diff options
Diffstat (limited to 'src/dev')
92 files changed, 703 insertions, 703 deletions
diff --git a/src/dev/nodedev.cil b/src/dev/nodedev.cil index 9f15845..831b79d 100644 --- a/src/dev/nodedev.cil +++ b/src/dev/nodedev.cil @@ -1,119 +1,119 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block nodedev - (macro mounton_all_chr_files ((type ARG1)) - (allow ARG1 typeattr mounton_chr_file)) + (macro mounton_all_chr_files ((type ARG1)) + (allow ARG1 typeattr mounton_chr_file)) - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_chr_files) + (blockinherit .file.all_macro_template_chr_files) - (call .dev.type (typeattr)) + (call .dev.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (context nodedev_context (.sys.id .sys.role nodedev .sys.lowlow)) + (context nodedev_context (.sys.id .sys.role nodedev .sys.lowlow)) - (type nodedev) - (call .nodedev.type (nodedev))) + (type nodedev) + (call .nodedev.type (nodedev))) - (block except + (block except - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (blockinherit file.all_macro_template_chr_files) + (blockinherit file.all_macro_template_chr_files) - (typeattribute typeattr) + (typeattribute typeattr) - (typeattributeset typeattr - (and nodedev.typeattr (not (exception.typeattr))))) + (typeattributeset typeattr + (and nodedev.typeattr (not (exception.typeattr))))) - (block exception + (block exception - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (call nodedev.type (typeattr)) + (call nodedev.type (typeattr)) - (call .dev.exception.type (typeattr))) + (call .dev.exception.type (typeattr))) - (block macro_template_chr_files + (block macro_template_chr_files - (blockabstract macro_template_chr_files) + (blockabstract macro_template_chr_files) - (macro append_nodedev_chr_files ((type ARG1)) - (allow ARG1 nodedev append_chr_file)) + (macro append_nodedev_chr_files ((type ARG1)) + (allow ARG1 nodedev append_chr_file)) - (macro appendinherited_nodedev_chr_files ((type ARG1)) - (allow ARG1 nodedev appendinherited_chr_file)) + (macro appendinherited_nodedev_chr_files ((type ARG1)) + (allow ARG1 nodedev appendinherited_chr_file)) - (macro create_nodedev_chr_files ((type ARG1)) - (allow ARG1 nodedev create_chr_file)) + (macro create_nodedev_chr_files ((type ARG1)) + (allow ARG1 nodedev create_chr_file)) - (macro delete_nodedev_chr_files ((type ARG1)) - (allow ARG1 nodedev delete_chr_file)) + (macro delete_nodedev_chr_files ((type ARG1)) + (allow ARG1 nodedev delete_chr_file)) - (macro manage_nodedev_chr_files ((type ARG1)) - (allow ARG1 nodedev manage_chr_file)) + (macro manage_nodedev_chr_files ((type ARG1)) + (allow ARG1 nodedev manage_chr_file)) - (macro mapexecute_nodedev_chr_files ((type ARG1)) - (allow ARG1 nodedev mapexecute_chr_file)) + (macro mapexecute_nodedev_chr_files ((type ARG1)) + (allow ARG1 nodedev mapexecute_chr_file)) - (macro read_nodedev_chr_files ((type ARG1)) - (allow ARG1 nodedev read_chr_file)) + (macro read_nodedev_chr_files ((type ARG1)) + (allow ARG1 nodedev read_chr_file)) - (macro readinherited_nodedev_chr_files ((type ARG1)) - (allow ARG1 nodedev readinherited_chr_file)) + (macro readinherited_nodedev_chr_files ((type ARG1)) + (allow ARG1 nodedev readinherited_chr_file)) - (macro readwrite_nodedev_chr_files ((type ARG1)) - (allow ARG1 nodedev readwrite_chr_file)) + (macro readwrite_nodedev_chr_files ((type ARG1)) + (allow ARG1 nodedev readwrite_chr_file)) - (macro readwriteinherited_nodedev_chr_files ((type ARG1)) - (allow ARG1 nodedev readwriteinherited_chr_file)) + (macro readwriteinherited_nodedev_chr_files ((type ARG1)) + (allow ARG1 nodedev readwriteinherited_chr_file)) - (macro relabel_nodedev_chr_files ((type ARG1)) - (allow ARG1 nodedev relabel_chr_file)) + (macro relabel_nodedev_chr_files ((type ARG1)) + (allow ARG1 nodedev relabel_chr_file)) - (macro relabelfrom_nodedev_chr_files ((type ARG1)) - (allow ARG1 nodedev relabelfrom_chr_file)) + (macro relabelfrom_nodedev_chr_files ((type ARG1)) + (allow ARG1 nodedev relabelfrom_chr_file)) - (macro relabelto_nodedev_chr_files ((type ARG1)) - (allow ARG1 nodedev relabelto_chr_file)) + (macro relabelto_nodedev_chr_files ((type ARG1)) + (allow ARG1 nodedev relabelto_chr_file)) - (macro rename_nodedev_chr_files ((type ARG1)) - (allow ARG1 nodedev rename_chr_file)) + (macro rename_nodedev_chr_files ((type ARG1)) + (allow ARG1 nodedev rename_chr_file)) - (macro write_nodedev_chr_files ((type ARG1)) - (allow ARG1 nodedev write_chr_file)) + (macro write_nodedev_chr_files ((type ARG1)) + (allow ARG1 nodedev write_chr_file)) - (macro writeinherited_nodedev_chr_files ((type ARG1)) - (allow ARG1 nodedev writeinherited_chr_file))) + (macro writeinherited_nodedev_chr_files ((type ARG1)) + (allow ARG1 nodedev writeinherited_chr_file))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .nodedev.base_template) - (blockinherit .nodedev.macro_template_chr_files)) + (blockinherit .nodedev.base_template) + (blockinherit .nodedev.macro_template_chr_files)) - (block unconfined + (block unconfined - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (allow typeattr nodedev.typeattr (chr_file (not (audit_access execmod)))))) + (allow typeattr nodedev.typeattr (chr_file (not (audit_access execmod)))))) (in dev.unconfined diff --git a/src/dev/nodedev/apmnodedev.cil b/src/dev/nodedev/apmnodedev.cil index fe00665..8a42c43 100644 --- a/src/dev/nodedev/apmnodedev.cil +++ b/src/dev/nodedev/apmnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block apm - (filecon "/dev/snapshot" char nodedev_context) + (filecon "/dev/snapshot" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/autofsnodedev.cil b/src/dev/nodedev/autofsnodedev.cil index 7ade530..fa4f94d 100644 --- a/src/dev/nodedev/autofsnodedev.cil +++ b/src/dev/nodedev/autofsnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block autofs - (filecon "/dev/autofs" char nodedev_context) + (filecon "/dev/autofs" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/btrfscontrolnodedev.cil b/src/dev/nodedev/btrfscontrolnodedev.cil index 5b2c703..815ce29 100644 --- a/src/dev/nodedev/btrfscontrolnodedev.cil +++ b/src/dev/nodedev/btrfscontrolnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block btrfscontrol - (filecon "/dev/btrfs-control" char nodedev_context) + (filecon "/dev/btrfs-control" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/cachefilesnodedev.cil b/src/dev/nodedev/cachefilesnodedev.cil index 2279143..3487d92 100644 --- a/src/dev/nodedev/cachefilesnodedev.cil +++ b/src/dev/nodedev/cachefilesnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block cachefiles - (filecon "/dev/cachefiles" char nodedev_context) + (filecon "/dev/cachefiles" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/cdcwdmnodedev.cil b/src/dev/nodedev/cdcwdmnodedev.cil index d48537e..faf0ad4 100644 --- a/src/dev/nodedev/cdcwdmnodedev.cil +++ b/src/dev/nodedev/cdcwdmnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block cdcwdm - (filecon "/dev/cdc-wdm([0-9]+)?" char nodedev_context) + (filecon "/dev/cdc-wdm([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/clocknodedev.cil b/src/dev/nodedev/clocknodedev.cil index 07a27cb..32a2125 100644 --- a/src/dev/nodedev/clocknodedev.cil +++ b/src/dev/nodedev/clocknodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block clock - (filecon "/dev/hpet" char nodedev_context) - (filecon "/dev/ptp([0-9]+)?" char nodedev_context) - (filecon "/dev/rtc([0-9]+)?" char nodedev_context) + (filecon "/dev/hpet" char nodedev_context) + (filecon "/dev/ptp([0-9]+)?" char nodedev_context) + (filecon "/dev/rtc([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/cpunodedev.cil b/src/dev/nodedev/cpunodedev.cil index 7da4970..5dc3b80 100644 --- a/src/dev/nodedev/cpunodedev.cil +++ b/src/dev/nodedev/cpunodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block cpu - (filecon "/dev/cpu/.+" char nodedev_context) + (filecon "/dev/cpu/.+" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/crashnodedev.cil b/src/dev/nodedev/crashnodedev.cil index 34a80bc..2c01e95 100644 --- a/src/dev/nodedev/crashnodedev.cil +++ b/src/dev/nodedev/crashnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block crash - (filecon "/dev/crash" char nodedev_context) + (filecon "/dev/crash" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/cusenodedev.cil b/src/dev/nodedev/cusenodedev.cil index 6003d5a..e982d2a 100644 --- a/src/dev/nodedev/cusenodedev.cil +++ b/src/dev/nodedev/cusenodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block cuse - (filecon "/dev/cuse" char nodedev_context) + (filecon "/dev/cuse" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/dmaheapnodedev.cil b/src/dev/nodedev/dmaheapnodedev.cil index bc81698..8bc9082 100644 --- a/src/dev/nodedev/dmaheapnodedev.cil +++ b/src/dev/nodedev/dmaheapnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block dmaheap - (filecon "/dev/dma_heap/.