diff options
Diffstat (limited to 'src/file')
36 files changed, 1265 insertions, 0 deletions
diff --git a/src/file/authfile.cil b/src/file/authfile.cil new file mode 100644 index 0000000..a458691 --- /dev/null +++ b/src/file/authfile.cil @@ -0,0 +1,67 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(in file + + (call auth.relabelto.type (unconfined.typeattr)) + (call auth.write.type (unconfined.typeattr)) + + (block auth + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_fifo_files) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + (blockinherit file.all_macro_template_sock_files) + + (typeattribute typeattr) + + (call exception.type (typeattr)) + + (call .xattr.associate_fs (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.base_template) + + (call .file.auth.type (file))) + + (block relabelto + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (typeattribute not_typeattr) + (typeattribute typeattr) + + (typeattributeset not_typeattr (not typeattr)) + + (neverallow not_typeattr auth.typeattr (file (relabelto)))) + + (block template + + (blockabstract template) + + (blockinherit .file.auth.base_template) + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_fifo_files) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files) + (blockinherit .file.macro_template_sock_files)) + + (block write + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (typeattribute not_typeattr) + (typeattribute typeattr) + + (typeattributeset not_typeattr (not typeattr)) + + (neverallow not_typeattr auth.typeattr (file (append write)))))) diff --git a/src/file/bootfile.cil b/src/file/bootfile.cil new file mode 100644 index 0000000..fa4f003 --- /dev/null +++ b/src/file/bootfile.cil @@ -0,0 +1,38 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block boot + + (blockinherit .file.boot.template)) + +(in file + + (block boot + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_files) + + (typeattribute typeattr) + + (call file.type (typeattr)) + + (call .xattr.associate_fs (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.base_template) + + (call .file.boot.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.boot.base_template) + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_files)))) diff --git a/src/file/bootflagfile.cil b/src/file/bootflagfile.cil new file mode 100644 index 0000000..eb6c82b --- /dev/null +++ b/src/file/bootflagfile.cil @@ -0,0 +1,32 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(in file + + (block bootflag + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_files) + + (typeattribute typeattr) + + (call file.type (typeattr)) + + (call .xattr.associate_fs (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.base_template) + + (call .file.bootflag.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.bootflag.base_template) + (blockinherit .file.macro_template_files)))) diff --git a/src/file/certfile.cil b/src/file/certfile.cil new file mode 100644 index 0000000..0fb5797 --- /dev/null +++ b/src/file/certfile.cil @@ -0,0 +1,40 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block cert + + (blockinherit .file.cert.template)) + +(in file + + (block cert + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + + (typeattribute typeattr) + + (call file.type (typeattr)) + + (call .xattr.associate_fs (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.base_template) + + (call .file.cert.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.cert.base_template) + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files)))) diff --git a/src/file/conffile.cil b/src/file/conffile.cil new file mode 100644 index 0000000..09dce6c --- /dev/null +++ b/src/file/conffile.cil @@ -0,0 +1,40 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block conf + + (blockinherit .file.conf.template)) + +(in file + + (block conf + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + + (typeattribute typeattr) + + (call file.type (typeattr)) + + (call .xattr.associate_fs (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.base_template) + + (call .file.conf.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.conf.base_template) + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files)))) diff --git a/src/file/datafile.cil b/src/file/datafile.cil new file mode 100644 index 0000000..758fe12 --- /dev/null +++ b/src/file/datafile.cil @@ -0,0 +1,40 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block data + + (blockinherit .file.data.template)) + +(in file + + (block data + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + + (typeattribute typeattr) + + (call file.type (typeattr)) + + (call .xattr.associate_fs (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.base_template) + + (call .file.data.