• J
    apparmor: add base infastructure for socket mediation · 56974a6f
    John Johansen 提交于
    version 2 - Force an abi break. Network mediation will only be
                available in v8 abi complaint policy.
    
    Provide a basic mediation of sockets. This is not a full net mediation
    but just whether a spcific family of socket can be used by an
    application, along with setting up some basic infrastructure for
    network mediation to follow.
    
    the user space rule hav the basic form of
      NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ]
                     [ TYPE | PROTOCOL ]
    
      DOMAIN = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' |
                 'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' |
    	     'netbeui' | 'security' | 'key' | 'packet' | 'ash' |
    	     'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' |
    	     'wanpipe' | 'bluetooth' | 'netlink' | 'unix' | 'rds' |
    	     'llc' | 'can' | 'tipc' | 'iucv' | 'rxrpc' | 'isdn' |
    	     'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' |
    	     'vsock' | 'mpls' | 'ib' | 'kcm' ) ','
    
      TYPE = ( 'stream' | 'dgram' | 'seqpacket' |  'rdm' | 'raw' |
               'packet' )
    
      PROTOCOL = ( 'tcp' | 'udp' | 'icmp' )
    
    eg.
      network,
      network inet,
    Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
    Acked-by: NSeth Arnold <seth.arnold@canonical.com>
    56974a6f
perms.h 4.9 KB