive wsdapi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_wsdapi_client_packets',`
corenet_send_wsdapi_client_packets($1)
corenet_receive_wsdapi_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive wsdapi_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_wsdapi_client_packets',`
corenet_dontaudit_send_wsdapi_client_packets($1)
corenet_dontaudit_receive_wsdapi_client_packets($1)
')
########################################
## <summary>
## Relabel packets to wsdapi_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_wsdapi_client_packets',`
gen_require(`
type wsdapi_client_packet_t;
')
allow $1 wsdapi_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send wsdapi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_wsdapi_server_packets',`
gen_require(`
type wsdapi_server_packet_t;
')
allow $1 wsdapi_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send wsdapi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_wsdapi_server_packets',`
gen_require(`
type wsdapi_server_packet_t;
')
dontaudit $1 wsdapi_server_packet_t:packet send;
')
########################################
## <summary>
## Receive wsdapi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_wsdapi_server_packets',`
gen_require(`
type wsdapi_server_packet_t;
')
allow $1 wsdapi_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive wsdapi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_wsdapi_server_packets',`
gen_require(`
type wsdapi_server_packet_t;
')
dontaudit $1 wsdapi_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive wsdapi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_wsdapi_server_packets',`
corenet_send_wsdapi_server_packets($1)
corenet_receive_wsdapi_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive wsdapi_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_wsdapi_server_packets',`
corenet_dontaudit_send_wsdapi_server_packets($1)
corenet_dontaudit_receive_wsdapi_server_packets($1)
')
########################################
## <summary>
## Relabel packets to wsdapi_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_wsdapi_server_packets',`
gen_require(`
type wsdapi_server_packet_t;
')
allow $1 wsdapi_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the wsicopy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_wsicopy_port',`
gen_require(`
type wsicopy_port_t;
')
allow $1 wsicopy_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the wsicopy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_wsicopy_port',`
gen_require(`
type wsicopy_port_t;
')
allow $1 wsicopy_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the wsicopy port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_wsicopy_port',`
gen_require(`
type wsicopy_port_t;
')
dontaudit $1 wsicopy_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the wsicopy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_wsicopy_port',`
gen_require(`
type wsicopy_port_t;
')
allow $1 wsicopy_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the wsicopy port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_wsicopy_port',`
gen_require(`
type wsicopy_port_t;
')
dontaudit $1 wsicopy_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the wsicopy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_wsicopy_port',`
corenet_udp_send_wsicopy_port($1)
corenet_udp_receive_wsicopy_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the wsicopy port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_wsicopy_port',`
corenet_dontaudit_udp_send_wsicopy_port($1)
corenet_dontaudit_udp_receive_wsicopy_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the wsicopy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_wsicopy_port',`
gen_require(`
type wsicopy_port_t;
')
allow $1 wsicopy_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the wsicopy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_wsicopy_port',`
gen_require(`
type wsicopy_port_t;
')
allow $1 wsicopy_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to wsicopy port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_wsicopy_port',`
gen_require(`
type wsicopy_port_t;
')
dontaudit $1 wsicopy_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the wsicopy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_wsicopy_port',`
gen_require(`
type wsicopy_port_t;
')
allow $1 wsicopy_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to wsicopy port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_wsicopy_port',`
gen_require(`
type wsicopy_port_t;
')
dontaudit $1 wsicopy_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send wsicopy_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_wsicopy_client_packets',`
gen_require(`
type wsicopy_client_packet_t;
')
allow $1 wsicopy_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send wsicopy_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_wsicopy_client_packets',`
gen_require(`
type wsicopy_client_packet_t;
')
dontaudit $1 wsicopy_client_packet_t:packet send;
')
########################################
## <summary>
## Receive wsicopy_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_wsicopy_client_packets',`
gen_require(`
type wsicopy_client_packet_t;
')
allow $1 wsicopy_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive wsicopy_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_wsicopy_client_packets',`
gen_require(`
type wsicopy_client_packet_t;
')
dontaudit $1 wsicopy_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive wsicopy_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_wsicopy_client_packets',`
corenet_send_wsicopy_client_packets($1)
corenet_receive_wsicopy_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive wsicopy_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_wsicopy_client_packets',`
corenet_dontaudit_send_wsicopy_client_packets($1)
corenet_dontaudit_receive_wsicopy_client_packets($1)
')
########################################
## <summary>
## Relabel packets to wsicopy_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_wsicopy_client_packets',`
gen_require(`
type wsicopy_client_packet_t;
')
allow $1 wsicopy_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send wsicopy_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_wsicopy_server_packets',`
gen_require(`
type wsicopy_server_packet_t;
')
allow $1 wsicopy_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send wsicopy_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_wsicopy_server_packets',`
gen_require(`
type wsicopy_server_packet_t;
')
dontaudit $1 wsicopy_server_packet_t:packet send;
')
########################################
## <summary>
## Receive wsicopy_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_wsicopy_server_packets',`
gen_require(`
type wsicopy_server_packet_t;
')
allow $1 wsicopy_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive wsicopy_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_wsicopy_server_packets',`
gen_require(`
type wsicopy_server_packet_t;
')
dontaudit $1 wsicopy_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive wsicopy_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_wsicopy_server_packets',`
corenet_send_wsicopy_server_packets($1)
corenet_receive_wsicopy_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive wsicopy_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_wsicopy_server_packets',`
corenet_dontaudit_send_wsicopy_server_packets($1)
corenet_dontaudit_receive_wsicopy_server_packets($1)
')
########################################
## <summary>
## Relabel packets to wsicopy_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_wsicopy_server_packets',`
gen_require(`
type wsicopy_server_packet_t;
')
allow $1 wsicopy_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_xdmcp_port',`
gen_require(`
type xdmcp_port_t;
')
allow $1 xdmcp_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_xdmcp_port',`
gen_require(`
type xdmcp_port_t;
')
allow $1 xdmcp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_xdmcp_port',`
gen_require(`
type xdmcp_port_t;
')
dontaudit $1 xdmcp_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_xdmcp_port',`
gen_require(`
type xdmcp_port_t;
')
allow $1 xdmcp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_xdmcp_port',`
gen_require(`
type xdmcp_port_t;
')
dontaudit $1 xdmcp_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_xdmcp_port',`
corenet_udp_send_xdmcp_port($1)
corenet_udp_receive_xdmcp_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_xdmcp_port',`
corenet_dontaudit_udp_send_xdmcp_port($1)
corenet_dontaudit_udp_receive_xdmcp_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_xdmcp_port',`
gen_require(`
type xdmcp_port_t;
')
allow $1 xdmcp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_xdmcp_port',`
gen_require(`
type xdmcp_port_t;
')
allow $1 xdmcp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_xdmcp_port',`
gen_require(`
type xdmcp_port_t;
')
dontaudit $1 xdmcp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_xdmcp_port',`
gen_require(`
type xdmcp_port_t;
')
allow $1 xdmcp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to xdmcp port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_xdmcp_port',`
gen_require(`
type xdmcp_port_t;
')
dontaudit $1 xdmcp_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send xdmcp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xdmcp_client_packets',`
gen_require(`
type xdmcp_client_packet_t;
')
allow $1 xdmcp_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xdmcp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xdmcp_client_packets',`
gen_require(`
type xdmcp_client_packet_t;
')
dontaudit $1 xdmcp_client_packet_t:packet send;
')
########################################
## <summary>
## Receive xdmcp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xdmcp_client_packets',`
gen_require(`
type xdmcp_client_packet_t;
')
allow $1 xdmcp_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xdmcp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xdmcp_client_packets',`
gen_require(`
type xdmcp_client_packet_t;
')
dontaudit $1 xdmcp_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xdmcp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xdmcp_client_packets',`
corenet_send_xdmcp_client_packets($1)
corenet_receive_xdmcp_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xdmcp_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xdmcp_client_packets',`
corenet_dontaudit_send_xdmcp_client_packets($1)
corenet_dontaudit_receive_xdmcp_client_packets($1)
')
########################################
## <summary>
## Relabel packets to xdmcp_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xdmcp_client_packets',`
gen_require(`
type xdmcp_client_packet_t;
')
allow $1 xdmcp_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send xdmcp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xdmcp_server_packets',`
gen_require(`
type xdmcp_server_packet_t;
')
allow $1 xdmcp_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xdmcp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xdmcp_server_packets',`
gen_require(`
type xdmcp_server_packet_t;
')
dontaudit $1 xdmcp_server_packet_t:packet send;
')
########################################
## <summary>
## Receive xdmcp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xdmcp_server_packets',`
gen_require(`
type xdmcp_server_packet_t;
')
allow $1 xdmcp_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xdmcp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xdmcp_server_packets',`
gen_require(`
type xdmcp_server_packet_t;
')
dontaudit $1 xdmcp_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xdmcp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xdmcp_server_packets',`
corenet_send_xdmcp_server_packets($1)
corenet_receive_xdmcp_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xdmcp_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xdmcp_server_packets',`
corenet_dontaudit_send_xdmcp_server_packets($1)
corenet_dontaudit_receive_xdmcp_server_packets($1)
')
########################################
## <summary>
## Relabel packets to xdmcp_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xdmcp_server_packets',`
gen_require(`
type xdmcp_server_packet_t;
')
allow $1 xdmcp_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_xen_port',`
gen_require(`
type xen_port_t;
')
allow $1 xen_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_xen_port',`
gen_require(`
type xen_port_t;
')
allow $1 xen_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_xen_port',`
gen_require(`
type xen_port_t;
')
dontaudit $1 xen_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_xen_port',`
gen_require(`
type xen_port_t;
')
allow $1 xen_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_xen_port',`
gen_require(`
type xen_port_t;
')
dontaudit $1 xen_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_xen_port',`
corenet_udp_send_xen_port($1)
corenet_udp_receive_xen_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_xen_port',`
corenet_dontaudit_udp_send_xen_port($1)
corenet_dontaudit_udp_receive_xen_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_xen_port',`
gen_require(`
type xen_port_t;
')
allow $1 xen_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_xen_port',`
gen_require(`