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.data.base_template) + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files)))) diff --git a/src/file/datafile/execfile.cil b/src/file/datafile/execfile.cil new file mode 100644 index 0000000..e7926a2 --- /dev/null +++ b/src/file/datafile/execfile.cil @@ -0,0 +1,59 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block exec + + (blockinherit .file.exec.template) + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_lnk_files)) + +(in file + + (block exec + + (macro entrypoint_all_files ((type ARG1)) + (allow ARG1 typeattr (file (entrypoint)))) + + (macro getattr_all_files ((type ARG1)) + (allow ARG1 typeattr (file (getattr)))) + + (macro map_all_files ((type ARG1)) + (allow ARG1 typeattr (file (map)))) + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_files) + + (typeattribute typeattr) + + (call data.type (typeattr)) + + (call .subj.entry.type (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.base_template) + + (call .file.exec.type (file))) + + (block template + + (blockabstract template) + + (macro entrypoint_file_files ((type ARG1)) + (allow ARG1 file (file (entrypoint)))) + + (macro getattr_file_files ((type ARG1)) + (allow ARG1 file (file (getattr)))) + + (macro map_file_files ((type ARG1)) + (allow ARG1 file (file (map)))) + + (macro subj_type_transition ((type ARG1)(type ARG2)) + (typetransition ARG1 file process ARG2)) + + (blockinherit .file.exec.base_template) + (blockinherit .file.macro_template_files)))) diff --git a/src/file/datafile/libfile.cil b/src/file/datafile/libfile.cil new file mode 100644 index 0000000..4730264 --- /dev/null +++ b/src/file/datafile/libfile.cil @@ -0,0 +1,51 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block lib + + (blockinherit .file.lib.template) + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_lnk_files)) + +(block textrel + + (block lib + + (macro execmod_file_files ((type ARG1)) + (allow ARG1 file (file (execmod)))) + + (blockinherit .file.lib.template))) + +(in file + + (block lib + + (macro map_all_files ((type ARG1)) + (allow ARG1 typeattr (file (map)))) + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_files) + + (typeattribute typeattr) + + (call data.type (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.base_template) + + (call .file.lib.type (file))) + + (block template + + (blockabstract template) + + (macro map_file_files ((type ARG1)) + (allow ARG1 file (file (map)))) + + (blockinherit .file.lib.base_template) + (blockinherit .file.macro_template_files)))) diff --git a/src/file/datafile/modfile.cil b/src/file/datafile/modfile.cil new file mode 100644 index 0000000..76f4fd7 --- /dev/null +++ b/src/file/datafile/modfile.cil @@ -0,0 +1,56 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block mod + + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_lnk_files) + (blockinherit .file.mod.template)) + +(in file + + (block mod + + (macro load_all_files ((type ARG1)) + (allow ARG1 typeattr (system (module_load)))) + + (macro map_all_files ((type ARG1)) + (allow ARG1 typeattr (file (map)))) + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_files) + + (typeattribute typeattr) + + (call data.type (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.base_template) + + (call .file.mod.type (file))) + + (block template + + (blockabstract template) + + (macro load_file_files ((type ARG1)) + (allow ARG1 file (system (module_load)))) + + (macro map_file_files ((type ARG1)) + (allow ARG1 file (file (map)))) + + (blockinherit .file.macro_template_files) + (blockinherit .file.mod.base_template)))) + +(in sys + + (call .file.mod.load_all_files (unconfined.typeattr))) + +(in sys.moduleload + + (neverallow not_typeattr .file.mod.typeattr (system (module_load)))) diff --git a/src/file/datafile/srcfile.cil b/src/file/datafile/srcfile.cil new file mode 100644 index 0000000..c18a4d5 --- /dev/null +++ b/src/file/datafile/srcfile.cil @@ -0,0 +1,8 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block src + + (blockinherit .file.data.template) + + (call .xattr.associate_fs (file))) diff --git a/src/file/devfile.cil b/src/file/devfile.cil new file mode 100644 index 0000000..7c8863a --- /dev/null +++ b/src/file/devfile.cil @@ -0,0 +1,50 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(in dev + + (blockinherit .file.dev.template) + (blockinherit .file.macro_template_all_files) + (blockinherit .file.macro_template_blk_files) + (blockinherit .file.macro_template_chr_files)) + +(in file + + (block dev + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_all_files) + (blockinherit file.all_macro_template_blk_files) + (blockinherit file.all_macro_template_chr_files) + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_fifo_files) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + (blockinherit file.all_macro_template_sock_files) + + (typeattribute typeattr) + + (call file.type (typeattr)) + + (call .devtmp.associate_fs (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.base_template) + + (call .file.dev.