diff options
Diffstat (limited to 'src/sys')
135 files changed, 1573 insertions, 1573 deletions
diff --git a/src/sys/bpffile.cil b/src/sys/bpffile.cil index 82c88b4..31acd47 100644 --- a/src/sys/bpffile.cil +++ b/src/sys/bpffile.cil @@ -1,143 +1,143 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block bpffile - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) - (call .obj.type (typeattr)) + (call .obj.type (typeattr)) - (call .bpf.associate_fs (typeattr)) + (call .bpf.associate_fs (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (context bpffile_context (.sys.id .sys.role bpffile .sys.lowlow)) + (context bpffile_context (.sys.id .sys.role bpffile .sys.lowlow)) - (type bpffile) - (call .bpffile.type (bpffile))) + (type bpffile) + (call .bpffile.type (bpffile))) - (block macro_template_dirs + (block macro_template_dirs - (blockabstract macro_template_dirs) + (blockabstract macro_template_dirs) - (macro addname_bpffile_dirs ((type ARG1)) - (allow ARG1 bpffile addname_dir)) + (macro addname_bpffile_dirs ((type ARG1)) + (allow ARG1 bpffile addname_dir)) - (macro create_bpffile_dirs ((type ARG1)) - (allow ARG1 bpffile create_dir)) + (macro create_bpffile_dirs ((type ARG1)) + (allow ARG1 bpffile create_dir)) - (macro delete_bpffile_dirs ((type ARG1)) - (allow ARG1 bpffile delete_dir)) + (macro delete_bpffile_dirs ((type ARG1)) + (allow ARG1 bpffile delete_dir)) - (macro deletename_bpffile_dirs ((type ARG1)) - (allow ARG1 bpffile deletename_dir)) + (macro deletename_bpffile_dirs ((type ARG1)) + (allow ARG1 bpffile deletename_dir)) - (macro list_bpffile_dirs ((type ARG1)) - (allow ARG1 bpffile list_dir)) + (macro list_bpffile_dirs ((type ARG1)) + (allow ARG1 bpffile list_dir)) - (macro listinherited_bpffile_dirs ((type ARG1)) - (allow ARG1 bpffile listinherited_dir)) + (macro listinherited_bpffile_dirs ((type ARG1)) + (allow ARG1 bpffile listinherited_dir)) - (macro manage_bpffile_dirs ((type ARG1)) - (allow ARG1 bpffile manage_dir)) + (macro manage_bpffile_dirs ((type ARG1)) + (allow ARG1 bpffile manage_dir)) - (macro mounton_bpffile_dirs ((type ARG1)) - (allow ARG1 bpffile mounton_dir)) + (macro mounton_bpffile_dirs ((type ARG1)) + (allow ARG1 bpffile mounton_dir)) - (macro readwrite_bpffile_dirs ((type ARG1)) - (allow ARG1 bpffile readwrite_dir)) + (macro readwrite_bpffile_dirs ((type ARG1)) + (allow ARG1 bpffile readwrite_dir)) - (macro readwriteinherited_bpffile_dirs ((type ARG1)) - (allow ARG1 bpffile readwriteinherited_dir)) + (macro readwriteinherited_bpffile_dirs ((type ARG1)) + (allow ARG1 bpffile readwriteinherited_dir)) - (macro rename_bpffile_dirs ((type ARG1)) - (allow ARG1 bpffile rename_dir)) + (macro rename_bpffile_dirs ((type ARG1)) + (allow ARG1 bpffile rename_dir)) - (macro search_bpffile_dirs ((type ARG1)) - (allow ARG1 bpffile search_dir)) + (macro search_bpffile_dirs ((type ARG1)) + (allow ARG1 bpffile search_dir)) - (macro write_bpffile_dirs ((type ARG1)) - (allow ARG1 bpffile write_dir)) + (macro write_bpffile_dirs ((type ARG1)) + (allow ARG1 bpffile write_dir)) - (macro writeinherited_bpffile_dirs ((type ARG1)) - (allow ARG1 bpffile writeinherited_dir))) + (macro writeinherited_bpffile_dirs ((type ARG1)) + (allow ARG1 bpffile writeinherited_dir))) - (block macro_template_files + (block macro_template_files - (blockabstract macro_template_files) + (blockabstract macro_template_files) - (macro append_bpffile_files ((type ARG1)) - (allow ARG1 bpffile append_file)) + (macro append_bpffile_files ((type ARG1)) + (allow ARG1 bpffile append_file)) - (macro appendinherited_bpffile_files ((type ARG1)) - (allow ARG1 bpffile appendinherited_file)) + (macro appendinherited_bpffile_files ((type ARG1)) + (allow ARG1 bpffile appendinherited_file)) - (macro create_bpffile_files ((type ARG1)) - (allow ARG1 bpffile create_file)) + (macro create_bpffile_files ((type ARG1)) + (allow ARG1 bpffile create_file)) - (macro delete_bpffile_files ((type ARG1)) - (allow ARG1 bpffile delete_file)) + (macro delete_bpffile_files ((type ARG1)) + (allow ARG1 bpffile delete_file)) - (macro execute_bpffile_files ((type ARG1)) - (allow ARG1 bpffile execute_file)) + (macro