type xen_port_t;
')
allow $1 xen_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_xen_port',`
gen_require(`
type xen_port_t;
')
dontaudit $1 xen_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_xen_port',`
gen_require(`
type xen_port_t;
')
allow $1 xen_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to xen port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_xen_port',`
gen_require(`
type xen_port_t;
')
dontaudit $1 xen_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send xen_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xen_client_packets',`
gen_require(`
type xen_client_packet_t;
')
allow $1 xen_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xen_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xen_client_packets',`
gen_require(`
type xen_client_packet_t;
')
dontaudit $1 xen_client_packet_t:packet send;
')
########################################
## <summary>
## Receive xen_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xen_client_packets',`
gen_require(`
type xen_client_packet_t;
')
allow $1 xen_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xen_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xen_client_packets',`
gen_require(`
type xen_client_packet_t;
')
dontaudit $1 xen_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xen_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xen_client_packets',`
corenet_send_xen_client_packets($1)
corenet_receive_xen_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xen_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xen_client_packets',`
corenet_dontaudit_send_xen_client_packets($1)
corenet_dontaudit_receive_xen_client_packets($1)
')
########################################
## <summary>
## Relabel packets to xen_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xen_client_packets',`
gen_require(`
type xen_client_packet_t;
')
allow $1 xen_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send xen_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xen_server_packets',`
gen_require(`
type xen_server_packet_t;
')
allow $1 xen_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xen_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xen_server_packets',`
gen_require(`
type xen_server_packet_t;
')
dontaudit $1 xen_server_packet_t:packet send;
')
########################################
## <summary>
## Receive xen_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xen_server_packets',`
gen_require(`
type xen_server_packet_t;
')
allow $1 xen_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xen_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xen_server_packets',`
gen_require(`
type xen_server_packet_t;
')
dontaudit $1 xen_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xen_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xen_server_packets',`
corenet_send_xen_server_packets($1)
corenet_receive_xen_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xen_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xen_server_packets',`
corenet_dontaudit_send_xen_server_packets($1)
corenet_dontaudit_receive_xen_server_packets($1)
')
########################################
## <summary>
## Relabel packets to xen_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xen_server_packets',`
gen_require(`
type xen_server_packet_t;
')
allow $1 xen_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the xinuexpansion3 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_xinuexpansion3_port',`
gen_require(`
type xinuexpansion3_port_t;
')
allow $1 xinuexpansion3_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the xinuexpansion3 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_xinuexpansion3_port',`
gen_require(`
type xinuexpansion3_port_t;
')
allow $1 xinuexpansion3_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the xinuexpansion3 port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_xinuexpansion3_port',`
gen_require(`
type xinuexpansion3_port_t;
')
dontaudit $1 xinuexpansion3_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the xinuexpansion3 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_xinuexpansion3_port',`
gen_require(`
type xinuexpansion3_port_t;
')
allow $1 xinuexpansion3_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the xinuexpansion3 port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_xinuexpansion3_port',`
gen_require(`
type xinuexpansion3_port_t;
')
dontaudit $1 xinuexpansion3_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the xinuexpansion3 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_xinuexpansion3_port',`
corenet_udp_send_xinuexpansion3_port($1)
corenet_udp_receive_xinuexpansion3_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the xinuexpansion3 port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_xinuexpansion3_port',`
corenet_dontaudit_udp_send_xinuexpansion3_port($1)
corenet_dontaudit_udp_receive_xinuexpansion3_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the xinuexpansion3 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_xinuexpansion3_port',`
gen_require(`
type xinuexpansion3_port_t;
')
allow $1 xinuexpansion3_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the xinuexpansion3 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_xinuexpansion3_port',`
gen_require(`
type xinuexpansion3_port_t;
')
allow $1 xinuexpansion3_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to xinuexpansion3 port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_xinuexpansion3_port',`
gen_require(`
type xinuexpansion3_port_t;
')
dontaudit $1 xinuexpansion3_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the xinuexpansion3 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_xinuexpansion3_port',`
gen_require(`
type xinuexpansion3_port_t;
')
allow $1 xinuexpansion3_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to xinuexpansion3 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_xinuexpansion3_port',`
gen_require(`
type xinuexpansion3_port_t;
')
dontaudit $1 xinuexpansion3_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send xinuexpansion3_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xinuexpansion3_client_packets',`
gen_require(`
type xinuexpansion3_client_packet_t;
')
allow $1 xinuexpansion3_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xinuexpansion3_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xinuexpansion3_client_packets',`
gen_require(`
type xinuexpansion3_client_packet_t;
')
dontaudit $1 xinuexpansion3_client_packet_t:packet send;
')
########################################
## <summary>
## Receive xinuexpansion3_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xinuexpansion3_client_packets',`
gen_require(`
type xinuexpansion3_client_packet_t;
')
allow $1 xinuexpansion3_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xinuexpansion3_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xinuexpansion3_client_packets',`
gen_require(`
type xinuexpansion3_client_packet_t;
')
dontaudit $1 xinuexpansion3_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xinuexpansion3_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xinuexpansion3_client_packets',`
corenet_send_xinuexpansion3_client_packets($1)
corenet_receive_xinuexpansion3_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xinuexpansion3_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xinuexpansion3_client_packets',`
corenet_dontaudit_send_xinuexpansion3_client_packets($1)
corenet_dontaudit_receive_xinuexpansion3_client_packets($1)
')
########################################
## <summary>
## Relabel packets to xinuexpansion3_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xinuexpansion3_client_packets',`
gen_require(`
type xinuexpansion3_client_packet_t;
')
allow $1 xinuexpansion3_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send xinuexpansion3_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xinuexpansion3_server_packets',`
gen_require(`
type xinuexpansion3_server_packet_t;
')
allow $1 xinuexpansion3_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xinuexpansion3_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xinuexpansion3_server_packets',`
gen_require(`
type xinuexpansion3_server_packet_t;
')
dontaudit $1 xinuexpansion3_server_packet_t:packet send;
')
########################################
## <summary>
## Receive xinuexpansion3_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xinuexpansion3_server_packets',`
gen_require(`
type xinuexpansion3_server_packet_t;
')
allow $1 xinuexpansion3_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xinuexpansion3_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xinuexpansion3_server_packets',`
gen_require(`
type xinuexpansion3_server_packet_t;
')
dontaudit $1 xinuexpansion3_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xinuexpansion3_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xinuexpansion3_server_packets',`
corenet_send_xinuexpansion3_server_packets($1)
corenet_receive_xinuexpansion3_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xinuexpansion3_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xinuexpansion3_server_packets',`
corenet_dontaudit_send_xinuexpansion3_server_packets($1)
corenet_dontaudit_receive_xinuexpansion3_server_packets($1)
')
########################################
## <summary>
## Relabel packets to xinuexpansion3_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xinuexpansion3_server_packets',`
gen_require(`
type xinuexpansion3_server_packet_t;
')
allow $1 xinuexpansion3_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the xinuexpansion4 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_xinuexpansion4_port',`
gen_require(`
type xinuexpansion4_port_t;
')
allow $1 xinuexpansion4_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the xinuexpansion4 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_xinuexpansion4_port',`
gen_require(`
type xinuexpansion4_port_t;
')
allow $1 xinuexpansion4_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the xinuexpansion4 port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_xinuexpansion4_port',`
gen_require(`
type xinuexpansion4_port_t;
')
dontaudit $1 xinuexpansion4_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the xinuexpansion4 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_xinuexpansion4_port',`
gen_require(`
type xinuexpansion4_port_t;
')
allow $1 xinuexpansion4_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the xinuexpansion4 port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_xinuexpansion4_port',`
gen_require(`
type xinuexpansion4_port_t;
')
dontaudit $1 xinuexpansion4_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the xinuexpansion4 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_xinuexpansion4_port',`
corenet_udp_send_xinuexpansion4_port($1)
corenet_udp_receive_xinuexpansion4_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the xinuexpansion4 port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_xinuexpansion4_port',`
corenet_dontaudit_udp_send_xinuexpansion4_port($1)
corenet_dontaudit_udp_receive_xinuexpansion4_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the xinuexpansion4 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_xinuexpansion4_port',`
gen_require(`
type xinuexpansion4_port_t;
')
allow $1 xinuexpansion4_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the xinuexpansion4 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_xinuexpansion4_port',`
gen_require(`
type xinuexpansion4_port_t;
')
allow $1 xinuexpansion4_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to xinuexpansion4 port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_xinuexpansion4_port',`
gen_require(`
type xinuexpansion4_port_t;
')
dontaudit $1 xinuexpansion4_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the xinuexpansion4 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_xinuexpansion4_port',`
gen_require(`
type xinuexpansion4_port_t;
')
allow $1 xinuexpansion4_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to xinuexpansion4 port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_xinuexpansion4_port',`
gen_require(`
type xinuexpansion4_port_t;
')
dontaudit $1 xinuexpansion4_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send xinuexpansion4_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xinuexpansion4_client_packets',`
gen_require(`
type xinuexpansion4_client_packet_t;
')
allow $1 xinuexpansion4_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xinuexpansion4_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xinuexpansion4_client_packets',`
gen_require(`
type xinuexpansion4_client_packet_t;
')
dontaudit $1 xinuexpansion4_client_packet_t:packet send;
')
########################################
## <summary>
## Receive xinuexpansion4_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xinuexpansion4_client_packets',`
gen_require(`
type xinuexpansion4_client_packet_t;
')
allow $1 xinuexpansion4_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xinuexpansion4_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xinuexpansion4_client_packets',`
gen_require(`
type xinuexpansion4_client_packet_t;
')
