Import dssp5

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>

14 files changed, 143 insertions, 0 deletions

diff --git a/src/dev/stordev/dmstordev.cil b/src/dev/stordev/dmstordev.cil
new file mode 100644
index 0000000..4a0d4d9
--- /dev/null
+++ b/src/dev/stordev/dmstordev.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block dm
+
+  (filecon "/dev/dm-[0-9]+" block stordev_context)
+
+  (blockinherit .stordev.base_template)
+  (blockinherit .stordev.macro_template_blk_files))
diff --git a/src/dev/stordev/fusestordev.cil b/src/dev/stordev/fusestordev.cil
new file mode 100644
index 0000000..da05a57
--- /dev/null
+++ b/src/dev/stordev/fusestordev.cil
@@ -0,0 +1,11 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block fuse
+
+  (filecon "/dev/fuse" char stordev_context)
+
+  (blockinherit .stordev.base_template)
+  (blockinherit .stordev.macro_template_chr_files)
+
+  (call .rbacsep.exempt.obj.type (stordev)))
diff --git a/src/dev/stordev/hdstordev.cil b/src/dev/stordev/hdstordev.cil
new file mode 100644
index 0000000..c912513
--- /dev/null
+++ b/src/dev/stordev/hdstordev.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block hd
+
+  (filecon "/dev/hd[^/]+" block stordev_context)
+
+  (blockinherit .stordev.base_template)
+  (blockinherit .stordev.macro_template_blk_files))
diff --git a/src/dev/stordev/loopstordev.cil b/src/dev/stordev/loopstordev.cil
new file mode 100644
index 0000000..d683738
--- /dev/null
+++ b/src/dev/stordev/loopstordev.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block loop
+
+  (filecon "/dev/loop.+" block stordev_context)
+
+  (blockinherit .stordev.base_template)
+  (blockinherit .stordev.macro_template_blk_files))
diff --git a/src/dev/stordev/mdstordev.cil b/src/dev/stordev/mdstordev.cil
new file mode 100644
index 0000000..1aa7d84
--- /dev/null
+++ b/src/dev/stordev/mdstordev.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block md
+
+  (filecon "/dev/md[^/]+" block stordev_context)
+
+  (blockinherit .stordev.base_template)
+  (blockinherit .stordev.macro_template_blk_files))
diff --git a/src/dev/stordev/mtdstordev.cil b/src/dev/stordev/mtdstordev.cil
new file mode 100644
index 0000000..f8338b8
--- /dev/null
+++ b/src/dev/stordev/mtdstordev.cil
@@ -0,0 +1,14 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block mtd
+
+  (filecon "/dev/mtd[0-9]+" char stordev_context)
+  (filecon "/dev/mtd[0-9]+ro" char stordev_context)
+  (filecon "/dev/mtdblock[0-9]+" block stordev_context)
+
+  (filecon "/dev/ubi[0-9]+_[0-9]+" char stordev_context)
+  (filecon "/dev/ubi_ctrl" char stordev_context)
+  (filecon "/dev/ubiblock[0-9]+_[0-9]+" block stordev_context)
+
+  (blockinherit .stordev.template))
diff --git a/src/dev/stordev/nvmestordev.cil b/src/dev/stordev/nvmestordev.cil
new file mode 100644
index 0000000..ce30812
--- /dev/null
+++ b/src/dev/stordev/nvmestordev.cil
@@ -0,0 +1,10 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block nvme
+
+  (filecon "/dev/ng[0-9]n[^/]+" char stordev_context)
+  (filecon "/dev/nvme[0-9]+" char stordev_context)
+  (filecon "/dev/nvme[0-9]n[^/]+" block stordev_context)
+
+  (blockinherit .stordev.template))
diff --git a/src/dev/stordev/rawstordev.cil b/src/dev/stordev/rawstordev.cil
new file mode 100644
index 0000000..f04b019
--- /dev/null
+++ b/src/dev/stordev/rawstordev.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block raw
+
+  (filecon "/dev/raw/.+" char stordev_context)
+
+  (blockinherit .stordev.base_template)
+  (blockinherit .stordev.macro_template_chr_files))
diff --git a/src/dev/stordev/removablestordev.cil b/src/dev/stordev/removablestordev.cil
new file mode 100644
index 0000000..36e8a93
--- /dev/null
+++ b/src/dev/stordev/removablestordev.cil
@@ -0,0 +1,17 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block removable
+
+  (filecon "/dev/fd[^/]+" block stordev_context)
+  (filecon "/dev/mmcblk[0-9]+" block stordev_context)
+  (filecon "/dev/mmcblk[0-9]boot[^/]+" block stordev_context)
+  (filecon "/dev/mmcblk[0-9]p[^/]+" block stordev_context)
+  (filecon "/dev/mmcblk[0-9]rpmb" char stordev_context)
+  (filecon "/dev/mspblk[0-9]+" block stordev_context)
+  (filecon "/dev/mspblk[0-9]boot[^/]+" block stordev_context)
+  (filecon "/dev/mspblk[0-9]p[^/]+" block stordev_context)
+  (filecon "/dev/mspblk[0-9]rpmb" char stordev_context)
+  (filecon "/dev/sr[0-9]+" block stordev_context)
+
+  (blockinherit .stordev.template))
diff --git a/src/dev/stordev/sdstordev.cil b/src/dev/stordev/sdstordev.cil
new file mode 100644
index 0000000..822d45e
--- /dev/null
+++ b/src/dev/stordev/sdstordev.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block sd
+
+  (filecon "/dev/sd[^/]+" block stordev_context)
+
+  (blockinherit .stordev.base_template)
+  (blockinherit .stordev.macro_template_blk_files))
diff --git a/src/dev/stordev/sgstordev.cil b/src/dev/stordev/sgstordev.cil
new file mode 100644
index 0000000..3592bc3
--- /dev/null
+++ b/src/dev/stordev/sgstordev.cil
@@ -0,0 +1,10 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block sg
+
+  (filecon "/dev/bsg/.+" char stordev_context)
+  (filecon "/dev/sg[0-9]+" char stordev_context)
+
+  (blockinherit .stordev.base_template)
+  (blockinherit .stordev.macro_template_chr_files))
diff --git a/src/dev/stordev/vdstordev.cil b/src/dev/stordev/vdstordev.cil
new file mode 100644
index 0000000..6dd0904
--- /dev/null
+++ b/src/dev/stordev/vdstordev.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block vd
+
+  (filecon "/dev/vd[^/]+" block stordev_context)
+
+  (blockinherit .stordev.base_template)
+  (blockinherit .stordev.macro_template_blk_files))
diff --git a/src/dev/stordev/xdstordev.cil b/src/dev/stordev/xdstordev.cil
new file mode 100644
index 0000000..43edd14
--- /dev/null
+++ b/src/dev/stordev/xdstordev.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block xd
+
+  (filecon "/dev/xd[^/]+" block stordev_context)
+
+  (blockinherit .stordev.base_template)
+  (blockinherit .stordev.macro_template_blk_files))
diff --git a/src/dev/stordev/zramstordev.cil b/src/dev/stordev/zramstordev.cil
new file mode 100644
index 0000000..6478289
--- /dev/null
+++ b/src/dev/stordev/zramstordev.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block zram
+
+  (filecon "/dev/zram[0-9]+" block stordev_context)
+
+  (blockinherit .stordev.base_template)
+  (blockinherit .stordev.macro_template_blk_files))