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.dev.base_template) + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_fifo_files) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files) + (blockinherit .file.macro_template_sock_files)))) diff --git a/src/file/homefile.cil b/src/file/homefile.cil new file mode 100644 index 0000000..2480957 --- /dev/null +++ b/src/file/homefile.cil @@ -0,0 +1,47 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block home + + (blockinherit .file.home.template) + (blockinherit .file.macro_template_all_files) + (blockinherit .file.macro_template_blk_files) + (blockinherit .file.macro_template_chr_files)) + +(in file + + (block home + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_fifo_files) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + (blockinherit file.all_macro_template_sock_files) + + (typeattribute typeattr) + + (call file.type (typeattr)) + + (call .xattr.associate_fs (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.base_template) + + (call .file.home.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.home.base_template) + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_fifo_files) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files) + (blockinherit .file.macro_template_sock_files)))) diff --git a/src/file/homefile/syshomefile.cil b/src/file/homefile/syshomefile.cil new file mode 100644 index 0000000..6af11bd --- /dev/null +++ b/src/file/homefile/syshomefile.cil @@ -0,0 +1,11 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(in sys + + (block home + + (blockinherit .file.home.template) + (blockinherit .file.macro_template_all_files) + (blockinherit .file.macro_template_blk_files) + (blockinherit .file.macro_template_chr_files))) diff --git a/src/file/hugetlbfsfile.cil b/src/file/hugetlbfsfile.cil new file mode 100644 index 0000000..37f91d3 --- /dev/null +++ b/src/file/hugetlbfsfile.cil @@ -0,0 +1,34 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(in file + + (block hugetlbfs + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_files) + + (typeattribute typeattr) + + (call file.type (typeattr)) + + (call .hugetlb.associate_fs (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.base_template) + + (call .file.hugetlbfs.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.hugetlbfs.base_template) + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_files)))) diff --git a/src/file/hugetlbfsfile/syshugetlbfsfile.cil b/src/file/hugetlbfsfile/syshugetlbfsfile.cil new file mode 100644 index 0000000..cb975c0 --- /dev/null +++ b/src/file/hugetlbfsfile/syshugetlbfsfile.cil @@ -0,0 +1,8 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(in sys + + (block hugetlbfs + + (blockinherit .file.hugetlbfs.template))) diff --git a/src/file/misc/lostfoundfile.cil b/src/file/misc/lostfoundfile.cil new file mode 100644 index 0000000..cb1d82a --- /dev/null +++ b/src/file/misc/lostfoundfile.cil @@ -0,0 +1,10 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block lostfound + + (blockinherit .file.base_template) + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_files) + + (call .xattr.associate_fs (file))) diff --git a/src/file/misc/mediafile.cil b/src/file/misc/mediafile.cil new file mode 100644 index 0000000..60b31a8 --- /dev/null +++ b/src/file/misc/mediafile.cil @@ -0,0 +1,10 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block media + + (blockinherit .file.base_template) + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_lnk_files) + + (call .xattr.associate_fs (file))) diff --git a/src/file/misc/rootfile.cil b/src/file/misc/rootfile.cil new file mode 100644 index 0000000..3e0799c --- /dev/null +++ b/src/file/misc/rootfile.cil @@ -0,0 +1,13 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block root + + (filecon "/" dir file_context) + (filecon "/[^/]+" symlink file_context) + + (blockinherit .file.base_template) + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_lnk_files) + + (call .xattr.associate_fs (file))) diff --git a/src/file/misc/unknownfile.cil b/src/file/misc/unknownfile.cil new file mode 100644 index 0000000..f6fb47c --- /dev/null +++ b/src/file/misc/unknownfile.cil @@ -0,0 +1,30 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block unknown + + (filecon "/.