*" char nodedev_context) + (filecon "/dev/dma_heap/.*" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/dmcontrolnodedev.cil b/src/dev/nodedev/dmcontrolnodedev.cil index 6250540..13bd86b 100644 --- a/src/dev/nodedev/dmcontrolnodedev.cil +++ b/src/dev/nodedev/dmcontrolnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block dmcontrol - (filecon "/dev/mapper/control" char nodedev_context) + (filecon "/dev/mapper/control" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/drinodedev.cil b/src/dev/nodedev/drinodedev.cil index 8087d00..0fdafdf 100644 --- a/src/dev/nodedev/drinodedev.cil +++ b/src/dev/nodedev/drinodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block dri - (filecon "/dev/dri/.+" char nodedev_context) + (filecon "/dev/dri/.+" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/drmdpauxnodedev.cil b/src/dev/nodedev/drmdpauxnodedev.cil index 95b5770..a6776a3 100644 --- a/src/dev/nodedev/drmdpauxnodedev.cil +++ b/src/dev/nodedev/drmdpauxnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block drmdpaux - (filecon "/dev/drm_dp_aux[0-9]+" char nodedev_context) + (filecon "/dev/drm_dp_aux[0-9]+" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/eventnodedev.cil b/src/dev/nodedev/eventnodedev.cil index 33aaf98..45c607c 100644 --- a/src/dev/nodedev/eventnodedev.cil +++ b/src/dev/nodedev/eventnodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block event - (filecon "/dev/input/event([0-9]+)?" char nodedev_context) + (filecon "/dev/input/event([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/fbnodedev.cil b/src/dev/nodedev/fbnodedev.cil index b166b94..4f3cbae 100644 --- a/src/dev/nodedev/fbnodedev.cil +++ b/src/dev/nodedev/fbnodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block fb - (filecon "/dev/fb([0-9]+)?" char nodedev_context) + (filecon "/dev/fb([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/gpionodedev.cil b/src/dev/nodedev/gpionodedev.cil index 0dff783..e4c8141 100644 --- a/src/dev/nodedev/gpionodedev.cil +++ b/src/dev/nodedev/gpionodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block gpio - (filecon "/dev/gpiochip([0-9]+)?" char nodedev_context) + (filecon "/dev/gpiochip([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/hiddevnodedev.cil b/src/dev/nodedev/hiddevnodedev.cil index d694f2d..3caa674 100644 --- a/src/dev/nodedev/hiddevnodedev.cil +++ b/src/dev/nodedev/hiddevnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block hiddev - (filecon "/dev/hiddev[0-9]+" char nodedev_context) + (filecon "/dev/hiddev[0-9]+" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/hidrawnodedev.cil b/src/dev/nodedev/hidrawnodedev.cil index a745fe4..ca52c95 100644 --- a/src/dev/nodedev/hidrawnodedev.cil +++ b/src/dev/nodedev/hidrawnodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block hidraw - (filecon "/dev/hidraw[0-9]+" char nodedev_context) + (filecon "/dev/hidraw[0-9]+" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/hwrngnodedev.cil b/src/dev/nodedev/hwrngnodedev.cil index 4bfca56..ec12816 100644 --- a/src/dev/nodedev/hwrngnodedev.cil +++ b/src/dev/nodedev/hwrngnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block hwrng - (filecon "/dev/hwrng" char nodedev_context) + (filecon "/dev/hwrng" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/i2cnodedev.cil b/src/dev/nodedev/i2cnodedev.cil index a961872..facc74c 100644 --- a/src/dev/nodedev/i2cnodedev.cil +++ b/src/dev/nodedev/i2cnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block i2c - (filecon "/dev/i2c-([0-9]+)?" char nodedev_context) + (filecon "/dev/i2c-([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/iionodedev.cil b/src/dev/nodedev/iionodedev.cil index f6341f3..68c184c 100644 --- a/src/dev/nodedev/iionodedev.cil +++ b/src/dev/nodedev/iionodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block iio - (filecon "/dev/iio:device([0-9]+)?" char nodedev_context) + (filecon "/dev/iio:device([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/infinibandnodedev.cil b/src/dev/nodedev/infinibandnodedev.cil index c490c59..2146287 100644 --- a/src/dev/nodedev/infinibandnodedev.cil +++ b/src/dev/nodedev/infinibandnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block infiniband - (filecon "/dev/infiniband/.+" char nodedev_context) + (filecon "/dev/infiniband/.+" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/inputnodedev.cil b/src/dev/nodedev/inputnodedev.cil index b764399..9da00af 100644 --- a/src/dev/nodedev/inputnodedev.cil +++ b/src/dev/nodedev/inputnodedev.cil @@ -1,13 +1,13 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block input - (filecon "/dev/input/js([0-9]+)?" char nodedev_context) - (filecon "/dev/input/mice" char nodedev_context) - (filecon "/dev/input/mouse([0-9]+)?" char nodedev_context) - (filecon "/dev/psaux" char nodedev_context) + (filecon "/dev/input/js([0-9]+)?" char nodedev_context) + (filecon "/dev/input/mice" char nodedev_context) + (filecon "/dev/input/mouse([0-9]+)?" char nodedev_context) + (filecon "/dev/psaux" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/ipminodedev.cil b/src/dev/nodedev/ipminodedev.cil index 8dca3dc..22eca5e 100644 --- a/src/dev/nodedev/ipminodedev.cil +++ b/src/dev/nodedev/ipminodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block ipmi - (filecon "/dev/ipmi[0-9]+" char nodedev_context) + (filecon "/dev/ipmi[0-9]+" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/kfdnodedev.cil b/src/dev/nodedev/kfdnodedev.cil index ad493ff..9a3b6db 100644 --- a/src/dev/nodedev/kfdnodedev.cil +++ b/src/dev/nodedev/kfdnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block kfd - (filecon "/dev/kfd" char nodedev_context) + (filecon "/dev/kfd" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/kmsgnodedev.cil b/src/dev/nodedev/kmsgnodedev.cil index cf1fde9..14acf6b 100644 --- a/src/dev/nodedev/kmsgnodedev.cil +++ b/src/dev/nodedev/kmsgnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block kmsg - (filecon "/dev/kmsg" char nodedev_context) + (filecon "/dev/kmsg" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/ksmnodedev.cil b/src/dev/nodedev/ksmnodedev.cil index 87b153c..dc9cb2d 100644 --- a/src/dev/nodedev/ksmnodedev.cil +++ b/src/dev/nodedev/ksmnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block ksm - (filecon "/dev/ksm" char nodedev_context) + (filecon "/dev/ksm" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/kvmnodedev.cil b/src/dev/nodedev/kvmnodedev.cil index 40d5f01..5c94761 100644 --- a/src/dev/nodedev/kvmnodedev.cil +++ b/src/dev/nodedev/kvmnodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block kvm - (filecon "/dev/kvm" char nodedev_context) + (filecon "/dev/kvm" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/lircnodedev.cil b/src/dev/nodedev/lircnodedev.cil index 3c6298c..7dd0175 100644 --- a/src/dev/nodedev/lircnodedev.cil +++ b/src/dev/nodedev/lircnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block lirc - (filecon "/dev/lirc[0-9]+" char nodedev_context) + (filecon "/dev/lirc[0-9]+" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/loopcontrolnodedev.cil b/src/dev/nodedev/loopcontrolnodedev.cil index 4a88ff7..36e7062 100644 --- a/src/dev/nodedev/loopcontrolnodedev.cil +++ b/src/dev/nodedev/loopcontrolnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block loopcontrol - (filecon "/dev/loop-control" char nodedev_context) + (filecon "/dev/loop-control" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/mcelognodedev.cil b/src/dev/nodedev/mcelognodedev.cil index 22e88e0..78f3396 100644 --- a/src/dev/nodedev/mcelognodedev.cil +++ b/src/dev/nodedev/mcelognodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block mcelog - (filecon "/dev/mcelog" char nodedev_context) + (filecon "/dev/mcelog" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/meinodedev.cil b/src/dev/nodedev/meinodedev.cil index e353179..cca51d0 100644 --- a/src/dev/nodedev/meinodedev.cil +++ b/src/dev/nodedev/meinodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block mei - (filecon "/dev/mei([0-9]+)?" char nodedev_context) + (filecon "/dev/mei([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/memnodedev.cil b/src/dev/nodedev/memnodedev.cil index 00290a3..f0cd387 100644 --- a/src/dev/nodedev/memnodedev.cil +++ b/src/dev/nodedev/memnodedev.cil @@ -1,48 +1,48 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block mem - (filecon "/dev/mem" char nodedev_context) - (filecon "/dev/port" char