execute_bpffile_files ((type ARG1)) + (allow ARG1 bpffile execute_file)) - (macro manage_bpffile_files ((type ARG1)) - (allow ARG1 bpffile manage_file)) + (macro manage_bpffile_files ((type ARG1)) + (allow ARG1 bpffile manage_file)) - (macro mapexecute_bpffile_files ((type ARG1)) - (allow ARG1 bpffile mapexecute_file)) + (macro mapexecute_bpffile_files ((type ARG1)) + (allow ARG1 bpffile mapexecute_file)) - (macro mounton_bpffile_files ((type ARG1)) - (allow ARG1 bpffile mounton_file)) + (macro mounton_bpffile_files ((type ARG1)) + (allow ARG1 bpffile mounton_file)) - (macro read_bpffile_files ((type ARG1)) - (allow ARG1 bpffile read_file)) + (macro read_bpffile_files ((type ARG1)) + (allow ARG1 bpffile read_file)) - (macro readinherited_bpffile_files ((type ARG1)) - (allow ARG1 bpffile readinherited_file)) + (macro readinherited_bpffile_files ((type ARG1)) + (allow ARG1 bpffile readinherited_file)) - (macro readwrite_bpffile_files ((type ARG1)) - (allow ARG1 bpffile readwrite_file)) + (macro readwrite_bpffile_files ((type ARG1)) + (allow ARG1 bpffile readwrite_file)) - (macro readwriteinherited_bpffile_files ((type ARG1)) - (allow ARG1 bpffile readwriteinherited_file)) + (macro readwriteinherited_bpffile_files ((type ARG1)) + (allow ARG1 bpffile readwriteinherited_file)) - (macro rename_bpffile_files ((type ARG1)) - (allow ARG1 bpffile rename_file)) + (macro rename_bpffile_files ((type ARG1)) + (allow ARG1 bpffile rename_file)) - (macro write_bpffile_files ((type ARG1)) - (allow ARG1 bpffile write_file)) + (macro write_bpffile_files ((type ARG1)) + (allow ARG1 bpffile write_file)) - (macro writeinherited_bpffile_files ((type ARG1)) - (allow ARG1 bpffile writeinherited_file))) + (macro writeinherited_bpffile_files ((type ARG1)) + (allow ARG1 bpffile writeinherited_file))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .bpffile.base_template) - (blockinherit .bpffile.macro_template_files)) + (blockinherit .bpffile.base_template) + (blockinherit .bpffile.macro_template_files)) - (block unconfined + (block unconfined - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (allow typeattr bpffile.typeattr - (dir (not (audit_access execmod relabelfrom relabelto)))) - (allow typeattr bpffile.typeattr - (file (not (audit_access entrypoint execmod relabelfrom - relabelto)))))) + (allow typeattr bpffile.typeattr + (dir (not (audit_access execmod relabelfrom relabelto)))) + (allow typeattr bpffile.typeattr + (file (not (audit_access entrypoint execmod relabelfrom + relabelto)))))) (in sys.unconfined diff --git a/src/sys/cgroupfile.cil b/src/sys/cgroupfile.cil index c4692ef..46ffc69 100644 --- a/src/sys/cgroupfile.cil +++ b/src/sys/cgroupfile.cil @@ -1,141 +1,141 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block cgroupfile - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) - (call .obj.type (typeattr)) + (call .obj.type (typeattr)) - (call .cgroup.associate_fs (typeattr)) + (call .cgroup.associate_fs (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (context cgroupfile_context (.sys.id .sys.role cgroupfile .sys.lowlow)) + (context cgroupfile_context (.sys.id .sys.role cgroupfile .sys.lowlow)) - (type cgroupfile) - (call .cgroupfile.type (cgroupfile))) + (type cgroupfile) + (call .cgroupfile.type (cgroupfile))) - (block macro_template_dirs + (block macro_template_dirs - (blockabstract macro_template_dirs) + (blockabstract macro_template_dirs) - (macro addname_cgroupfile_dirs ((type ARG1)) - (allow ARG1 cgroupfile addname_dir)) + (macro addname_cgroupfile_dirs ((type ARG1)) + (allow ARG1 cgroupfile addname_dir)) - (macro create_cgroupfile_dirs ((type ARG1)) - (allow ARG1 cgroupfile create_dir)) + (macro create_cgroupfile_dirs ((type ARG1)) + (allow ARG1 cgroupfile create_dir)) - (macro delete_cgroupfile_dirs ((type ARG1)) - (allow ARG1 cgroupfile delete_dir)) + (macro delete_cgroupfile_dirs ((type ARG1)) + (allow ARG1 cgroupfile delete_dir)) - (macro deletename_cgroupfile_dirs ((type ARG1)) - (allow ARG1 cgroupfile deletename_dir)) + (macro deletename_cgroupfile_dirs ((type ARG1)) + (allow ARG1 cgroupfile deletename_dir)) - (macro