## <summary>Network analysis utilities</summary>

########################################

## <summary>

##	Execute network utilities in the netutils domain.

## </summary>

## <param name="domain">

##	The type of the process performing this action.

## </param>

#

interface(`netutils_domtrans',`

	gen_require(`

		type netutils_t, netutils_exec_t;

	')

	domain_auto_trans($1,netutils_exec_t,netutils_t)

	allow $1 netutils_t:fd use;

	allow netutils_t $1:fd use;

	allow netutils_t $1:fifo_file rw_file_perms;

	allow netutils_t $1:process sigchld;

')

########################################

## <summary>

##	Execute network utilities in the netutils domain, and

##	allow the specified role the netutils domain.

## </summary>

## <param name="domain">

##	The type of the process performing this action.

## </param>

## <param name="role">

##	The role to be allowed the netutils domain.

## </param>

## <param name="terminal">

##	The type of the terminal allow the netutils domain to use.

## </param>

#

interface(`netutils_run',`

	gen_require(`

		type netutils_t;

	')

	netutils_domtrans($1)

	role $2 types netutils_t;

	allow netutils_t $3:chr_file rw_term_perms;

')

########################################

## <summary>

##	Execute network utilities in the caller domain.

## </summary>

## <param name="domain">

##	The type of the process performing this action.

## </param>

#

interface(`netutils_exec',`

	gen_require(`

		type netutils_exec_t;

	')

	can_exec($1,netutils_exec_t)

')

########################################

## <summary>

##	Execute ping in the ping domain.

## </summary>

## <param name="domain">

##	The type of the process performing this action.

## </param>

#

interface(`netutils_domtrans_ping',`

	gen_require(`

		type ping_t, ping_exec_t;

	')

	domain_auto_trans($1,ping_exec_t,ping_t)

	allow $1 ping_t:fd use;

	allow ping_t $1:fd use;

	allow ping_t $1:fifo_file rw_file_perms;

	allow ping_t $1:process sigchld;

')

########################################

## <summary>

##	Execute ping in the ping domain, and

##	allow the specified role the ping domain.

## </summary>

## <param name="domain">

##	The type of the process performing this action.

## </param>

## <param name="role">

##	The role to be allowed the ping domain.

## </param>

## <param name="terminal">

##	The type of the terminal allow the ping domain to use.

## </param>

#

interface(`netutils_run_ping',`

	gen_require(`

		type ping_t;

	')

	netutils_domtrans_ping($1)

	role $2 types ping_t;

	allow ping_t $3:chr_file rw_term_perms;

')

########################################

## <summary>

##	Conditionally execute ping in the ping domain, and

##	allow the specified role the ping domain.

## </summary>

## <param name="domain">

##	The type of the process performing this action.

## </param>

## <param name="role">

##	The role to be allowed the ping domain.

## </param>

## <param name="terminal">

##	The type of the terminal allow the ping domain to use.

## </param>

#

interface(`netutils_run_ping_cond',`

	gen_require(`

		type ping_t;

		bool user_ping;

	')

	role $2 types ping_t;

	if ( user_ping ) {

		netutils_domtrans_ping($1)

		allow ping_t $3:chr_file rw_term_perms;

	}

')

########################################

## <summary>

##	Execute ping in the caller domain.

## </summary>

## <param name="domain">

##	The type of the process performing this action.

## </param>

#

interface(`netutils_exec_ping',`

	gen_require(`

		type ping_exec_t;

	')

	can_exec($1,ping_exec_t)

')

########################################

## <summary>

##	Execute traceroute in the traceroute domain.

## </summary>

## <param name="domain">

##	The type of the process performing this action.

## </param>

#

interface(`netutils_domtrans_traceroute',`

	gen_require(`

		type traceroute_t, traceroute_exec_t;

	')

	domain_auto_trans($1,traceroute_exec_t,traceroute_t)

	allow $1 traceroute_t:fd use;

	allow traceroute_t $1:fd use;

	allow traceroute_t $1:fifo_file rw_file_perms;

	allow traceroute_t $1:process sigchld;

')

########################################

## <summary>

##	Execute traceroute in the traceroute domain, and

##	allow the specified role the traceroute domain.

## </summary>

## <param name="domain">

##	The type of the process performing this action.

## </param>

## <param name="role">

##	The role to be allowed the traceroute domain.

## </param>

## <param name="terminal">

##	The type of the terminal allow the traceroute domain to use.

## </param>

#

interface(`netutils_run_traceroute',`

	gen_require(`

		type traceroute_t;

	')

	netutils_domtrans_traceroute($1)

	role $2 types traceroute_t;

	allow traceroute_t $3:chr_file rw_term_perms;

')

########################################

## <summary>

##	Conditionally execute traceroute in the traceroute domain, and

##	allow the specified role the traceroute domain.

## </summary>

## <param name="domain">

##	The type of the process performing this action.

## </param>

## <param name="role">

##	The role to be allowed the traceroute domain.

## </param>

## <param name="terminal">

##	The type of the terminal allow the traceroute domain to use.

## </param>

#

interface(`netutils_run_traceroute_cond',`

	gen_require(`

		type traceroute_t;

		bool user_ping;

	')

	role $2 types traceroute_t;

	if( user_ping ) {

		netutils_domtrans_traceroute($1)

		allow traceroute_t $3:chr_file rw_term_perms;

	}

')

########################################

## <summary>

##	Execute traceroute in the caller domain.

## </summary>

## <param name="domain">

##	The type of the process performing this action.

## </param>

#

interface(`netutils_exec_traceroute',`

	gen_require(`

		type traceroute_exec_t;

	')

	can_exec($1,traceroute_exec_t)

')