*" any file_context) + + (macro root_file_type_transition_file ((type ARG1)(class ARG2)(name ARG3)) + (call .root.file_type_transition + (ARG1 file ARG2 ARG3))) + + (blockinherit .file.base_template) + (blockinherit .file.macro_template_blk_files) + (blockinherit .file.macro_template_chr_files) + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_fifo_files) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files) + (blockinherit .file.macro_template_sock_files) + + (call .xattr.associate_fs (file))) + +(in file.unconfined + + (call .unknown.root_file_type_transition_file (typeattr blk_file "*")) + (call .unknown.root_file_type_transition_file (typeattr chr_file "*")) + (call .unknown.root_file_type_transition_file (typeattr dir "*")) + (call .unknown.root_file_type_transition_file (typeattr fifo_file "*")) + (call .unknown.root_file_type_transition_file (typeattr file "*")) + (call .unknown.root_file_type_transition_file (typeattr sock_file "*"))) diff --git a/src/file/mqueuefsfile.cil b/src/file/mqueuefsfile.cil new file mode 100644 index 0000000..f4ce2b4 --- /dev/null +++ b/src/file/mqueuefsfile.cil @@ -0,0 +1,33 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(in file + + (block mqueuefs + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_files) + + (typeattribute typeattr) + + (call file.type (typeattr)) + + (call .mqueue.associate_fs (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.base_template) + + (call .file.mqueuefs.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.macro_template_files) + (blockinherit .file.mqueuefs.base_template)))) diff --git a/src/file/mqueuefsfile/sysmqueuefsfile.cil b/src/file/mqueuefsfile/sysmqueuefsfile.cil new file mode 100644 index 0000000..cbd4f3c --- /dev/null +++ b/src/file/mqueuefsfile/sysmqueuefsfile.cil @@ -0,0 +1,8 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(in sys + + (block mqueuefs + + (blockinherit .file.mqueuefs.template))) diff --git a/src/file/runfile.cil b/src/file/runfile.cil new file mode 100644 index 0000000..02bce18 --- /dev/null +++ b/src/file/runfile.cil @@ -0,0 +1,47 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block run + + (blockinherit .file.run.template)) + +(in file + + (block run + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_all_files) + (blockinherit file.all_macro_template_blk_files) + (blockinherit file.all_macro_template_chr_files) + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_fifo_files) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + (blockinherit file.all_macro_template_sock_files) + + (typeattribute typeattr) + + (call file.type (typeattr)) + + (call .tmp.associate_fs (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.base_template) + + (call .file.run.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_fifo_files) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files) + (blockinherit .file.macro_template_sock_files) + (blockinherit .file.run.base_template)))) diff --git a/src/file/runfile/runlockfile.cil b/src/file/runfile/runlockfile.cil new file mode 100644 index 0000000..1ce70f9 --- /dev/null +++ b/src/file/runfile/runlockfile.cil @@ -0,0 +1,38 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block runlock + + (blockinherit .file.runlock.template)) + +(in file + + (block runlock + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + + (typeattribute typeattr) + + (call run.type (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.run.base_template) + + (call .file.runlock.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files) + (blockinherit .file.runlock.base_template)))) diff --git a/src/file/runfile/runuserfile.cil b/src/file/runfile/runuserfile.cil new file mode 100644 index 0000000..e65dc66 --- /dev/null +++ b/src/file/runfile/runuserfile.cil @@ -0,0 +1,47 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block runuser + + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_lnk_files) + (blockinherit .file.runuser.base_template)) + +(in file + + (block runuser + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_all_files) + (blockinherit file.all_macro_template_blk_files) + (blockinherit file.all_macro_template_chr_files) + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_fifo_files) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + (blockinherit file.all_macro_template_sock_files) + + (typeattribute typeattr) + + (call run.type (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.run.base_template) + + (call .file.runuser.