list_cgroupfile_dirs ((type ARG1)) - (allow ARG1 cgroupfile list_dir)) + (macro list_cgroupfile_dirs ((type ARG1)) + (allow ARG1 cgroupfile list_dir)) - (macro listinherited_cgroupfile_dirs ((type ARG1)) - (allow ARG1 cgroupfile listinherited_dir)) + (macro listinherited_cgroupfile_dirs ((type ARG1)) + (allow ARG1 cgroupfile listinherited_dir)) - (macro manage_cgroupfile_dirs ((type ARG1)) - (allow ARG1 cgroupfile manage_dir)) + (macro manage_cgroupfile_dirs ((type ARG1)) + (allow ARG1 cgroupfile manage_dir)) - (macro mounton_cgroupfile_dirs ((type ARG1)) - (allow ARG1 cgroupfile mounton_dir)) + (macro mounton_cgroupfile_dirs ((type ARG1)) + (allow ARG1 cgroupfile mounton_dir)) - (macro readwrite_cgroupfile_dirs ((type ARG1)) - (allow ARG1 cgroupfile readwrite_dir)) + (macro readwrite_cgroupfile_dirs ((type ARG1)) + (allow ARG1 cgroupfile readwrite_dir)) - (macro readwriteinherited_cgroupfile_dirs ((type ARG1)) - (allow ARG1 cgroupfile readwriteinherited_dir)) + (macro readwriteinherited_cgroupfile_dirs ((type ARG1)) + (allow ARG1 cgroupfile readwriteinherited_dir)) - (macro rename_cgroupfile_dirs ((type ARG1)) - (allow ARG1 cgroupfile rename_dir)) + (macro rename_cgroupfile_dirs ((type ARG1)) + (allow ARG1 cgroupfile rename_dir)) - (macro search_cgroupfile_dirs ((type ARG1)) - (allow ARG1 cgroupfile search_dir)) + (macro search_cgroupfile_dirs ((type ARG1)) + (allow ARG1 cgroupfile search_dir)) - (macro write_cgroupfile_dirs ((type ARG1)) - (allow ARG1 cgroupfile write_dir)) + (macro write_cgroupfile_dirs ((type ARG1)) + (allow ARG1 cgroupfile write_dir)) - (macro writeinherited_cgroupfile_dirs ((type ARG1)) - (allow ARG1 cgroupfile writeinherited_dir))) + (macro writeinherited_cgroupfile_dirs ((type ARG1)) + (allow ARG1 cgroupfile writeinherited_dir))) - (block macro_template_files + (block macro_template_files - (blockabstract macro_template_files) + (blockabstract macro_template_files) - (macro append_cgroupfile_files ((type ARG1)) - (allow ARG1 cgroupfile append_file)) + (macro append_cgroupfile_files ((type ARG1)) + (allow ARG1 cgroupfile append_file)) - (macro appendinherited_cgroupfile_files ((type ARG1)) - (allow ARG1 cgroupfile appendinherited_file)) + (macro appendinherited_cgroupfile_files ((type ARG1)) + (allow ARG1 cgroupfile appendinherited_file)) - (macro create_cgroupfile_files ((type ARG1)) - (allow ARG1 cgroupfile create_file)) + (macro create_cgroupfile_files ((type ARG1)) + (allow ARG1 cgroupfile create_file)) - (macro delete_cgroupfile_files ((type ARG1)) - (allow ARG1 cgroupfile delete_file)) + (macro delete_cgroupfile_files ((type ARG1)) + (allow ARG1 cgroupfile delete_file)) - (macro execute_cgroupfile_files ((type ARG1)) - (allow ARG1 cgroupfile execute_file)) + (macro execute_cgroupfile_files ((type ARG1)) + (allow ARG1 cgroupfile execute_file)) - (macro manage_cgroupfile_files ((type ARG1)) - (allow ARG1 cgroupfile manage_file)) + (macro manage_cgroupfile_files ((type ARG1)) + (allow ARG1 cgroupfile manage_file)) - (macro mapexecute_cgroupfile_files ((type ARG1)) - (allow ARG1 cgroupfile mapexecute_file)) + (macro mapexecute_cgroupfile_files ((type ARG1)) + (allow ARG1 cgroupfile mapexecute_file)) - (macro mounton_cgroupfile_files ((type ARG1)) - (allow ARG1 cgroupfile mounton_file)) + (macro mounton_cgroupfile_files ((type ARG1)) + (allow ARG1 cgroupfile mounton_file)) - (macro read_cgroupfile_files ((type ARG1)) - (allow ARG1 cgroupfile read_file)) + (macro read_cgroupfile_files ((type ARG1)) + (allow ARG1 cgroupfile read_file)) - (macro readinherited_cgroupfile_files ((type ARG1)) - (allow ARG1 cgroupfile readinherited_file)) + (macro readinherited_cgroupfile_files ((type ARG1)) + (allow ARG1 cgroupfile readinherited_file)) - (macro readwrite_cgroupfile_files ((type ARG1)) - (allow ARG1 cgroupfile readwrite_file)) + (macro readwrite_cgroupfile_files ((type ARG1)) + (allow ARG1 cgroupfile readwrite_file)) - (macro readwriteinherited_cgroupfile_files ((type ARG1)) - (allow ARG1 cgroupfile readwriteinherited_file)) + (macro readwriteinherited_cgroupfile_files ((type ARG1)) + (allow ARG1 cgroupfile readwriteinherited_file)) - (macro