## ## Policy for network configuration: ifconfig and dhcp client. ####################################### ## ## ## Execute dhcp client in dhcpc domain. ## ## ## The type of the process performing this action. ## ## # define(`sysnetwork_dhcpc_transition',` requires_block_template(`$0'_depend) domain_auto_trans($1, dhcp_exec_t, dhcp_t) allow $1 dhcpc_t:fd use; allow dhcpc_t $1:fd use; allow dhcpc_t $1:fifo_file rw_file_perms; allow dhcpc_t $1:process sigchld; ') define(`sysnetwork_dhcpc_transition_depend',` type dhcpc_t, dhcpc_exec_t; class file { getattr read execute }; class process { transition noatsecure siginh rlimitinh sigchld }; class fd use; class fifo_file rw_file_perms; ') ####################################### ## ## ## Execute ifconfig in the ifconfig domain. ## ## ## The type of the process performing this action. ## ## # define(`sysnetwork_ifconfig_transition',` requires_block_template(`$0'_depend) domain_auto_trans($1, ifconfig_exec_t, ifconfig_t) allow $1 ifconfig_t:fd use; allow ifconfig_t $1:fd use; allow ifconfig_t $1:fifo_file rw_file_perms; allow ifconfig_t $1:process sigchld; ') define(`sysnetwork_ifconfig_transition_depend',` type ifconfig_t, ifconfig_exec_t; class file { getattr read execute }; class process { transition noatsecure siginh rlimitinh sigchld }; class fd use; class fifo_file rw_file_perms; ') ######################################## ## ## ## Execute ifconfig in the ifconfig domain, and ## allow the specified role the ifconfig domain, ## and use the caller's terminal. ## ## ## The type of the process performing this action. ## ## ## The role to be allowed the ifconfig domain. ## ## ## The type of the terminal allow the ifconfig domain to use. ## ## # define(`sysnetwork_ifconfig_transition_add_role_use_terminal',` requires_block_template(`$0'_depend) sysnetwork_ifconfig_transition($1) role $2 types ifconfig_t; allow ifconfig_t $3:chr_file { getattr read write ioctl }; ') define(`sysnetwork_ifconfig_transition_add_role_use_terminal_depend',` type ifconfig_t; class chr_file { getattr read write ioctl }; ') ####################################### ## ## ## Allow network init to read network config files. ## ## ## The type of the process performing this action. ## ## # define(`sysnetwork_read_network_config',` requires_block_template(`$0'_depend) files_search_general_system_config_directory($1) allow $1 net_conf_t:file r_file_perms; ') define(`sysnetwork_read_network_config_depend',` type net_conf_t; class file r_file_perms; ') ##