summaryrefslogtreecommitdiff
path: root/src/misc/constrain
diff options
context:
space:
mode:
authorJohn Turner <jturner.usa@gmail.com>2025-08-16 14:43:06 -0400
committerJohn Turner <jturner.usa@gmail.com>2025-08-16 14:43:06 -0400
commit58ffeaf9b49e662e49d24a2d71dcdc9fac2949f8 (patch)
tree84c645e32aac8eb468f41df33fbac7b0a8584887 /src/misc/constrain
parentcfd55472db08f37b2123c350ce76fb3d916d25f6 (diff)
downloadselinux-policy-58ffeaf9b49e662e49d24a2d71dcdc9fac2949f8.tar.gz
auto format all files
Diffstat (limited to 'src/misc/constrain')
-rw-r--r--src/misc/constrain/ibac.cil98
-rw-r--r--src/misc/constrain/mcs.cil40
-rw-r--r--src/misc/constrain/rbac.cil98
-rw-r--r--src/misc/constrain/rbacsep.cil144
4 files changed, 190 insertions, 190 deletions
diff --git a/src/misc/constrain/ibac.cil b/src/misc/constrain/ibac.cil
index 38302ee..1ed7ee4 100644
--- a/src/misc/constrain/ibac.cil
+++ b/src/misc/constrain/ibac.cil
@@ -1,83 +1,83 @@
-;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl>
;; SPDX-License-Identifier: Unlicense
(block ibac
- (constrain (constrainobject (create relabelto))
- (or (or (or (eq u1 u2)
- (and (eq t1 objchangesys.typeattr)
- (eq u2 .sys.id)))
- (eq t1 objchange.typeattr))
- (eq t1 exempt.typeattr)))
+ (constrain (constrainobject (create relabelto))
+ (or (or (or (eq u1 u2)
+ (and (eq t1 objchangesys.typeattr)
+ (eq u2 .sys.id)))
+ (eq t1 objchange.typeattr))
+ (eq t1 exempt.typeattr)))
- (constrain (process (dyntransition transition))
- (or (or (or (eq u1 u2)
- (and (eq t1 subjchange.typeattr)
- (eq t2 subjchangetarget.typeattr)))
- (and (eq t1 subjchangesys.typeattr) (eq u2 .sys.id)))
- (eq t1 exempt.typeattr)))
+ (constrain (process (dyntransition transition))
+ (or (or (or (eq u1 u2)
+ (and (eq t1 subjchange.typeattr)
+ (eq t2 subjchangetarget.typeattr)))
+ (and (eq t1 subjchangesys.typeattr) (eq u2 .sys.id)))
+ (eq t1 exempt.typeattr)))
- (block change
+ (block change
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr)
+ (typeattribute typeattr)
- (call objchange.type (typeattr))
- (call subjchange.type (typeattr)))
+ (call objchange.type (typeattr))
+ (call subjchange.type (typeattr)))
- (block changesys
+ (block changesys
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr)
+ (typeattribute typeattr)
- (call objchangesys.type (typeattr))
- (call subjchangesys.type (typeattr)))
+ (call objchangesys.type (typeattr))
+ (call subjchangesys.type (typeattr)))
- (block exempt
+ (block exempt
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr))
- (block objchange
+ (block objchange
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr))
- (block objchangesys
+ (block objchangesys
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr))
- (block subjchange
+ (block subjchange
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr))
- (block subjchangesys
+ (block subjchangesys
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr))
- (block subjchangetarget
+ (block subjchangetarget
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr)))
+ (typeattribute typeattr)))
(in subj.unconfined
diff --git a/src/misc/constrain/mcs.cil b/src/misc/constrain/mcs.cil
index 925933a..aaf7dc0 100644
--- a/src/misc/constrain/mcs.cil
+++ b/src/misc/constrain/mcs.cil
@@ -1,4 +1,4 @@
-;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl>
;; SPDX-License-Identifier: Unlicense
(defaultrange blk_file source low)
@@ -11,28 +11,28 @@
(block mcs
- (mlsconstrain (constrainobject (create relabelto))
- (or (neq t1 constrained.typeattr)
- (and (dom h1 h2) (eq l2 h2))))
+ (mlsconstrain (constrainobject (create relabelto))
+ (or (neq t1 constrained.typeattr)