rename_cgroupfile_files ((type ARG1)) - (allow ARG1 cgroupfile rename_file)) + (macro rename_cgroupfile_files ((type ARG1)) + (allow ARG1 cgroupfile rename_file)) - (macro write_cgroupfile_files ((type ARG1)) - (allow ARG1 cgroupfile write_file)) + (macro write_cgroupfile_files ((type ARG1)) + (allow ARG1 cgroupfile write_file)) - (macro writeinherited_cgroupfile_files ((type ARG1)) - (allow ARG1 cgroupfile writeinherited_file))) + (macro writeinherited_cgroupfile_files ((type ARG1)) + (allow ARG1 cgroupfile writeinherited_file))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .cgroupfile.base_template) - (blockinherit .cgroupfile.macro_template_files)) + (blockinherit .cgroupfile.base_template) + (blockinherit .cgroupfile.macro_template_files)) - (block unconfined + (block unconfined - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (allow typeattr cgroupfile.typeattr (dir (not (audit_access execmod)))) - (allow typeattr cgroupfile.typeattr - (file (not (audit_access entrypoint execmod)))))) + (allow typeattr cgroupfile.typeattr (dir (not (audit_access execmod)))) + (allow typeattr cgroupfile.typeattr + (file (not (audit_access entrypoint execmod)))))) (in sys.unconfined diff --git a/src/sys/debugfile.cil b/src/sys/debugfile.cil index 1f22606..aba09a9 100644 --- a/src/sys/debugfile.cil +++ b/src/sys/debugfile.cil @@ -1,141 +1,141 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block debugfile - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) - (call .obj.type (typeattr)) + (call .obj.type (typeattr)) - (call .debug.associate_fs (typeattr)) + (call .debug.associate_fs (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (context debugfile_context (.sys.id .sys.role debugfile .sys.lowlow)) + (context debugfile_context (.sys.id .sys.role debugfile .sys.lowlow)) - (type debugfile) - (call .debugfile.type (debugfile))) + (type debugfile) + (call .debugfile.type (debugfile))) - (block macro_template_dirs + (block macro_template_dirs - (blockabstract macro_template_dirs) + (blockabstract macro_template_dirs) - (macro addname_debugfile_dirs ((type ARG1)) - (allow ARG1 debugfile addname_dir)) + (macro addname_debugfile_dirs ((type ARG1)) + (allow ARG1 debugfile addname_dir)) - (macro create_debugfile_dirs ((type ARG1)) - (allow ARG1 debugfile create_dir)) + (macro create_debugfile_dirs ((type ARG1)) + (allow ARG1 debugfile create_dir)) - (macro delete_debugfile_dirs ((type ARG1)) - (allow ARG1 debugfile delete_dir)) + (macro delete_debugfile_dirs ((type ARG1)) + (allow ARG1 debugfile delete_dir)) - (macro deletename_debugfile_dirs ((type ARG1)) - (allow ARG1 debugfile deletename_dir)) + (macro deletename_debugfile_dirs ((type ARG1)) + (allow ARG1 debugfile deletename_dir)) - (macro list_debugfile_dirs ((type ARG1)) - (allow ARG1 debugfile list_dir)) + (macro list_debugfile_dirs ((type ARG1)) + (allow ARG1 debugfile list_dir)) - (macro listinherited_debugfile_dirs ((type ARG1)) - (allow ARG1 debugfile listinherited_dir)) + (macro listinherited_debugfile_dirs ((type ARG1)) + (allow ARG1 debugfile listinherited_dir)) - (macro manage_debugfile_dirs ((type ARG1)) - (allow ARG1 debugfile manage_dir)) + (macro manage_debugfile_dirs ((type ARG1)) + (allow ARG1 debugfile manage_dir)) - (macro mounton_debugfile_dirs ((type ARG1)) - (allow ARG1 debugfile mounton_dir)) + (macro mounton_debugfile_dirs ((type ARG1)) + (allow ARG1 debugfile mounton_dir)) - (macro readwrite_debugfile_dirs ((type ARG1)) - (allow ARG1 debugfile readwrite_dir)) + (macro readwrite_debugfile_dirs ((type ARG1)) + (allow ARG1 debugfile readwrite_dir)) - (macro readwriteinherited_debugfile_dirs ((type ARG1)) - (allow ARG1 debugfile readwriteinherited_dir)) + (macro readwriteinherited_debugfile_dirs ((type ARG1)) + (allow ARG1 debugfile readwriteinherited_dir)) - (macro rename_debugfile_dirs ((type ARG1)) - (allow ARG1 debugfile rename_dir)) + (macro rename_debugfile_dirs ((type ARG1)) + (allow ARG1 debugfile rename_dir)) - (macro search_debugfile_dirs ((type ARG1)) - (allow ARG1 debugfile search_dir)) + (macro search_debugfile_dirs ((type ARG1)) + (allow ARG1 debugfile search_dir)) - (macro