diff options
Diffstat (limited to 'src/dev/nodedev')
62 files changed, 249 insertions, 249 deletions
diff --git a/src/dev/nodedev/apmnodedev.cil b/src/dev/nodedev/apmnodedev.cil index fe00665..8a42c43 100644 --- a/src/dev/nodedev/apmnodedev.cil +++ b/src/dev/nodedev/apmnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block apm - (filecon "/dev/snapshot" char nodedev_context) + (filecon "/dev/snapshot" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/autofsnodedev.cil b/src/dev/nodedev/autofsnodedev.cil index 7ade530..fa4f94d 100644 --- a/src/dev/nodedev/autofsnodedev.cil +++ b/src/dev/nodedev/autofsnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block autofs - (filecon "/dev/autofs" char nodedev_context) + (filecon "/dev/autofs" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/btrfscontrolnodedev.cil b/src/dev/nodedev/btrfscontrolnodedev.cil index 5b2c703..815ce29 100644 --- a/src/dev/nodedev/btrfscontrolnodedev.cil +++ b/src/dev/nodedev/btrfscontrolnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block btrfscontrol - (filecon "/dev/btrfs-control" char nodedev_context) + (filecon "/dev/btrfs-control" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/cachefilesnodedev.cil b/src/dev/nodedev/cachefilesnodedev.cil index 2279143..3487d92 100644 --- a/src/dev/nodedev/cachefilesnodedev.cil +++ b/src/dev/nodedev/cachefilesnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block cachefiles - (filecon "/dev/cachefiles" char nodedev_context) + (filecon "/dev/cachefiles" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/cdcwdmnodedev.cil b/src/dev/nodedev/cdcwdmnodedev.cil index d48537e..faf0ad4 100644 --- a/src/dev/nodedev/cdcwdmnodedev.cil +++ b/src/dev/nodedev/cdcwdmnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block cdcwdm - (filecon "/dev/cdc-wdm([0-9]+)?" char nodedev_context) + (filecon "/dev/cdc-wdm([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/clocknodedev.cil b/src/dev/nodedev/clocknodedev.cil index 07a27cb..32a2125 100644 --- a/src/dev/nodedev/clocknodedev.cil +++ b/src/dev/nodedev/clocknodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block clock - (filecon "/dev/hpet" char nodedev_context) - (filecon "/dev/ptp([0-9]+)?" char nodedev_context) - (filecon "/dev/rtc([0-9]+)?" char nodedev_context) + (filecon "/dev/hpet" char nodedev_context) + (filecon "/dev/ptp([0-9]+)?" char nodedev_context) + (filecon "/dev/rtc([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/cpunodedev.cil b/src/dev/nodedev/cpunodedev.cil index 7da4970..5dc3b80 100644 --- a/src/dev/nodedev/cpunodedev.cil +++ b/src/dev/nodedev/cpunodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block cpu - (filecon "/dev/cpu/.+" char nodedev_context) + (filecon "/dev/cpu/.+" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/crashnodedev.cil b/src/dev/nodedev/crashnodedev.cil index 34a80bc..2c01e95 100644 --- a/src/dev/nodedev/crashnodedev.cil +++ b/src/dev/nodedev/crashnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block crash - (filecon "/dev/crash" char nodedev_context) + (filecon "/dev/crash" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/cusenodedev.cil b/src/dev/nodedev/cusenodedev.cil index 6003d5a..e982d2a 100644 --- a/src/dev/nodedev/cusenodedev.cil +++ b/src/dev/nodedev/cusenodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block cuse - (filecon "/dev/cuse" char nodedev_context) + (filecon "/dev/cuse" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/dmaheapnodedev.cil b/src/dev/nodedev/dmaheapnodedev.cil index bc81698..8bc9082 100644 --- a/src/dev/nodedev/dmaheapnodedev.cil +++ b/src/dev/nodedev/dmaheapnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block dmaheap - (filecon "/dev/dma_heap/.*" char nodedev_context) + (filecon "/dev/dma_heap/.*" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/dmcontrolnodedev.cil b/src/dev/nodedev/dmcontrolnodedev.cil index 6250540..13bd86b 100644 --- a/src/dev/nodedev/dmcontrolnodedev.cil +++ b/src/dev/nodedev/dmcontrolnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block dmcontrol - (filecon "/dev/mapper/control" char nodedev_context) + (filecon "/dev/mapper/control" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/drinodedev.cil b/src/dev/nodedev/drinodedev.cil index 8087d00..0fdafdf 100644 --- a/src/dev/nodedev/drinodedev.cil +++ b/src/dev/nodedev/drinodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block dri - (filecon "/dev/dri/.