• John Johansen's avatar
    apparmor: add base infastructure for socket mediation · 651e28c5
    John Johansen authored
    Provide a basic mediation of sockets. This is not a full net mediation
    but just whether a spcific family of socket can be used by an
    application, along with setting up some basic infrastructure for
    network mediation to follow.
    
    the user space rule hav the basic form of
      NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ]
                     [ TYPE | PROTOCOL ]
    
      DOMAIN = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' |
                 'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' |
    	     'netbeui' | 'security' | 'key' | 'packet' | 'ash' |
    	     'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' |
    	     'wanpipe' | 'bluetooth' | 'netlink' | 'unix' | 'rds' |
    	     'llc' | 'can' | 'tipc' | 'iucv' | 'rxrpc' | 'isdn' |
    	     'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' |
    	     'vsock' | 'mpls' | 'ib' | 'kcm' ) ','
    
      TYPE = ( 'stream' | 'dgram' | 'seqpacket' |  'rdm' | 'raw' |
               'packet' )
    
      PROTOCOL = ( 'tcp' | 'udp' | 'icmp' )
    
    eg.
      network,
      network inet,
    Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
    Acked-by: default avatarSeth Arnold <seth.arnold@canonical.com>
    651e28c5
policy.h 8.85 KB