nodedev_context) + (filecon "/dev/mem" char nodedev_context) + (filecon "/dev/port" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .nodedev.exception.type (nodedev)) + (call .nodedev.exception.type (nodedev)) - (block read + (block read - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute not_typeattr) - (typeattribute typeattr) + (typeattribute not_typeattr) + (typeattribute typeattr) - (typeattributeset not_typeattr (not typeattr)) + (typeattributeset not_typeattr (not typeattr)) - (neverallow not_typeattr mem.nodedev (chr_file (read)))) + (neverallow not_typeattr mem.nodedev (chr_file (read)))) - (block readwrite + (block readwrite - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (call read.type (typeattr)) - (call write.type (typeattr))) + (call read.type (typeattr)) + (call write.type (typeattr))) - (block write + (block write - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute not_typeattr) - (typeattribute typeattr) + (typeattribute not_typeattr) + (typeattribute typeattr) - (typeattributeset not_typeattr (not typeattr)) + (typeattributeset not_typeattr (not typeattr)) - (neverallow not_typeattr mem.nodedev (chr_file (append write))))) + (neverallow not_typeattr mem.nodedev (chr_file (append write))))) (in nodedev.unconfined diff --git a/src/dev/nodedev/modemnodedev.cil b/src/dev/nodedev/modemnodedev.cil index d2b393e..8db5673 100644 --- a/src/dev/nodedev/modemnodedev.cil +++ b/src/dev/nodedev/modemnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block modem - (filecon "/dev/modem" char nodedev_context) + (filecon "/dev/modem" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/ndctlnodedev.cil b/src/dev/nodedev/ndctlnodedev.cil index 0b5fe55..d4f0a12 100644 --- a/src/dev/nodedev/ndctlnodedev.cil +++ b/src/dev/nodedev/ndctlnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block ndctl - (filecon "/dev/ndctl([0-9]+)?" char nodedev_context) + (filecon "/dev/ndctl([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/nullnodedev.cil b/src/dev/nodedev/nullnodedev.cil index 16b913e..85d6f4a 100644 --- a/src/dev/nodedev/nullnodedev.cil +++ b/src/dev/nodedev/nullnodedev.cil @@ -1,13 +1,13 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (sidcontext devnull (sys.id sys.role null.nodedev sys.lowlow)) (block null - (filecon "/dev/full" char nodedev_context) - (filecon "/dev/null" char nodedev_context) + (filecon "/dev/full" char nodedev_context) + (filecon "/dev/null" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/nvramnodedev.cil b/src/dev/nodedev/nvramnodedev.cil index a4fb697..e5fde4b 100644 --- a/src/dev/nodedev/nvramnodedev.cil +++ b/src/dev/nodedev/nvramnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block nvram - (filecon "/dev/nvram" char nodedev_context) + (filecon "/dev/nvram" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/pmunodedev.cil b/src/dev/nodedev/pmunodedev.cil index 150cc2e..4758d61 100644 --- a/src/dev/nodedev/pmunodedev.cil +++ b/src/dev/nodedev/pmunodedev.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block pmu - (filecon "/dev/pmu" char nodedev_context) - (filecon "/dev/smu" char nodedev_context) + (filecon "/dev/pmu" char nodedev_context) + (filecon "/dev/smu" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/pppnodedev.cil b/src/dev/nodedev/pppnodedev.cil index 740151a..f911e88 100644 --- a/src/dev/nodedev/pppnodedev.cil +++ b/src/dev/nodedev/pppnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block ppp - (filecon "/dev/ppp" char nodedev_context) + (filecon "/dev/ppp" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/printernodedev.cil b/src/dev/nodedev/printernodedev.cil index 4c189a6..db1d9cd 100644 --- a/src/dev/nodedev/printernodedev.cil +++ b/src/dev/nodedev/printernodedev.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block printer - (filecon "/dev/lp([0-9]+)?" char nodedev_context) - (filecon "/dev/parport([0-9]+)?" char nodedev_context) + (filecon "/dev/lp([0-9]+)?" char nodedev_context) + (filecon "/dev/parport([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/ptmxnodedev.cil b/src/dev/nodedev/ptmxnodedev.cil index a9a9266..1c5ec3d 100644 --- a/src/dev/nodedev/ptmxnodedev.cil +++ b/src/dev/nodedev/ptmxnodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block ptmx - (filecon "/dev/ptmx" char nodedev_context) + (filecon "/dev/ptmx" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/qosnodedev.cil b/src/dev/nodedev/qosnodedev.cil index 7aa14ed..383be27 100644 --- a/src/dev/nodedev/qosnodedev.cil +++ b/src/dev/nodedev/qosnodedev.cil @@ -1,11 +1,11 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block qos - (filecon "/dev/cpu_dma_latency" char nodedev_context) - (filecon "/dev/memory_bandwidth" char nodedev_context) - (filecon "/dev/network_latency" char nodedev_context) - (filecon "/dev/network_throughput" char nodedev_context) + (filecon "/dev/cpu_dma_latency" char nodedev_context) + (filecon "/dev/memory_bandwidth" char nodedev_context) + (filecon "/dev/network_latency" char nodedev_context) + (filecon "/dev/network_throughput" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/randomnodedev.cil b/src/dev/nodedev/randomnodedev.cil index 7e5c931..3025b7e 100644 --- a/src/dev/nodedev/randomnodedev.cil +++ b/src/dev/nodedev/randomnodedev.cil @@ -1,11 +1,11 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block random - (filecon "/dev/random" char nodedev_context) - (filecon "/dev/urandom" char nodedev_context) + (filecon "/dev/random" char nodedev_context) + (filecon "/dev/urandom" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/rfkillnodedev.cil b/src/dev/nodedev/rfkillnodedev.cil index dfc6076..50236fa 100644 --- a/src/dev/nodedev/rfkillnodedev.cil +++ b/src/dev/nodedev/rfkillnodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block rfkill - (filecon "/dev/rfkill" char nodedev_context) + (filecon "/dev/rfkill" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/sndnodedev.cil b/src/dev/nodedev/sndnodedev.cil index a9d21c4..056ad32 100644 --- a/src/dev/nodedev/sndnodedev.cil +++ b/src/dev/nodedev/sndnodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block snd - (filecon "/dev/snd/.+" char nodedev_context) + (filecon "/dev/snd/.+" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/tpmnodedev.cil b/src/dev/nodedev/tpmnodedev.cil index 9507b9f..1d7e1f5 100644 --- a/src/dev/nodedev/tpmnodedev.cil +++ b/src/dev/nodedev/tpmnodedev.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block tpm - (filecon "/dev/tpm([0-9]+)?" char nodedev_context) - (filecon "/dev/tpmrm([0-9]+)?" char nodedev_context) + (filecon "/dev/tpm([0-9]+)?" char nodedev_context) + (filecon "/dev/tpmrm([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/ttynodedev.cil b/src/dev/nodedev/ttynodedev.cil index f93ea9c..b027817 100644 --- a/src/dev/nodedev/ttynodedev.cil +++ b/src/dev/nodedev/ttynodedev.cil @@ -1,19 +1,19 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block tty - (filecon "/dev/tty" char nodedev_context) + (filecon "/dev/tty" char nodedev_context) - (macro tioclinux_nodedev_chr_files ((type ARG1)) - (allowx ARG1 nodedev TIOCLINUX)) + (macro tioclinux_nodedev_chr_files ((type ARG1)) + (allowx ARG1 nodedev TIOCLINUX)) - (macro tiocsti_nodedev_chr_files ((type ARG1)) - (allowx ARG1 nodedev TIOCSTI)) + (macro tiocsti_nodedev_chr_files ((type ARG1)) + (allowx ARG1 nodedev TIOCSTI)) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) ;; TIOCLINUX, subcode=TIOCL_GETMOUSEREPORTING (in after tty.append_nodedev_chr_files diff --git a/src/dev/nodedev/tuntapnodedev.cil b/src/dev/nodedev/tuntapnodedev.cil index a0dbdd2..ff79007 100644 --- a/src/dev/nodedev/tuntapnodedev.cil +++ b/src/dev/nodedev/tuntapnodedev.cil @@ -1,11 +1,11 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block tuntap - (filecon "/dev/net/tun" char nodedev_context) - (filecon "/dev/tap([0-9]+)?" char nodedev_context) + (filecon "/dev/net/tun" char nodedev_context) + (filecon "/dev/tap([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/udmabufnodedev.cil b/src/dev/nodedev/udmabufnodedev.cil index 097d3c1..4117bab 100644 --- a/src/dev/nodedev/udmabufnodedev.cil +++ b/src/dev/nodedev/udmabufnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block udmabuf - (filecon "/dev/udmabuf" char nodedev_context) + (filecon "/dev/udmabuf" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/uffdnodedev.cil b/src/dev/nodedev/uffdnodedev.cil index a172e7e..88b8a84 100644 --- a/src/dev/nodedev/uffdnodedev.cil +++ b/src/dev/nodedev/uffdnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in uffd - (filecon "/dev/userfaultfd" char nodedev_context) + (filecon "/dev/userfaultfd" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/uhidnodedev.cil b/src/dev/nodedev/uhidnodedev.cil index d5e9de9..846ef4a 100644 --- a/src/dev/nodedev/uhidnodedev.cil +++ b/src/dev/nodedev/uhidnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block uhid - (filecon "/dev/uhid" char nodedev_context) + (filecon "/dev/uhid" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/uinputnodedev.cil b/src/dev/nodedev/uinputnodedev.cil index 2961ef4..5247516 100644 --- a/src/dev/nodedev/uinputnodedev.cil +++ b/src/dev/nodedev/uinputnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block uinput - (filecon "/dev/uinput" char nodedev_context) + (filecon "/dev/uinput" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/uionodedev.cil b/src/dev/nodedev/uionodedev.cil index e4db6f8..0a9e527 100644 --- a/src/dev/nodedev/uionodedev.cil +++ b/src/dev/nodedev/uionodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block uio - (filecon "/dev/uio[0-9]+" char nodedev_context) + (filecon "/dev/uio[0-9]+" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/usbmonnodedev.cil b/src/dev/nodedev/usbmonnodedev.cil index 4bb0fa5..e93f9d1 100644 --- a/src/dev/nodedev/usbmonnodedev.cil +++ b/src/dev/nodedev/usbmonnodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block usbmon - (filecon "/dev/usbmon[0-9]+" char nodedev_context) + (filecon "/dev/usbmon[0-9]+" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/usbnodedev.cil b/src/dev/nodedev/usbnodedev.cil index b341a12..765fbcb 100644 --- a/src/dev/nodedev/usbnodedev.cil +++ b/src/dev/nodedev/usbnodedev.cil @@ -1,11 +1,11 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block usb - (filecon "/dev/bus/usb/.+" char nodedev_context) - (filecon "/dev/usb.+" char nodedev_context) + (filecon "/dev/bus/usb/.+" char nodedev_context) + (filecon "/dev/usb.+" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/v4lnodedev.cil b/src/dev/nodedev/v4lnodedev.cil index 3ae3eaf..a40af0d 100644 --- a/src/dev/nodedev/v4lnodedev.cil +++ b/src/dev/nodedev/v4lnodedev.cil @@ -1,11 +1,11 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block v4l - (filecon "/dev/media([0-9]+)?" char nodedev_context) - (filecon "/dev/video([0-9]+)?" char nodedev_context) + (filecon "/dev/media([0-9]+)?" char nodedev_context) + (filecon "/dev/video([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/vfionodedev.cil b/src/dev/nodedev/vfionodedev.cil index f554d63..111f25b 100644 --- a/src/dev/nodedev/vfionodedev.cil +++ b/src/dev/nodedev/vfionodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block vfio - (filecon "/dev/vfio/.+" char nodedev_context) + (filecon "/dev/vfio/.+" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/nodedev/vgaarbiternodedev.cil b/src/dev/nodedev/vgaarbiternodedev.cil index 3649a85..487ab3d 100644 --- a/src/dev/nodedev/vgaarbiternodedev.cil +++ b/src/dev/nodedev/vgaarbiternodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block vgaarbiter - (filecon "/dev/vga_arbiter" char nodedev_context) + (filecon "/dev/vga_arbiter" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/vhostnodedev.cil b/src/dev/nodedev/vhostnodedev.cil index 002d32d..bb340cd 100644 --- a/src/dev/nodedev/vhostnodedev.cil +++ b/src/dev/nodedev/vhostnodedev.cil @@ -1,11 +1,11 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block vhost - (filecon "/dev/vhci" char nodedev_context) - (filecon "/dev/vhost-net" char nodedev_context) - (filecon "/dev/vhost-scsi" char nodedev_context) - (filecon "/dev/vhost-vsock" char nodedev_context) + (filecon "/dev/vhci" char nodedev_context) + (filecon "/dev/vhost-net" char nodedev_context) + (filecon "/dev/vhost-scsi" char nodedev_context) + (filecon "/dev/vhost-vsock" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/vmcinodedev.cil b/src/dev/nodedev/vmcinodedev.cil index ddbd28f..6d51386 100644 --- a/src/dev/nodedev/vmcinodedev.cil +++ b/src/dev/nodedev/vmcinodedev.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block vmci - (filecon "/dev/vmci" char nodedev_context) - (filecon "/dev/vsock" char nodedev_context) + (filecon "/dev/vmci" char nodedev_context) + (filecon "/dev/vsock" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/watchdognodedev.cil b/src/dev/nodedev/watchdognodedev.cil index 0644673..9492cc1 100644 --- a/src/dev/nodedev/watchdognodedev.cil +++ b/src/dev/nodedev/watchdognodedev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block watchdog - (filecon "/dev/watchdog([0-9]+)?" char nodedev_context) + (filecon "/dev/watchdog([0-9]+)?" char nodedev_context) - (blockinherit .nodedev.template)) + (blockinherit .nodedev.template)) diff --git a/src/dev/nodedev/zeronodedev.cil b/src/dev/nodedev/zeronodedev.cil index 2ba9fbd..14e958e 100644 --- a/src/dev/nodedev/zeronodedev.cil +++ b/src/dev/nodedev/zeronodedev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block zero - (filecon "/dev/zero" char nodedev_context) + (filecon "/dev/zero" char nodedev_context) - (blockinherit .nodedev.template) + (blockinherit .nodedev.template) - (call .rbacsep.exempt.obj.type (nodedev))) + (call .rbacsep.exempt.obj.type (nodedev))) diff --git a/src/dev/stordev.cil b/src/dev/stordev.cil index c395450..27eccd0 100644 --- a/src/dev/stordev.cil +++ b/src/dev/stordev.cil @@ -1,187 +1,187 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block stordev - (macro mounton_all_chr_files ((type ARG1)) - (allow ARG1 typeattr mounton_chr_file)) + (macro mounton_all_chr_files ((type ARG1)) + (allow ARG1 typeattr mounton_chr_file)) - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_blk_files) - (blockinherit .file.all_macro_template_chr_files) + (blockinherit .file.all_macro_template_blk_files) + (blockinherit .file.all_macro_template_chr_files) - (call .dev.exception.type (typeattr)) + (call .dev.exception.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (context stordev_context (.sys.id .sys.role stordev .sys.lowlow)) + (context stordev_context (.sys.id .sys.role stordev .sys.lowlow)) - (type stordev) - (call .stordev.type (stordev))) + (type stordev) + (call .stordev.type (stordev))) - (block macro_template_blk_files + (block macro_template_blk_files - (blockabstract macro_template_blk_files) + (blockabstract macro_template_blk_files) - (macro append_stordev_blk_files ((type ARG1)) - (allow ARG1 stordev append_blk_file)) + (macro append_stordev_blk_files ((type ARG1)) + (allow ARG1 stordev append_blk_file)) - (macro appendinherited_stordev_blk_files ((type ARG1)) - (allow ARG1 stordev appendinherited_blk_file)) + (macro appendinherited_stordev_blk_files ((type ARG1)) + (allow ARG1 stordev appendinherited_blk_file)) - (macro create_stordev_blk_files ((type ARG1)) - (allow ARG1 stordev create_blk_file)) + (macro create_stordev_blk_files ((type ARG1)) + (allow ARG1 stordev create_blk_file)) - (macro delete_stordev_blk_files ((type ARG1)) - (allow ARG1 stordev delete_blk_file)) + (macro delete_stordev_blk_files ((type ARG1)) + (allow ARG1 stordev delete_blk_file)) - (macro manage_stordev_blk_files ((type ARG1)) - (allow ARG1 stordev manage_blk_file)) + (macro manage_stordev_blk_files ((type ARG1)) + (allow ARG1 stordev manage_blk_file)) - (macro read_stordev_blk_files ((type ARG1)) - (allow ARG1 stordev read_blk_file)) + (macro read_stordev_blk_files ((type ARG1)) + (allow ARG1 stordev read_blk_file)) - (macro readinherited_stordev_blk_files ((type ARG1)) - (allow ARG1 stordev readinherited_blk_file)) + (macro readinherited_stordev_blk_files ((type ARG1)) + (allow ARG1 stordev readinherited_blk_file)) - (macro readwrite_stordev_blk_files ((type ARG1)) - (allow ARG1 stordev readwrite_blk_file)) + (macro readwrite_stordev_blk_files ((type ARG1)) + (allow ARG1 stordev readwrite_blk_file)) - (macro readwriteinherited_stordev_blk_files ((type ARG1)) - (allow ARG1 stordev readwriteinherited_blk_file)) + (macro readwriteinherited_stordev_blk_files ((type ARG1)) + (allow ARG1 stordev readwriteinherited_blk_file)) - (macro relabel_stordev_blk_files ((type ARG1)) - (allow ARG1 stordev relabel_blk_file)) + (macro relabel_stordev_blk_files ((type ARG1)) + (allow ARG1 stordev relabel_blk_file)) - (macro relabelfrom_stordev_blk_files ((type ARG1)) - (allow ARG1 stordev relabelfrom_blk_file)) + (macro relabelfrom_stordev_blk_files ((type ARG1)) + (allow ARG1 stordev relabelfrom_blk_file)) - (macro relabelto_stordev_blk_files ((type ARG1)) - (allow ARG1 stordev relabelto_blk_file)) + (macro relabelto_stordev_blk_files ((type ARG1)) + (allow ARG1 stordev relabelto_blk_file)) - (macro rename_stordev_blk_files ((type ARG1)) - (allow ARG1 stordev rename_blk_file)) + (macro rename_stordev_blk_files ((type ARG1)) + (allow ARG1 