diff options
| -rw-r--r-- | src/meson.build | 1 | ||||
| -rw-r--r-- | src/subj/common.cil | 65 | ||||
| -rw-r--r-- | src/subj/meson.build | 1 |
3 files changed, 67 insertions, 0 deletions
diff --git a/src/meson.build b/src/meson.build index 886714c..40a217a 100644 --- a/src/meson.build +++ b/src/meson.build @@ -20,3 +20,4 @@ subdir('misc') subdir('net') subdir('selinux') subdir('sys') +subdir('subj') diff --git a/src/subj/common.cil b/src/subj/common.cil new file mode 100644 index 0000000..70b2790 --- /dev/null +++ b/src/subj/common.cil @@ -0,0 +1,65 @@ +;; Copyright (C) 2025 John Turner + +;; This program is free software: you can redistribute it and/or modify +;; it under the terms of the GNU General Public License as published by +;; the Free Software Foundation, either version 3 of the License, or +;; (at your option) any later version. + +;; This program is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU General Public License for more details. + +;; You should have received a copy of the GNU General Public License +;; along with this program. If not, see <https://www.gnu.org/licenses/>. + +(in subj + + (block common + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (typeattribute typeattr) + + (call subj.type (typeattr)) + + (blockinherit all_macro_template) + + (allow typeattr self (process (fork sigchld sigkill signal signull sigstop))) + (allow typeattr self list_dir) + (allow typeattr self read_lnk_file) + (allow typeattr self readwrite_fifo_file) + (allow typeattr self readwrite_file) + + ;; procfs + (call .proc.read_fs_lnk_files (typeattr)) + (call .proc.search_fs_dirs (typeattr)) + + ;; use dyn loader + ;; todo: make a special dyn loader label/type + ;; use dyn loader + (call .conf.read_file_files (typeattr)) + (call .conf.search_file_dirs (typeattr)) + (call .conf.read_file_lnk_files (typeattr)) + (call .conf.map_file_files (typeattr)) + + ;; use libraries + (call .lib.mapexecute_file_files (typeattr)) + (call .lib.read_file_files (typeattr)) + (call .lib.search_file_dirs (typeattr)) + (call .lib.list_file_dirs (typeattr)) + (call .lib.read_file_lnk_files (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .subj.base_template) + + (call .subj.common.type (file))) + + (block template + (blockabstract template) + + (blockinherit .subj.template)))) diff --git a/src/subj/meson.build b/src/subj/meson.build new file mode 100644 index 0000000..64d0006 --- /dev/null +++ b/src/subj/meson.build @@ -0,0 +1 @@ +modules += files('common.cil') |