+" char nodedev_context) + (filecon "/dev/dri/.+" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/drmdpauxnodedev.cil b/src/dev/nodedev/drmdpauxnodedev.cil index 95b5770..a6776a3 100644 --- a/src/dev/nodedev/drmdpauxnodedev.cil +++ b/src/dev/nodedev/drmdpauxnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block drmdpaux - (filecon "/dev/drm_dp_aux[0-9]+" char nodedev_context) + (filecon "/dev/drm_dp_aux[0-9]+" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/eventnodedev.cil b/src/dev/nodedev/eventnodedev.cil index 33aaf98..45c607c 100644 --- a/src/dev/nodedev/eventnodedev.cil +++ b/src/dev/nodedev/eventnodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block event - (filecon "/dev/input/event([0-9]+)?" char nodedev_context) + (filecon "/dev/input/event([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/fbnodedev.cil b/src/dev/nodedev/fbnodedev.cil index b166b94..4f3cbae 100644 --- a/src/dev/nodedev/fbnodedev.cil +++ b/src/dev/nodedev/fbnodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block fb - (filecon "/dev/fb([0-9]+)?" char nodedev_context) + (filecon "/dev/fb([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/gpionodedev.cil b/src/dev/nodedev/gpionodedev.cil index 0dff783..e4c8141 100644 --- a/src/dev/nodedev/gpionodedev.cil +++ b/src/dev/nodedev/gpionodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block gpio - (filecon "/dev/gpiochip([0-9]+)?" char nodedev_context) + (filecon "/dev/gpiochip([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/hiddevnodedev.cil b/src/dev/nodedev/hiddevnodedev.cil index d694f2d..3caa674 100644 --- a/src/dev/nodedev/hiddevnodedev.cil +++ b/src/dev/nodedev/hiddevnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block hiddev - (filecon "/dev/hiddev[0-9]+" char nodedev_context) + (filecon "/dev/hiddev[0-9]+" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/hidrawnodedev.cil b/src/dev/nodedev/hidrawnodedev.cil index a745fe4..ca52c95 100644 --- a/src/dev/nodedev/hidrawnodedev.cil +++ b/src/dev/nodedev/hidrawnodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block hidraw - (filecon "/dev/hidraw[0-9]+" char nodedev_context) + (filecon "/dev/hidraw[0-9]+" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/hwrngnodedev.cil b/src/dev/nodedev/hwrngnodedev.cil index 4bfca56..ec12816 100644 --- a/src/dev/nodedev/hwrngnodedev.cil +++ b/src/dev/nodedev/hwrngnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block hwrng - (filecon "/dev/hwrng" char nodedev_context) + (filecon "/dev/hwrng" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/i2cnodedev.cil b/src/dev/nodedev/i2cnodedev.cil index a961872..facc74c 100644 --- a/src/dev/nodedev/i2cnodedev.cil +++ b/src/dev/nodedev/i2cnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block i2c - (filecon "/dev/i2c-([0-9]+)?" char nodedev_context) + (filecon "/dev/i2c-([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/iionodedev.cil b/src/dev/nodedev/iionodedev.cil index f6341f3..68c184c 100644 --- a/src/dev/nodedev/iionodedev.cil +++ b/src/dev/nodedev/iionodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block iio - (filecon "/dev/iio:device([0-9]+)?" char nodedev_context) + (filecon "/dev/iio:device([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/infinibandnodedev.cil b/src/dev/nodedev/infinibandnodedev.cil index c490c59..2146287 100644 --- a/src/dev/nodedev/infinibandnodedev.cil +++ b/src/dev/nodedev/infinibandnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block infiniband - (filecon "/dev/infiniband/.+" char nodedev_context) + (filecon "/dev/infiniband/.+" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/inputnodedev.cil b/src/dev/nodedev/inputnodedev.cil index b764399..9da00af 100644 --- a/src/dev/nodedev/inputnodedev.cil +++ b/src/dev/nodedev/inputnodedev.cil @@ -1,13 +1,13 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block input - (filecon "/dev/input/js([0-9]+)?" char nodedev_context) - (filecon "/dev/input/mice" char nodedev_context) - (filecon "/dev/input/mouse([0-9]+)?" char nodedev_context) - (filecon "/dev/psaux" char nodedev_context) + (filecon "/dev/input/js([0-9]+)?" char nodedev_context) + (filecon "/dev/input/mice" char nodedev_context) + (filecon "/dev/input/mouse([0-9]+)?" char nodedev_context) + (filecon "/dev/psaux" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/ipminodedev.cil b/src/dev/nodedev/ipminodedev.cil index 8dca3dc..22eca5e 100644 --- a/src/dev/nodedev/ipminodedev.cil +++ b/src/dev/nodedev/ipminodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block ipmi - (filecon "/dev/ipmi[0-9]+" char nodedev_context) + (filecon "/dev/ipmi[0-9]+" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/kfdnodedev.cil b/src/dev/nodedev/kfdnodedev.cil index ad493ff..9a3b6db 100644 --- a/src/dev/nodedev/kfdnodedev.cil +++ b/src/dev/nodedev/kfdnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block kfd - (filecon "/dev/kfd" char nodedev_context) + (filecon "/dev/kfd" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/kmsgnodedev.cil b/src/dev/nodedev/kmsgnodedev.cil index cf1fde9..14acf6b 100644 --- a/src/dev/nodedev/kmsgnodedev.cil +++ b/src/dev/nodedev/kmsgnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block kmsg - (filecon "/dev/kmsg" char nodedev_context) + (filecon "/dev/kmsg" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/ksmnodedev.cil b/src/dev/nodedev/ksmnodedev.cil index 87b153c..dc9cb2d 100644 --- a/src/dev/nodedev/ksmnodedev.cil +++ b/src/dev/nodedev/ksmnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block ksm - (filecon "/dev/ksm" char nodedev_context) + (filecon "/dev/ksm" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/kvmnodedev.cil b/src/dev/nodedev/kvmnodedev.cil index 40d5f01..5c94761 100644 --- a/src/dev/nodedev/kvmnodedev.cil +++ b/src/dev/nodedev/kvmnodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block kvm - (filecon "/dev/kvm" char nodedev_context) + (filecon "/dev/kvm" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/lircnodedev.cil b/src/dev/nodedev/lircnodedev.cil index 3c6298c..7dd0175 100644 --- a/src/dev/nodedev/lircnodedev.cil +++ b/src/dev/nodedev/lircnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block lirc - (filecon "/dev/lirc[0-9]+" char nodedev_context) + (filecon "/dev/lirc[0-9]+" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/loopcontrolnodedev.cil b/src/dev/nodedev/loopcontrolnodedev.cil index 4a88ff7..36e7062 100644 --- a/src/dev/nodedev/loopcontrolnodedev.cil +++ b/src/dev/nodedev/loopcontrolnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block loopcontrol - (filecon "/dev/loop-control" char nodedev_context) + (filecon "/dev/loop-control" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/mcelognodedev.cil b/src/dev/nodedev/mcelognodedev.cil index 22e88e0..78f3396 100644 --- a/src/dev/nodedev/mcelognodedev.cil +++ b/src/dev/nodedev/mcelognodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block mcelog - (filecon "/dev/mcelog" char nodedev_context) + (filecon "/dev/mcelog" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/meinodedev.cil b/src/dev/nodedev/meinodedev.cil index e353179..cca51d0 100644 --- a/src/dev/nodedev/meinodedev.cil +++ b/src/dev/nodedev/meinodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block mei - (filecon "/dev/mei([0-9]+)?" char nodedev_context) + (filecon "/dev/mei([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/memnodedev.cil b/src/dev/nodedev/memnodedev.cil index 00290a3..f0cd387 100644 --- a/src/dev/nodedev/memnodedev.cil +++ b/src/dev/nodedev/memnodedev.cil @@ -1,48 +1,48 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block mem - (filecon "/dev/mem" char nodedev_context) - (filecon "/dev/port" char nodedev_context) + (filecon "/dev/mem" char nodedev_context) + (filecon "/dev/port" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .nodedev.exception.type (nodedev)) + (call .nodedev.exception.type (nodedev)) - (block read + (block read - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute not_typeattr) - (typeattribute typeattr) + (typeattribute not_typeattr) + (typeattribute typeattr) - (typeattributeset not_typeattr (not typeattr)) + (typeattributeset not_typeattr (not typeattr)) - (neverallow not_typeattr mem.nodedev (chr_file (read)))) + (neverallow not_typeattr mem.nodedev (chr_file (read)))) - (block readwrite + (block readwrite - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (call read.type (typeattr)) - (call write.type (typeattr))) + (call read.type (typeattr)) + (call write.type (typeattr))) - (block write + (block write - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute not_typeattr) - (typeattribute typeattr) + (typeattribute not_typeattr) + (typeattribute typeattr) - (typeattributeset not_typeattr (not typeattr)) + (typeattributeset not_typeattr (not typeattr)) - (neverallow not_typeattr mem.nodedev (chr_file (append write))))) + (neverallow not_typeattr mem.nodedev (chr_file (append write))))) (in nodedev.unconfined diff --git a/src/dev/nodedev/modemnodedev.cil b/src/dev/nodedev/modemnodedev.cil index d2b393e..8db5673 100644 --- a/src/dev/nodedev/modemnodedev.cil +++ b/src/dev/nodedev/modemnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block modem - (filecon "/dev/modem" char nodedev_context) + (filecon "/dev/modem" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/ndctlnodedev.cil b/src/dev/nodedev/ndctlnodedev.cil index 0b5fe55..d4f0a12 100644 --- a/src/dev/nodedev/ndctlnodedev.cil +++ b/src/dev/nodedev/ndctlnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block ndctl - (filecon "/dev/ndctl([0-9]+)?" char nodedev_context) + (filecon "/dev/ndctl([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/nullnodedev.cil b/src/dev/nodedev/nullnodedev.cil index 16b913e..85d6f4a 100644 --- a/src/dev/nodedev/nullnodedev.cil +++ b/src/dev/nodedev/nullnodedev.cil @@ -1,13 +1,13 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (sidcontext devnull (sys.id sys.role null.nodedev sys.lowlow)) (block null - (filecon "/dev/full" char nodedev_context) - (filecon "/dev/null" char nodedev_context) + (filecon "/dev/full" char nodedev_context) + (filecon "/dev/null" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/nvramnodedev.cil b/src/dev/nodedev/nvramnodedev.cil index a4fb697..e5fde4b 100644 --- a/src/dev/nodedev/nvramnodedev.cil +++ b/src/dev/nodedev/nvramnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block nvram - (filecon "/dev/nvram" char nodedev_context) + (filecon "/dev/nvram" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/pmunodedev.cil b/src/dev/nodedev/pmunodedev.cil index 150cc2e..4758d61 100644 --- a/src/dev/nodedev/pmunodedev.cil +++ b/src/dev/nodedev/pmunodedev.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block pmu - (filecon "/dev/pmu" char nodedev_context) - (filecon "/dev/smu" char nodedev_context) + (filecon "/dev/pmu" char nodedev_context) + (filecon "/dev/smu" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/pppnodedev.cil b/src/dev/nodedev/pppnodedev.cil index 740151a..f911e88 100644 --- a/src/dev/nodedev/pppnodedev.cil +++ b/src/dev/nodedev/pppnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block ppp - (filecon "/dev/ppp" char nodedev_context) + (filecon "/dev/ppp" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/printernodedev.cil b/src/dev/nodedev/printernodedev.cil index 4c189a6..db1d9cd 100644 --- a/src/dev/nodedev/printernodedev.cil +++ b/src/dev/nodedev/printernodedev.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block printer - (filecon "/dev/lp([0-9]+)?" char nodedev_context) - (filecon "/dev/parport([0-9]+)?" char nodedev_context) + (filecon "/dev/lp([0-9]+)?" char nodedev_context) + (filecon "/dev/parport([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/ptmxnodedev.cil b/src/dev/nodedev/ptmxnodedev.cil index a9a9266..1c5ec3d 100644 --- a/src/dev/nodedev/ptmxnodedev.cil +++ b/src/dev/nodedev/ptmxnodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block ptmx - (filecon "/dev/ptmx" char nodedev_context) + (filecon "/dev/ptmx" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/qosnodedev.cil b/src/dev/nodedev/qosnodedev.cil index 7aa14ed..383be27 100644 --- a/src/dev/nodedev/qosnodedev.cil +++ b/src/dev/nodedev/qosnodedev.cil @@ -1,11 +1,11 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block qos - (filecon "/dev/cpu_dma_latency" char nodedev_context) - (filecon "/dev/memory_bandwidth" char nodedev_context) - (filecon "/dev/network_latency" char nodedev_context) - (filecon "/dev/network_throughput" char nodedev_context) + (filecon "/dev/cpu_dma_latency" char nodedev_context) + (filecon "/dev/memory_bandwidth" char nodedev_context) + (filecon "/dev/network_latency" char nodedev_context) + (filecon "/dev/network_throughput" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/randomnodedev.cil b/src/dev/nodedev/randomnodedev.cil index 7e5c931..3025b7e 100644 --- a/src/dev/nodedev/randomnodedev.cil +++ b/src/dev/nodedev/randomnodedev.cil @@ -1,11 +1,11 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block random - (filecon "/dev/random" char nodedev_context) - (filecon "/dev/urandom" char nodedev_context) + (filecon "/dev/random" char nodedev_context) + (filecon "/dev/urandom" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/rfkillnodedev.cil b/src/dev/nodedev/rfkillnodedev.cil index dfc6076..50236fa 100644 --- a/src/dev/nodedev/rfkillnodedev.cil +++ b/src/dev/nodedev/rfkillnodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block rfkill - (filecon "/dev/rfkill" char nodedev_context) + (filecon "/dev/rfkill" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/sndnodedev.cil b/src/dev/nodedev/sndnodedev.cil index a9d21c4..056ad32 100644 --- a/src/dev/nodedev/sndnodedev.cil +++ b/src/dev/nodedev/sndnodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block snd - (filecon "/dev/snd/.+" char nodedev_context) + (filecon "/dev/snd/.+" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/tpmnodedev.cil b/src/dev/nodedev/tpmnodedev.cil index 9507b9f..1d7e1f5 100644 --- a/src/dev/nodedev/tpmnodedev.cil +++ b/src/dev/nodedev/tpmnodedev.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block tpm - (filecon "/dev/tpm([0-9]+)?" char nodedev_context) - (filecon "/dev/tpmrm([0-9]+)?" char nodedev_context) + (filecon "/dev/tpm([0-9]+)?" char nodedev_context) + (filecon "/dev/tpmrm([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/ttynodedev.cil b/src/dev/nodedev/ttynodedev.cil index f93ea9c..b027817 100644 --- a/src/dev/nodedev/ttynodedev.cil +++ b/src/dev/nodedev/ttynodedev.cil @@ -1,19 +1,19 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block tty - (filecon "/dev/tty" char nodedev_context) + (filecon "/dev/tty" char nodedev_context) - (macro tioclinux_nodedev_chr_files ((type ARG1)) - (allowx ARG1 nodedev TIOCLINUX)) + (macro tioclinux_nodedev_chr_files ((type ARG1)) + (allowx ARG1 nodedev TIOCLINUX)) - (macro tiocsti_nodedev_chr_files ((type ARG1)) - (allowx ARG1 nodedev TIOCSTI)) + (macro tiocsti_nodedev_chr_files ((type ARG1)) + (allowx ARG1 nodedev TIOCSTI)) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) ;; TIOCLINUX, subcode=TIOCL_GETMOUSEREPORTING (in after tty.append_nodedev_chr_files diff --git a/src/dev/nodedev/tuntapnodedev.cil b/src/dev/nodedev/tuntapnodedev.cil index a0dbdd2..ff79007 100644 --- a/src/dev/nodedev/tuntapnodedev.cil +++ b/src/dev/nodedev/tuntapnodedev.cil @@ -1,11 +1,11 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block tuntap - (filecon "/dev/net/tun" char nodedev_context) - (filecon "/dev/tap([0-9]+)?" char nodedev_context) + (filecon "/dev/net/tun" char nodedev_context) + (filecon "/dev/tap([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/udmabufnodedev.cil b/src/dev/nodedev/udmabufnodedev.cil index 097d3c1..4117bab 100644 --- a/src/dev/nodedev/udmabufnodedev.cil +++ b/src/dev/nodedev/udmabufnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block udmabuf - (filecon "/dev/udmabuf" char nodedev_context) + (filecon "/dev/udmabuf" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/uffdnodedev.cil b/src/dev/nodedev/uffdnodedev.cil index a172e7e..88b8a84 100644 --- a/src/dev/nodedev/uffdnodedev.cil +++ b/src/dev/nodedev/uffdnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in uffd - (filecon "/dev/userfaultfd" char nodedev_context) + (filecon "/dev/userfaultfd" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/uhidnodedev.cil b/src/dev/nodedev/uhidnodedev.cil index d5e9de9..846ef4a 100644 --- a/src/dev/nodedev/uhidnodedev.cil +++ b/src/dev/nodedev/uhidnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block uhid - (filecon "/dev/uhid" char nodedev_context) + (filecon "/dev/uhid" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/uinputnodedev.cil b/src/dev/nodedev/uinputnodedev.cil index 2961ef4..5247516 100644 --- a/src/dev/nodedev/uinputnodedev.cil +++ b/src/dev/nodedev/uinputnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block