dontaudit $1 xinuexpansion4_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xinuexpansion4_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xinuexpansion4_client_packets',`
corenet_send_xinuexpansion4_client_packets($1)
corenet_receive_xinuexpansion4_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xinuexpansion4_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xinuexpansion4_client_packets',`
corenet_dontaudit_send_xinuexpansion4_client_packets($1)
corenet_dontaudit_receive_xinuexpansion4_client_packets($1)
')
########################################
## <summary>
## Relabel packets to xinuexpansion4_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xinuexpansion4_client_packets',`
gen_require(`
type xinuexpansion4_client_packet_t;
')
allow $1 xinuexpansion4_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send xinuexpansion4_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xinuexpansion4_server_packets',`
gen_require(`
type xinuexpansion4_server_packet_t;
')
allow $1 xinuexpansion4_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xinuexpansion4_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xinuexpansion4_server_packets',`
gen_require(`
type xinuexpansion4_server_packet_t;
')
dontaudit $1 xinuexpansion4_server_packet_t:packet send;
')
########################################
## <summary>
## Receive xinuexpansion4_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xinuexpansion4_server_packets',`
gen_require(`
type xinuexpansion4_server_packet_t;
')
allow $1 xinuexpansion4_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xinuexpansion4_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xinuexpansion4_server_packets',`
gen_require(`
type xinuexpansion4_server_packet_t;
')
dontaudit $1 xinuexpansion4_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xinuexpansion4_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xinuexpansion4_server_packets',`
corenet_send_xinuexpansion4_server_packets($1)
corenet_receive_xinuexpansion4_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xinuexpansion4_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xinuexpansion4_server_packets',`
corenet_dontaudit_send_xinuexpansion4_server_packets($1)
corenet_dontaudit_receive_xinuexpansion4_server_packets($1)
')
########################################
## <summary>
## Relabel packets to xinuexpansion4_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xinuexpansion4_server_packets',`
gen_require(`
type xinuexpansion4_server_packet_t;
')
allow $1 xinuexpansion4_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_xfs_port',`
gen_require(`
type xfs_port_t;
')
allow $1 xfs_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_xfs_port',`
gen_require(`
type xfs_port_t;
')
allow $1 xfs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_xfs_port',`
gen_require(`
type xfs_port_t;
')
dontaudit $1 xfs_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_xfs_port',`
gen_require(`
type xfs_port_t;
')
allow $1 xfs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_xfs_port',`
gen_require(`
type xfs_port_t;
')
dontaudit $1 xfs_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_xfs_port',`
corenet_udp_send_xfs_port($1)
corenet_udp_receive_xfs_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_xfs_port',`
corenet_dontaudit_udp_send_xfs_port($1)
corenet_dontaudit_udp_receive_xfs_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_xfs_port',`
gen_require(`
type xfs_port_t;
')
allow $1 xfs_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_xfs_port',`
gen_require(`
type xfs_port_t;
')
allow $1 xfs_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_xfs_port',`
gen_require(`
type xfs_port_t;
')
dontaudit $1 xfs_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_xfs_port',`
gen_require(`
type xfs_port_t;
')
allow $1 xfs_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to xfs port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_xfs_port',`
gen_require(`
type xfs_port_t;
')
dontaudit $1 xfs_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send xfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xfs_client_packets',`
gen_require(`
type xfs_client_packet_t;
')
allow $1 xfs_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xfs_client_packets',`
gen_require(`
type xfs_client_packet_t;
')
dontaudit $1 xfs_client_packet_t:packet send;
')
########################################
## <summary>
## Receive xfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xfs_client_packets',`
gen_require(`
type xfs_client_packet_t;
')
allow $1 xfs_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xfs_client_packets',`
gen_require(`
type xfs_client_packet_t;
')
dontaudit $1 xfs_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xfs_client_packets',`
corenet_send_xfs_client_packets($1)
corenet_receive_xfs_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xfs_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xfs_client_packets',`
corenet_dontaudit_send_xfs_client_packets($1)
corenet_dontaudit_receive_xfs_client_packets($1)
')
########################################
## <summary>
## Relabel packets to xfs_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xfs_client_packets',`
gen_require(`
type xfs_client_packet_t;
')
allow $1 xfs_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send xfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xfs_server_packets',`
gen_require(`
type xfs_server_packet_t;
')
allow $1 xfs_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xfs_server_packets',`
gen_require(`
type xfs_server_packet_t;
')
dontaudit $1 xfs_server_packet_t:packet send;
')
########################################
## <summary>
## Receive xfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xfs_server_packets',`
gen_require(`
type xfs_server_packet_t;
')
allow $1 xfs_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xfs_server_packets',`
gen_require(`
type xfs_server_packet_t;
')
dontaudit $1 xfs_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xfs_server_packets',`
corenet_send_xfs_server_packets($1)
corenet_receive_xfs_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xfs_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xfs_server_packets',`
corenet_dontaudit_send_xfs_server_packets($1)
corenet_dontaudit_receive_xfs_server_packets($1)
')
########################################
## <summary>
## Relabel packets to xfs_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xfs_server_packets',`
gen_require(`
type xfs_server_packet_t;
')
allow $1 xfs_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the xmsg port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_xmsg_port',`
gen_require(`
type xmsg_port_t;
')
allow $1 xmsg_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the xmsg port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_xmsg_port',`
gen_require(`
type xmsg_port_t;
')
allow $1 xmsg_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the xmsg port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_xmsg_port',`
gen_require(`
type xmsg_port_t;
')
dontaudit $1 xmsg_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the xmsg port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_xmsg_port',`
gen_require(`
type xmsg_port_t;
')
allow $1 xmsg_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the xmsg port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_xmsg_port',`
gen_require(`
type xmsg_port_t;
')
dontaudit $1 xmsg_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the xmsg port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_xmsg_port',`
corenet_udp_send_xmsg_port($1)
corenet_udp_receive_xmsg_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the xmsg port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_xmsg_port',`
corenet_dontaudit_udp_send_xmsg_port($1)
corenet_dontaudit_udp_receive_xmsg_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the xmsg port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_xmsg_port',`
gen_require(`
type xmsg_port_t;
')
allow $1 xmsg_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the xmsg port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_xmsg_port',`
gen_require(`
type xmsg_port_t;
')
allow $1 xmsg_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to xmsg port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_xmsg_port',`
gen_require(`
type xmsg_port_t;
')
dontaudit $1 xmsg_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the xmsg port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_xmsg_port',`
gen_require(`
type xmsg_port_t;
')
allow $1 xmsg_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to xmsg port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_xmsg_port',`
gen_require(`
type xmsg_port_t;
')
dontaudit $1 xmsg_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send xmsg_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xmsg_client_packets',`
gen_require(`
type xmsg_client_packet_t;
')
allow $1 xmsg_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xmsg_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xmsg_client_packets',`
gen_require(`
type xmsg_client_packet_t;
')
dontaudit $1 xmsg_client_packet_t:packet send;
')
########################################
## <summary>
## Receive xmsg_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xmsg_client_packets',`
gen_require(`
type xmsg_client_packet_t;
')
allow $1 xmsg_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xmsg_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xmsg_client_packets',`
gen_require(`
type xmsg_client_packet_t;
')
dontaudit $1 xmsg_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xmsg_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xmsg_client_packets',`
corenet_send_xmsg_client_packets($1)
corenet_receive_xmsg_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xmsg_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xmsg_client_packets',`
corenet_dontaudit_send_xmsg_client_packets($1)
corenet_dontaudit_receive_xmsg_client_packets($1)
')
########################################
## <summary>
## Relabel packets to xmsg_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xmsg_client_packets',`
gen_require(`
type xmsg_client_packet_t;
')
allow $1 xmsg_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send xmsg_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xmsg_server_packets',`
gen_require(`
type xmsg_server_packet_t;
')
allow $1 xmsg_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xmsg_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xmsg_server_packets',`
gen_require(`
type xmsg_server_packet_t;
')
dontaudit $1 xmsg_server_packet_t:packet send;
')
########################################
## <summary>
## Receive xmsg_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xmsg_server_packets',`
gen_require(`
type xmsg_server_packet_t;
')
allow $1 xmsg_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xmsg_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xmsg_server_packets',`
gen_require(`
type xmsg_server_packet_t;
')
dontaudit $1 xmsg_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xmsg_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xmsg_server_packets',`
corenet_send_xmsg_server_packets($1)
corenet_receive_xmsg_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xmsg_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xmsg_server_packets',`
corenet_dontaudit_send_xmsg_server_packets($1)
corenet_dontaudit_receive_xmsg_server_packets($1)
')
########################################
## <summary>
## Relabel packets to xmsg_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xmsg_server_packets',`
gen_require(`
type xmsg_server_packet_t;
')
allow $1 xmsg_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the xodbc_connect port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_xodbc_connect_port',`
gen_require(`
type xodbc_connect_port_t;
')
allow $1 xodbc_connect_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the xodbc_connect port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_xodbc_connect_port',`
gen_require(`
type xodbc_connect_port_t;
')
allow $1 xodbc_connect_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the xodbc_connect port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_xodbc_connect_port',`
gen_require(`
type xodbc_connect_port_t;
')
dontaudit $1 xodbc_connect_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the xodbc_connect port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_xodbc_connect_port',`
gen_require(`
type xodbc_connect_port_t;
')
allow $1 xodbc_connect_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the xodbc_connect port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_xodbc_connect_port',`
gen_require(`
type xodbc_connect_port_t;
')
dontaudit $1 xodbc_connect_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the xodbc_connect port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_xodbc_connect_port',`
corenet_udp_send_xodbc_connect_port($1)
corenet_udp_receive_xodbc_connect_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the xodbc_connect port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_xodbc_connect_port',`
corenet_dontaudit_udp_send_xodbc_connect_port($1)