+ (and (dom h1 h2) (eq l2 h2))))
- (mlsconstrain (constrainobject (append getattr read setattr write))
- (or (dom h1 h2)
- (neq t1 constrained.typeattr)))
+ (mlsconstrain (constrainobject (append getattr read setattr write))
+ (or (dom h1 h2)
+ (neq t1 constrained.typeattr)))
- (mlsconstrain
- (process (dyntransition getrlimit getsched ptrace setrlimit setsched
- sigchld sigkill signal signull sigstop
- transition))
- (or (dom h1 h2)
- (neq t1 constrained.typeattr)))
+ (mlsconstrain
+ (process (dyntransition getrlimit getsched ptrace setrlimit setsched
+ sigchld sigkill signal signull sigstop
+ transition))
+ (or (dom h1 h2)
+ (neq t1 constrained.typeattr)))
- (mlsconstrain (fifo_file (append getattr read write setattr))
- (or (dom h1 h2)
- (neq t1 constrained.typeattr)))
+ (mlsconstrain (fifo_file (append getattr read write setattr))
+ (or (dom h1 h2)
+ (neq t1 constrained.typeattr)))
- (block constrained
+ (block constrained
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr)))
+ (typeattribute typeattr)))
diff --git a/src/misc/constrain/rbac.cil b/src/misc/constrain/rbac.cil
index 32b7350..3f836ab 100644
--- a/src/misc/constrain/rbac.cil
+++ b/src/misc/constrain/rbac.cil
@@ -1,83 +1,83 @@
-;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl>
;; SPDX-License-Identifier: Unlicense
(block rbac
- (constrain (constrainobject (create relabelto))
- (or (or (or (eq r1 r2)
- (and (eq t1 objchangesys.typeattr)
- (eq r2 .sys.role)))
- (eq t1 objchange.typeattr))
- (eq t1 exempt.typeattr)))
+ (constrain (constrainobject (create relabelto))
+ (or (or (or (eq r1 r2)
+ (and (eq t1 objchangesys.typeattr)
+ (eq r2 .sys.role)))
+ (eq t1 objchange.typeattr))
+ (eq t1 exempt.typeattr)))
- (constrain (process (dyntransition transition))
- (or (or (or (eq r1 r2)
- (and (eq t1 subjchange.typeattr)
- (eq t2 subjchangetarget.typeattr)))
- (and (eq t1 subjchangesys.typeattr) (eq r2 .sys.role)))
- (eq t1 exempt.typeattr)))
+ (constrain (process (dyntransition transition))
+ (or (or (or (eq r1 r2)
+ (and (eq t1 subjchange.typeattr)
+ (eq t2 subjchangetarget.typeattr)))
+ (and (eq t1 subjchangesys.typeattr) (eq r2 .sys.role)))
+ (eq t1 exempt.typeattr)))
- (block change
+ (block change
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr)
+ (typeattribute typeattr)
- (call objchange.type (typeattr))
- (call subjchange.type (typeattr)))
+ (call objchange.type (typeattr))
+ (call subjchange.type (typeattr)))
- (block changesys
+ (block changesys
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr)
+ (typeattribute typeattr)
- (call objchangesys.type (typeattr))
- (call subjchangesys.type (typeattr)))
+ (call objchangesys.type (typeattr))
+ (call subjchangesys.type (typeattr)))
- (block exempt
+ (block exempt
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr))
- (block objchange
+ (block objchange
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr))
- (block objchangesys
+ (block objchangesys
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr))
- (block subjchange
+ (block subjchange
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr))
- (block subjchangesys
+ (block subjchangesys
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr))
- (block subjchangetarget
+ (block subjchangetarget
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr)))
+ (typeattribute typeattr)))
(in subj.unconfined
diff --git a/src/misc/constrain/rbacsep.cil b/src/misc/constrain/rbacsep.cil
index 2e15592..27c4f00 100644
--- a/src/misc/constrain/rbacsep.cil
+++ b/src/misc/constrain/rbacsep.cil
@@ -1,103 +1,103 @@
-;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl>
