summaryrefslogtreecommitdiff
path: root/src/misc/constrain/rbac.cil
diff options
context:
space:
mode:
Diffstat (limited to 'src/misc/constrain/rbac.cil')
-rw-r--r--src/misc/constrain/rbac.cil98
1 files changed, 49 insertions, 49 deletions
diff --git a/src/misc/constrain/rbac.cil b/src/misc/constrain/rbac.cil
index 32b7350..3f836ab 100644
--- a/src/misc/constrain/rbac.cil
+++ b/src/misc/constrain/rbac.cil
@@ -1,83 +1,83 @@
-;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl>
;; SPDX-License-Identifier: Unlicense
(block rbac
- (constrain (constrainobject (create relabelto))
- (or (or (or (eq r1 r2)
- (and (eq t1 objchangesys.typeattr)
- (eq r2 .sys.role)))
- (eq t1 objchange.typeattr))
- (eq t1 exempt.typeattr)))
+ (constrain (constrainobject (create relabelto))
+ (or (or (or (eq r1 r2)
+ (and (eq t1 objchangesys.typeattr)
+ (eq r2 .sys.role)))
+ (eq t1 objchange.typeattr))
+ (eq t1 exempt.typeattr)))
- (constrain (process (dyntransition transition))
- (or (or (or (eq r1 r2)
- (and (eq t1 subjchange.typeattr)
- (eq t2 subjchangetarget.typeattr)))
- (and (eq t1 subjchangesys.typeattr) (eq r2 .sys.role)))
- (eq t1 exempt.typeattr)))
+ (constrain (process (dyntransition transition))
+ (or (or (or (eq r1 r2)
+ (and (eq t1 subjchange.typeattr)
+ (eq t2 subjchangetarget.typeattr)))
+ (and (eq t1 subjchangesys.typeattr) (eq r2 .sys.role)))
+ (eq t1 exempt.typeattr)))
- (block change
+ (block change
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr)
+ (typeattribute typeattr)
- (call objchange.type (typeattr))
- (call subjchange.type (typeattr)))
+ (call objchange.type (typeattr))
+ (call subjchange.type (typeattr)))
- (block changesys
+ (block changesys
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr)
+ (typeattribute typeattr)
- (call objchangesys.type (typeattr))
- (call subjchangesys.type (typeattr)))
+ (call objchangesys.type (typeattr))
+ (call subjchangesys.type (typeattr)))
- (block exempt
+ (block exempt
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr))
- (block objchange
+ (block objchange
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr))
- (block objchangesys
+ (block objchangesys
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr))
- (block subjchange
+ (block subjchange
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr))
- (block subjchangesys
+ (block subjchangesys
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr))
+ (typeattribute typeattr))
- (block subjchangetarget
+ (block subjchangetarget
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr)))
+ (typeattribute typeattr)))
(in subj.unconfined
generated by cgit v1.2.3 (git 2.46.0) at 2025-09-20 16:30:51 +0000