diff options
Diffstat (limited to 'src/misc/av/systemav.cil')
| -rw-r--r-- | src/misc/av/systemav.cil | 52 |
1 files changed, 26 insertions, 26 deletions
diff --git a/src/misc/av/systemav.cil b/src/misc/av/systemav.cil index be9cb11..61d8f8a 100644 --- a/src/misc/av/systemav.cil +++ b/src/misc/av/systemav.cil @@ -1,59 +1,59 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (class system - (halt ipc_info module_load module_request reboot reload start status - stop syslog_console syslog_mod syslog_read)) + (halt ipc_info module_load module_request reboot reload start status + stop syslog_console syslog_mod syslog_read)) (classorder (unordered system)) (in sys (macro ipcinfo_system ((type ARG1)) - (allow ARG1 subj (system (ipc_info)))) + (allow ARG1 subj (system (ipc_info)))) (macro modulerequest_system ((type ARG1)) - (allow ARG1 subj (system (module_request)))) + (allow ARG1 subj (system (module_request)))) (macro syslogconsole_system ((type ARG1)) - (allow ARG1 subj (system (syslog_console)))) + (allow ARG1 subj (system (syslog_console)))) (macro syslogmod_system ((type ARG1)) - (allow ARG1 subj (system (syslog_mod)))) + (allow ARG1 subj (system (syslog_mod)))) (macro syslogread_system ((type ARG1)) - (allow ARG1 subj (system (syslog_read)))) + (allow ARG1 subj (system (syslog_read)))) (block moduleload - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute not_typeattr) - (typeattribute typeattr) + (typeattribute not_typeattr) + (typeattribute typeattr) - (typeattributeset not_typeattr (not typeattr)) + (typeattributeset not_typeattr (not typeattr)) - (neverallow not_typeattr self (system (module_load)))) + (neverallow not_typeattr self (system (module_load)))) (block unconfined - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (allow typeattr self (system (module_load))) - (allow typeattr subj - (system (ipc_info module_request syslog_console syslog_mod - syslog_read))) + (allow typeattr self (system (module_load))) + (allow typeattr subj + (system (ipc_info module_request syslog_console syslog_mod + syslog_read))) - ;; potentially happens in autorelabel.target on policy model change - (allow typeattr .invalid (system (module_load))) + ;; potentially happens in autorelabel.target on policy model change + (allow typeattr .invalid (system (module_load))) - ;; potentially happens in autorelabel.target on fresh install - (allow typeattr .unlabeled (system (module_load))) + ;; potentially happens in autorelabel.target on fresh install + (allow typeattr .unlabeled (system (module_load))) - (call moduleload.type (typeattr)))) + (call moduleload.type (typeattr)))) (in unconfined |