Lines 13350-13355
interface(`corenet_relabelto_biff_server_packets',`
Link Here
|
13350 |
|
13350 |
|
13351 |
######################################## |
13351 |
######################################## |
13352 |
## <summary> |
13352 |
## <summary> |
|
|
13353 |
## Send and receive TCP traffic on the bitcoin port. |
13354 |
## </summary> |
13355 |
## <param name="domain"> |
13356 |
## <summary> |
13357 |
## Domain allowed access. |
13358 |
## </summary> |
13359 |
## </param> |
13360 |
## <infoflow type="both" weight="10"/> |
13361 |
# |
13362 |
interface(`corenet_tcp_sendrecv_bitcoin_port',` |
13363 |
gen_require(` |
13364 |
type bitcoin_port_t; |
13365 |
') |
13366 |
|
13367 |
allow $1 bitcoin_port_t:tcp_socket { send_msg recv_msg }; |
13368 |
') |
13369 |
|
13370 |
######################################## |
13371 |
## <summary> |
13372 |
## Send UDP traffic on the bitcoin port. |
13373 |
## </summary> |
13374 |
## <param name="domain"> |
13375 |
## <summary> |
13376 |
## Domain allowed access. |
13377 |
## </summary> |
13378 |
## </param> |
13379 |
## <infoflow type="write" weight="10"/> |
13380 |
# |
13381 |
interface(`corenet_udp_send_bitcoin_port',` |
13382 |
gen_require(` |
13383 |
type bitcoin_port_t; |
13384 |
') |
13385 |
|
13386 |
allow $1 bitcoin_port_t:udp_socket send_msg; |
13387 |
') |
13388 |
|
13389 |
######################################## |
13390 |
## <summary> |
13391 |
## Do not audit attempts to send UDP traffic on the bitcoin port. |
13392 |
## </summary> |
13393 |
## <param name="domain"> |
13394 |
## <summary> |
13395 |
## Domain to not audit. |
13396 |
## </summary> |
13397 |
## </param> |
13398 |
## <infoflow type="none"/> |
13399 |
# |
13400 |
interface(`corenet_dontaudit_udp_send_bitcoin_port',` |
13401 |
gen_require(` |
13402 |
type bitcoin_port_t; |
13403 |
') |
13404 |
|
13405 |
dontaudit $1 bitcoin_port_t:udp_socket send_msg; |
13406 |
') |
13407 |
|
13408 |
######################################## |
13409 |
## <summary> |
13410 |
## Receive UDP traffic on the bitcoin port. |
13411 |
## </summary> |
13412 |
## <param name="domain"> |
13413 |
## <summary> |
13414 |
## Domain allowed access. |
13415 |
## </summary> |
13416 |
## </param> |
13417 |
## <infoflow type="read" weight="10"/> |
13418 |
# |
13419 |
interface(`corenet_udp_receive_bitcoin_port',` |
13420 |
gen_require(` |
13421 |
type bitcoin_port_t; |
13422 |
') |
13423 |
|
13424 |
allow $1 bitcoin_port_t:udp_socket recv_msg; |
13425 |
') |
13426 |
|
13427 |
######################################## |
13428 |
## <summary> |
13429 |
## Do not audit attempts to receive UDP traffic on the bitcoin port. |
13430 |
## </summary> |
13431 |
## <param name="domain"> |
13432 |
## <summary> |
13433 |
## Domain to not audit. |
13434 |
## </summary> |
13435 |
## </param> |
13436 |
## <infoflow type="none"/> |
13437 |
# |
13438 |
interface(`corenet_dontaudit_udp_receive_bitcoin_port',` |
13439 |
gen_require(` |
13440 |
type bitcoin_port_t; |
13441 |
') |
13442 |
|
13443 |
dontaudit $1 bitcoin_port_t:udp_socket recv_msg; |
13444 |
') |
13445 |
|
13446 |
######################################## |
13447 |
## <summary> |
13448 |
## Send and receive UDP traffic on the bitcoin port. |
13449 |
## </summary> |
13450 |
## <param name="domain"> |
13451 |
## <summary> |
13452 |
## Domain allowed access. |
13453 |
## </summary> |
13454 |
## </param> |
13455 |
## <infoflow type="both" weight="10"/> |
13456 |
# |
13457 |
interface(`corenet_udp_sendrecv_bitcoin_port',` |
13458 |
corenet_udp_send_bitcoin_port($1) |
13459 |
