# FLASK

#
# Security contexts for network entities
# If no context is specified, then a default initial SID is used.
#

# Modified by Reino Wallin <reino@oribium.com>
# Multi NIC, and IPSEC features

# Modified by Russell Coker
# ifdefs to encapsulate domains, and many additional port contexts

#
# Port numbers (default = initial SID "port")
# 
# protocol number context
# protocol low-high context
#
ifdef(`inetd.te', `
portcon tcp 7 system_u:object_r:inetd_port_t
portcon udp 7 system_u:object_r:inetd_port_t
portcon tcp 9 system_u:object_r:inetd_port_t
portcon udp 9 system_u:object_r:inetd_port_t
portcon tcp 13 system_u:object_r:inetd_port_t
portcon udp 13 system_u:object_r:inetd_port_t
portcon tcp 19 system_u:object_r:inetd_port_t
portcon udp 19 system_u:object_r:inetd_port_t
portcon tcp 37 system_u:object_r:inetd_port_t
portcon udp 37 system_u:object_r:inetd_port_t
portcon tcp 113 system_u:object_r:inetd_port_t
portcon udp 517 system_u:object_r:inetd_port_t
')
ifdef(`courier.te', `define(`use_pop')')
ifdef(`perdition.te', `define(`use_pop')')
ifdef(`ftpd.te', `
portcon tcp 20 system_u:object_r:ftp_data_port_t
portcon tcp 21 system_u:object_r:ftp_port_t
')
ifdef(`ssh.te', `portcon tcp 22 system_u:object_r:ssh_port_t')
ifdef(`inetd.te', `portcon tcp 23 system_u:object_r:telnet_port_t')
ifdef(`mta.te', `portcon tcp 25 system_u:object_r:smtp_port_t')
ifdef(`named.te', `portcon udp 53 system_u:object_r:named_port_t
portcon tcp 53 system_u:object_r:named_port_t')
ifdef(`dhcpd.te', `portcon udp 67  system_u:object_r:dhcpd_port_t')
ifdef(`dhcpc.te', `portcon udp 68  system_u:object_r:dhcpc_port_t')
ifdef(`tftpd.te', `portcon udp 69  system_u:object_r:tftp_port_t')
ifdef(`fingerd.te', `portcon tcp 79  system_u:object_r:fingerd_port_t')
ifdef(`apache.te', `
portcon tcp 80  system_u:object_r:http_port_t
portcon tcp 443  system_u:object_r:http_port_t
')
ifdef(`use_pop', `
portcon tcp 106 system_u:object_r:pop_port_t
portcon tcp 109 system_u:object_r:pop_port_t
portcon tcp 110 system_u:object_r:pop_port_t
')
ifdef(`portmap.te', `
portcon udp 111 system_u:object_r:portmap_port_t
portcon tcp 111 system_u:object_r:portmap_port_t
')
ifdef(`ntpd.te', `portcon udp 123 system_u:object_r:ntp_port_t')
ifdef(`samba.te', `
portcon tcp 137 system_u:object_r:smbd_port_t
portcon udp 137 system_u:object_r:nmbd_port_t
portcon tcp 138 system_u:object_r:smbd_port_t
portcon udp 138 system_u:object_r:nmbd_port_t
portcon tcp 139 system_u:object_r:smbd_port_t
portcon udp 139 system_u:object_r:nmbd_port_t
portcon tcp 445 system_u:object_r:smbd_port_t
')
ifdef(`use_pop', `portcon tcp 143 system_u:object_r:pop_port_t')
ifdef(`snmpd.te', `
portcon udp 161 system_u:object_r:snmp_port_t
portcon udp 162 system_u:object_r:snmp_port_t
portcon tcp 199 system_u:object_r:snmp_port_t
')
ifdef(`use_pop', `portcon tcp 220 system_u:object_r:pop_port_t')
ifdef(`slapd.te', `portcon tcp 389 system_u:object_r:ldap_port_t')
ifdef(`rlogind.te', `portcon tcp 513 system_u:object_r:rlogin_port_t')
ifdef(`rshd.te', `portcon tcp 514 system_u:object_r:rsh_port_t')
ifdef(`lpd.te', `portcon tcp 515 system_u:object_r:printer_port_t')
ifdef(`cups.te', `
portcon tcp 631 system_u:object_r:ipp_port_t
portcon udp 631 system_u:object_r:ipp_port_t
')
ifdef(`spamd.te', `portcon tcp 783 system_u:object_r:spamd_port_t')
ifdef(`named.te', `portcon tcp 953 system_u:object_r:rndc_port_t')
