diff options
| author | John Turner <jturner.usa@gmail.com> | 2025-08-16 16:12:16 -0400 |
|---|---|---|
| committer | John Turner <jturner.usa@gmail.com> | 2025-08-17 20:07:00 -0400 |
| commit | d655ca904ff2845abe3c0b71043f19cdc967ec38 (patch) | |
| tree | c40ec5b5520a09295da464bd96d73f960b4b07e1 /src/subj | |
| parent | 6c234301597efd0e6dc6ac383eafdf171d2c4951 (diff) | |
| download | selinux-policy-d655ca904ff2845abe3c0b71043f19cdc967ec38.tar.gz | |
add .subj.common abstraction
Diffstat (limited to 'src/subj')
| -rw-r--r-- | src/subj/common.cil | 65 | ||||
| -rw-r--r-- | src/subj/meson.build | 1 |
2 files changed, 66 insertions, 0 deletions
diff --git a/src/subj/common.cil b/src/subj/common.cil new file mode 100644 index 0000000..70b2790 --- /dev/null +++ b/src/subj/common.cil @@ -0,0 +1,65 @@ +;; Copyright (C) 2025 John Turner + +;; This program is free software: you can redistribute it and/or modify +;; it under the terms of the GNU General Public License as published by +;; the Free Software Foundation, either version 3 of the License, or +;; (at your option) any later version. + +;; This program is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU General Public License for more details. + +;; You should have received a copy of the GNU General Public License +;; along with this program. If not, see <https://www.gnu.org/licenses/>. + +(in subj + + (block common + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (typeattribute typeattr) + + (call subj.type (typeattr)) + + (blockinherit all_macro_template) + + (allow typeattr self (process (fork sigchld sigkill signal signull sigstop))) + (allow typeattr self list_dir) + (allow typeattr self read_lnk_file) + (allow typeattr self readwrite_fifo_file) + (allow typeattr self readwrite_file) + + ;; procfs + (call .proc.read_fs_lnk_files (typeattr)) + (call .proc.search_fs_dirs (typeattr)) + + ;; use dyn loader + ;; todo: make a special dyn loader label/type + ;; use dyn loader + (call .conf.read_file_files (typeattr)) + (call .conf.search_file_dirs (typeattr)) + (call .conf.read_file_lnk_files (typeattr)) + (call .conf.map_file_files (typeattr)) + + ;; use libraries + (call .lib.mapexecute_file_files (typeattr)) + (call .lib.read_file_files (typeattr)) + (call .lib.search_file_dirs (typeattr)) + (call .lib.list_file_dirs (typeattr)) + (call .lib.read_file_lnk_files (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .subj.base_template) + + (call .subj.common.type (file))) + + (block template + (blockabstract template) + + (blockinherit .subj.template)))) diff --git a/src/subj/meson.build b/src/subj/meson.build new file mode 100644 index 0000000..64d0006 --- /dev/null +++ b/src/subj/meson.build @@ -0,0 +1 @@ +modules += files('common.cil') |