write_debugfile_dirs ((type ARG1)) - (allow ARG1 debugfile write_dir)) + (macro write_debugfile_dirs ((type ARG1)) + (allow ARG1 debugfile write_dir)) - (macro writeinherited_debugfile_dirs ((type ARG1)) - (allow ARG1 debugfile writeinherited_dir))) + (macro writeinherited_debugfile_dirs ((type ARG1)) + (allow ARG1 debugfile writeinherited_dir))) - (block macro_template_files + (block macro_template_files - (blockabstract macro_template_files) + (blockabstract macro_template_files) - (macro append_debugfile_files ((type ARG1)) - (allow ARG1 debugfile append_file)) + (macro append_debugfile_files ((type ARG1)) + (allow ARG1 debugfile append_file)) - (macro appendinherited_debugfile_files ((type ARG1)) - (allow ARG1 debugfile appendinherited_file)) + (macro appendinherited_debugfile_files ((type ARG1)) + (allow ARG1 debugfile appendinherited_file)) - (macro create_debugfile_files ((type ARG1)) - (allow ARG1 debugfile create_file)) + (macro create_debugfile_files ((type ARG1)) + (allow ARG1 debugfile create_file)) - (macro delete_debugfile_files ((type ARG1)) - (allow ARG1 debugfile delete_file)) + (macro delete_debugfile_files ((type ARG1)) + (allow ARG1 debugfile delete_file)) - (macro execute_debugfile_files ((type ARG1)) - (allow ARG1 debugfile execute_file)) + (macro execute_debugfile_files ((type ARG1)) + (allow ARG1 debugfile execute_file)) - (macro manage_debugfile_files ((type ARG1)) - (allow ARG1 debugfile manage_file)) + (macro manage_debugfile_files ((type ARG1)) + (allow ARG1 debugfile manage_file)) - (macro mapexecute_debugfile_files ((type ARG1)) - (allow ARG1 debugfile mapexecute_file)) + (macro mapexecute_debugfile_files ((type ARG1)) + (allow ARG1 debugfile mapexecute_file)) - (macro mounton_debugfile_files ((type ARG1)) - (allow ARG1 debugfile mounton_file)) + (macro mounton_debugfile_files ((type ARG1)) + (allow ARG1 debugfile mounton_file)) - (macro read_debugfile_files ((type ARG1)) - (allow ARG1 debugfile read_file)) + (macro read_debugfile_files ((type ARG1)) + (allow ARG1 debugfile read_file)) - (macro readinherited_debugfile_files ((type ARG1)) - (allow ARG1 debugfile readinherited_file)) + (macro readinherited_debugfile_files ((type ARG1)) + (allow ARG1 debugfile readinherited_file)) - (macro readwrite_debugfile_files ((type ARG1)) - (allow ARG1 debugfile readwrite_file)) + (macro readwrite_debugfile_files ((type ARG1)) + (allow ARG1 debugfile readwrite_file)) - (macro readwriteinherited_debugfile_files ((type ARG1)) - (allow ARG1 debugfile readwriteinherited_file)) + (macro readwriteinherited_debugfile_files ((type ARG1)) + (allow ARG1 debugfile readwriteinherited_file)) - (macro rename_debugfile_files ((type ARG1)) - (allow ARG1 debugfile rename_file)) + (macro rename_debugfile_files ((type ARG1)) + (allow ARG1 debugfile rename_file)) - (macro write_debugfile_files ((type ARG1)) - (allow ARG1 debugfile write_file)) + (macro write_debugfile_files ((type ARG1)) + (allow ARG1 debugfile write_file)) - (macro writeinherited_debugfile_files ((type ARG1)) - (allow ARG1 debugfile writeinherited_file))) + (macro writeinherited_debugfile_files ((type ARG1)) + (allow ARG1 debugfile writeinherited_file))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .debugfile.base_template) - (blockinherit .debugfile.macro_template_files)) + (blockinherit .debugfile.base_template) + (blockinherit .debugfile.macro_template_files)) - (block unconfined + (block unconfined - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (allow typeattr debugfile.typeattr (dir (not (audit_access execmod)))) - (allow typeattr debugfile.typeattr - (file (not (audit_access entrypoint execmod)))))) + (allow typeattr debugfile.typeattr (dir (not (audit_access execmod)))) + (allow typeattr debugfile.typeattr + (file (not (audit_access entrypoint execmod)))))) (in sys.unconfined diff --git a/src/sys/procfile.cil b/src/sys/procfile.cil index 85ef97a..068725e 100644 --- a/src/sys/procfile.cil +++ b/src/sys/procfile.cil @@ -1,192 +1,192 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block procfile - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) - (blockinherit .file.all_macro_template_lnk_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_lnk_files) - (call .obj.type (typeattr)) + (call .obj.