summaryrefslogtreecommitdiff
path: root/src/net/packetnet.cil
diff options
context:
space:
mode:
Diffstat (limited to 'src/net/packetnet.cil')
-rw-r--r--src/net/packetnet.cil162
1 files changed, 81 insertions, 81 deletions
diff --git a/src/net/packetnet.cil b/src/net/packetnet.cil
index afb0225..89f2d37 100644
--- a/src/net/packetnet.cil
+++ b/src/net/packetnet.cil
@@ -1,50 +1,50 @@
-;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl>
;; SPDX-License-Identifier: Unlicense
(class packet (forward_in forward_out recv relabelto send))
(classorder (unordered packet))
(macro forward_invalid_packets ((type ARG1))
- (allow ARG1 invalid (packet (forward_in forward_out))))
+ (allow ARG1 invalid (packet (forward_in forward_out))))
(macro forwardin_invalid_packets ((type ARG1))
- (allow ARG1 invalid (packet (forward_in))))
+ (allow ARG1 invalid (packet (forward_in))))
(macro forwardout_invalid_packets ((type ARG1))
- (allow ARG1 invalid (packet (forward_out))))
+ (allow ARG1 invalid (packet (forward_out))))
(macro recv_invalid_packets ((type ARG1))
- (allow ARG1 invalid (packet (recv))))
+ (allow ARG1 invalid (packet (recv))))
(macro recvsend_invalid_packets ((type ARG1))
- (allow ARG1 invalid (packet (recv send))))
+ (allow ARG1 invalid (packet (recv send))))
(macro relabelto_invalid_packets ((type ARG1))
- (allow ARG1 invalid (packet (relabelto))))
+ (allow ARG1 invalid (packet (relabelto))))
(macro send_invalid_packets ((type ARG1))
- (allow ARG1 invalid (packet (send))))
+ (allow ARG1 invalid (packet (send))))
(tunableif invalid_packets
- (true
+ (true
- (call forward_invalid_packets (invalidpackets.except.typeattr))
- (call recvsend_invalid_packets (invalidpackets.except.typeattr))))
+ (call forward_invalid_packets (invalidpackets.except.typeattr))
+ (call recvsend_invalid_packets (invalidpackets.except.typeattr))))
(tunableif (or invalid_associations invalid_peers)
- (true
+ (true
- (call forward_invalid_packets (invalid))
+ (call forward_invalid_packets (invalid))
- (call net.packet.forward_all_packets (invalid))))
+ (call net.packet.forward_all_packets (invalid))))
(in ibac
(constrain (packet (relabelto))
- (or (or (or (eq u1 u2)
- (and (eq t1 objchangesys.typeattr) (eq u2 .sys.id)))
- (eq t1 objchange.typeattr))
- (eq t1 exempt.typeattr))))
+ (or (or (or (eq u1 u2)
+ (and (eq t1 objchangesys.typeattr) (eq u2 .sys.id)))
+ (eq t1 objchange.typeattr))
+ (eq t1 exempt.typeattr))))
(in invalid.unconfined
@@ -53,23 +53,23 @@
(in mcs
(mlsconstrain (packet (relabelto))
- (or (neq t1 constrained.typeattr)
- (and (dom h1 h2) (eq l2 h2))))
+ (or (neq t1 constrained.typeattr)
+ (and (dom h1 h2) (eq l2 h2))))
(mlsconstrain (packet (forward_in forward_out send recv))
- (or (dom h1 h2)
- (and
- (neq t1 constrained.typeattr)
- (neq t2 constrained.typeattr)))))
+ (or (dom h1 h2)
+ (and
+ (neq t1 constrained.typeattr)
+ (neq t2 constrained.typeattr)))))
(in rbac
(constrain (packet (relabelto))
- (or (or (or (eq r1 r2)
- (and (eq t1 objchangesys.typeattr)
- (eq r2 .sys.role)))
- (eq t1 objchange.typeattr))
- (eq t1 exempt.typeattr))))
+ (or (or (or (eq r1 r2)
+ (and (eq t1 objchangesys.typeattr)
+ (eq r2 .sys.role)))
+ (eq t1 objchange.typeattr))
+ (eq t1 exempt.typeattr))))
(in net
@@ -77,91 +77,91 @@
(block packet
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr)
+ (typeattribute typeattr)
- (blockinherit all_macro_template)
+ (blockinherit all_macro_template)
- (call .mcs.constrained.type (typeattr))
+ (call .mcs.constrained.type (typeattr))
- (call .obj.type (typeattr))
+ (call .obj.type (typeattr))
- (block all_macro_template
+ (block all_macro_template
- (blockabstract all_macro_template)
