|
Chris PeBenito |
62a7b0 |
## <summary>Network analysis utilities</summary>
|
|
Chris PeBenito |
10abae |
|
|
Chris PeBenito |
ab940a |
########################################
|
|
Chris PeBenito |
ceebe3 |
## <summary>
|
|
Chris PeBenito |
ab940a |
## Execute network utilities in the netutils domain.
|
|
Chris PeBenito |
ceebe3 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Dominick Grift |
77e4b5 |
## Domain allowed to transition.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## </param>
|
|
Chris PeBenito |
10abae |
#
|
|
Chris PeBenito |
199895 |
interface(`netutils_domtrans',`
|
|
Chris PeBenito |
7f2e39 |
gen_require(`
|
|
Chris PeBenito |
7f2e39 |
type netutils_t, netutils_exec_t;
|
|
Chris PeBenito |
7f2e39 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0bfccd |
domtrans_pattern($1, netutils_exec_t, netutils_t)
|
|
Chris PeBenito |
10abae |
')
|
|
Chris PeBenito |
10abae |
|
|
Chris PeBenito |
ab940a |
########################################
|
|
Chris PeBenito |
ceebe3 |
## <summary>
|
|
Chris PeBenito |
ab940a |
## Execute network utilities in the netutils domain, and
|
|
Chris PeBenito |
ab940a |
## allow the specified role the netutils domain.
|
|
Chris PeBenito |
ceebe3 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Dominick Grift |
77e4b5 |
## Domain allowed to transition.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## </param>
|
|
Chris PeBenito |
ab940a |
## <param name="role">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
a7ee7f |
## Role allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## </param>
|
|
Chris PeBenito |
bbcd3c |
## <rolecap/>
|
|
Chris PeBenito |
10abae |
#
|
|
Chris PeBenito |
ab940a |
interface(`netutils_run',`
|
|
Chris PeBenito |
ab940a |
gen_require(`
|
|
Chris PeBenito |
ab940a |
type netutils_t;
|
|
Chris PeBenito |
ab940a |
')
|
|
Chris PeBenito |
ab940a |
|
|
Chris PeBenito |
ab940a |
netutils_domtrans($1)
|
|
Chris PeBenito |
ab940a |
role $2 types netutils_t;
|
|
Chris PeBenito |
ab940a |
')
|
|
Chris PeBenito |
ab940a |
|
|
Chris PeBenito |
ab940a |
########################################
|
|
Chris PeBenito |
ceebe3 |
## <summary>
|
|
Chris PeBenito |
ab940a |
## Execute network utilities in the caller domain.
|
|
Chris PeBenito |
ceebe3 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
f1e604 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## </param>
|
|
Chris PeBenito |
10abae |
#
|
|
Chris PeBenito |
199895 |
interface(`netutils_exec',`
|
|
Chris PeBenito |
7f2e39 |
gen_require(`
|
|
Chris PeBenito |
7f2e39 |
type netutils_exec_t;
|
|
Chris PeBenito |
7f2e39 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0bfccd |
can_exec($1, netutils_exec_t)
|
|
Chris PeBenito |
10abae |
')
|
|
Chris PeBenito |
ab940a |
|
|
Chris PeBenito |
ab940a |
########################################
|
|
Chris PeBenito |
ceebe3 |
## <summary>
|
|
Chris PeBenito |
8a948c |
## Send generic signals to network utilities.
|
|
Chris PeBenito |
8a948c |
## </summary>
|
|
Chris PeBenito |
8a948c |
## <param name="domain">
|
|
Chris PeBenito |
8a948c |
## <summary>
|
|
Chris PeBenito |
8a948c |
## Domain allowed access.
|
|
Chris PeBenito |
8a948c |
## </summary>
|
|
Chris PeBenito |
8a948c |
## </param>
|
|
Chris PeBenito |
8a948c |
#
|
|
Chris PeBenito |
8a948c |
interface(`netutils_signal',`
|
|
Chris PeBenito |
8a948c |
gen_require(`
|
|
Chris PeBenito |
8a948c |
type netutils_t;
|
|
Chris PeBenito |
8a948c |
')
|
|
Chris PeBenito |
8a948c |
|
|
Chris PeBenito |
8a948c |
allow $1 netutils_t:process signal;
|
|
Chris PeBenito |
8a948c |
')