corenet_udp_receive_bitcoin_port($1) |
13460 |
') |
13461 |
|
13462 |
######################################## |
13463 |
## <summary> |
13464 |
## Do not audit attempts to send and receive |
13465 |
## UDP traffic on the bitcoin port. |
13466 |
## </summary> |
13467 |
## <param name="domain"> |
13468 |
## <summary> |
13469 |
## Domain to not audit. |
13470 |
## </summary> |
13471 |
## </param> |
13472 |
## <infoflow type="none"/> |
13473 |
# |
13474 |
interface(`corenet_dontaudit_udp_sendrecv_bitcoin_port',` |
13475 |
corenet_dontaudit_udp_send_bitcoin_port($1) |
13476 |
corenet_dontaudit_udp_receive_bitcoin_port($1) |
13477 |
') |
13478 |
|
13479 |
######################################## |
13480 |
## <summary> |
13481 |
## Bind TCP sockets to the bitcoin port. |
13482 |
## </summary> |
13483 |
## <param name="domain"> |
13484 |
## <summary> |
13485 |
## Domain allowed access. |
13486 |
## </summary> |
13487 |
## </param> |
13488 |
## <infoflow type="none"/> |
13489 |
# |
13490 |
interface(`corenet_tcp_bind_bitcoin_port',` |
13491 |
gen_require(` |
13492 |
type bitcoin_port_t; |
13493 |
') |
13494 |
|
13495 |
allow $1 bitcoin_port_t:tcp_socket name_bind; |
13496 |
|
13497 |
') |
13498 |
|
13499 |
######################################## |
13500 |
## <summary> |
13501 |
## Bind UDP sockets to the bitcoin port. |
13502 |
## </summary> |
13503 |
## <param name="domain"> |
13504 |
## <summary> |
13505 |
## Domain allowed access. |
13506 |
## </summary> |
13507 |
## </param> |
13508 |
## <infoflow type="none"/> |
13509 |
# |
13510 |
interface(`corenet_udp_bind_bitcoin_port',` |
13511 |
gen_require(` |
13512 |
type bitcoin_port_t; |
13513 |
') |
13514 |
|
13515 |
allow $1 bitcoin_port_t:udp_socket name_bind; |
13516 |
|
13517 |
') |
13518 |
|
13519 |
######################################## |
13520 |
## <summary> |
13521 |
## Make a TCP connection to the bitcoin port. |
13522 |
## </summary> |
13523 |
## <param name="domain"> |
13524 |
## <summary> |
13525 |
## Domain allowed access. |
13526 |
## </summary> |
13527 |
## </param> |
13528 |
# |
13529 |
interface(`corenet_tcp_connect_bitcoin_port',` |
13530 |
gen_require(` |
13531 |
type bitcoin_port_t; |
13532 |
') |
13533 |
|
13534 |
allow $1 bitcoin_port_t:tcp_socket name_connect; |
13535 |
') |
13536 |
|
13537 |
|
13538 |
######################################## |
13539 |
## <summary> |
13540 |
## Send bitcoin_client packets. |
13541 |
## </summary> |
13542 |
## <param name="domain"> |
13543 |
## <summary> |
13544 |
## Domain allowed access. |
13545 |
## </summary> |
13546 |
## </param> |
13547 |
## <infoflow type="write" weight="10"/> |
13548 |
# |
13549 |
interface(`corenet_send_bitcoin_client_packets',` |
13550 |
gen_require(` |
13551 |
type bitcoin_client_packet_t; |
13552 |
') |
13553 |
|
13554 |
allow $1 bitcoin_client_packet_t:packet send; |
13555 |
') |
13556 |
|
13557 |
######################################## |
13558 |
## <summary> |
13559 |
## Do not audit attempts to send bitcoin_client packets. |
13560 |
## </summary> |
13561 |
## <param name="domain"> |
13562 |
## <summary> |
13563 |
## Domain to not audit. |
13564 |
## </summary> |
13565 |
## </param> |
13566 |
## <infoflow type="none"/> |
13567 |
# |
13568 |
interface(`corenet_dontaudit_send_bitcoin_client_packets',` |
13569 |
gen_require(` |
13570 |
type bitcoin_client_packet_t; |
13571 |
') |
13572 |
|
13573 |
dontaudit $1 bitcoin_client_packet_t:packet send; |
13574 |
') |
13575 |
|
13576 |
######################################## |
13577 |
## <summary> |
13578 |
## Receive bitcoin_client packets. |
13579 |