+ (blockabstract all_macro_template)
- (macro forward_all_packets ((type ARG1))
- (allow ARG1 typeattr (packet (forward_in forward_out))))
+ (macro forward_all_packets ((type ARG1))
+ (allow ARG1 typeattr (packet (forward_in forward_out))))
- (macro forwardin_all_packets ((type ARG1))
- (allow ARG1 typeattr (packet (forward_in))))
+ (macro forwardin_all_packets ((type ARG1))
+ (allow ARG1 typeattr (packet (forward_in))))
- (macro forwardout_all_packets ((type ARG1))
- (allow ARG1 typeattr (packet (forward_out))))
+ (macro forwardout_all_packets ((type ARG1))
+ (allow ARG1 typeattr (packet (forward_out))))
- (macro recv_all_packets ((type ARG1))
- (allow ARG1 typeattr (packet (recv))))
+ (macro recv_all_packets ((type ARG1))
+ (allow ARG1 typeattr (packet (recv))))
- (macro recvsend_all_packets ((type ARG1))
- (allow ARG1 typeattr (packet (recv send))))
+ (macro recvsend_all_packets ((type ARG1))
+ (allow ARG1 typeattr (packet (recv send))))
- (macro relabelto_all_packets ((type ARG1))
- (allow ARG1 typeattr (packet (relabelto))))
+ (macro relabelto_all_packets ((type ARG1))
+ (allow ARG1 typeattr (packet (relabelto))))
- (macro send_all_packets ((type ARG1))
- (allow ARG1 typeattr (packet (send)))))
+ (macro send_all_packets ((type ARG1))
+ (allow ARG1 typeattr (packet (send)))))
- (block base_template
+ (block base_template
- (blockabstract base_template)
+ (blockabstract base_template)
- (context packet_context (.sys.id .sys.role packet .sys.lowlow))
+ (context packet_context (.sys.id .sys.role packet .sys.lowlow))
- (type packet)
- (call .net.packet.type (packet)))
+ (type packet)
+ (call .net.packet.type (packet)))
- (block macro_template
+ (block macro_template
- (blockabstract macro_template)
+ (blockabstract macro_template)
- (macro forward_packets ((type ARG1))
- (allow ARG1 packet (packet (forward_in forward_out))))
+ (macro forward_packets ((type ARG1))
+ (allow ARG1 packet (packet (forward_in forward_out))))
- (macro forwardin_packets ((type ARG1))
- (allow ARG1 packet (packet (forward_in))))
+ (macro forwardin_packets ((type ARG1))
+ (allow ARG1 packet (packet (forward_in))))
- (macro forwardout_packets ((type ARG1))
- (allow ARG1 packet (packet (forward_out))))
+ (macro forwardout_packets ((type ARG1))
+ (allow ARG1 packet (packet (forward_out))))
- (macro recv_packets ((type ARG1))
- (allow ARG1 packet (packet (recv))))
+ (macro recv_packets ((type ARG1))
+ (allow ARG1 packet (packet (recv))))
- (macro recvsend_packets ((type ARG1))
- (allow ARG1 packet (packet (recv send))))
+ (macro recvsend_packets ((type ARG1))
+ (allow ARG1 packet (packet (recv send))))
- (macro relabelto_packets ((type ARG1))
- (allow ARG1 packet (packet (relabelto))))
+ (macro relabelto_packets ((type ARG1))
+ (allow ARG1 packet (packet (relabelto))))
- (macro send_packets ((type ARG1))
- (allow ARG1 packet (packet (send)))))
+ (macro send_packets ((type ARG1))
+ (allow ARG1 packet (packet (send)))))
- (block template
+ (block template
- (blockabstract template)
+ (blockabstract template)
- (blockinherit .net.packet.base_template)
- (blockinherit .net.packet.macro_template))
+ (blockinherit .net.packet.base_template)
+ (blockinherit .net.packet.macro_template))
- (block unconfined
+ (block unconfined
- (macro type ((type ARG1))
- (typeattributeset typeattr ARG1))
+ (macro type ((type ARG1))
+ (typeattributeset typeattr ARG1))
- (typeattribute typeattr)
+ (typeattribute typeattr)
- (allow typeattr packet.typeattr (packet (all))))))
+ (allow typeattr packet.typeattr (packet (all))))))
(in net.unconfined
generated by cgit v1.2.3 (git 2.46.0) at 2025-09-20 21:28:13 +0000