stordev rename_blk_file)) - (macro write_stordev_blk_files ((type ARG1)) - (allow ARG1 stordev write_blk_file)) + (macro write_stordev_blk_files ((type ARG1)) + (allow ARG1 stordev write_blk_file)) - (macro writeinherited_stordev_blk_files ((type ARG1)) - (allow ARG1 stordev writeinherited_blk_file))) + (macro writeinherited_stordev_blk_files ((type ARG1)) + (allow ARG1 stordev writeinherited_blk_file))) - (block macro_template_chr_files + (block macro_template_chr_files - (blockabstract macro_template_chr_files) + (blockabstract macro_template_chr_files) - (macro append_stordev_chr_files ((type ARG1)) - (allow ARG1 stordev append_chr_file)) + (macro append_stordev_chr_files ((type ARG1)) + (allow ARG1 stordev append_chr_file)) - (macro appendinherited_stordev_chr_files ((type ARG1)) - (allow ARG1 stordev appendinherited_chr_file)) + (macro appendinherited_stordev_chr_files ((type ARG1)) + (allow ARG1 stordev appendinherited_chr_file)) - (macro create_stordev_chr_files ((type ARG1)) - (allow ARG1 stordev create_chr_file)) + (macro create_stordev_chr_files ((type ARG1)) + (allow ARG1 stordev create_chr_file)) - (macro delete_stordev_chr_files ((type ARG1)) - (allow ARG1 stordev delete_chr_file)) + (macro delete_stordev_chr_files ((type ARG1)) + (allow ARG1 stordev delete_chr_file)) - (macro manage_stordev_chr_files ((type ARG1)) - (allow ARG1 stordev manage_chr_file)) + (macro manage_stordev_chr_files ((type ARG1)) + (allow ARG1 stordev manage_chr_file)) - (macro mapexecute_stordev_chr_files ((type ARG1)) - (allow ARG1 stordev mapexecute_chr_file)) + (macro mapexecute_stordev_chr_files ((type ARG1)) + (allow ARG1 stordev mapexecute_chr_file)) - (macro read_stordev_chr_files ((type ARG1)) - (allow ARG1 stordev read_chr_file)) + (macro read_stordev_chr_files ((type ARG1)) + (allow ARG1 stordev read_chr_file)) - (macro readinherited_stordev_chr_files ((type ARG1)) - (allow ARG1 stordev readinherited_chr_file)) + (macro readinherited_stordev_chr_files ((type ARG1)) + (allow ARG1 stordev readinherited_chr_file)) - (macro readwrite_stordev_chr_files ((type ARG1)) - (allow ARG1 stordev readwrite_chr_file)) + (macro readwrite_stordev_chr_files ((type ARG1)) + (allow ARG1 stordev readwrite_chr_file)) - (macro readwriteinherited_stordev_chr_files ((type ARG1)) - (allow ARG1 stordev readwriteinherited_chr_file)) + (macro readwriteinherited_stordev_chr_files ((type ARG1)) + (allow ARG1 stordev readwriteinherited_chr_file)) - (macro relabel_stordev_chr_files ((type ARG1)) - (allow ARG1 stordev relabel_chr_file)) + (macro relabel_stordev_chr_files ((type ARG1)) + (allow ARG1 stordev relabel_chr_file)) - (macro relabelfrom_stordev_chr_files ((type ARG1)) - (allow ARG1 stordev relabelfrom_chr_file)) + (macro relabelfrom_stordev_chr_files ((type ARG1)) + (allow ARG1 stordev relabelfrom_chr_file)) - (macro relabelto_stordev_chr_files ((type ARG1)) - (allow ARG1 stordev relabelto_chr_file)) + (macro relabelto_stordev_chr_files ((type ARG1)) + (allow ARG1 stordev relabelto_chr_file)) - (macro rename_stordev_chr_files ((type ARG1)) - (allow ARG1 stordev rename_chr_file)) + (macro rename_stordev_chr_files ((type ARG1)) + (allow ARG1 stordev rename_chr_file)) - (macro write_stordev_chr_files ((type ARG1)) - (allow ARG1 stordev write_chr_file)) + (macro write_stordev_chr_files ((type ARG1)) + (allow ARG1 stordev write_chr_file)) - (macro writeinherited_stordev_chr_files ((type ARG1)) - (allow ARG1 stordev writeinherited_chr_file))) + (macro writeinherited_stordev_chr_files ((type ARG1)) + (allow ARG1 stordev writeinherited_chr_file))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .stordev.base_template) - (blockinherit .stordev.macro_template_blk_files) - (blockinherit .stordev.macro_template_chr_files)) + (blockinherit .stordev.base_template) + (blockinherit .stordev.macro_template_blk_files) + (blockinherit .stordev.macro_template_chr_files)) - (block read + (block read - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute not_typeattr) - (typeattribute typeattr) + (typeattribute not_typeattr) + (typeattribute typeattr) - (typeattributeset not_typeattr (not typeattr)) + (typeattributeset not_typeattr (not typeattr)) - (neverallow not_typeattr stordev.typeattr (blk_file (read))) - (neverallow not_typeattr stordev.typeattr (chr_file (read)))) + (neverallow not_typeattr stordev.typeattr (blk_file (read))) + (neverallow not_typeattr stordev.typeattr (chr_file (read)))) - (block readwrite + (block readwrite - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (call read.type (typeattr)) - (call write.type (typeattr))) + (call read.type (typeattr)) + (call write.type (typeattr))) - (block unconfined + (block unconfined - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (allow typeattr stordev.typeattr - (blk_file (not (audit_access execmod map)))) - (allow typeattr stordev.typeattr (chr_file (not (audit_access execmod)))) + (allow typeattr stordev.typeattr + (blk_file (not (audit_access execmod map)))) + (allow typeattr stordev.typeattr (chr_file (not (audit_access execmod)))) - (call readwrite.type (typeattr))) + (call readwrite.type (typeattr))) - (block write + (block write - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute not_typeattr) - (typeattribute typeattr) + (typeattribute not_typeattr) + (typeattribute typeattr) - (typeattributeset not_typeattr (not typeattr)) + (typeattributeset not_typeattr (not typeattr)) - (neverallow not_typeattr stordev.typeattr (blk_file (append write))) - (neverallow not_typeattr stordev.typeattr (chr_file (append write))))) + (neverallow not_typeattr stordev.typeattr (blk_file (append write))) + (neverallow not_typeattr stordev.typeattr (chr_file (append write))))) (in dev.unconfined diff --git a/src/dev/stordev/dmstordev.cil b/src/dev/stordev/dmstordev.cil index 96c8e7b..1b86a0b 100644 --- a/src/dev/stordev/dmstordev.cil +++ b/src/dev/stordev/dmstordev.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block dm - (filecon "/dev/dm-[0-9]+" block stordev_context) + (filecon "/dev/dm-[0-9]+" block stordev_context) - (blockinherit .stordev.base_template) - (blockinherit .stordev.macro_template_blk_files)) + (blockinherit .stordev.base_template) + (blockinherit .stordev.macro_template_blk_files)) diff --git a/src/dev/stordev/fusestordev.cil b/src/dev/stordev/fusestordev.cil index d912075..2430c62 100644 --- a/src/dev/stordev/fusestordev.cil +++ b/src/dev/stordev/fusestordev.cil @@ -1,11 +1,11 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block fuse - (filecon "/dev/fuse" char stordev_context) + (filecon "/dev/fuse" char stordev_context) - (blockinherit .stordev.base_template) - (blockinherit .stordev.macro_template_chr_files) + (blockinherit .stordev.base_template) + (blockinherit .stordev.macro_template_chr_files) - (call .rbacsep.exempt.obj.type (stordev))) + (call .rbacsep.exempt.obj.type (stordev))) diff --git a/src/dev/stordev/hdstordev.cil b/src/dev/stordev/hdstordev.cil index 5e52008..6ba3a16 100644 --- a/src/dev/stordev/hdstordev.cil +++ b/src/dev/stordev/hdstordev.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block hd - (filecon "/dev/hd[^/]+" block stordev_context) + (filecon "/dev/hd[^/]+" block stordev_context) - (blockinherit .stordev.base_template) - (blockinherit .stordev.macro_template_blk_files)) + (blockinherit .stordev.base_template) + (blockinherit .stordev.macro_template_blk_files)) diff --git a/src/dev/stordev/loopstordev.cil b/src/dev/stordev/loopstordev.cil index 4b09f56..227fdc0 100644 --- a/src/dev/stordev/loopstordev.cil +++ b/src/dev/stordev/loopstordev.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block loop - (filecon "/dev/loop.+" block stordev_context) + (filecon "/dev/loop.+" block stordev_context) - (blockinherit .stordev.base_template) - (blockinherit .stordev.macro_template_blk_files)) + (blockinherit .stordev.base_template) + (blockinherit .stordev.macro_template_blk_files)) diff --git a/src/dev/stordev/mdstordev.cil b/src/dev/stordev/mdstordev.cil index ece93a3..d1fc966 100644 --- a/src/dev/stordev/mdstordev.cil +++ b/src/dev/stordev/mdstordev.