uinput - (filecon "/dev/uinput" char nodedev_context) + (filecon "/dev/uinput" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/uionodedev.cil b/src/dev/nodedev/uionodedev.cil index e4db6f8..0a9e527 100644 --- a/src/dev/nodedev/uionodedev.cil +++ b/src/dev/nodedev/uionodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block uio - (filecon "/dev/uio[0-9]+" char nodedev_context) + (filecon "/dev/uio[0-9]+" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/usbmonnodedev.cil b/src/dev/nodedev/usbmonnodedev.cil index 4bb0fa5..e93f9d1 100644 --- a/src/dev/nodedev/usbmonnodedev.cil +++ b/src/dev/nodedev/usbmonnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block usbmon - (filecon "/dev/usbmon[0-9]+" char nodedev_context) + (filecon "/dev/usbmon[0-9]+" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/usbnodedev.cil b/src/dev/nodedev/usbnodedev.cil index b341a12..765fbcb 100644 --- a/src/dev/nodedev/usbnodedev.cil +++ b/src/dev/nodedev/usbnodedev.cil @@ -1,11 +1,11 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block usb - (filecon "/dev/bus/usb/.+" char nodedev_context) - (filecon "/dev/usb.+" char nodedev_context) + (filecon "/dev/bus/usb/.+" char nodedev_context) + (filecon "/dev/usb.+" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/v4lnodedev.cil b/src/dev/nodedev/v4lnodedev.cil index 3ae3eaf..a40af0d 100644 --- a/src/dev/nodedev/v4lnodedev.cil +++ b/src/dev/nodedev/v4lnodedev.cil @@ -1,11 +1,11 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block v4l - (filecon "/dev/media([0-9]+)?" char nodedev_context) - (filecon "/dev/video([0-9]+)?" char nodedev_context) + (filecon "/dev/media([0-9]+)?" char nodedev_context) + (filecon "/dev/video([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/vfionodedev.cil b/src/dev/nodedev/vfionodedev.cil index f554d63..111f25b 100644 --- a/src/dev/nodedev/vfionodedev.cil +++ b/src/dev/nodedev/vfionodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block vfio - (filecon "/dev/vfio/.+" char nodedev_context) + (filecon "/dev/vfio/.+" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/vgaarbiternodedev.cil b/src/dev/nodedev/vgaarbiternodedev.cil index 3649a85..487ab3d 100644 --- a/src/dev/nodedev/vgaarbiternodedev.cil +++ b/src/dev/nodedev/vgaarbiternodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block vgaarbiter - (filecon "/dev/vga_arbiter" char nodedev_context) + (filecon "/dev/vga_arbiter" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/vhostnodedev.cil b/src/dev/nodedev/vhostnodedev.cil index 002d32d..bb340cd 100644 --- a/src/dev/nodedev/vhostnodedev.cil +++ b/src/dev/nodedev/vhostnodedev.cil @@ -1,11 +1,11 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block vhost - (filecon "/dev/vhci" char nodedev_context) - (filecon "/dev/vhost-net" char nodedev_context) - (filecon "/dev/vhost-scsi" char nodedev_context) - (filecon "/dev/vhost-vsock" char nodedev_context) + (filecon "/dev/vhci" char nodedev_context) + (filecon "/dev/vhost-net" char nodedev_context) + (filecon "/dev/vhost-scsi" char nodedev_context) + (filecon "/dev/vhost-vsock" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/vmcinodedev.cil b/src/dev/nodedev/vmcinodedev.cil index ddbd28f..6d51386 100644 --- a/src/dev/nodedev/vmcinodedev.cil +++ b/src/dev/nodedev/vmcinodedev.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block vmci - (filecon "/dev/vmci" char nodedev_context) - (filecon "/dev/vsock" char nodedev_context) + (filecon "/dev/vmci" char nodedev_context) + (filecon "/dev/vsock" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/watchdognodedev.cil b/src/dev/nodedev/watchdognodedev.cil index 0644673..9492cc1 100644 --- a/src/dev/nodedev/watchdognodedev.cil +++ b/src/dev/nodedev/watchdognodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block watchdog - (filecon "/dev/watchdog([0-9]+)?" char nodedev_context) + (filecon "/dev/watchdog([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/zeronodedev.cil b/src/dev/nodedev/zeronodedev.cil index 2ba9fbd..14e958e 100644 --- a/src/dev/nodedev/zeronodedev.cil +++ b/src/dev/nodedev/zeronodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block zero - (filecon "/dev/zero" char nodedev_context) + (filecon "/dev/zero" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) |