## </summary> |
13580 |
## <param name="domain"> |
13581 |
## <summary> |
13582 |
## Domain allowed access. |
13583 |
## </summary> |
13584 |
## </param> |
13585 |
## <infoflow type="read" weight="10"/> |
13586 |
# |
13587 |
interface(`corenet_receive_bitcoin_client_packets',` |
13588 |
gen_require(` |
13589 |
type bitcoin_client_packet_t; |
13590 |
') |
13591 |
|
13592 |
allow $1 bitcoin_client_packet_t:packet recv; |
13593 |
') |
13594 |
|
13595 |
######################################## |
13596 |
## <summary> |
13597 |
## Do not audit attempts to receive bitcoin_client packets. |
13598 |
## </summary> |
13599 |
## <param name="domain"> |
13600 |
## <summary> |
13601 |
## Domain allowed access. |
13602 |
## </summary> |
13603 |
## </param> |
13604 |
## <infoflow type="none"/> |
13605 |
# |
13606 |
interface(`corenet_dontaudit_receive_bitcoin_client_packets',` |
13607 |
gen_require(` |
13608 |
type bitcoin_client_packet_t; |
13609 |
') |
13610 |
|
13611 |
dontaudit $1 bitcoin_client_packet_t:packet recv; |
13612 |
') |
13613 |
|
13614 |
######################################## |
13615 |
## <summary> |
13616 |
## Send and receive bitcoin_client packets. |
13617 |
## </summary> |
13618 |
## <param name="domain"> |
13619 |
## <summary> |
13620 |
## Domain allowed access. |
13621 |
## </summary> |
13622 |
## </param> |
13623 |
## <infoflow type="both" weight="10"/> |
13624 |
# |
13625 |
interface(`corenet_sendrecv_bitcoin_client_packets',` |
13626 |
corenet_send_bitcoin_client_packets($1) |
13627 |
corenet_receive_bitcoin_client_packets($1) |
13628 |
') |
13629 |
|
13630 |
######################################## |
13631 |
## <summary> |
13632 |
## Do not audit attempts to send and receive bitcoin_client packets. |
13633 |
## </summary> |
13634 |
## <param name="domain"> |
13635 |
## <summary> |
13636 |
## Domain to not audit. |
13637 |
## </summary> |
13638 |
## </param> |
13639 |
## <infoflow type="none"/> |
13640 |
# |
13641 |
interface(`corenet_dontaudit_sendrecv_bitcoin_client_packets',` |
13642 |
corenet_dontaudit_send_bitcoin_client_packets($1) |
13643 |
corenet_dontaudit_receive_bitcoin_client_packets($1) |
13644 |
') |
13645 |
|
13646 |
######################################## |
13647 |
## <summary> |
13648 |
## Relabel packets to bitcoin_client the packet type. |
13649 |
## </summary> |
13650 |
## <param name="domain"> |
13651 |
## <summary> |
13652 |
## Domain allowed access. |
13653 |
## </summary> |
13654 |
## </param> |
13655 |
# |
13656 |
interface(`corenet_relabelto_bitcoin_client_packets',` |
13657 |
gen_require(` |
13658 |
type bitcoin_client_packet_t; |
13659 |
') |
13660 |
|
13661 |
allow $1 bitcoin_client_packet_t:packet relabelto; |
13662 |
') |
13663 |
|
13664 |
|
13665 |
######################################## |
13666 |
## <summary> |
13667 |
## Send bitcoin_server packets. |
13668 |
## </summary> |
13669 |
## <param name="domain"> |
13670 |
## <summary> |
13671 |
## Domain allowed access. |
13672 |
## </summary> |
13673 |
## </param> |
13674 |
## <infoflow type="write" weight="10"/> |
13675 |
# |
13676 |
interface(`corenet_send_bitcoin_server_packets',` |
13677 |
gen_require(` |
13678 |
type bitcoin_server_packet_t; |
13679 |
') |
13680 |
|
13681 |
allow $1 bitcoin_server_packet_t:packet send; |
13682 |
') |
13683 |
|
13684 |
######################################## |
13685 |
## <summary> |
13686 |
## Do not audit attempts to send bitcoin_server packets. |
13687 |
## </summary> |
13688 |
## <param name="domain"> |
13689 |
## <summary> |
13690 |
