|
Chris PeBenito |
cf6141 |
#
|
|
Chris PeBenito |
cf6141 |
# shiftn(num,list...)
|
|
Chris PeBenito |
cf6141 |
#
|
|
Chris PeBenito |
cf6141 |
# shift the list num times
|
|
Chris PeBenito |
cf6141 |
#
|
|
Chris PeBenito |
cf6141 |
define(`shiftn',`ifelse($1,0,`shift($*)',`shiftn(decr($1),shift(shift($*)))')')
|
|
Chris PeBenito |
cf6141 |
|
|
Chris PeBenito |
50527c |
define(`declare_netifs',`dnl
|
|
Chris PeBenito |
e02c61 |
netifcon $2 gen_context(system_u:object_r:$1,$3) gen_context(system_u:object_r:unlabeled_t,$3)
|
|
Chris PeBenito |
50527c |
ifelse(`$4',`',`',`declare_netifs($1,shiftn(3,$*))')dnl
|
|
Chris PeBenito |
50527c |
')
|
|
Chris PeBenito |
50527c |
|
|
Chris PeBenito |
f2e4ab |
#
|
|
Chris PeBenito |
50527c |
# network_interface(if_name,linux_interface,mls_sensitivity)
|
|
Chris PeBenito |
f2e4ab |
#
|
|
Chris PeBenito |
f2e4ab |
define(`network_interface',`
|
|
Chris PeBenito |
c24ac9 |
gen_require(`type unlabeled_t')
|
|
Chris PeBenito |
f2e4ab |
type $1_netif_t alias netif_$1_t, netif_type;
|
|
Chris PeBenito |
50527c |
declare_netifs($1_netif_t,shift($*))
|
|
Chris PeBenito |
f2e4ab |
')
|
|
Chris PeBenito |
f2e4ab |
|
|
Chris PeBenito |
b7b1d2 |
define(`declare_nodes',`dnl
|
|
Chris PeBenito |
b7b1d2 |
nodecon $3 $4 gen_context(system_u:object_r:$1,$2)
|
|
Chris PeBenito |
b7b1d2 |
ifelse(`$5',`',`',`declare_nodes($1,shiftn(4,$*))')dnl
|
|
Chris PeBenito |
b7b1d2 |
')
|
|
Chris PeBenito |
b7b1d2 |
|
|
Chris PeBenito |
f2e4ab |
#
|
|
Chris PeBenito |
b7b1d2 |
# network_node(node_name,mls_sensitivity,address,netmask[, mls_sensitivity,address,netmask, [...]])
|
|
Chris PeBenito |
f2e4ab |
#
|
|
Chris PeBenito |
f2e4ab |
define(`network_node',`
|
|
Chris PeBenito |
f2e4ab |
type $1_node_t alias node_$1_t, node_type;
|
|
Chris PeBenito |
b7b1d2 |
declare_nodes($1_node_t,shift($*))
|
|
Chris PeBenito |
f2e4ab |
')
|
|
Chris PeBenito |
f2e4ab |
|
|
Chris PeBenito |
f2e4ab |
# These next three macros have formatting, and should not me indented
|
|
Chris PeBenito |
f2e4ab |
define(`determine_reserved_capability',`dnl
|
|
Chris PeBenito |
f2e4ab |
ifelse(eval($2 < 1024),1,``allow' dollarsone self:capability net_bind_service;',`dnl
|
|
Chris PeBenito |
f2e4ab |
ifelse($4,`',`',`determine_reserved_capability(shiftn(3,$*))')dnl end inner ifelse
|
|
Chris PeBenito |
f2e4ab |
')dnl end outer ifelse
|
|
Chris PeBenito |
f2e4ab |
') dnl end determine reserved capability
|
|
Chris PeBenito |
f2e4ab |
|
|
Chris PeBenito |
f2e4ab |
define(`determine_reserved_capability_depend',`dnl
|
|
Chris PeBenito |
f2e4ab |
ifelse(eval($2 < 1024),1,`class capability net_bind_service;',`dnl
|
|
Chris PeBenito |
f2e4ab |
ifelse($4,`',`',`determine_reserved_capability_depend(shiftn(3,$*))')dnl end inner ifelse
|
|
Chris PeBenito |
f2e4ab |
')dnl end outer ifelse
|
|
Chris PeBenito |
f2e4ab |
') dnl end determine reserved capability depend
|
|
Chris PeBenito |
f2e4ab |
|
|
Chris PeBenito |
f2e4ab |
define(`declare_ports',`dnl
|
|
Chris PeBenito |
e99359 |
ifelse(eval($3 < 1024),1,`
|
|
Chris PeBenito |
e99359 |
typeattribute $1 reserved_port_type;
|
|
Chris PeBenito |
e99359 |
#bindresvport in glibc starts searching for reserved ports at 600
|
|
Chris PeBenito |
e99359 |
ifelse(eval($3 >= 600),1,`typeattribute $1 rpc_port_type;',`dnl')
|
|
Chris PeBenito |
e99359 |
',`dnl')
|
|
Chris PeBenito |
e02c61 |
portcon $2 $3 gen_context(system_u:object_r:$1,$4)
|
|
Chris PeBenito |
f2e4ab |
ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl
|
|
Chris PeBenito |
f2e4ab |
')
|
|
Chris PeBenito |
f2e4ab |
|
|
Chris PeBenito |
f2e4ab |
#
|
|
Chris PeBenito |
f2e4ab |
# network_port(port_name,protocol portnum mls_sensitivity [,protocol portnum mls_sensitivity[,...]])
|
|
Chris PeBenito |
f2e4ab |
#
|
|
Chris PeBenito |
f2e4ab |
define(`network_port',`
|
|
Chris PeBenito |
f2e4ab |
type $1_port_t, port_type;
|
|
Chris PeBenito |
f2e4ab |
declare_ports($1_port_t,shift($*))
|
|
Chris PeBenito |
f2e4ab |
')
|