corenet_dontaudit_udp_receive_xodbc_connect_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the xodbc_connect port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_xodbc_connect_port',`
gen_require(`
type xodbc_connect_port_t;
')
allow $1 xodbc_connect_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the xodbc_connect port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_xodbc_connect_port',`
gen_require(`
type xodbc_connect_port_t;
')
allow $1 xodbc_connect_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to xodbc_connect port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_xodbc_connect_port',`
gen_require(`
type xodbc_connect_port_t;
')
dontaudit $1 xodbc_connect_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the xodbc_connect port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_xodbc_connect_port',`
gen_require(`
type xodbc_connect_port_t;
')
allow $1 xodbc_connect_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to xodbc_connect port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_xodbc_connect_port',`
gen_require(`
type xodbc_connect_port_t;
')
dontaudit $1 xodbc_connect_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send xodbc_connect_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xodbc_connect_client_packets',`
gen_require(`
type xodbc_connect_client_packet_t;
')
allow $1 xodbc_connect_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xodbc_connect_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xodbc_connect_client_packets',`
gen_require(`
type xodbc_connect_client_packet_t;
')
dontaudit $1 xodbc_connect_client_packet_t:packet send;
')
########################################
## <summary>
## Receive xodbc_connect_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xodbc_connect_client_packets',`
gen_require(`
type xodbc_connect_client_packet_t;
')
allow $1 xodbc_connect_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xodbc_connect_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xodbc_connect_client_packets',`
gen_require(`
type xodbc_connect_client_packet_t;
')
dontaudit $1 xodbc_connect_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xodbc_connect_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xodbc_connect_client_packets',`
corenet_send_xodbc_connect_client_packets($1)
corenet_receive_xodbc_connect_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xodbc_connect_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xodbc_connect_client_packets',`
corenet_dontaudit_send_xodbc_connect_client_packets($1)
corenet_dontaudit_receive_xodbc_connect_client_packets($1)
')
########################################
## <summary>
## Relabel packets to xodbc_connect_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xodbc_connect_client_packets',`
gen_require(`
type xodbc_connect_client_packet_t;
')
allow $1 xodbc_connect_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send xodbc_connect_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xodbc_connect_server_packets',`
gen_require(`
type xodbc_connect_server_packet_t;
')
allow $1 xodbc_connect_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xodbc_connect_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xodbc_connect_server_packets',`
gen_require(`
type xodbc_connect_server_packet_t;
')
dontaudit $1 xodbc_connect_server_packet_t:packet send;
')
########################################
## <summary>
## Receive xodbc_connect_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xodbc_connect_server_packets',`
gen_require(`
type xodbc_connect_server_packet_t;
')
allow $1 xodbc_connect_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xodbc_connect_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xodbc_connect_server_packets',`
gen_require(`
type xodbc_connect_server_packet_t;
')
dontaudit $1 xodbc_connect_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xodbc_connect_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xodbc_connect_server_packets',`
corenet_send_xodbc_connect_server_packets($1)
corenet_receive_xodbc_connect_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xodbc_connect_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xodbc_connect_server_packets',`
corenet_dontaudit_send_xodbc_connect_server_packets($1)
corenet_dontaudit_receive_xodbc_connect_server_packets($1)
')
########################################
## <summary>
## Relabel packets to xodbc_connect_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xodbc_connect_server_packets',`
gen_require(`
type xodbc_connect_server_packet_t;
')
allow $1 xodbc_connect_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_xserver_port',`
gen_require(`
type xserver_port_t;
')
allow $1 xserver_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_xserver_port',`
gen_require(`
type xserver_port_t;
')
allow $1 xserver_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_xserver_port',`
gen_require(`
type xserver_port_t;
')
dontaudit $1 xserver_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_xserver_port',`
gen_require(`
type xserver_port_t;
')
allow $1 xserver_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_xserver_port',`
gen_require(`
type xserver_port_t;
')
dontaudit $1 xserver_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_xserver_port',`
corenet_udp_send_xserver_port($1)
corenet_udp_receive_xserver_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_xserver_port',`
corenet_dontaudit_udp_send_xserver_port($1)
corenet_dontaudit_udp_receive_xserver_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_xserver_port',`
gen_require(`
type xserver_port_t;
')
allow $1 xserver_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_xserver_port',`
gen_require(`
type xserver_port_t;
')
allow $1 xserver_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_xserver_port',`
gen_require(`
type xserver_port_t;
')
dontaudit $1 xserver_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_xserver_port',`
gen_require(`
type xserver_port_t;
')
allow $1 xserver_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to xserver port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_xserver_port',`
gen_require(`
type xserver_port_t;
')
dontaudit $1 xserver_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send xserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xserver_client_packets',`
gen_require(`
type xserver_client_packet_t;
')
allow $1 xserver_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xserver_client_packets',`
gen_require(`
type xserver_client_packet_t;
')
dontaudit $1 xserver_client_packet_t:packet send;
')
########################################
## <summary>
## Receive xserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xserver_client_packets',`
gen_require(`
type xserver_client_packet_t;
')
allow $1 xserver_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xserver_client_packets',`
gen_require(`
type xserver_client_packet_t;
')
dontaudit $1 xserver_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xserver_client_packets',`
corenet_send_xserver_client_packets($1)
corenet_receive_xserver_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xserver_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xserver_client_packets',`
corenet_dontaudit_send_xserver_client_packets($1)
corenet_dontaudit_receive_xserver_client_packets($1)
')
########################################
## <summary>
## Relabel packets to xserver_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xserver_client_packets',`
gen_require(`
type xserver_client_packet_t;
')
allow $1 xserver_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send xserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_xserver_server_packets',`
gen_require(`
type xserver_server_packet_t;
')
allow $1 xserver_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send xserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_xserver_server_packets',`
gen_require(`
type xserver_server_packet_t;
')
dontaudit $1 xserver_server_packet_t:packet send;
')
########################################
## <summary>
## Receive xserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_xserver_server_packets',`
gen_require(`
type xserver_server_packet_t;
')
allow $1 xserver_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive xserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_xserver_server_packets',`
gen_require(`
type xserver_server_packet_t;
')
dontaudit $1 xserver_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive xserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_xserver_server_packets',`
corenet_send_xserver_server_packets($1)
corenet_receive_xserver_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive xserver_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_xserver_server_packets',`
corenet_dontaudit_send_xserver_server_packets($1)
corenet_dontaudit_receive_xserver_server_packets($1)
')
########################################
## <summary>
## Relabel packets to xserver_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_xserver_server_packets',`
gen_require(`
type xserver_server_packet_t;
')
allow $1 xserver_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the qpasa_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_qpasa_agent_port',`
gen_require(`
type qpasa_agent_port_t;
')
allow $1 qpasa_agent_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the qpasa_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_qpasa_agent_port',`
gen_require(`
type qpasa_agent_port_t;
')
allow $1 qpasa_agent_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the qpasa_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_qpasa_agent_port',`
gen_require(`
type qpasa_agent_port_t;
')
dontaudit $1 qpasa_agent_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the qpasa_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_qpasa_agent_port',`
gen_require(`
type qpasa_agent_port_t;
')
allow $1 qpasa_agent_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the qpasa_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_qpasa_agent_port',`
gen_require(`
type qpasa_agent_port_t;
')
dontaudit $1 qpasa_agent_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the qpasa_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_qpasa_agent_port',`
corenet_udp_send_qpasa_agent_port($1)
corenet_udp_receive_qpasa_agent_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the qpasa_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_qpasa_agent_port',`
corenet_dontaudit_udp_send_qpasa_agent_port($1)
corenet_dontaudit_udp_receive_qpasa_agent_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the qpasa_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_qpasa_agent_port',`
gen_require(`
type qpasa_agent_port_t;
')
allow $1 qpasa_agent_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the qpasa_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_qpasa_agent_port',`
gen_require(`
type qpasa_agent_port_t;
')
allow $1 qpasa_agent_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to qpasa_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_qpasa_agent_port',`
gen_require(`
type qpasa_agent_port_t;
')
dontaudit $1 qpasa_agent_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the qpasa_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_qpasa_agent_port',`
gen_require(`
type qpasa_agent_port_t;
')
allow $1 qpasa_agent_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to qpasa_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_qpasa_agent_port',`
gen_require(`
type qpasa_agent_port_t;
')
dontaudit $1 qpasa_agent_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send qpasa_agent_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_qpasa_agent_client_packets',`
gen_require(`
type qpasa_agent_client_packet_t;
')
allow $1 qpasa_agent_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send qpasa_agent_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_qpasa_agent_client_packets',`
gen_require(`
type qpasa_agent_client_packet_t;
')
dontaudit $1 qpasa_agent_client_packet_t:packet send;
')
########################################
## <summary>
## Receive qpasa_agent_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_qpasa_agent_client_packets',`
gen_require(`
type qpasa_agent_client_packet_t;
')
allow $1 qpasa_agent_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive qpasa_agent_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_qpasa_agent_client_packets',`
gen_require(`
type qpasa_agent_client_packet_t;
')
dontaudit $1 qpasa_agent_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive qpasa_agent_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_qpasa_agent_client_packets',`
corenet_send_qpasa_agent_client_packets($1)
corenet_receive_qpasa_agent_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive qpasa_agent_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_qpasa_agent_client_packets',`
corenet_dontaudit_send_qpasa_agent_client_packets($1)
corenet_dontaudit_receive_qpasa_agent_client_packets($1)
')
########################################
## <summary>
## Relabel packets to qpasa_agent_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_qpasa_agent_client_packets',`
gen_require(`
type qpasa_agent_client_packet_t;
')
