Import dssp5

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>

15 files changed, 191 insertions, 0 deletions

diff --git a/src/fs/seclabelfs/cgroupseclabelfs.cil b/src/fs/seclabelfs/cgroupseclabelfs.cil
new file mode 100644
index 0000000..07c63a2
--- /dev/null
+++ b/src/fs/seclabelfs/cgroupseclabelfs.cil
@@ -0,0 +1,11 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block cgroup
+
+  (genfscon "cgroup" "/" fs_context)
+  (genfscon "cgroup2" "/" fs_context)
+
+  (blockinherit .fs.macro_template_dirs)
+  (blockinherit .fs.macro_template_files)
+  (blockinherit .seclabelfs.template))
diff --git a/src/fs/seclabelfs/debugseclabelfs.cil b/src/fs/seclabelfs/debugseclabelfs.cil
new file mode 100644
index 0000000..b406228
--- /dev/null
+++ b/src/fs/seclabelfs/debugseclabelfs.cil
@@ -0,0 +1,10 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in debug
+
+    (genfscon "debugfs" "/" fs_context)
+
+    (blockinherit .fs.macro_template_dirs)
+    (blockinherit .fs.macro_template_files)
+    (blockinherit .seclabelfs.template))
diff --git a/src/fs/seclabelfs/devptsseclabelfs.cil b/src/fs/seclabelfs/devptsseclabelfs.cil
new file mode 100644
index 0000000..4c5827c
--- /dev/null
+++ b/src/fs/seclabelfs/devptsseclabelfs.cil
@@ -0,0 +1,11 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block devpts
+
+  (fsuse trans "devpts" fs_context)
+
+  (blockinherit .fs.macro_template_dirs)
+  (blockinherit .fs.macro_template_chr_files)
+  (blockinherit .fs.macro_template_fs)
+  (blockinherit .seclabelfs.base_template))
diff --git a/src/fs/seclabelfs/devtmpseclabelfs.cil b/src/fs/seclabelfs/devtmpseclabelfs.cil
new file mode 100644
index 0000000..ff814e6
--- /dev/null
+++ b/src/fs/seclabelfs/devtmpseclabelfs.cil
@@ -0,0 +1,16 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block devtmp
+
+  (fsuse trans "devtmpfs" fs_context)
+
+  (blockinherit .fs.macro_template_all_files)
+  (blockinherit .fs.macro_template_blk_files)
+  (blockinherit .fs.macro_template_chr_files)
+  (blockinherit .fs.macro_template_dirs)
+  (blockinherit .fs.macro_template_fifo_files)
+  (blockinherit .fs.macro_template_files)
+  (blockinherit .fs.macro_template_lnk_files)
+  (blockinherit .fs.macro_template_sock_files)
+  (blockinherit .seclabelfs.template))
diff --git a/src/fs/seclabelfs/eventpollseclabelfs.cil b/src/fs/seclabelfs/eventpollseclabelfs.cil
new file mode 100644
index 0000000..058bb7b
--- /dev/null
+++ b/src/fs/seclabelfs/eventpollseclabelfs.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block eventpoll
+
+  (fsuse task "eventpollfs" fs_context)
+
+  (blockinherit .seclabelfs.base_template))
diff --git a/src/fs/seclabelfs/hugetlbseclabelfs.cil b/src/fs/seclabelfs/hugetlbseclabelfs.cil
new file mode 100644
index 0000000..1b0857e
--- /dev/null
+++ b/src/fs/seclabelfs/hugetlbseclabelfs.cil
@@ -0,0 +1,10 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block hugetlb
+
+  (fsuse trans "hugetlbfs" fs_context)
+
+  (blockinherit .fs.macro_template_dirs)
+  (blockinherit .fs.macro_template_files)
+  (blockinherit .seclabelfs.template))
diff --git a/src/fs/seclabelfs/mqueueseclabelfs.cil b/src/fs/seclabelfs/mqueueseclabelfs.cil
new file mode 100644
index 0000000..553389f
--- /dev/null
+++ b/src/fs/seclabelfs/mqueueseclabelfs.cil
@@ -0,0 +1,10 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block mqueue
+
+  (fsuse trans "mqueue" fs_context)
+
+  (blockinherit .fs.macro_template_dirs)
+  (blockinherit .fs.macro_template_files)
+  (blockinherit .seclabelfs.template))
diff --git a/src/fs/seclabelfs/pipeseclabelfs.cil b/src/fs/seclabelfs/pipeseclabelfs.cil
new file mode 100644
index 0000000..c115ff5
--- /dev/null
+++ b/src/fs/seclabelfs/pipeseclabelfs.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block pipe
+
+  (fsuse task "pipefs" fs_context)
+
+  (blockinherit .seclabelfs.base_template))
diff --git a/src/fs/seclabelfs/pstoreseclabelfs.cil b/src/fs/seclabelfs/pstoreseclabelfs.cil
new file mode 100644
index 0000000..96d6272
--- /dev/null
+++ b/src/fs/seclabelfs/pstoreseclabelfs.cil
@@ -0,0 +1,12 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block pstore
+
+  (genfscon "pstore" "/" fs_context)