;; SPDX-License-Identifier: Unlicense
(block rbacsep
- (constrain (fifo_file (append getattr read setattr write))
- (or (or (or (or (eq r1 r2)
- (and (eq r1 exempt.roleattr)
- (neq t1 constrained.typeattr)))
- (eq t1 exempt.subj.typeattr))
- (eq t2 exempt.obj.typeattr))
- (and (eq t1 exemptsource.typeattr)
- (eq t2 exempttarget.typeattr))))
-
- (constrain (constrainobject (append setattr write))
- (or (or (or (eq r1 r2)
- (and (eq r1 exempt.roleattr)
- (neq t1 constrained.typeattr)))
- (eq t1 exempt.subj.typeattr))
- (eq t2 exempt.obj.typeattr)))
-
- (constrain (constrainobject (getattr read))
- (or (or (or (or (or (eq r1 r2)
- (and (eq r1 exempt.roleattr)
- (neq t1 constrained.typeattr)))
- (eq t1 exempt.subj.typeattr))
- (eq t2 exempt.obj.typeattr))
- (and (eq r2 exempt.roleattr) (eq t2 typeattr)))
- (and
- (eq t1 readstatesource.typeattr)
- (eq t2 readstatetarget.typeattr))))
-
- (constrain
- (process (getrlimit getsched ptrace setrlimit setsched sigchld sigkill
- signal signull sigstop))
- (or (or (or (eq r1 r2)
- (and (eq r1 exempt.roleattr) (neq t1 constrained.typeattr)))
- (eq t1 exempt.subj.typeattr))
- (and (eq t1 exemptsource.typeattr) (eq t2 exempttarget.typeattr))))
-
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
-
- (typeattribute typeattr)
-
- (block constrained
+ (constrain (fifo_file (append getattr read setattr write))
+ (or (or (or (or (eq r1 r2)
+ (and (eq r1 exempt.roleattr)
+ (neq t1 constrained.typeattr)))
+ (eq t1 exempt.subj.typeattr))
+ (eq t2 exempt.obj.typeattr))
+ (and (eq t1 exemptsource.typeattr)
+ (eq t2 exempttarget.typeattr))))
+
+ (constrain (constrainobject (append setattr write))
+ (or (or (or (eq r1 r2)
+ (and (eq r1 exempt.roleattr)
+ (neq t1 constrained.typeattr)))
+ (eq t1 exempt.subj.typeattr))
+ (eq t2 exempt.obj.typeattr)))
+
+ (constrain (constrainobject (getattr read))
+ (or (or (or (or (or (eq r1 r2)
+ (and (eq r1 exempt.roleattr)
+ (neq t1 constrained.typeattr)))
+ (eq t1 exempt.subj.typeattr))
+ (eq t2 exempt.obj.typeattr))
+ (and (eq r2 exempt.roleattr) (eq t2 typeattr)))
+ (and
+ (eq t1 readstatesource.typeattr)
+ (eq t2 readstatetarget.typeattr))))
+
+ (constrain
+ (process (getrlimit getsched ptrace setrlimit setsched sigchld sigkill
+ signal signull sigstop))
+ (or (or (or (eq r1 r2)
+ (and (eq r1 exempt.roleattr) (neq t1 constrained.typeattr)))
+ (eq t1 exempt.subj.typeattr))
+ (and (eq t1 exemptsource.typeattr) (eq t2 exempttarget.typeattr))))
(macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr)
- (block exempt
+ (block constrained
- (macro role ((role ARG1))
- (roleattributeset roleattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (roleattribute roleattr)
+ (typeattribute typeattr))
- (block obj
+ (block exempt
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro role ((role ARG1))
+ (roleattributeset roleattr ARG1))
- (typeattribute typeattr))
+ (roleattribute roleattr)
- (block subj
+ (block obj
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr)))
+ (typeattribute typeattr))
- (block exemptsource
+ (block subj
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr)))
- (block exempttarget
+ (block exemptsource
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr))
- (block readstatesource
+ (block exempttarget
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr))
- (block readstatetarget
+ (block readstatesource
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
+
+ (typeattribute typeattr))
+
+ (block readstatetarget
+
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr)))
+ (typeattribute typeattr)))
(in obj
generated by cgit v1.2.3 (git 2.46.0) at 2025-09-21 18:23:24 +0000