allow $1 qpasa_agent_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send qpasa_agent_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_qpasa_agent_server_packets',`
gen_require(`
type qpasa_agent_server_packet_t;
')
allow $1 qpasa_agent_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send qpasa_agent_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_qpasa_agent_server_packets',`
gen_require(`
type qpasa_agent_server_packet_t;
')
dontaudit $1 qpasa_agent_server_packet_t:packet send;
')
########################################
## <summary>
## Receive qpasa_agent_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_qpasa_agent_server_packets',`
gen_require(`
type qpasa_agent_server_packet_t;
')
allow $1 qpasa_agent_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive qpasa_agent_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_qpasa_agent_server_packets',`
gen_require(`
type qpasa_agent_server_packet_t;
')
dontaudit $1 qpasa_agent_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive qpasa_agent_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_qpasa_agent_server_packets',`
corenet_send_qpasa_agent_server_packets($1)
corenet_receive_qpasa_agent_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive qpasa_agent_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_qpasa_agent_server_packets',`
corenet_dontaudit_send_qpasa_agent_server_packets($1)
corenet_dontaudit_receive_qpasa_agent_server_packets($1)
')
########################################
## <summary>
## Relabel packets to qpasa_agent_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_qpasa_agent_server_packets',`
gen_require(`
type qpasa_agent_server_packet_t;
')
allow $1 qpasa_agent_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_zarafa_port',`
gen_require(`
type zarafa_port_t;
')
allow $1 zarafa_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_zarafa_port',`
gen_require(`
type zarafa_port_t;
')
allow $1 zarafa_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_zarafa_port',`
gen_require(`
type zarafa_port_t;
')
dontaudit $1 zarafa_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_zarafa_port',`
gen_require(`
type zarafa_port_t;
')
allow $1 zarafa_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_zarafa_port',`
gen_require(`
type zarafa_port_t;
')
dontaudit $1 zarafa_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_zarafa_port',`
corenet_udp_send_zarafa_port($1)
corenet_udp_receive_zarafa_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_zarafa_port',`
corenet_dontaudit_udp_send_zarafa_port($1)
corenet_dontaudit_udp_receive_zarafa_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_zarafa_port',`
gen_require(`
type zarafa_port_t;
')
allow $1 zarafa_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_zarafa_port',`
gen_require(`
type zarafa_port_t;
')
allow $1 zarafa_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_zarafa_port',`
gen_require(`
type zarafa_port_t;
')
dontaudit $1 zarafa_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_zarafa_port',`
gen_require(`
type zarafa_port_t;
')
allow $1 zarafa_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to zarafa port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_zarafa_port',`
gen_require(`
type zarafa_port_t;
')
dontaudit $1 zarafa_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send zarafa_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zarafa_client_packets',`
gen_require(`
type zarafa_client_packet_t;
')
allow $1 zarafa_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zarafa_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zarafa_client_packets',`
gen_require(`
type zarafa_client_packet_t;
')
dontaudit $1 zarafa_client_packet_t:packet send;
')
########################################
## <summary>
## Receive zarafa_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zarafa_client_packets',`
gen_require(`
type zarafa_client_packet_t;
')
allow $1 zarafa_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zarafa_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zarafa_client_packets',`
gen_require(`
type zarafa_client_packet_t;
')
dontaudit $1 zarafa_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zarafa_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zarafa_client_packets',`
corenet_send_zarafa_client_packets($1)
corenet_receive_zarafa_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zarafa_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zarafa_client_packets',`
corenet_dontaudit_send_zarafa_client_packets($1)
corenet_dontaudit_receive_zarafa_client_packets($1)
')
########################################
## <summary>
## Relabel packets to zarafa_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zarafa_client_packets',`
gen_require(`
type zarafa_client_packet_t;
')
allow $1 zarafa_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send zarafa_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zarafa_server_packets',`
gen_require(`
type zarafa_server_packet_t;
')
allow $1 zarafa_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zarafa_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zarafa_server_packets',`
gen_require(`
type zarafa_server_packet_t;
')
dontaudit $1 zarafa_server_packet_t:packet send;
')
########################################
## <summary>
## Receive zarafa_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zarafa_server_packets',`
gen_require(`
type zarafa_server_packet_t;
')
allow $1 zarafa_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zarafa_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zarafa_server_packets',`
gen_require(`
type zarafa_server_packet_t;
')
dontaudit $1 zarafa_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zarafa_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zarafa_server_packets',`
corenet_send_zarafa_server_packets($1)
corenet_receive_zarafa_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zarafa_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zarafa_server_packets',`
corenet_dontaudit_send_zarafa_server_packets($1)
corenet_dontaudit_receive_zarafa_server_packets($1)
')
########################################
## <summary>
## Relabel packets to zarafa_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zarafa_server_packets',`
gen_require(`
type zarafa_server_packet_t;
')
allow $1 zarafa_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_zabbix_port',`
gen_require(`
type zabbix_port_t;
')
allow $1 zabbix_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_zabbix_port',`
gen_require(`
type zabbix_port_t;
')
allow $1 zabbix_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_zabbix_port',`
gen_require(`
type zabbix_port_t;
')
dontaudit $1 zabbix_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_zabbix_port',`
gen_require(`
type zabbix_port_t;
')
allow $1 zabbix_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_zabbix_port',`
gen_require(`
type zabbix_port_t;
')
dontaudit $1 zabbix_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_zabbix_port',`
corenet_udp_send_zabbix_port($1)
corenet_udp_receive_zabbix_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_zabbix_port',`
corenet_dontaudit_udp_send_zabbix_port($1)
corenet_dontaudit_udp_receive_zabbix_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_zabbix_port',`
gen_require(`
type zabbix_port_t;
')
allow $1 zabbix_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_zabbix_port',`
gen_require(`
type zabbix_port_t;
')
allow $1 zabbix_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_zabbix_port',`
gen_require(`
type zabbix_port_t;
')
dontaudit $1 zabbix_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_zabbix_port',`
gen_require(`
type zabbix_port_t;
')
allow $1 zabbix_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to zabbix port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_zabbix_port',`
gen_require(`
type zabbix_port_t;
')
dontaudit $1 zabbix_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send zabbix_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zabbix_client_packets',`
gen_require(`
type zabbix_client_packet_t;
')
allow $1 zabbix_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zabbix_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zabbix_client_packets',`
gen_require(`
type zabbix_client_packet_t;
')
dontaudit $1 zabbix_client_packet_t:packet send;
')
########################################
## <summary>
## Receive zabbix_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zabbix_client_packets',`
gen_require(`
type zabbix_client_packet_t;
')
allow $1 zabbix_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zabbix_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zabbix_client_packets',`
gen_require(`
type zabbix_client_packet_t;
')
dontaudit $1 zabbix_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zabbix_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zabbix_client_packets',`
corenet_send_zabbix_client_packets($1)
corenet_receive_zabbix_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zabbix_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zabbix_client_packets',`
corenet_dontaudit_send_zabbix_client_packets($1)
corenet_dontaudit_receive_zabbix_client_packets($1)
')
########################################
## <summary>
## Relabel packets to zabbix_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zabbix_client_packets',`
gen_require(`
type zabbix_client_packet_t;
')
allow $1 zabbix_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send zabbix_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zabbix_server_packets',`
gen_require(`
type zabbix_server_packet_t;
')
allow $1 zabbix_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zabbix_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zabbix_server_packets',`
gen_require(`
type zabbix_server_packet_t;
')
dontaudit $1 zabbix_server_packet_t:packet send;
')
########################################
## <summary>
## Receive zabbix_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zabbix_server_packets',`
gen_require(`
type zabbix_server_packet_t;
')
allow $1 zabbix_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zabbix_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zabbix_server_packets',`
gen_require(`
type zabbix_server_packet_t;
')
dontaudit $1 zabbix_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zabbix_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zabbix_server_packets',`
corenet_send_zabbix_server_packets($1)
corenet_receive_zabbix_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zabbix_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zabbix_server_packets',`
corenet_dontaudit_send_zabbix_server_packets($1)
corenet_dontaudit_receive_zabbix_server_packets($1)
')
########################################
## <summary>
## Relabel packets to zabbix_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zabbix_server_packets',`
gen_require(`
type zabbix_server_packet_t;
')
allow $1 zabbix_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_zabbix_agent_port',`
gen_require(`
type zabbix_agent_port_t;
')
allow $1 zabbix_agent_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_zabbix_agent_port',`
gen_require(`
type zabbix_agent_port_t;
')
allow $1 zabbix_agent_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_zabbix_agent_port',`
gen_require(`
type zabbix_agent_port_t;
')
dontaudit $1 zabbix_agent_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_zabbix_agent_port',`
gen_require(`
type zabbix_agent_port_t;
')
allow $1 zabbix_agent_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_zabbix_agent_port',`
gen_require(`
type zabbix_agent_port_t;
')
dontaudit $1 zabbix_agent_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_zabbix_agent_port',`
corenet_udp_send_zabbix_agent_port($1)
corenet_udp_receive_zabbix_agent_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_zabbix_agent_port',`
corenet_dontaudit_udp_send_zabbix_agent_port($1)
corenet_dontaudit_udp_receive_zabbix_agent_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_zabbix_agent_port',`
gen_require(`
type zabbix_agent_port_t;
')
allow $1 zabbix_agent_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_zabbix_agent_port',`
gen_require(`
type zabbix_agent_port_t;
')
allow $1 zabbix_agent_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_zabbix_agent_port',`
gen_require(`
type zabbix_agent_port_t;
')
dontaudit $1 zabbix_agent_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_zabbix_agent_port',`
gen_require(`
type zabbix_agent_port_t;
')
allow $1 zabbix_agent_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to zabbix_agent port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_zabbix_agent_port',`
gen_require(`
type zabbix_agent_port_t;
')
dontaudit $1 zabbix_agent_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send zabbix_agent_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zabbix_agent_client_packets',`
gen_require(`
type zabbix_agent_client_packet_t;
')
allow $1 zabbix_agent_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zabbix_agent_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zabbix_agent_client_packets',`
gen_require(`
type zabbix_agent_client_packet_t;
')