+
+  (blockinherit .fs.macro_template_dirs)
+  (blockinherit .fs.macro_template_files)
+  (blockinherit .seclabelfs.template)
+
+  (allow fs self (filesystem (associate))))
diff --git a/src/fs/seclabelfs/rootseclabelfs.cil b/src/fs/seclabelfs/rootseclabelfs.cil
new file mode 100644
index 0000000..d345922
--- /dev/null
+++ b/src/fs/seclabelfs/rootseclabelfs.cil
@@ -0,0 +1,13 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in root
+
+    (genfscon "rootfs" "/" fs_context)
+
+    (blockinherit .fs.macro_template_dirs)
+    (blockinherit .fs.macro_template_fifo_files)
+    (blockinherit .fs.macro_template_files)
+    (blockinherit .fs.macro_template_lnk_files)
+    (blockinherit .fs.macro_template_sock_files)
+    (blockinherit .seclabelfs.template))
diff --git a/src/fs/seclabelfs/sockseclabelfs.cil b/src/fs/seclabelfs/sockseclabelfs.cil
new file mode 100644
index 0000000..6c8eeee
--- /dev/null
+++ b/src/fs/seclabelfs/sockseclabelfs.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block sock
+
+  (fsuse task "sockfs" fs_context)
+
+  (blockinherit .seclabelfs.base_template))
diff --git a/src/fs/seclabelfs/sysseclabelfs.cil b/src/fs/seclabelfs/sysseclabelfs.cil
new file mode 100644
index 0000000..946a5ef
--- /dev/null
+++ b/src/fs/seclabelfs/sysseclabelfs.cil
@@ -0,0 +1,11 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in sys
+
+    (genfscon "sysfs" "/" fs_context)
+
+    (blockinherit .fs.macro_template_dirs)
+    (blockinherit .fs.macro_template_files)
+    (blockinherit .fs.macro_template_lnk_files)
+    (blockinherit .seclabelfs.template))
diff --git a/src/fs/seclabelfs/tmpseclabelfs.cil b/src/fs/seclabelfs/tmpseclabelfs.cil
new file mode 100644
index 0000000..9563056
--- /dev/null
+++ b/src/fs/seclabelfs/tmpseclabelfs.cil
@@ -0,0 +1,18 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block tmp
+
+  (fsuse trans "ramfs" fs_context)
+  (fsuse trans "shm" fs_context)
+  (fsuse trans "tmpfs" fs_context)
+
+  (blockinherit .fs.macro_template_all_files)
+  (blockinherit .fs.macro_template_blk_files)
+  (blockinherit .fs.macro_template_chr_files)
+  (blockinherit .fs.macro_template_dirs)
+  (blockinherit .fs.macro_template_fifo_files)
+  (blockinherit .fs.macro_template_files)
+  (blockinherit .fs.macro_template_lnk_files)
+  (blockinherit .fs.macro_template_sock_files)
+  (blockinherit .seclabelfs.template))
diff --git a/src/fs/seclabelfs/traceseclabelfs.cil b/src/fs/seclabelfs/traceseclabelfs.cil
new file mode 100644
index 0000000..4aab6df
--- /dev/null
+++ b/src/fs/seclabelfs/traceseclabelfs.cil
@@ -0,0 +1,10 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block trace
+
+  (genfscon "tracefs" "/" fs_context)
+
+  (blockinherit .fs.macro_template_dirs)
+  (blockinherit .fs.macro_template_files)
+  (blockinherit .seclabelfs.template))
diff --git a/src/fs/seclabelfs/xattrseclabelfs.cil b/src/fs/seclabelfs/xattrseclabelfs.cil
new file mode 100644
index 0000000..fbe482d
--- /dev/null
+++ b/src/fs/seclabelfs/xattrseclabelfs.cil
@@ -0,0 +1,35 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block xattr
+
+  (fsuse xattr "btrfs" fs_context)
+  (fsuse xattr "ceph" fs_context)
+  (fsuse xattr "encfs" fs_context)
+  (fsuse xattr "erofs" fs_context)
+  (fsuse xattr "ext2" fs_context)
+  (fsuse xattr "ext3" fs_context)
+  (fsuse xattr "ext4" fs_context)
+  (fsuse xattr "ext4dev" fs_context)
+  (fsuse xattr "f2fs" fs_context)
+  (fsuse xattr "gfs" fs_context)
+  (fsuse xattr "gfs2" fs_context)
+  (fsuse xattr "gpfs" fs_context)
+  (fsuse xattr "incremental-fs" fs_context)
+  (fsuse xattr "jffs2" fs_context)
+  (fsuse xattr "jfs" fs_context)
+  (fsuse xattr "lustre" fs_context)
+  (fsuse xattr "ocfs2" fs_context)
+  (fsuse xattr "odms" fs_context)
+  (fsuse xattr "overlay" fs_context)
+  (fsuse xattr "shiftfs" fs_context)
+  (fsuse xattr "squashfs" fs_context)
+  (fsuse xattr "ubifs" fs_context)
+  (fsuse xattr "virtiofs" fs_context)
+  (fsuse xattr "vxclonefs" fs_context)
+  (fsuse xattr "vxfs" fs_context)
+  (fsuse xattr "xfs" fs_context)
+  (fsuse xattr "yaffs2" fs_context)
+  (fsuse xattr "zfs" fs_context)
+
+  (blockinherit .seclabelfs.template))