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (context procfile_context (.sys.id .sys.role procfile .sys.lowlow)) + (context procfile_context (.sys.id .sys.role procfile .sys.lowlow)) - (type procfile) - (call .procfile.type (procfile))) + (type procfile) + (call .procfile.type (procfile))) - (block except + (block except - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (blockinherit file.all_macro_template_dirs) - (blockinherit file.all_macro_template_files) - (blockinherit file.all_macro_template_lnk_files) + (blockinherit file.all_macro_template_dirs) + (blockinherit file.all_macro_template_files) + (blockinherit file.all_macro_template_lnk_files) - (typeattribute typeattr) + (typeattribute typeattr) - (typeattributeset typeattr - (and procfile.typeattr (not (exception.typeattr))))) + (typeattributeset typeattr + (and procfile.typeattr (not (exception.typeattr))))) - (block exception + (block exception - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (call procfile.type (typeattr))) + (call procfile.type (typeattr))) - (block macro_template_dirs + (block macro_template_dirs - (blockabstract macro_template_dirs) + (blockabstract macro_template_dirs) - (macro addname_procfile_dirs ((type ARG1)) - (allow ARG1 procfile addname_dir)) + (macro addname_procfile_dirs ((type ARG1)) + (allow ARG1 procfile addname_dir)) - (macro create_procfile_dirs ((type ARG1)) - (allow ARG1 procfile create_dir)) + (macro create_procfile_dirs ((type ARG1)) + (allow ARG1 procfile create_dir)) - (macro delete_procfile_dirs ((type ARG1)) - (allow ARG1 procfile delete_dir)) + (macro delete_procfile_dirs ((type ARG1)) + (allow ARG1 procfile delete_dir)) - (macro deletename_procfile_dirs ((type ARG1)) - (allow ARG1 procfile deletename_dir)) + (macro deletename_procfile_dirs ((type ARG1)) + (allow ARG1 procfile deletename_dir)) - (macro list_procfile_dirs ((type ARG1)) - (allow ARG1 procfile list_dir)) + (macro list_procfile_dirs ((type ARG1)) + (allow ARG1 procfile list_dir)) - (macro listinherited_procfile_dirs ((type ARG1)) - (allow ARG1 procfile listinherited_dir)) + (macro listinherited_procfile_dirs ((type ARG1)) + (allow ARG1 procfile listinherited_dir)) - (macro manage_procfile_dirs ((type ARG1)) - (allow ARG1 procfile manage_dir)) + (macro manage_procfile_dirs ((type ARG1)) + (allow ARG1 procfile manage_dir)) - (macro mounton_procfile_dirs ((type ARG1)) - (allow ARG1 procfile mounton_dir)) + (macro mounton_procfile_dirs ((type ARG1)) + (allow ARG1 procfile mounton_dir)) - (macro readwrite_procfile_dirs ((type ARG1)) - (allow ARG1 procfile readwrite_dir)) + (macro readwrite_procfile_dirs ((type ARG1)) + (allow ARG1 procfile readwrite_dir)) - (macro readwriteinherited_procfile_dirs ((type ARG1)) - (allow ARG1 procfile readwriteinherited_dir)) + (macro readwriteinherited_procfile_dirs ((type ARG1)) + (allow ARG1 procfile readwriteinherited_dir)) - (macro rename_procfile_dirs ((type ARG1)) - (allow ARG1 procfile rename_dir)) + (macro rename_procfile_dirs ((type ARG1)) + (allow ARG1 procfile rename_dir)) - (macro search_procfile_dirs ((type ARG1)) - (allow ARG1 procfile search_dir)) + (macro search_procfile_dirs ((type ARG1)) + (allow ARG1 procfile search_dir)) - (macro write_procfile_dirs ((type ARG1)) - (allow ARG1 procfile write_dir)) + (macro write_procfile_dirs ((type ARG1)) + (allow ARG1 procfile write_dir)) - (macro writeinherited_procfile_dirs ((type ARG1)) - (allow ARG1 procfile writeinherited_dir))) + (macro writeinherited_procfile_dirs ((type ARG1)) + (allow ARG1 procfile writeinherited_dir))) - (block macro_template_files + (block macro_template_files - (blockabstract macro_template_files) + (blockabstract macro_template_files) - (macro append_procfile_files ((type ARG1)) - (allow ARG1 procfile append_file)) + (macro append_procfile_files ((type ARG1)) + (allow ARG1 procfile append_file)) - (macro appendinherited_procfile_files ((type ARG1)) - (allow ARG1 procfile appendinherited_file)) + (macro appendinherited_procfile_files ((type ARG1)) + (allow ARG1 procfile appendinherited_file)) - (macro create_procfile_files ((type ARG1)) - (allow ARG1 procfile create_file)) + (macro create_procfile_files ((type ARG1)) + (allow ARG1 procfile create_file)) - (macro delete_procfile_files ((type ARG1)) - (allow ARG1 procfile delete_file)) + (macro delete_procfile_files ((type ARG1)) + (allow ARG1 procfile delete_file)) - (macro execute_procfile_files ((type ARG1)) - (allow ARG1 procfile execute_file)) + (macro execute_procfile_files ((type ARG1)) + (allow ARG1 procfile execute_file)) - (macro manage_procfile_files ((type ARG1)) - (allow ARG1 procfile manage_file)) + (macro manage_procfile_files ((type ARG1)) + (allow ARG1 procfile manage_file)) - (macro mapexecute_procfile_files ((type ARG1)) - (allow ARG1 procfile mapexecute_file)) + (macro mapexecute_procfile_files ((type ARG1)) + (allow ARG1 procfile mapexecute_file)) - (macro mounton_procfile_files ((type ARG1)) - (allow ARG1 procfile mounton_file)) + (macro mounton_procfile_files ((type ARG1)) + (allow ARG1 procfile mounton_file)) - (macro read_procfile_files ((type ARG1)) - (allow ARG1 procfile read_file)) + (macro read_procfile_files ((type ARG1)) + (allow ARG1 procfile read_file)) - (macro readinherited_procfile_files ((type ARG1)) - (allow ARG1 procfile readinherited_file)) + (macro readinherited_procfile_files ((type ARG1)) + (allow ARG1 procfile readinherited_file)) - (macro readwrite_procfile_files ((type ARG1)) - (allow ARG1 procfile readwrite_file)) + (macro readwrite_procfile_files ((type ARG1)) + (allow ARG1 procfile readwrite_file)) - (macro readwriteinherited_procfile_files ((type ARG1)) - (allow ARG1 procfile readwriteinherited_file)) + (macro readwriteinherited_procfile_files ((type ARG1)) + (allow ARG1 procfile readwriteinherited_file)) - (macro rename_procfile_files ((type ARG1)) - (allow ARG1 procfile rename_file)) + (macro rename_procfile_files ((type ARG1)) + (allow ARG1 procfile rename_file)) - (macro write_procfile_files ((type ARG1)) - (allow ARG1 procfile write_file)) + (macro write_procfile_files ((type ARG1)) + (allow ARG1 procfile write_file)) - (macro writeinherited_procfile_files ((type ARG1)) - (allow ARG1 procfile writeinherited_file))) + (macro writeinherited_procfile_files ((type ARG1)) + (allow ARG1 procfile writeinherited_file))) - (block macro_template_lnk_files + (block macro_template_lnk_files - (blockabstract macro_template_lnk_files) + (blockabstract macro_template_lnk_files) - (macro create_procfile_lnk_files ((type ARG1)) - (allow ARG1 procfile create_lnk_file)) + (macro create_procfile_lnk_files ((type ARG1)) + (allow ARG1 procfile create_lnk_file)) - (macro delete_procfile_lnk_files ((type ARG1)) - (allow ARG1 procfile delete_lnk_file)) + (macro delete_procfile_lnk_files ((type ARG1)) + (allow ARG1 procfile delete_lnk_file)) - (macro manage_procfile_lnk_files ((type ARG1)) - (allow ARG1 procfile manage_lnk_file)) + (macro manage_procfile_lnk_files ((type ARG1)) + (allow ARG1 procfile manage_lnk_file)) - (macro read_procfile_lnk_files ((type ARG1)) - (allow ARG1 procfile read_lnk_file)) + (macro read_procfile_lnk_files ((type ARG1)) + (allow ARG1 procfile read_lnk_file)) - (macro readwrite_procfile_lnk_files ((type ARG1)) - (allow ARG1 procfile readwrite_lnk_file)) + (macro readwrite_procfile_lnk_files ((type ARG1)) + (allow ARG1 procfile readwrite_lnk_file)) - (macro rename_procfile_lnk_files ((type ARG1)) - (allow ARG1 procfile rename_lnk_file)) + (macro rename_procfile_lnk_files ((type ARG1)) + (allow ARG1 procfile rename_lnk_file)) - (macro write_procfile_lnk_files ((type ARG1)) - (allow ARG1 procfile write_lnk_file))) + (macro write_procfile_lnk_files ((type ARG1)) + (allow ARG1 procfile write_lnk_file))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .procfile.base_template) - (blockinherit .procfile.macro_template_files)) + (blockinherit .procfile.base_template) + (blockinherit .procfile.macro_template_files)) - (block unconfined + (block unconfined - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (allow typeattr procfile.typeattr - (dir (not (audit_access execmod relabelfrom