dontaudit $1 zabbix_agent_client_packet_t:packet send;
')
########################################
## <summary>
## Receive zabbix_agent_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zabbix_agent_client_packets',`
gen_require(`
type zabbix_agent_client_packet_t;
')
allow $1 zabbix_agent_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zabbix_agent_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zabbix_agent_client_packets',`
gen_require(`
type zabbix_agent_client_packet_t;
')
dontaudit $1 zabbix_agent_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zabbix_agent_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zabbix_agent_client_packets',`
corenet_send_zabbix_agent_client_packets($1)
corenet_receive_zabbix_agent_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zabbix_agent_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zabbix_agent_client_packets',`
corenet_dontaudit_send_zabbix_agent_client_packets($1)
corenet_dontaudit_receive_zabbix_agent_client_packets($1)
')
########################################
## <summary>
## Relabel packets to zabbix_agent_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zabbix_agent_client_packets',`
gen_require(`
type zabbix_agent_client_packet_t;
')
allow $1 zabbix_agent_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send zabbix_agent_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zabbix_agent_server_packets',`
gen_require(`
type zabbix_agent_server_packet_t;
')
allow $1 zabbix_agent_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zabbix_agent_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zabbix_agent_server_packets',`
gen_require(`
type zabbix_agent_server_packet_t;
')
dontaudit $1 zabbix_agent_server_packet_t:packet send;
')
########################################
## <summary>
## Receive zabbix_agent_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zabbix_agent_server_packets',`
gen_require(`
type zabbix_agent_server_packet_t;
')
allow $1 zabbix_agent_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zabbix_agent_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zabbix_agent_server_packets',`
gen_require(`
type zabbix_agent_server_packet_t;
')
dontaudit $1 zabbix_agent_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zabbix_agent_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zabbix_agent_server_packets',`
corenet_send_zabbix_agent_server_packets($1)
corenet_receive_zabbix_agent_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zabbix_agent_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zabbix_agent_server_packets',`
corenet_dontaudit_send_zabbix_agent_server_packets($1)
corenet_dontaudit_receive_zabbix_agent_server_packets($1)
')
########################################
## <summary>
## Relabel packets to zabbix_agent_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zabbix_agent_server_packets',`
gen_require(`
type zabbix_agent_server_packet_t;
')
allow $1 zabbix_agent_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the zookeeper_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_zookeeper_client_port',`
gen_require(`
type zookeeper_client_port_t;
')
allow $1 zookeeper_client_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the zookeeper_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_zookeeper_client_port',`
gen_require(`
type zookeeper_client_port_t;
')
allow $1 zookeeper_client_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the zookeeper_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_zookeeper_client_port',`
gen_require(`
type zookeeper_client_port_t;
')
dontaudit $1 zookeeper_client_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the zookeeper_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_zookeeper_client_port',`
gen_require(`
type zookeeper_client_port_t;
')
allow $1 zookeeper_client_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the zookeeper_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_zookeeper_client_port',`
gen_require(`
type zookeeper_client_port_t;
')
dontaudit $1 zookeeper_client_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the zookeeper_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_zookeeper_client_port',`
corenet_udp_send_zookeeper_client_port($1)
corenet_udp_receive_zookeeper_client_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the zookeeper_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_zookeeper_client_port',`
corenet_dontaudit_udp_send_zookeeper_client_port($1)
corenet_dontaudit_udp_receive_zookeeper_client_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the zookeeper_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_zookeeper_client_port',`
gen_require(`
type zookeeper_client_port_t;
')
allow $1 zookeeper_client_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the zookeeper_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_zookeeper_client_port',`
gen_require(`
type zookeeper_client_port_t;
')
allow $1 zookeeper_client_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to zookeeper_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_zookeeper_client_port',`
gen_require(`
type zookeeper_client_port_t;
')
dontaudit $1 zookeeper_client_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the zookeeper_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_zookeeper_client_port',`
gen_require(`
type zookeeper_client_port_t;
')
allow $1 zookeeper_client_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to zookeeper_client port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_zookeeper_client_port',`
gen_require(`
type zookeeper_client_port_t;
')
dontaudit $1 zookeeper_client_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send zookeeper_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zookeeper_client_client_packets',`
gen_require(`
type zookeeper_client_client_packet_t;
')
allow $1 zookeeper_client_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zookeeper_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zookeeper_client_client_packets',`
gen_require(`
type zookeeper_client_client_packet_t;
')
dontaudit $1 zookeeper_client_client_packet_t:packet send;
')
########################################
## <summary>
## Receive zookeeper_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zookeeper_client_client_packets',`
gen_require(`
type zookeeper_client_client_packet_t;
')
allow $1 zookeeper_client_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zookeeper_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zookeeper_client_client_packets',`
gen_require(`
type zookeeper_client_client_packet_t;
')
dontaudit $1 zookeeper_client_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zookeeper_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zookeeper_client_client_packets',`
corenet_send_zookeeper_client_client_packets($1)
corenet_receive_zookeeper_client_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zookeeper_client_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zookeeper_client_client_packets',`
corenet_dontaudit_send_zookeeper_client_client_packets($1)
corenet_dontaudit_receive_zookeeper_client_client_packets($1)
')
########################################
## <summary>
## Relabel packets to zookeeper_client_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zookeeper_client_client_packets',`
gen_require(`
type zookeeper_client_client_packet_t;
')
allow $1 zookeeper_client_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send zookeeper_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zookeeper_client_server_packets',`
gen_require(`
type zookeeper_client_server_packet_t;
')
allow $1 zookeeper_client_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zookeeper_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zookeeper_client_server_packets',`
gen_require(`
type zookeeper_client_server_packet_t;
')
dontaudit $1 zookeeper_client_server_packet_t:packet send;
')
########################################
## <summary>
## Receive zookeeper_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zookeeper_client_server_packets',`
gen_require(`
type zookeeper_client_server_packet_t;
')
allow $1 zookeeper_client_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zookeeper_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zookeeper_client_server_packets',`
gen_require(`
type zookeeper_client_server_packet_t;
')
dontaudit $1 zookeeper_client_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zookeeper_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zookeeper_client_server_packets',`
corenet_send_zookeeper_client_server_packets($1)
corenet_receive_zookeeper_client_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zookeeper_client_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zookeeper_client_server_packets',`
corenet_dontaudit_send_zookeeper_client_server_packets($1)
corenet_dontaudit_receive_zookeeper_client_server_packets($1)
')
########################################
## <summary>
## Relabel packets to zookeeper_client_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zookeeper_client_server_packets',`
gen_require(`
type zookeeper_client_server_packet_t;
')
allow $1 zookeeper_client_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the zookeeper_election port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_zookeeper_election_port',`
gen_require(`
type zookeeper_election_port_t;
')
allow $1 zookeeper_election_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the zookeeper_election port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_zookeeper_election_port',`
gen_require(`
type zookeeper_election_port_t;
')
allow $1 zookeeper_election_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the zookeeper_election port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_zookeeper_election_port',`
gen_require(`
type zookeeper_election_port_t;
')
dontaudit $1 zookeeper_election_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the zookeeper_election port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_zookeeper_election_port',`
gen_require(`
type zookeeper_election_port_t;
')
allow $1 zookeeper_election_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the zookeeper_election port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_zookeeper_election_port',`
gen_require(`
type zookeeper_election_port_t;
')
dontaudit $1 zookeeper_election_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the zookeeper_election port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_zookeeper_election_port',`
corenet_udp_send_zookeeper_election_port($1)
corenet_udp_receive_zookeeper_election_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the zookeeper_election port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_zookeeper_election_port',`
corenet_dontaudit_udp_send_zookeeper_election_port($1)
corenet_dontaudit_udp_receive_zookeeper_election_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the zookeeper_election port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_zookeeper_election_port',`
gen_require(`
type zookeeper_election_port_t;
')
allow $1 zookeeper_election_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the zookeeper_election port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_zookeeper_election_port',`
gen_require(`
type zookeeper_election_port_t;
')
allow $1 zookeeper_election_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to zookeeper_election port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_zookeeper_election_port',`
gen_require(`
type zookeeper_election_port_t;
')
dontaudit $1 zookeeper_election_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the zookeeper_election port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_zookeeper_election_port',`
gen_require(`
type zookeeper_election_port_t;
')
allow $1 zookeeper_election_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to zookeeper_election port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_zookeeper_election_port',`
gen_require(`
type zookeeper_election_port_t;
')
dontaudit $1 zookeeper_election_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send zookeeper_election_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zookeeper_election_client_packets',`
gen_require(`
type zookeeper_election_client_packet_t;
')
allow $1 zookeeper_election_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zookeeper_election_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zookeeper_election_client_packets',`
gen_require(`
type zookeeper_election_client_packet_t;
')
dontaudit $1 zookeeper_election_client_packet_t:packet send;
')
########################################
## <summary>
## Receive zookeeper_election_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zookeeper_election_client_packets',`
gen_require(`
type zookeeper_election_client_packet_t;
')
allow $1 zookeeper_election_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zookeeper_election_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zookeeper_election_client_packets',`
gen_require(`
type zookeeper_election_client_packet_t;
')
dontaudit $1 zookeeper_election_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zookeeper_election_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zookeeper_election_client_packets',`