## Domain to not audit. |
13691 |
## </summary> |
13692 |
## </param> |
13693 |
## <infoflow type="none"/> |
13694 |
# |
13695 |
interface(`corenet_dontaudit_send_bitcoin_server_packets',` |
13696 |
gen_require(` |
13697 |
type bitcoin_server_packet_t; |
13698 |
') |
13699 |
|
13700 |
dontaudit $1 bitcoin_server_packet_t:packet send; |
13701 |
') |
13702 |
|
13703 |
######################################## |
13704 |
## <summary> |
13705 |
## Receive bitcoin_server packets. |
13706 |
## </summary> |
13707 |
## <param name="domain"> |
13708 |
## <summary> |
13709 |
## Domain allowed access. |
13710 |
## </summary> |
13711 |
## </param> |
13712 |
## <infoflow type="read" weight="10"/> |
13713 |
# |
13714 |
interface(`corenet_receive_bitcoin_server_packets',` |
13715 |
gen_require(` |
13716 |
type bitcoin_server_packet_t; |
13717 |
') |
13718 |
|
13719 |
allow $1 bitcoin_server_packet_t:packet recv; |
13720 |
') |
13721 |
|
13722 |
######################################## |
13723 |
## <summary> |
13724 |
## Do not audit attempts to receive bitcoin_server packets. |
13725 |
## </summary> |
13726 |
## <param name="domain"> |
13727 |
## <summary> |
13728 |
## Domain allowed access. |
13729 |
## </summary> |
13730 |
## </param> |
13731 |
## <infoflow type="none"/> |
13732 |
# |
13733 |
interface(`corenet_dontaudit_receive_bitcoin_server_packets',` |
13734 |
gen_require(` |
13735 |
type bitcoin_server_packet_t; |
13736 |
') |
13737 |
|
13738 |
dontaudit $1 bitcoin_server_packet_t:packet recv; |
13739 |
') |
13740 |
|
13741 |
######################################## |
13742 |
## <summary> |
13743 |
## Send and receive bitcoin_server packets. |
13744 |
## </summary> |
13745 |
## <param name="domain"> |
13746 |
## <summary> |
13747 |
## Domain allowed access. |
13748 |
## </summary> |
13749 |
## </param> |
13750 |
## <infoflow type="both" weight="10"/> |
13751 |
# |
13752 |
interface(`corenet_sendrecv_bitcoin_server_packets',` |
13753 |
corenet_send_bitcoin_server_packets($1) |
13754 |
corenet_receive_bitcoin_server_packets($1) |
13755 |
') |
13756 |
|
13757 |
######################################## |
13758 |
## <summary> |
13759 |
## Do not audit attempts to send and receive bitcoin_server packets. |
13760 |
## </summary> |
13761 |
## <param name="domain"> |
13762 |
## <summary> |
13763 |
## Domain to not audit. |
13764 |
## </summary> |
13765 |
## </param> |
13766 |
## <infoflow type="none"/> |
13767 |
# |
13768 |
interface(`corenet_dontaudit_sendrecv_bitcoin_server_packets',` |
13769 |
corenet_dontaudit_send_bitcoin_server_packets($1) |
13770 |
corenet_dontaudit_receive_bitcoin_server_packets($1) |
13771 |
') |
13772 |
|
13773 |
######################################## |
13774 |
## <summary> |
13775 |
## Relabel packets to bitcoin_server the packet type. |
13776 |
## </summary> |
13777 |
## <param name="domain"> |
13778 |
## <summary> |
13779 |
## Domain allowed access. |
13780 |
## </summary> |
13781 |
## </param> |
13782 |
# |
13783 |
interface(`corenet_relabelto_bitcoin_server_packets',` |
13784 |
gen_require(` |
13785 |
type bitcoin_server_packet_t; |
13786 |
') |
13787 |
|
13788 |
allow $1 bitcoin_server_packet_t:packet relabelto; |
13789 |
') |
13790 |
|
13791 |
|
13792 |
|
13793 |
|
13794 |
######################################## |
13795 |
## <summary> |
13353 |
## Send and receive TCP traffic on the certmaster port. |
13796 |
## Send and receive TCP traffic on the certmaster port. |
13354 |
## </summary> |
13797 |
## </summary> |
13355 |
## <param name="domain"> |
13798 |
## <param name="domain"> |