ifdef(`use_pop', `
portcon tcp 993 system_u:object_r:pop_port_t
portcon tcp 995 system_u:object_r:pop_port_t
portcon tcp 1109 system_u:object_r:pop_port_t
')
ifdef(`monopd.te', `portcon tcp 1234 system_u:object_r:monopd_port_t')
ifdef(`radius.te', `portcon udp 1645 system_u:object_r:radius_port_t
portcon udp 1646 system_u:object_r:radacct_port_t
portcon udp 1812 system_u:object_r:radius_port_t
portcon udp 1813 system_u:object_r:radacct_port_t')
ifdef(`dictd.te', `portcon tcp 2628 system_u:object_r:dict_port_t')
ifdef(`imazesrv.te',`
portcon tcp 5323 system_u:object_r:imaze_port_t
portcon udp 5323 system_u:object_r:imaze_port_t
')
ifdef(`postgresql.te', `portcon tcp 5432 system_u:object_r:postgresql_port_t')
ifdef(`xdm.te', `define(`use_x_ports')')
ifdef(`startx.te', `define(`use_x_ports')')
ifdef(`use_x_ports', `
portcon tcp 6000  system_u:object_r:xserver_port_t
portcon tcp 6001  system_u:object_r:xserver_port_t
portcon tcp 6002  system_u:object_r:xserver_port_t
portcon tcp 6003  system_u:object_r:xserver_port_t
portcon tcp 6004  system_u:object_r:xserver_port_t
portcon tcp 6005  system_u:object_r:xserver_port_t
portcon tcp 6006  system_u:object_r:xserver_port_t
portcon tcp 6007  system_u:object_r:xserver_port_t
portcon tcp 6008  system_u:object_r:xserver_port_t
portcon tcp 6009  system_u:object_r:xserver_port_t
portcon tcp 6010  system_u:object_r:xserver_port_t
portcon tcp 6011  system_u:object_r:xserver_port_t
portcon tcp 6012  system_u:object_r:xserver_port_t
portcon tcp 6013  system_u:object_r:xserver_port_t
portcon tcp 6014  system_u:object_r:xserver_port_t
portcon tcp 6015  system_u:object_r:xserver_port_t
portcon tcp 6016  system_u:object_r:xserver_port_t
portcon tcp 6017  system_u:object_r:xserver_port_t
portcon tcp 6018  system_u:object_r:xserver_port_t
portcon tcp 6019  system_u:object_r:xserver_port_t
')
ifdef(`ircd.te', `portcon tcp 6667 system_u:object_r:ircd_port_t')
ifdef(`ciped.te', `portcon udp 7007 system_u:object_r:cipe_port_t')
ifdef(`sound-server.te', `
portcon tcp 8000 system_u:object_r:soundd_port_t
# 9433 is for YIFF
portcon tcp 9433 system_u:object_r:soundd_port_t
')
ifdef(`apache.te', `define(`use_http_cache')')
ifdef(`squid.te', `define(`use_http_cache')')
ifdef(`use_http_cache', `
portcon tcp 8080  system_u:object_r:http_cache_port_t
portcon udp 3130  system_u:object_r:http_cache_port_t
')
ifdef(`transproxy.te', `portcon tcp 8081 system_u:object_r:transproxy_port_t')

# Network interfaces (default = initial SID "netif" and "netmsg")
#
# interface netif_context default_msg_context
#
netifcon lo system_u:object_r:netif_lo_t system_u:object_r:netmsg_lo_t
netifcon eth0 system_u:object_r:netif_eth0_t system_u:object_r:netmsg_eth0_t
netifcon eth1 system_u:object_r:netif_eth1_t system_u:object_r:netmsg_eth1_t
netifcon eth2 system_u:object_r:netif_eth2_t system_u:object_r:netmsg_eth2_t
netifcon ippp0 system_u:object_r:netif_ippp0_t system_u:object_r:netmsg_ippp0_t
netifcon ipsec0 system_u:object_r:netif_ipsec0_t system_u:object_r:netmsg_ipsec0_t
netifcon ipsec1 system_u:object_r:netif_ipsec1_t system_u:object_r:netmsg_ipsec1_t
netifcon ipsec2 system_u:object_r:netif_ipsec2_t system_u:object_r:netmsg_ipsec2_t

# Nodes (default = initial SID "node")
#
# address mask context
#
# The first matching entry is used.
#
nodecon 127.0.0.1 255.255.255.255 system_u:object_r:node_lo_t

# FLASK