corenet_send_zookeeper_election_client_packets($1)
corenet_receive_zookeeper_election_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zookeeper_election_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zookeeper_election_client_packets',`
corenet_dontaudit_send_zookeeper_election_client_packets($1)
corenet_dontaudit_receive_zookeeper_election_client_packets($1)
')
########################################
## <summary>
## Relabel packets to zookeeper_election_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zookeeper_election_client_packets',`
gen_require(`
type zookeeper_election_client_packet_t;
')
allow $1 zookeeper_election_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send zookeeper_election_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zookeeper_election_server_packets',`
gen_require(`
type zookeeper_election_server_packet_t;
')
allow $1 zookeeper_election_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zookeeper_election_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zookeeper_election_server_packets',`
gen_require(`
type zookeeper_election_server_packet_t;
')
dontaudit $1 zookeeper_election_server_packet_t:packet send;
')
########################################
## <summary>
## Receive zookeeper_election_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zookeeper_election_server_packets',`
gen_require(`
type zookeeper_election_server_packet_t;
')
allow $1 zookeeper_election_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zookeeper_election_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zookeeper_election_server_packets',`
gen_require(`
type zookeeper_election_server_packet_t;
')
dontaudit $1 zookeeper_election_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zookeeper_election_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zookeeper_election_server_packets',`
corenet_send_zookeeper_election_server_packets($1)
corenet_receive_zookeeper_election_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zookeeper_election_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zookeeper_election_server_packets',`
corenet_dontaudit_send_zookeeper_election_server_packets($1)
corenet_dontaudit_receive_zookeeper_election_server_packets($1)
')
########################################
## <summary>
## Relabel packets to zookeeper_election_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zookeeper_election_server_packets',`
gen_require(`
type zookeeper_election_server_packet_t;
')
allow $1 zookeeper_election_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the zookeeper_leader port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_zookeeper_leader_port',`
gen_require(`
type zookeeper_leader_port_t;
')
allow $1 zookeeper_leader_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the zookeeper_leader port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_zookeeper_leader_port',`
gen_require(`
type zookeeper_leader_port_t;
')
allow $1 zookeeper_leader_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the zookeeper_leader port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_zookeeper_leader_port',`
gen_require(`
type zookeeper_leader_port_t;
')
dontaudit $1 zookeeper_leader_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the zookeeper_leader port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_zookeeper_leader_port',`
gen_require(`
type zookeeper_leader_port_t;
')
allow $1 zookeeper_leader_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the zookeeper_leader port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_zookeeper_leader_port',`
gen_require(`
type zookeeper_leader_port_t;
')
dontaudit $1 zookeeper_leader_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the zookeeper_leader port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_zookeeper_leader_port',`
corenet_udp_send_zookeeper_leader_port($1)
corenet_udp_receive_zookeeper_leader_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the zookeeper_leader port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_zookeeper_leader_port',`
corenet_dontaudit_udp_send_zookeeper_leader_port($1)
corenet_dontaudit_udp_receive_zookeeper_leader_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the zookeeper_leader port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_zookeeper_leader_port',`
gen_require(`
type zookeeper_leader_port_t;
')
allow $1 zookeeper_leader_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the zookeeper_leader port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_zookeeper_leader_port',`
gen_require(`
type zookeeper_leader_port_t;
')
allow $1 zookeeper_leader_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to zookeeper_leader port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_zookeeper_leader_port',`
gen_require(`
type zookeeper_leader_port_t;
')
dontaudit $1 zookeeper_leader_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the zookeeper_leader port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_zookeeper_leader_port',`
gen_require(`
type zookeeper_leader_port_t;
')
allow $1 zookeeper_leader_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to zookeeper_leader port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_zookeeper_leader_port',`
gen_require(`
type zookeeper_leader_port_t;
')
dontaudit $1 zookeeper_leader_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send zookeeper_leader_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zookeeper_leader_client_packets',`
gen_require(`
type zookeeper_leader_client_packet_t;
')
allow $1 zookeeper_leader_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zookeeper_leader_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zookeeper_leader_client_packets',`
gen_require(`
type zookeeper_leader_client_packet_t;
')
dontaudit $1 zookeeper_leader_client_packet_t:packet send;
')
########################################
## <summary>
## Receive zookeeper_leader_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zookeeper_leader_client_packets',`
gen_require(`
type zookeeper_leader_client_packet_t;
')
allow $1 zookeeper_leader_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zookeeper_leader_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zookeeper_leader_client_packets',`
gen_require(`
type zookeeper_leader_client_packet_t;
')
dontaudit $1 zookeeper_leader_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zookeeper_leader_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zookeeper_leader_client_packets',`
corenet_send_zookeeper_leader_client_packets($1)
corenet_receive_zookeeper_leader_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zookeeper_leader_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zookeeper_leader_client_packets',`
corenet_dontaudit_send_zookeeper_leader_client_packets($1)
corenet_dontaudit_receive_zookeeper_leader_client_packets($1)
')
########################################
## <summary>
## Relabel packets to zookeeper_leader_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zookeeper_leader_client_packets',`
gen_require(`
type zookeeper_leader_client_packet_t;
')
allow $1 zookeeper_leader_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send zookeeper_leader_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zookeeper_leader_server_packets',`
gen_require(`
type zookeeper_leader_server_packet_t;
')
allow $1 zookeeper_leader_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zookeeper_leader_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zookeeper_leader_server_packets',`
gen_require(`
type zookeeper_leader_server_packet_t;
')
dontaudit $1 zookeeper_leader_server_packet_t:packet send;
')
########################################
## <summary>
## Receive zookeeper_leader_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zookeeper_leader_server_packets',`
gen_require(`
type zookeeper_leader_server_packet_t;
')
allow $1 zookeeper_leader_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zookeeper_leader_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zookeeper_leader_server_packets',`
gen_require(`
type zookeeper_leader_server_packet_t;
')
dontaudit $1 zookeeper_leader_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zookeeper_leader_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zookeeper_leader_server_packets',`
corenet_send_zookeeper_leader_server_packets($1)
corenet_receive_zookeeper_leader_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zookeeper_leader_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zookeeper_leader_server_packets',`
corenet_dontaudit_send_zookeeper_leader_server_packets($1)
corenet_dontaudit_receive_zookeeper_leader_server_packets($1)
')
########################################
## <summary>
## Relabel packets to zookeeper_leader_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zookeeper_leader_server_packets',`
gen_require(`
type zookeeper_leader_server_packet_t;
')
allow $1 zookeeper_leader_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_zebra_port',`
gen_require(`
type zebra_port_t;
')
allow $1 zebra_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_zebra_port',`
gen_require(`
type zebra_port_t;
')
allow $1 zebra_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_zebra_port',`
gen_require(`
type zebra_port_t;
')
dontaudit $1 zebra_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_zebra_port',`
gen_require(`
type zebra_port_t;
')
allow $1 zebra_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_zebra_port',`
gen_require(`
type zebra_port_t;
')
dontaudit $1 zebra_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_zebra_port',`
corenet_udp_send_zebra_port($1)
corenet_udp_receive_zebra_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_zebra_port',`
corenet_dontaudit_udp_send_zebra_port($1)
corenet_dontaudit_udp_receive_zebra_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_zebra_port',`
gen_require(`
type zebra_port_t;
')
allow $1 zebra_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Bind UDP sockets to the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_zebra_port',`
gen_require(`
type zebra_port_t;
')
allow $1 zebra_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Do not audit attempts to sbind to zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_zebra_port',`
gen_require(`
type zebra_port_t;
')
dontaudit $1 zebra_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
')
########################################
## <summary>
## Make a TCP connection to the zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_zebra_port',`
gen_require(`
type zebra_port_t;
')
allow $1 zebra_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to zebra port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_zebra_port',`
gen_require(`
type zebra_port_t;
')
dontaudit $1 zebra_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send zebra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zebra_client_packets',`
gen_require(`
type zebra_client_packet_t;
')
allow $1 zebra_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zebra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zebra_client_packets',`
gen_require(`
type zebra_client_packet_t;
')
dontaudit $1 zebra_client_packet_t:packet send;
')
########################################
## <summary>
## Receive zebra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zebra_client_packets',`
gen_require(`
type zebra_client_packet_t;
')
allow $1 zebra_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zebra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zebra_client_packets',`
gen_require(`
type zebra_client_packet_t;
')
dontaudit $1 zebra_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zebra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zebra_client_packets',`
corenet_send_zebra_client_packets($1)
corenet_receive_zebra_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zebra_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zebra_client_packets',`
corenet_dontaudit_send_zebra_client_packets($1)
corenet_dontaudit_receive_zebra_client_packets($1)
')
########################################
## <summary>
## Relabel packets to zebra_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zebra_client_packets',`
gen_require(`
type zebra_client_packet_t;
')
allow $1 zebra_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send zebra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zebra_server_packets',`
gen_require(`
type zebra_server_packet_t;
')
allow $1 zebra_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zebra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zebra_server_packets',`
gen_require(`
type zebra_server_packet_t;
')
dontaudit $1 zebra_server_packet_t:packet send;
')
########################################
## <summary>
## Receive zebra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zebra_server_packets',`
gen_require(`
type zebra_server_packet_t;
')
allow $1 zebra_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zebra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zebra_server_packets',`
gen_require(`
type zebra_server_packet_t;
')