|
|
Chris PeBenito |
8a948c |
|
|
Chris PeBenito |
8a948c |
########################################
|
|
Chris PeBenito |
8a948c |
## <summary>
|
|
Chris PeBenito |
ab940a |
## Execute ping in the ping domain.
|
|
Chris PeBenito |
ceebe3 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Dominick Grift |
77e4b5 |
## Domain allowed to transition.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## </param>
|
|
Chris PeBenito |
ab940a |
#
|
|
Chris PeBenito |
ab940a |
interface(`netutils_domtrans_ping',`
|
|
Chris PeBenito |
ab940a |
gen_require(`
|
|
Chris PeBenito |
ab940a |
type ping_t, ping_exec_t;
|
|
Chris PeBenito |
ab940a |
')
|
|
Chris PeBenito |
ab940a |
|
|
Chris PeBenito |
0bfccd |
domtrans_pattern($1, ping_exec_t, ping_t)
|
|
Chris PeBenito |
ab940a |
')
|
|
Chris PeBenito |
ab940a |
|
|
Chris PeBenito |
ab940a |
########################################
|
|
Chris PeBenito |
ceebe3 |
## <summary>
|
|
Chris PeBenito |
f1e604 |
## Send a kill (SIGKILL) signal to ping.
|
|
Chris PeBenito |
f1e604 |
## </summary>
|
|
Chris PeBenito |
f1e604 |
## <param name="domain">
|
|
Chris PeBenito |
f1e604 |
## <summary>
|
|
Chris PeBenito |
f1e604 |
## Domain allowed access.
|
|
Chris PeBenito |
f1e604 |
## </summary>
|
|
Chris PeBenito |
f1e604 |
## </param>
|
|
Chris PeBenito |
f1e604 |
#
|
|
Chris PeBenito |
f1e604 |
interface(`netutils_kill_ping',`
|
|
Chris PeBenito |
f1e604 |
gen_require(`
|
|
Chris PeBenito |
f1e604 |
type ping_t;
|
|
Chris PeBenito |
f1e604 |
')
|
|
Chris PeBenito |
f1e604 |
|
|
Chris PeBenito |
f1e604 |
allow $1 ping_t:process sigkill;
|
|
Chris PeBenito |
f1e604 |
')
|
|
Chris PeBenito |
f1e604 |
|
|
Chris PeBenito |
f1e604 |
########################################
|
|
Chris PeBenito |
f1e604 |
## <summary>
|
|
Chris PeBenito |
f1e604 |
## Send generic signals to ping.
|
|
Chris PeBenito |
f1e604 |
## </summary>
|
|
Chris PeBenito |
f1e604 |
## <param name="domain">
|
|
Chris PeBenito |
f1e604 |
## <summary>
|
|
Chris PeBenito |
f1e604 |
## Domain allowed access.
|
|
Chris PeBenito |
f1e604 |
## </summary>
|
|
Chris PeBenito |
f1e604 |
## </param>
|
|
Chris PeBenito |
f1e604 |
#
|
|
Chris PeBenito |
f1e604 |
interface(`netutils_signal_ping',`
|
|
Chris PeBenito |
f1e604 |
gen_require(`
|
|
Chris PeBenito |
f1e604 |
type ping_t;
|
|
Chris PeBenito |
f1e604 |
')
|
|
Chris PeBenito |
f1e604 |
|
|
Chris PeBenito |
f1e604 |
allow $1 ping_t:process signal;
|
|
Chris PeBenito |
f1e604 |
')