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block md - (filecon "/dev/md[^/]+" block stordev_context) + (filecon "/dev/md[^/]+" block stordev_context) - (blockinherit .stordev.base_template) - (blockinherit .stordev.macro_template_blk_files)) + (blockinherit .stordev.base_template) + (blockinherit .stordev.macro_template_blk_files)) diff --git a/src/dev/stordev/mtdstordev.cil b/src/dev/stordev/mtdstordev.cil index d96c312..6decb83 100644 --- a/src/dev/stordev/mtdstordev.cil +++ b/src/dev/stordev/mtdstordev.cil @@ -1,14 +1,14 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block mtd - (filecon "/dev/mtd[0-9]+" char stordev_context) - (filecon "/dev/mtd[0-9]+ro" char stordev_context) - (filecon "/dev/mtdblock[0-9]+" block stordev_context) + (filecon "/dev/mtd[0-9]+" char stordev_context) + (filecon "/dev/mtd[0-9]+ro" char stordev_context) + (filecon "/dev/mtdblock[0-9]+" block stordev_context) - (filecon "/dev/ubi[0-9]+_[0-9]+" char stordev_context) - (filecon "/dev/ubi_ctrl" char stordev_context) - (filecon "/dev/ubiblock[0-9]+_[0-9]+" block stordev_context) + (filecon "/dev/ubi[0-9]+_[0-9]+" char stordev_context) + (filecon "/dev/ubi_ctrl" char stordev_context) + (filecon "/dev/ubiblock[0-9]+_[0-9]+" block stordev_context) - (blockinherit .stordev.template)) + (blockinherit .stordev.template)) diff --git a/src/dev/stordev/nvmestordev.cil b/src/dev/stordev/nvmestordev.cil index edc5002..ff87afb 100644 --- a/src/dev/stordev/nvmestordev.cil +++ b/src/dev/stordev/nvmestordev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block nvme - (filecon "/dev/ng[0-9]n[^/]+" char stordev_context) - (filecon "/dev/nvme[0-9]+" char stordev_context) - (filecon "/dev/nvme[0-9]n[^/]+" block stordev_context) + (filecon "/dev/ng[0-9]n[^/]+" char stordev_context) + (filecon "/dev/nvme[0-9]+" char stordev_context) + (filecon "/dev/nvme[0-9]n[^/]+" block stordev_context) - (blockinherit .stordev.template)) + (blockinherit .stordev.template)) diff --git a/src/dev/stordev/rawstordev.cil b/src/dev/stordev/rawstordev.cil index 136b189..2b6c53a 100644 --- a/src/dev/stordev/rawstordev.cil +++ b/src/dev/stordev/rawstordev.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block raw - (filecon "/dev/raw/.+" char stordev_context) + (filecon "/dev/raw/.+" char stordev_context) - (blockinherit .stordev.base_template) - (blockinherit .stordev.macro_template_chr_files)) + (blockinherit .stordev.base_template) + (blockinherit .stordev.macro_template_chr_files)) diff --git a/src/dev/stordev/removablestordev.cil b/src/dev/stordev/removablestordev.cil index 5e0dd6f..1f42c44 100644 --- a/src/dev/stordev/removablestordev.cil +++ b/src/dev/stordev/removablestordev.cil @@ -1,17 +1,17 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block removable - (filecon "/dev/fd[^/]+" block stordev_context) - (filecon "/dev/mmcblk[0-9]+" block stordev_context) - (filecon "/dev/mmcblk[0-9]boot[^/]+" block stordev_context) - (filecon "/dev/mmcblk[0-9]p[^/]+" block stordev_context) - (filecon "/dev/mmcblk[0-9]rpmb" char stordev_context) - (filecon "/dev/mspblk[0-9]+" block stordev_context) - (filecon "/dev/mspblk[0-9]boot[^/]+" block stordev_context) - (filecon "/dev/mspblk[0-9]p[^/]+" block stordev_context) - (filecon "/dev/mspblk[0-9]rpmb" char stordev_context) - (filecon "/dev/sr[0-9]+" block stordev_context) + (filecon "/dev/fd[^/]+" block stordev_context) + (filecon "/dev/mmcblk[0-9]+" block stordev_context) + (filecon "/dev/mmcblk[0-9]boot[^/]+" block stordev_context) + (filecon "/dev/mmcblk[0-9]p[^/]+" block stordev_context) + (filecon "/dev/mmcblk[0-9]rpmb" char stordev_context) + (filecon "/dev/mspblk[0-9]+" block stordev_context) + (filecon "/dev/mspblk[0-9]boot[^/]+" block stordev_context) + (filecon "/dev/mspblk[0-9]p[^/]+" block stordev_context) + (filecon "/dev/mspblk[0-9]rpmb" char stordev_context) + (filecon "/dev/sr[0-9]+" block stordev_context) - (blockinherit .stordev.template)) + (blockinherit .stordev.template)) diff --git a/src/dev/stordev/sdstordev.cil b/src/dev/stordev/sdstordev.cil index 6a933e8..9bc1004 100644 --- a/src/dev/stordev/sdstordev.cil +++ b/src/dev/stordev/sdstordev.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block sd - (filecon "/dev/sd[^/]+" block stordev_context) + (filecon "/dev/sd[^/]+" block stordev_context) - (blockinherit .stordev.base_template) - (blockinherit .stordev.macro_template_blk_files)) + (blockinherit .stordev.base_template) + (blockinherit .stordev.macro_template_blk_files)) diff --git a/src/dev/stordev/sgstordev.cil b/src/dev/stordev/sgstordev.cil index 96a3784..25e436c 100644 --- a/src/dev/stordev/sgstordev.cil +++ b/src/dev/stordev/sgstordev.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block sg - (filecon "/dev/bsg/.+" char stordev_context) - (filecon "/dev/sg[0-9]+" char stordev_context) + (filecon "/dev/bsg/.+" char stordev_context) + (filecon "/dev/sg[0-9]+" char stordev_context) - (blockinherit .stordev.base_template) - (blockinherit .stordev.macro_template_chr_files)) + (blockinherit .stordev.base_template) + (blockinherit .stordev.macro_template_chr_files)) diff --git a/src/dev/stordev/vdstordev.cil b/src/dev/stordev/vdstordev.cil index a7a4628..03e4fe6 100644 --- a/src/dev/stordev/vdstordev.cil +++ b/src/dev/stordev/vdstordev.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block vd - (filecon "/dev/vd[^/]+" block stordev_context) + (filecon "/dev/vd[^/]+" block stordev_context) - (blockinherit .stordev.base_template) - (blockinherit .stordev.macro_template_blk_files)) + (blockinherit .stordev.base_template) + (blockinherit .stordev.macro_template_blk_files)) diff --git a/src/dev/stordev/xdstordev.cil b/src/dev/stordev/xdstordev.cil index 8865dba..70283c3 100644 --- a/src/dev/stordev/xdstordev.cil +++ b/src/dev/stordev/xdstordev.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block xd - (filecon "/dev/xd[^/]+" block stordev_context) + (filecon "/dev/xd[^/]+" block stordev_context) - (blockinherit .stordev.base_template) - (blockinherit .stordev.macro_template_blk_files)) + (blockinherit .stordev.base_template) + (blockinherit .stordev.macro_template_blk_files)) diff --git a/src/dev/stordev/zramstordev.cil b/src/dev/stordev/zramstordev.cil index 1d790ac..751878b 100644 --- a/src/dev/stordev/zramstordev.cil +++ b/src/dev/stordev/zramstordev.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block zram - (filecon "/dev/zram[0-9]+" block stordev_context) + (filecon "/dev/zram[0-9]+" block stordev_context) - (blockinherit .stordev.base_template) - (blockinherit .stordev.macro_template_blk_files)) + (blockinherit .stordev.base_template) + (blockinherit .stordev.macro_template_blk_files)) diff --git a/src/dev/termdev.cil b/src/dev/termdev.cil index 877f4dd..79e9124 100644 --- a/src/dev/termdev.cil +++ b/src/dev/termdev.cil @@ -1,23 +1,23 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block termdev - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_chr_files) + (blockinherit .file.all_macro_template_chr_files) - (call .dev.type (typeattr)) + (call .dev.type (typeattr)) - (block unconfined + (block unconfined - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr))) + (typeattribute typeattr))) (in dev.unconfined diff --git a/src/dev/termdev/ptytermdev.cil b/src/dev/termdev/ptytermdev.cil index 353eca2..dd0ed89 100644 --- a/src/dev/termdev/ptytermdev.cil +++ b/src/dev/termdev/ptytermdev.cil @@ -1,104 +1,104 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block ptytermdev - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_chr_files) + (blockinherit .file.all_macro_template_chr_files) - (call .devpts.associate_fs (typeattr)) + (call .devpts.associate_fs (typeattr)) - (call .termdev.type (typeattr)) + (call .termdev.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (context ptytermdev_context (.sys.id .sys.role ptytermdev .sys.lowlow)) + (context ptytermdev_context (.sys.id .sys.role ptytermdev .sys.lowlow)) - (type ptytermdev) - (call .ptytermdev.type (ptytermdev))) + (type ptytermdev) + (call .ptytermdev.type (ptytermdev))) - (block macro_template_chr_files + (block macro_template_chr_files - (blockabstract macro_template_chr_files) + (blockabstract macro_template_chr_files) - (macro append_ptytermdev_chr_files ((type ARG1)) - (allow ARG1 ptytermdev append_chr_file)) + (macro append_ptytermdev_chr_files ((type ARG1)) + (allow ARG1 ptytermdev append_chr_file)) - (macro appendinherited_ptytermdev_chr_files ((type ARG1)) - (allow ARG1 ptytermdev appendinherited_chr_file) - (allowx ARG1 ptytermdev IOCTLCONSOLE_NOT_TIOCLINUX) - (allowx ARG1 ptytermdev IOCTLTTY_NOT_TIOCSTI) - (allowx ARG1 ptytermdev IOCTLVT)) + (macro appendinherited_ptytermdev_chr_files ((type ARG1)) + (allow ARG1 ptytermdev appendinherited_chr_file) + (allowx ARG1 ptytermdev IOCTLCONSOLE_NOT_TIOCLINUX) + (allowx ARG1 ptytermdev IOCTLTTY_NOT_TIOCSTI) + (allowx ARG1 ptytermdev IOCTLVT)) - (macro create_ptytermdev_chr_files ((type ARG1)) - (allow ARG1 ptytermdev create_chr_file)) + (macro create_ptytermdev_chr_files ((type ARG1)) + (allow ARG1 ptytermdev create_chr_file)) - (macro delete_ptytermdev_chr_files ((type ARG1)) - (allow ARG1 ptytermdev