dontaudit $1 zebra_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zebra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zebra_server_packets',`
corenet_send_zebra_server_packets($1)
corenet_receive_zebra_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zebra_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zebra_server_packets',`
corenet_dontaudit_send_zebra_server_packets($1)
corenet_dontaudit_receive_zebra_server_packets($1)
')
########################################
## <summary>
## Relabel packets to zebra_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zebra_server_packets',`
gen_require(`
type zebra_server_packet_t;
')
allow $1 zebra_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_zented_port',`
gen_require(`
type zented_port_t;
')
allow $1 zented_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_zented_port',`
gen_require(`
type zented_port_t;
')
allow $1 zented_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_zented_port',`
gen_require(`
type zented_port_t;
')
dontaudit $1 zented_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_zented_port',`
gen_require(`
type zented_port_t;
')
allow $1 zented_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_zented_port',`
gen_require(`
type zented_port_t;
')
dontaudit $1 zented_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_zented_port',`
corenet_udp_send_zented_port($1)
corenet_udp_receive_zented_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_zented_port',`
corenet_dontaudit_udp_send_zented_port($1)
corenet_dontaudit_udp_receive_zented_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_zented_port',`
gen_require(`
type zented_port_t;
')
allow $1 zented_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_zented_port',`
gen_require(`
type zented_port_t;
')
allow $1 zented_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_zented_port',`
gen_require(`
type zented_port_t;
')
dontaudit $1 zented_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_zented_port',`
gen_require(`
type zented_port_t;
')
allow $1 zented_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to zented port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_zented_port',`
gen_require(`
type zented_port_t;
')
dontaudit $1 zented_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send zented_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zented_client_packets',`
gen_require(`
type zented_client_packet_t;
')
allow $1 zented_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zented_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zented_client_packets',`
gen_require(`
type zented_client_packet_t;
')
dontaudit $1 zented_client_packet_t:packet send;
')
########################################
## <summary>
## Receive zented_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zented_client_packets',`
gen_require(`
type zented_client_packet_t;
')
allow $1 zented_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zented_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zented_client_packets',`
gen_require(`
type zented_client_packet_t;
')
dontaudit $1 zented_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zented_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zented_client_packets',`
corenet_send_zented_client_packets($1)
corenet_receive_zented_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zented_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zented_client_packets',`
corenet_dontaudit_send_zented_client_packets($1)
corenet_dontaudit_receive_zented_client_packets($1)
')
########################################
## <summary>
## Relabel packets to zented_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zented_client_packets',`
gen_require(`
type zented_client_packet_t;
')
allow $1 zented_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send zented_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zented_server_packets',`
gen_require(`
type zented_server_packet_t;
')
allow $1 zented_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zented_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zented_server_packets',`
gen_require(`
type zented_server_packet_t;
')
dontaudit $1 zented_server_packet_t:packet send;
')
########################################
## <summary>
## Receive zented_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zented_server_packets',`
gen_require(`
type zented_server_packet_t;
')
allow $1 zented_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zented_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zented_server_packets',`
gen_require(`
type zented_server_packet_t;
')
dontaudit $1 zented_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zented_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zented_server_packets',`
corenet_send_zented_server_packets($1)
corenet_receive_zented_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zented_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zented_server_packets',`
corenet_dontaudit_send_zented_server_packets($1)
corenet_dontaudit_receive_zented_server_packets($1)
')
########################################
## <summary>
## Relabel packets to zented_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zented_server_packets',`
gen_require(`
type zented_server_packet_t;
')
allow $1 zented_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP traffic on the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_zope_port',`
gen_require(`
type zope_port_t;
')
allow $1 zope_port_t:tcp_socket { send_msg recv_msg };
')
########################################
## <summary>
## Send UDP traffic on the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_zope_port',`
gen_require(`
type zope_port_t;
')
allow $1 zope_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Do not audit attempts to send UDP traffic on the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_send_zope_port',`
gen_require(`
type zope_port_t;
')
dontaudit $1 zope_port_t:udp_socket send_msg;
')
########################################
## <summary>
## Receive UDP traffic on the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_zope_port',`
gen_require(`
type zope_port_t;
')
allow $1 zope_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Do not audit attempts to receive UDP traffic on the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_receive_zope_port',`
gen_require(`
type zope_port_t;
')
dontaudit $1 zope_port_t:udp_socket recv_msg;
')
########################################
## <summary>
## Send and receive UDP traffic on the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_zope_port',`
corenet_udp_send_zope_port($1)
corenet_udp_receive_zope_port($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive
## UDP traffic on the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_sendrecv_zope_port',`
corenet_dontaudit_udp_send_zope_port($1)
corenet_dontaudit_udp_receive_zope_port($1)
')
########################################
## <summary>
## Bind TCP sockets to the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_zope_port',`
gen_require(`
type zope_port_t;
')
allow $1 zope_port_t:tcp_socket name_bind;
')
########################################
## <summary>
## Bind UDP sockets to the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_zope_port',`
gen_require(`
type zope_port_t;
')
allow $1 zope_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Do not audit attempts to sbind to zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_udp_bind_zope_port',`
gen_require(`
type zope_port_t;
')
dontaudit $1 zope_port_t:udp_socket name_bind;
')
########################################
## <summary>
## Make a TCP connection to the zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_tcp_connect_zope_port',`
gen_require(`
type zope_port_t;
')
allow $1 zope_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Do not audit attempts to make a TCP connection to zope port.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_dontaudit_tcp_connect_zope_port',`
gen_require(`
type zope_port_t;
')
dontaudit $1 zope_port_t:tcp_socket name_connect;
')
########################################
## <summary>
## Send zope_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zope_client_packets',`
gen_require(`
type zope_client_packet_t;
')
allow $1 zope_client_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zope_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zope_client_packets',`
gen_require(`
type zope_client_packet_t;
')
dontaudit $1 zope_client_packet_t:packet send;
')
########################################
## <summary>
## Receive zope_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zope_client_packets',`
gen_require(`
type zope_client_packet_t;
')
allow $1 zope_client_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zope_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zope_client_packets',`
gen_require(`
type zope_client_packet_t;
')
dontaudit $1 zope_client_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zope_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zope_client_packets',`
corenet_send_zope_client_packets($1)
corenet_receive_zope_client_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zope_client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zope_client_packets',`
corenet_dontaudit_send_zope_client_packets($1)
corenet_dontaudit_receive_zope_client_packets($1)
')
########################################
## <summary>
## Relabel packets to zope_client the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zope_client_packets',`
gen_require(`
type zope_client_packet_t;
')
allow $1 zope_client_packet_t:packet relabelto;
')
########################################
## <summary>
## Send zope_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_zope_server_packets',`
gen_require(`
type zope_server_packet_t;
')
allow $1 zope_server_packet_t:packet send;
')
########################################
## <summary>
## Do not audit attempts to send zope_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_send_zope_server_packets',`
gen_require(`
type zope_server_packet_t;
')
dontaudit $1 zope_server_packet_t:packet send;
')
########################################
## <summary>
## Receive zope_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_zope_server_packets',`
gen_require(`
type zope_server_packet_t;
')
allow $1 zope_server_packet_t:packet recv;
')
########################################
## <summary>
## Do not audit attempts to receive zope_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_receive_zope_server_packets',`
gen_require(`
type zope_server_packet_t;
')
dontaudit $1 zope_server_packet_t:packet recv;
')
########################################
## <summary>
## Send and receive zope_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_zope_server_packets',`
corenet_send_zope_server_packets($1)
corenet_receive_zope_server_packets($1)
')
########################################
## <summary>
## Do not audit attempts to send and receive zope_server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_dontaudit_sendrecv_zope_server_packets',`
corenet_dontaudit_send_zope_server_packets($1)
corenet_dontaudit_receive_zope_server_packets($1)
')
########################################
## <summary>
## Relabel packets to zope_server the packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_zope_server_packets',`
gen_require(`
type zope_server_packet_t;
')
allow $1 zope_server_packet_t:packet relabelto;
')
########################################
## <summary>
## Send and receive TCP network traffic on the lo interface.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_lo_if',`
gen_require(`
type lo_netif_t;
')
allow $1 lo_netif_t:netif { tcp_send tcp_recv egress ingress };
')
########################################
## <summary>
## Send UDP network traffic on the lo interface.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_lo_if',`
gen_require(`
type lo_netif_t;
')
allow $1 lo_netif_t:netif { udp_send egress };
')
########################################
## <summary>
## Receive UDP network traffic on the lo interface.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_lo_if',`
gen_require(`
type lo_netif_t;
')
allow $1 lo_netif_t:netif { udp_recv ingress };
')
########################################
## <summary>
## Send and receive UDP network traffic on the lo interface.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_lo_if',`
corenet_udp_send_lo_if($1)
corenet_udp_receive_lo_if($1)
')
########################################
## <summary>
## Send raw IP packets on the lo interface.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_raw_send_lo_if',`
gen_require(`
type lo_netif_t;
')
allow $1 lo_netif_t:netif { rawip_send egress };
')
########################################
## <summary>
## Receive raw IP packets on the lo interface.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_raw_receive_lo_if',`
gen_require(`
type lo_netif_t;
')
allow $1 lo_netif_t:netif { rawip_recv ingress };
')
########################################
## <summary>
## Send and receive raw IP packets on the lo interface.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_raw_sendrecv_lo_if',`
corenet_raw_send_lo_if($1)
corenet_raw_receive_lo_if($1)
')