diff options
Diffstat (limited to 'src/net/spdnet.cil')
| -rw-r--r-- | src/net/spdnet.cil | 114 |
1 files changed, 57 insertions, 57 deletions
diff --git a/src/net/spdnet.cil b/src/net/spdnet.cil index 668afb1..0d6c02e 100644 --- a/src/net/spdnet.cil +++ b/src/net/spdnet.cil @@ -1,34 +1,34 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (class association (polmatch recvfrom sendto setcontext)) (classorder (unordered association)) (macro polmatch_invalid_associations ((type ARG1)) - (allow ARG1 invalid (association (polmatch)))) + (allow ARG1 invalid (association (polmatch)))) (macro polmatchsetcontext_invalid_associations ((type ARG1)) - (allow ARG1 invalid (association (polmatch setcontext)))) + (allow ARG1 invalid (association (polmatch setcontext)))) (macro recvfrom_invalid_associations ((type ARG1)) - (allow ARG1 invalid (association (recvfrom)))) + (allow ARG1 invalid (association (recvfrom)))) (macro recvfromsendto_invalid_associations ((type ARG1)) - (allow ARG1 invalid (association (recvfrom sendto)))) + (allow ARG1 invalid (association (recvfrom sendto)))) (macro sendto_invalid_associations ((type ARG1)) - (allow ARG1 invalid (association (sendto)))) + (allow ARG1 invalid (association (sendto)))) (macro setcontext_invalid_associations ((type ARG1)) - (allow ARG1 invalid (association (setcontext)))) + (allow ARG1 invalid (association (setcontext)))) (tunableif invalid_associations - (true + (true - (call association_invalid_sctp_sockets - (invalidassociations.except.typeattr)) - (call recvfromsendto_invalid_associations - (invalidassociations.except.typeattr)))) + (call association_invalid_sctp_sockets + (invalidassociations.except.typeattr)) + (call recvfromsendto_invalid_associations + (invalidassociations.except.typeattr)))) (in invalid.unconfined @@ -37,10 +37,10 @@ (in mcs (mlsconstrain (association (sendto recvfrom)) - (or (dom h1 h2) - (and - (neq t1 constrained.typeattr) - (neq t2 constrained.typeattr))))) + (or (dom h1 h2) + (and + (neq t1 constrained.typeattr) + (neq t2 constrained.typeattr))))) (in net @@ -48,65 +48,65 @@ (block spd - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit all_macro_template) + (blockinherit all_macro_template) - (call .obj.type (typeattr)) + (call .obj.type (typeattr)) - (block all_macro_template + (block all_macro_template - (blockabstract all_macro_template) + (blockabstract all_macro_template) - (macro polmatch_all_associations ((type ARG1)) - (allow ARG1 typeattr (association (polmatch)))) + (macro polmatch_all_associations ((type ARG1)) + (allow ARG1 typeattr (association (polmatch)))) - (macro polmatchsetcontext_all_associations ((type ARG1)) - (allow ARG1 typeattr (association (polmatch setcontext)))) + (macro polmatchsetcontext_all_associations ((type ARG1)) + (allow ARG1 typeattr (association (polmatch setcontext)))) - (macro setcontext_all_associations ((type ARG1)) - (allow ARG1 typeattr (association (setcontext))))) + (macro setcontext_all_associations ((type ARG1)) + (allow ARG1 typeattr (association (setcontext))))) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (context spd_context (.sys.id .sys.role spd .sys.lowlow)) + (context spd_context (.sys.id .sys.role spd .sys.lowlow)) - (type spd) - (call .net.spd.type (spd))) + (type spd) + (call .net.spd.type (spd))) - (block macro_template + (block macro_template - (blockabstract macro_template) + (blockabstract macro_template) - (macro polmatch_spd_associations ((type ARG1)) - (allow ARG1 spd (association (polmatch)))) + (macro polmatch_spd_associations ((type ARG1)) + (allow ARG1 spd (association (polmatch)))) - (macro polmatchsetcontext_spd_associations ((type ARG1)) - (allow ARG1 spd (association (polmatch setcontext)))) + (macro polmatchsetcontext_spd_associations ((type ARG1)) + (allow ARG1 spd (association (polmatch setcontext)))) - (macro setcontext_spd_associations ((type ARG1)) - (allow ARG1 spd (association (setcontext))))) + (macro setcontext_spd_associations ((type ARG1)) + (allow ARG1 spd (association (setcontext))))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .net.spd.base_template) - (blockinherit .net.spd.macro_template)) + (blockinherit .net.spd.base_template) + (blockinherit .net.spd.macro_template)) - (block unconfined + (block unconfined - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (allow typeattr spd.typeattr (association (polmatch setcontext)))))) + (allow typeattr spd.typeattr (association (polmatch setcontext)))))) (in net.unconfined @@ -115,24 +115,24 @@ (in subj (macro recvfrom_all_associations ((type ARG1)) - (allow ARG1 typeattr (association (recvfrom)))) + (allow ARG1 typeattr (association (recvfrom)))) (macro recvfromsendto_all_associations ((type ARG1)) - (allow ARG1 typeattr (association (recvfrom sendto)))) + (allow ARG1 typeattr (association (recvfrom sendto)))) (macro sendto_all_associations ((type ARG1)) - (allow ARG1 typeattr (association (sendto))))) + (allow ARG1 typeattr (association (sendto))))) (in subj.macro_template (macro recvfrom_subj_associations ((type ARG1)) - (allow ARG1 subj (association (recvfrom)))) + (allow ARG1 subj (association (recvfrom)))) (macro recvfromsendto_subj_associations ((type ARG1)) - (allow ARG1 subj (association (recvfrom sendto)))) + (allow ARG1 subj (association (recvfrom sendto)))) (macro sendto_subj_associations ((type ARG1)) - (allow ARG1 subj (association (sendto))))) + (allow ARG1 subj (association (sendto))))) (in subj.unconfined |