|
|
Chris PeBenito |
f1e604 |
|
|
Chris PeBenito |
f1e604 |
########################################
|
|
Chris PeBenito |
f1e604 |
## <summary>
|
|
Chris PeBenito |
ab940a |
## Execute ping in the ping domain, and
|
|
Chris PeBenito |
ab940a |
## allow the specified role the ping domain.
|
|
Chris PeBenito |
ceebe3 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Dominick Grift |
77e4b5 |
## Domain allowed to transition.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## </param>
|
|
Chris PeBenito |
ab940a |
## <param name="role">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
a7ee7f |
## Role allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## </param>
|
|
Chris PeBenito |
bbcd3c |
## <rolecap/>
|
|
Chris PeBenito |
ab940a |
#
|
|
Chris PeBenito |
ab940a |
interface(`netutils_run_ping',`
|
|
Chris PeBenito |
ab940a |
gen_require(`
|
|
Chris PeBenito |
ab940a |
type ping_t;
|
|
Chris PeBenito |
ab940a |
')
|
|
Chris PeBenito |
ab940a |
|
|
Chris PeBenito |
ab940a |
netutils_domtrans_ping($1)
|
|
Chris PeBenito |
ab940a |
role $2 types ping_t;
|
|
Chris PeBenito |
ab940a |
')
|
|
Chris PeBenito |
ab940a |
|
|
Chris PeBenito |
ab940a |
########################################
|
|
Chris PeBenito |
ceebe3 |
## <summary>
|
|
Chris PeBenito |
1f91e1 |
## Conditionally execute ping in the ping domain, and
|
|
Chris PeBenito |
1f91e1 |
## allow the specified role the ping domain.
|
|
Chris PeBenito |
1f91e1 |
## </summary>
|
|
Chris PeBenito |
1f91e1 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Dominick Grift |
77e4b5 |
## Domain allowed to transition.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
1f91e1 |
## </param>
|
|
Chris PeBenito |
1f91e1 |
## <param name="role">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
a7ee7f |
## Role allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
1f91e1 |
## </param>
|
|
Chris PeBenito |
bbcd3c |
## <rolecap/>
|
|
Chris PeBenito |
1f91e1 |
#
|
|
Chris PeBenito |
1f91e1 |
interface(`netutils_run_ping_cond',`
|
|
Chris PeBenito |
1f91e1 |
gen_require(`
|
|
Chris PeBenito |
1f91e1 |
type ping_t;
|
|
Chris PeBenito |
1f91e1 |
bool user_ping;
|
|
Chris PeBenito |
1f91e1 |
')
|
|
Chris PeBenito |
1f91e1 |
|
|
Chris PeBenito |
1f91e1 |
role $2 types ping_t;
|
|
Chris PeBenito |
1f91e1 |
|
|
Chris PeBenito |
1f91e1 |
if ( user_ping ) {
|
|
Chris PeBenito |
1f91e1 |
netutils_domtrans_ping($1)
|
|
Chris PeBenito |
1f91e1 |
}
|
|
Chris PeBenito |
1f91e1 |
')
|
|
Chris PeBenito |
1f91e1 |
|
|
Chris PeBenito |
1f91e1 |
########################################
|
|
Chris PeBenito |
1f91e1 |
## <summary>
|
|
Chris PeBenito |
ab940a |
## Execute ping in the caller domain.
|
|
Chris PeBenito |
ceebe3 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
f1e604 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## </param>
|
|
Chris PeBenito |
ab940a |
#
|
|
Chris PeBenito |
ab940a |
interface(`netutils_exec_ping',`
|
|
Chris PeBenito |
ab940a |
gen_require(`
|
|
Chris PeBenito |
ab940a |
type ping_exec_t;
|
|
Chris PeBenito |
ab940a |
')
|
|
Chris PeBenito |
ab940a |
|
|
Chris PeBenito |
0bfccd |
can_exec($1, ping_exec_t)
|
|
Chris PeBenito |
ab940a |
')
|
|
Chris PeBenito |
ab940a |
|
|
Chris PeBenito |
ab940a |
########################################
|
|
Chris PeBenito |
ceebe3 |
## <summary>
|
|
Chris PeBenito |
ab940a |
## Execute traceroute in the traceroute domain.
|
|
Chris PeBenito |
ceebe3 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Dominick Grift |
77e4b5 |
## Domain allowed to transition.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## </param>
|
|
Chris PeBenito |
ab940a |
#
|
|
Chris PeBenito |
ab940a |
interface(`netutils_domtrans_traceroute',`
|
|
Chris PeBenito |
ab940a |
gen_require(`
|
|
Chris PeBenito |
ab940a |
type traceroute_t, traceroute_exec_t;
|
|
Chris PeBenito |
ab940a |
')
|
|
Chris PeBenito |
ab940a |
|
|
Chris PeBenito |
0bfccd |
domtrans_pattern($1, traceroute_exec_t, traceroute_t)
|
|
Chris PeBenito |
ab940a |
')