delete_chr_file)) + (macro delete_ptytermdev_chr_files ((type ARG1)) + (allow ARG1 ptytermdev delete_chr_file)) - (macro manage_ptytermdev_chr_files ((type ARG1)) - (allow ARG1 ptytermdev manage_chr_file)) + (macro manage_ptytermdev_chr_files ((type ARG1)) + (allow ARG1 ptytermdev manage_chr_file)) - (macro mapexecute_ptytermdev_chr_files ((type ARG1)) - (allow ARG1 ptytermdev mapexecute_chr_file)) + (macro mapexecute_ptytermdev_chr_files ((type ARG1)) + (allow ARG1 ptytermdev mapexecute_chr_file)) - (macro read_ptytermdev_chr_files ((type ARG1)) - (allow ARG1 ptytermdev read_chr_file)) + (macro read_ptytermdev_chr_files ((type ARG1)) + (allow ARG1 ptytermdev read_chr_file)) - (macro readinherited_ptytermdev_chr_files ((type ARG1)) - (allow ARG1 ptytermdev readinherited_chr_file)) + (macro readinherited_ptytermdev_chr_files ((type ARG1)) + (allow ARG1 ptytermdev readinherited_chr_file)) - (macro readwrite_ptytermdev_chr_files ((type ARG1)) - (allow ARG1 ptytermdev readwrite_chr_file)) + (macro readwrite_ptytermdev_chr_files ((type ARG1)) + (allow ARG1 ptytermdev readwrite_chr_file)) - (macro readwriteinherited_ptytermdev_chr_files ((type ARG1)) - (allow ARG1 ptytermdev readwriteinherited_chr_file) - (allowx ARG1 ptytermdev IOCTLCONSOLE_NOT_TIOCLINUX) - (allowx ARG1 ptytermdev IOCTLTTY_NOT_TIOCSTI) - (allowx ARG1 ptytermdev IOCTLVT)) + (macro readwriteinherited_ptytermdev_chr_files ((type ARG1)) + (allow ARG1 ptytermdev readwriteinherited_chr_file) + (allowx ARG1 ptytermdev IOCTLCONSOLE_NOT_TIOCLINUX) + (allowx ARG1 ptytermdev IOCTLTTY_NOT_TIOCSTI) + (allowx ARG1 ptytermdev IOCTLVT)) - (macro relabel_ptytermdev_chr_files ((type ARG1)) - (allow ARG1 ptytermdev relabel_chr_file)) + (macro relabel_ptytermdev_chr_files ((type ARG1)) + (allow ARG1 ptytermdev relabel_chr_file)) - (macro relabelfrom_ptytermdev_chr_files ((type ARG1)) - (allow ARG1 ptytermdev relabelfrom_chr_file)) + (macro relabelfrom_ptytermdev_chr_files ((type ARG1)) + (allow ARG1 ptytermdev relabelfrom_chr_file)) - (macro relabelto_ptytermdev_chr_files ((type ARG1)) - (allow ARG1 ptytermdev relabelto_chr_file)) + (macro relabelto_ptytermdev_chr_files ((type ARG1)) + (allow ARG1 ptytermdev relabelto_chr_file)) - (macro rename_ptytermdev_chr_files ((type ARG1)) - (allow ARG1 ptytermdev rename_chr_file)) + (macro rename_ptytermdev_chr_files ((type ARG1)) + (allow ARG1 ptytermdev rename_chr_file)) - (macro write_ptytermdev_chr_files ((type ARG1)) - (allow ARG1 ptytermdev write_chr_file)) + (macro write_ptytermdev_chr_files ((type ARG1)) + (allow ARG1 ptytermdev write_chr_file)) - (macro writeinherited_ptytermdev_chr_files ((type ARG1)) - (allow ARG1 ptytermdev writeinherited_chr_file) - (allowx ARG1 ptytermdev IOCTLCONSOLE_NOT_TIOCLINUX) - (allowx ARG1 ptytermdev IOCTLTTY_NOT_TIOCSTI) - (allowx ARG1 ptytermdev IOCTLVT))) + (macro writeinherited_ptytermdev_chr_files ((type ARG1)) + (allow ARG1 ptytermdev writeinherited_chr_file) + (allowx ARG1 ptytermdev IOCTLCONSOLE_NOT_TIOCLINUX) + (allowx ARG1 ptytermdev IOCTLTTY_NOT_TIOCSTI) + (allowx ARG1 ptytermdev IOCTLVT))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .ptytermdev.base_template) - (blockinherit .ptytermdev.macro_template_chr_files)) + (blockinherit .ptytermdev.base_template) + (blockinherit .ptytermdev.macro_template_chr_files)) - (block unconfined + (block unconfined - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (allow typeattr ptytermdev.typeattr (chr_file (not (audit_access execmod)))))) + (allow typeattr ptytermdev.typeattr (chr_file (not (audit_access execmod)))))) (in termdev.unconfined diff --git a/src/dev/termdev/ptytermdev/loginptytermdev.cil b/src/dev/termdev/ptytermdev/loginptytermdev.cil index bfaa62c..994ebcf 100644 --- a/src/dev/termdev/ptytermdev/loginptytermdev.cil +++ b/src/dev/termdev/ptytermdev/loginptytermdev.cil @@ -1,37 +1,37 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block loginptytermdev - (macro all_type_change ((type ARG1)(type ARG2)) - (typechange ARG1 typeattr chr_file ARG2)) + (macro all_type_change ((type ARG1)(type ARG2)) + (typechange ARG1 typeattr chr_file ARG2)) - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_chr_files) + (blockinherit .file.all_macro_template_chr_files) - (call .ptytermdev.type (typeattr)) + (call .ptytermdev.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .ptytermdev.base_template) + (blockinherit .ptytermdev.base_template) - (call .loginptytermdev.type (ptytermdev))) + (call .loginptytermdev.type (ptytermdev))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (macro ptytermdev_type_change ((type ARG1)(type ARG2)) - (typechange ARG1 ptytermdev chr_file ARG2)) + (macro ptytermdev_type_change ((type ARG1)(type ARG2)) + (typechange ARG1 ptytermdev chr_file ARG2)) - (blockinherit .loginptytermdev.base_template) - (blockinherit .ptytermdev.macro_template_chr_files))) + (blockinherit .loginptytermdev.base_template) + (blockinherit .ptytermdev.macro_template_chr_files))) (in after loginptytermdev.appendinherited_all_chr_files (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX) diff --git a/src/dev/termdev/ptytermdev/loginptytermdev/sysloginptytermdev.cil b/src/dev/termdev/ptytermdev/loginptytermdev/sysloginptytermdev.cil index 86a1fee..c8cf2ff 100644 --- a/src/dev/termdev/ptytermdev/loginptytermdev/sysloginptytermdev.cil +++ b/src/dev/termdev/ptytermdev/loginptytermdev/sysloginptytermdev.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in ptytermdev.unconfined @@ -8,12 +8,12 @@ (in sys (macro devpts_fs_type_transition_ptytermdev ((type ARG1)) - (call .devpts.fs_type_transition - (ARG1 ptytermdev chr_file "*"))) + (call .devpts.fs_type_transition + (ARG1 ptytermdev chr_file "*"))) (macro loginptytermdev_all_type_change_ptytermdev ((type ARG1)) - (call .loginptytermdev.all_type_change - (ARG1 ptytermdev))) + (call .loginptytermdev.all_type_change + (ARG1 ptytermdev))) ;; support for unknown login services (blockinherit .loginptytermdev.template) diff --git a/src/dev/termdev/serialtermdev.cil b/src/dev/termdev/serialtermdev.cil index 3c461c8..8f1c610 100644 --- a/src/dev/termdev/serialtermdev.cil +++ b/src/dev/termdev/serialtermdev.cil @@ -1,103 +1,103 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block serialtermdev - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_chr_files) + (blockinherit .file.all_macro_template_chr_files) - (call .termdev.type (typeattr)) + (call .termdev.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (context serialtermdev_context - (.sys.id .sys.role serialtermdev .sys.lowlow)) + (context serialtermdev_context + (.sys.id .sys.role serialtermdev .sys.lowlow)) - (type serialtermdev) - (call .serialtermdev.type (serialtermdev))) + (type serialtermdev) + (call .serialtermdev.type (serialtermdev))) - (block macro_template_chr_files + (block macro_template_chr_files - (blockabstract macro_template_chr_files) + (blockabstract macro_template_chr_files) - (macro append_serialtermdev_chr_files ((type ARG1)) - (allow ARG1 serialtermdev append_chr_file)) + (macro append_serialtermdev_chr_files ((type ARG1)) + (allow ARG1 serialtermdev append_chr_file)) - (macro appendinherited_serialtermdev_chr_files ((type ARG1)) - (allow ARG1 serialtermdev appendinherited_chr_file) - (allowx ARG1 serialtermdev IOCTLCONSOLE_NOT_TIOCLINUX) - (allowx ARG1 serialtermdev IOCTLTTY_NOT_TIOCSTI) - (allowx ARG1 serialtermdev IOCTLVT)) + (macro appendinherited_serialtermdev_chr_files ((type ARG1)) + (allow ARG1 serialtermdev appendinherited_chr_file) + (allowx ARG1 serialtermdev IOCTLCONSOLE_NOT_TIOCLINUX) + (allowx ARG1 serialtermdev IOCTLTTY_NOT_TIOCSTI) + (allowx ARG1 serialtermdev IOCTLVT)) - (macro create_serialtermdev_chr_files ((type ARG1)) - (allow ARG1 serialtermdev create_chr_file)) + (macro create_serialtermdev_chr_files ((type ARG1)) + (allow ARG1 serialtermdev create_chr_file)) - (macro delete_serialtermdev_chr_files ((type ARG1)) - (allow ARG1 serialtermdev delete_chr_file)) + (macro delete_serialtermdev_chr_files ((type ARG1)) + (allow ARG1 serialtermdev delete_chr_file)) - (macro manage_serialtermdev_chr_files ((type ARG1)) - (allow ARG1 serialtermdev manage_chr_file)) + (macro manage_serialtermdev_chr_files ((type ARG1)) + (allow ARG1 serialtermdev manage_chr_file)) - (macro mapexecute_serialtermdev_chr_files ((type ARG1)) - (allow ARG1 serialtermdev mapexecute_chr_file)) + (macro mapexecute_serialtermdev_chr_files ((type ARG1)) + (allow ARG1 serialtermdev mapexecute_chr_file)) - (macro read_serialtermdev_chr_files ((type ARG1)) - (allow ARG1 serialtermdev read_chr_file)) + (macro read_serialtermdev_chr_files ((type ARG1)) + (allow ARG1 