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_fifo_files) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files) + (blockinherit .file.macro_template_sock_files) + (blockinherit .file.runuser.base_template)))) diff --git a/src/file/secfile.cil b/src/file/secfile.cil new file mode 100644 index 0000000..199ded5 --- /dev/null +++ b/src/file/secfile.cil @@ -0,0 +1,67 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(in file + + (call sec.relabelto.type (unconfined.typeattr)) + (call sec.write.type (unconfined.typeattr)) + + (block sec + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_fifo_files) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + (blockinherit file.all_macro_template_sock_files) + + (typeattribute typeattr) + + (call exception.type (typeattr)) + + (call .xattr.associate_fs (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.base_template) + + (call .file.sec.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_fifo_files) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files) + (blockinherit .file.macro_template_sock_files) + (blockinherit .file.sec.base_template)) + + (block relabelto + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (typeattribute not_typeattr) + (typeattribute typeattr) + + (typeattributeset not_typeattr (not typeattr)) + + (neverallow not_typeattr sec.typeattr (file (relabelto)))) + + (block write + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (typeattribute not_typeattr) + (typeattribute typeattr) + + (typeattributeset not_typeattr (not typeattr)) + + (neverallow not_typeattr sec.typeattr (file (append write)))))) diff --git a/src/file/tmpfile.cil b/src/file/tmpfile.cil new file mode 100644 index 0000000..1d84880 --- /dev/null +++ b/src/file/tmpfile.cil @@ -0,0 +1,47 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(in tmp + + (blockinherit .file.tmp.template)) + +(in file + + (block tmp + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_all_files) + (blockinherit file.all_macro_template_blk_files) + (blockinherit file.all_macro_template_chr_files) + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_fifo_files) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + (blockinherit file.all_macro_template_sock_files) + + (typeattribute typeattr) + + (call file.type (typeattr)) + + (call .tmp.associate_fs (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.base_template) + + (call .file.tmp.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_fifo_files) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files) + (blockinherit .file.macro_template_sock_files) + (blockinherit .file.tmp.base_template)))) diff --git a/src/file/tmpfile/systmpfile.cil b/src/file/tmpfile/systmpfile.cil new file mode 100644 index 0000000..2b02bff --- /dev/null +++ b/src/file/tmpfile/systmpfile.cil @@ -0,0 +1,8 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(in sys + + (block tmp + + (blockinherit .file.tmp.template))) diff --git a/src/file/tmpfsfile.cil b/src/file/tmpfsfile.cil new file mode 100644 index 0000000..c52892a --- /dev/null +++ b/src/file/tmpfsfile.cil @@ -0,0 +1,40 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(in file + + (block tmpfs + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_fifo_files) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + (blockinherit file.all_macro_template_sock_files) + + (typeattribute typeattr) + + (call file.type (typeattr)) + + (call .tmp.associate_fs (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.base_template) + + (call .file.tmpfs.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_fifo_files) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files) + (blockinherit .file.macro_template_sock_files) + (blockinherit .file.tmpfs.base_template)))) diff --git a/src/file/tmpfsfile/systmpfsfile.cil b/src/file/tmpfsfile/systmpfsfile.cil new file mode 100644 index 0000000..4ebdb16 --- /dev/null +++ b/src/file/tmpfsfile/systmpfsfile.cil @@ -0,0 +1,8 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(in sys + + (block tmpfs + + (blockinherit .file.tmpfs.template))) diff --git a/src/file/varfile.cil b/src/file/varfile.cil new file mode 100644 index 0000000..f458d50 --- /dev/null +++ b/src/file/varfile.cil @@ -0,0 +1,44 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block var + + (blockinherit .file.var.template)) + +(in file + + (block var + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_fifo_files) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + (blockinherit file.all_macro_template_sock_files) + + (typeattribute typeattr) + + (call file.type (typeattr)) + + (call .xattr.associate_fs (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.base_template) + + (call .file.var.