|
|
Chris PeBenito |
ab940a |
|
|
Chris PeBenito |
ab940a |
########################################
|
|
Chris PeBenito |
ceebe3 |
## <summary>
|
|
Chris PeBenito |
ab940a |
## Execute traceroute in the traceroute domain, and
|
|
Chris PeBenito |
ab940a |
## allow the specified role the traceroute domain.
|
|
Chris PeBenito |
ceebe3 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Dominick Grift |
77e4b5 |
## Domain allowed to transition.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## </param>
|
|
Chris PeBenito |
ab940a |
## <param name="role">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
a7ee7f |
## Role allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## </param>
|
|
Chris PeBenito |
bbcd3c |
## <rolecap/>
|
|
Chris PeBenito |
ab940a |
#
|
|
Chris PeBenito |
ab940a |
interface(`netutils_run_traceroute',`
|
|
Chris PeBenito |
ab940a |
gen_require(`
|
|
Chris PeBenito |
ab940a |
type traceroute_t;
|
|
Chris PeBenito |
ab940a |
')
|
|
Chris PeBenito |
ab940a |
|
|
Chris PeBenito |
ab940a |
netutils_domtrans_traceroute($1)
|
|
Chris PeBenito |
ab940a |
role $2 types traceroute_t;
|
|
Chris PeBenito |
ab940a |
')
|
|
Chris PeBenito |
ab940a |
|
|
Chris PeBenito |
ab940a |
########################################
|
|
Chris PeBenito |
ceebe3 |
## <summary>
|
|
Chris PeBenito |
1f91e1 |
## Conditionally execute traceroute in the traceroute domain, and
|
|
Chris PeBenito |
1f91e1 |
## allow the specified role the traceroute domain.
|
|
Chris PeBenito |
1f91e1 |
## </summary>
|
|
Chris PeBenito |
1f91e1 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Dominick Grift |
77e4b5 |
## Domain allowed to transition.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
1f91e1 |
## </param>
|
|
Chris PeBenito |
1f91e1 |
## <param name="role">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
a7ee7f |
## Role allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
1f91e1 |
## </param>
|
|
Chris PeBenito |
bbcd3c |
## <rolecap/>
|
|
Chris PeBenito |
1f91e1 |
#
|
|
Chris PeBenito |
1f91e1 |
interface(`netutils_run_traceroute_cond',`
|
|
Chris PeBenito |
1f91e1 |
gen_require(`
|
|
Chris PeBenito |
1f91e1 |
type traceroute_t;
|
|
Chris PeBenito |
1f91e1 |
bool user_ping;
|
|
Chris PeBenito |
1f91e1 |
')
|
|
Chris PeBenito |
1f91e1 |
|
|
Chris PeBenito |
1f91e1 |
role $2 types traceroute_t;
|
|
Chris PeBenito |
1f91e1 |
|
|
Chris PeBenito |
1f91e1 |
if( user_ping ) {
|
|
Chris PeBenito |
1f91e1 |
netutils_domtrans_traceroute($1)
|
|
Chris PeBenito |
1f91e1 |
}
|
|
Chris PeBenito |
1f91e1 |
')
|
|
Chris PeBenito |
1f91e1 |
|
|
Chris PeBenito |
1f91e1 |
########################################
|
|
Chris PeBenito |
1f91e1 |
## <summary>
|
|
Chris PeBenito |
ab940a |
## Execute traceroute in the caller domain.
|
|
Chris PeBenito |
ceebe3 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
f1e604 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ab940a |
## </param>
|
|
Chris PeBenito |
ab940a |
#
|
|
Chris PeBenito |
ab940a |
interface(`netutils_exec_traceroute',`
|
|
Chris PeBenito |
ab940a |
gen_require(`
|
|
Chris PeBenito |
ab940a |
type traceroute_exec_t;
|
|
Chris PeBenito |
ab940a |
')
|
|
Chris PeBenito |
ab940a |
|
|
Chris PeBenito |
0bfccd |
can_exec($1, traceroute_exec_t)
|
|
Chris PeBenito |
ab940a |
')
|