serialtermdev read_chr_file)) - (macro readinherited_serialtermdev_chr_files ((type ARG1)) - (allow ARG1 serialtermdev readinherited_chr_file)) + (macro readinherited_serialtermdev_chr_files ((type ARG1)) + (allow ARG1 serialtermdev readinherited_chr_file)) - (macro readwrite_serialtermdev_chr_files ((type ARG1)) - (allow ARG1 serialtermdev readwrite_chr_file)) + (macro readwrite_serialtermdev_chr_files ((type ARG1)) + (allow ARG1 serialtermdev readwrite_chr_file)) - (macro readwriteinherited_serialtermdev_chr_files ((type ARG1)) - (allow ARG1 serialtermdev readwriteinherited_chr_file) - (allowx ARG1 serialtermdev IOCTLCONSOLE_NOT_TIOCLINUX) - (allowx ARG1 serialtermdev IOCTLTTY_NOT_TIOCSTI) - (allowx ARG1 serialtermdev IOCTLVT)) + (macro readwriteinherited_serialtermdev_chr_files ((type ARG1)) + (allow ARG1 serialtermdev readwriteinherited_chr_file) + (allowx ARG1 serialtermdev IOCTLCONSOLE_NOT_TIOCLINUX) + (allowx ARG1 serialtermdev IOCTLTTY_NOT_TIOCSTI) + (allowx ARG1 serialtermdev IOCTLVT)) - (macro relabel_serialtermdev_chr_files ((type ARG1)) - (allow ARG1 serialtermdev relabel_chr_file)) + (macro relabel_serialtermdev_chr_files ((type ARG1)) + (allow ARG1 serialtermdev relabel_chr_file)) - (macro relabelfrom_serialtermdev_chr_files ((type ARG1)) - (allow ARG1 serialtermdev relabelfrom_chr_file)) + (macro relabelfrom_serialtermdev_chr_files ((type ARG1)) + (allow ARG1 serialtermdev relabelfrom_chr_file)) - (macro relabelto_serialtermdev_chr_files ((type ARG1)) - (allow ARG1 serialtermdev relabelto_chr_file)) + (macro relabelto_serialtermdev_chr_files ((type ARG1)) + (allow ARG1 serialtermdev relabelto_chr_file)) - (macro rename_serialtermdev_chr_files ((type ARG1)) - (allow ARG1 serialtermdev rename_chr_file)) + (macro rename_serialtermdev_chr_files ((type ARG1)) + (allow ARG1 serialtermdev rename_chr_file)) - (macro write_serialtermdev_chr_files ((type ARG1)) - (allow ARG1 serialtermdev write_chr_file)) + (macro write_serialtermdev_chr_files ((type ARG1)) + (allow ARG1 serialtermdev write_chr_file)) - (macro writeinherited_serialtermdev_chr_files ((type ARG1)) - (allow ARG1 serialtermdev writeinherited_chr_file) - (allowx ARG1 serialtermdev IOCTLCONSOLE_NOT_TIOCLINUX) - (allowx ARG1 serialtermdev IOCTLTTY_NOT_TIOCSTI) - (allowx ARG1 serialtermdev IOCTLVT))) + (macro writeinherited_serialtermdev_chr_files ((type ARG1)) + (allow ARG1 serialtermdev writeinherited_chr_file) + (allowx ARG1 serialtermdev IOCTLCONSOLE_NOT_TIOCLINUX) + (allowx ARG1 serialtermdev IOCTLTTY_NOT_TIOCSTI) + (allowx ARG1 serialtermdev IOCTLVT))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .serialtermdev.base_template) - (blockinherit .serialtermdev.macro_template_chr_files)) + (blockinherit .serialtermdev.base_template) + (blockinherit .serialtermdev.macro_template_chr_files)) - (block unconfined + (block unconfined - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (allow typeattr serialtermdev.typeattr (chr_file (not (audit_access execmod)))))) + (allow typeattr serialtermdev.typeattr (chr_file (not (audit_access execmod)))))) (in termdev.unconfined diff --git a/src/dev/termdev/serialtermdev/acmserialtermdev.cil b/src/dev/termdev/serialtermdev/acmserialtermdev.cil index d1f23d1..ab9e54d 100644 --- a/src/dev/termdev/serialtermdev/acmserialtermdev.cil +++ b/src/dev/termdev/serialtermdev/acmserialtermdev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block acm - (filecon "/dev/ttyACM[0-9]+" char serialtermdev_context) + (filecon "/dev/ttyACM[0-9]+" char serialtermdev_context) - (blockinherit .serialtermdev.template)) + (blockinherit .serialtermdev.template)) diff --git a/src/dev/termdev/serialtermdev/consoleserialtermdev.cil b/src/dev/termdev/serialtermdev/consoleserialtermdev.cil index b7a52b8..f69a33d 100644 --- a/src/dev/termdev/serialtermdev/consoleserialtermdev.cil +++ b/src/dev/termdev/serialtermdev/consoleserialtermdev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block console - (filecon "/dev/console" char serialtermdev_context) + (filecon "/dev/console" char serialtermdev_context) - (blockinherit .serialtermdev.template)) + (blockinherit .serialtermdev.template)) diff --git a/src/dev/termdev/serialtermdev/loginserialtermdev.cil b/src/dev/termdev/serialtermdev/loginserialtermdev.cil index 05ee9b5..2b2780b 100644 --- a/src/dev/termdev/serialtermdev/loginserialtermdev.cil +++ b/src/dev/termdev/serialtermdev/loginserialtermdev.cil @@ -1,37 +1,37 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block loginserialtermdev - (macro all_type_change ((type ARG1)(type ARG2)) - (typechange ARG1 typeattr chr_file ARG2)) + (macro all_type_change ((type ARG1)(type ARG2)) + (typechange ARG1 typeattr chr_file ARG2)) - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_chr_files) + (blockinherit .file.all_macro_template_chr_files) - (call .serialtermdev.type (typeattr)) + (call .serialtermdev.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .serialtermdev.base_template) + (blockinherit .serialtermdev.base_template) - (call .loginserialtermdev.type (serialtermdev))) + (call .loginserialtermdev.type (serialtermdev))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (macro serialtermdev_type_change ((type ARG1)(type ARG2)) - (typechange ARG1 serialtermdev chr_file ARG2)) + (macro serialtermdev_type_change ((type ARG1)(type ARG2)) + (typechange ARG1 serialtermdev chr_file ARG2)) - (blockinherit .loginserialtermdev.base_template) - (blockinherit .serialtermdev.macro_template_chr_files))) + (blockinherit .loginserialtermdev.base_template) + (blockinherit .serialtermdev.macro_template_chr_files))) (in after loginserialtermdev.appendinherited_all_chr_files (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX) diff --git a/src/dev/termdev/serialtermdev/loginserialtermdev/ttyloginserialtermdev.cil b/src/dev/termdev/serialtermdev/loginserialtermdev/ttyloginserialtermdev.cil index 1df710d..209909f 100644 --- a/src/dev/termdev/serialtermdev/loginserialtermdev/ttyloginserialtermdev.cil +++ b/src/dev/termdev/serialtermdev/loginserialtermdev/ttyloginserialtermdev.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in tty diff --git a/src/dev/termdev/serialtermdev/msmserialtermdev.cil b/src/dev/termdev/serialtermdev/msmserialtermdev.cil index 25b0fc7..aa5dc3c 100644 --- a/src/dev/termdev/serialtermdev/msmserialtermdev.cil +++ b/src/dev/termdev/serialtermdev/msmserialtermdev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block msm - (filecon "/dev/ttyMSM[0-9]+" char serialtermdev_context) + (filecon "/dev/ttyMSM[0-9]+" char serialtermdev_context) - (blockinherit .serialtermdev.template)) + (blockinherit .serialtermdev.template)) diff --git a/src/dev/termdev/serialtermdev/sysserialtermdev.cil b/src/dev/termdev/serialtermdev/sysserialtermdev.cil index f430a30..ab6f0ae 100644 --- a/src/dev/termdev/serialtermdev/sysserialtermdev.cil +++ b/src/dev/termdev/serialtermdev/sysserialtermdev.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in serialtermdev.unconfined @@ -8,7 +8,7 @@ (in sys (macro loginserialtermdev_all_type_change_serialtermdev ((type ARG1)) - (call .loginserialtermdev.all_type_change - (ARG1 serialtermdev))) + (call .loginserialtermdev.all_type_change + (ARG1 serialtermdev))) (blockinherit .serialtermdev.template)) diff --git a/src/dev/termdev/serialtermdev/usbserialtermdev.cil b/src/dev/termdev/serialtermdev/usbserialtermdev.cil index 59c4c7c..3932f06 100644 --- a/src/dev/termdev/serialtermdev/usbserialtermdev.cil +++ b/src/dev/termdev/serialtermdev/usbserialtermdev.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in usb diff --git a/src/dev/termdev/serialtermdev/vcsserialtermdev.cil b/src/dev/termdev/serialtermdev/vcsserialtermdev.cil index 6dfefe0..6639e79 100644 --- a/src/dev/termdev/serialtermdev/vcsserialtermdev.cil +++ b/src/dev/termdev/serialtermdev/vcsserialtermdev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block vcs - (filecon "/dev/vcs[^/]*" char serialtermdev_context) + (filecon "/dev/vcs[^/]*" char serialtermdev_context) - (blockinherit .serialtermdev.template)) + (blockinherit .serialtermdev.template)) diff --git a/src/dev/termdev/serialtermdev/vportserialtermdev.cil b/src/dev/termdev/serialtermdev/vportserialtermdev.cil index aede94a..9af0c45 100644 --- a/src/dev/termdev/serialtermdev/vportserialtermdev.cil +++ b/src/dev/termdev/serialtermdev/vportserialtermdev.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block vport - (filecon "/dev/vport[0-9]p[0-9]+" char serialtermdev_context) + (filecon "/dev/vport[0-9]p[0-9]+" char serialtermdev_context) - (blockinherit .serialtermdev.template)) + (blockinherit .serialtermdev.template)) |