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_fifo_files) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files) + (blockinherit .file.macro_template_sock_files) + (blockinherit .file.var.base_template)))) diff --git a/src/file/varfile/cachefile.cil b/src/file/varfile/cachefile.cil new file mode 100644 index 0000000..19c2a5a --- /dev/null +++ b/src/file/varfile/cachefile.cil @@ -0,0 +1,38 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block cache + + (blockinherit .file.cache.template)) + +(in file + + (block cache + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + + (typeattribute typeattr) + + (call var.type (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.var.base_template) + + (call .file.cache.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.cache.base_template) + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files)))) diff --git a/src/file/varfile/dbfile.cil b/src/file/varfile/dbfile.cil new file mode 100644 index 0000000..c54c75a --- /dev/null +++ b/src/file/varfile/dbfile.cil @@ -0,0 +1,38 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block db + + (blockinherit .file.db.template)) + +(in file + + (block db + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + + (typeattribute typeattr) + + (call var.type (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.var.base_template) + + (call .file.db.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.db.base_template) + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files)))) diff --git a/src/file/varfile/logfile.cil b/src/file/varfile/logfile.cil new file mode 100644 index 0000000..0c62240 --- /dev/null +++ b/src/file/varfile/logfile.cil @@ -0,0 +1,38 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block log + + (blockinherit .file.log.template)) + +(in file + + (block log + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + + (typeattribute typeattr) + + (call var.type (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.var.base_template) + + (call .file.log.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.log.base_template) + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files)))) diff --git a/src/file/varfile/spoolfile.cil b/src/file/varfile/spoolfile.cil new file mode 100644 index 0000000..311ed1a --- /dev/null +++ b/src/file/varfile/spoolfile.cil @@ -0,0 +1,38 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block spool + + (blockinherit .file.spool.template)) + +(in file + + (block spool + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + + (typeattribute typeattr) + + (call var.type (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.var.base_template) + + (call .file.spool.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files) + (blockinherit .file.spool.base_template)))) diff --git a/src/file/varfile/spoolfile/mailspoolfile.cil b/src/file/varfile/spoolfile/mailspoolfile.cil new file mode 100644 index 0000000..5216423 --- /dev/null +++ b/src/file/varfile/spoolfile/mailspoolfile.cil @@ -0,0 +1,40 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block mail + + (block spool + + (blockinherit .file.spool.mail.template))) + +(in file.spool + + (block mail + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + + (typeattribute typeattr) + + (call .file.spool.type (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.spool.base_template) + + (call .file.spool.mail.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files) + (blockinherit .file.spool.mail.base_template)))) diff --git a/src/file/varfile/statefile.cil b/src/file/varfile/statefile.cil new file mode 100644 index 0000000..bb74d43 --- /dev/null +++ b/src/file/varfile/statefile.cil @@ -0,0 +1,42 @@ +;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-License-Identifier: Unlicense + +(block state + + (blockinherit .file.state.template)) + +(in file + + (block state + + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) + + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_fifo_files) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) + (blockinherit file.all_macro_template_sock_files) + + (typeattribute typeattr) + + (call var.type (typeattr)) + + (block base_template + + (blockabstract base_template) + + (blockinherit .file.var.base_template) + + (call .file.state.type (file))) + + (block template + + (blockabstract template) + + (blockinherit .file.macro_template_dirs) + (blockinherit .file.macro_template_fifo_files) + (blockinherit .file.macro_template_files) + (blockinherit .file.macro_template_lnk_files) + (blockinherit .file.macro_template_sock_files) + (blockinherit .file.state.base_template)))) |