relabelto)))) - (allow typeattr procfile.typeattr - (file (not (audit_access entrypoint execmod relabelfrom relabelto)))) - (allow typeattr procfile.typeattr - (lnk_file (not (audit_access execmod map mounton relabelfrom - relabelto)))))) + (allow typeattr procfile.typeattr + (dir (not (audit_access execmod relabelfrom relabelto)))) + (allow typeattr procfile.typeattr + (file (not (audit_access entrypoint execmod relabelfrom relabelto)))) + (allow typeattr procfile.typeattr + (lnk_file (not (audit_access execmod map mounton relabelfrom + relabelto)))))) (in sys.unconfined diff --git a/src/sys/procfile/acpiprocfile.cil b/src/sys/procfile/acpiprocfile.cil index 474e9c8..7386f17 100644 --- a/src/sys/procfile/acpiprocfile.cil +++ b/src/sys/procfile/acpiprocfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block acpi - (genfscon "proc" "/acpi" procfile_context) + (genfscon "proc" "/acpi" procfile_context) - (blockinherit .procfile.macro_template_dirs) - (blockinherit .procfile.template)) + (blockinherit .procfile.macro_template_dirs) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/asoundprocfile.cil b/src/sys/procfile/asoundprocfile.cil index 45a9667..b83129a 100644 --- a/src/sys/procfile/asoundprocfile.cil +++ b/src/sys/procfile/asoundprocfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block asound - (genfscon "proc" "/asound" procfile_context) + (genfscon "proc" "/asound" procfile_context) - (blockinherit .procfile.macro_template_dirs) - (blockinherit .procfile.template)) + (blockinherit .procfile.macro_template_dirs) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/bootconfigprocfile.cil b/src/sys/procfile/bootconfigprocfile.cil index e4a0a88..67ef54b 100644 --- a/src/sys/procfile/bootconfigprocfile.cil +++ b/src/sys/procfile/bootconfigprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block bootconfig - (genfscon "proc" "/bootconfig" procfile_context) + (genfscon "proc" "/bootconfig" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/buddyinfoprocfile.cil b/src/sys/procfile/buddyinfoprocfile.cil index 9efb15f..88e77b1 100644 --- a/src/sys/procfile/buddyinfoprocfile.cil +++ b/src/sys/procfile/buddyinfoprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block buddyinfo - (genfscon "proc" "/buddyinfo" procfile_context) + (genfscon "proc" "/buddyinfo" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/busprocfile.cil b/src/sys/procfile/busprocfile.cil index 0c8e2b4..272fe71 100644 --- a/src/sys/procfile/busprocfile.cil +++ b/src/sys/procfile/busprocfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in bus diff --git a/src/sys/procfile/cgroupsprocfile.cil b/src/sys/procfile/cgroupsprocfile.cil index c791614..3051b9d 100644 --- a/src/sys/procfile/cgroupsprocfile.cil +++ b/src/sys/procfile/cgroupsprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block cgroups - (genfscon "proc" "/cgroups" procfile_context) + (genfscon "proc" "/cgroups" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/cmdlineprocfile.cil b/src/sys/procfile/cmdlineprocfile.cil index 4b72d65..beab982 100644 --- a/src/sys/procfile/cmdlineprocfile.cil +++ b/src/sys/procfile/cmdlineprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block cmdline - (genfscon "proc" "/cmdline" procfile_context) + (genfscon "proc" "/cmdline" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/consolesprocfile.cil b/src/sys/procfile/consolesprocfile.cil index 9f22626..f0b7275 100644 --- a/src/sys/procfile/consolesprocfile.cil +++ b/src/sys/procfile/consolesprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block consoles - (genfscon "proc" "/consoles" procfile_context) + (genfscon "proc" "/consoles" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/cpuinfoprocfile.cil b/src/sys/procfile/cpuinfoprocfile.cil index 6e22857..830d84c 100644 --- a/src/sys/procfile/cpuinfoprocfile.cil +++ b/src/sys/procfile/cpuinfoprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block cpuinfo - (genfscon "proc" "/cpuinfo" procfile_context) + (genfscon "proc" "/cpuinfo" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/cpuprocfile.cil b/src/sys/procfile/cpuprocfile.cil index 516610c..b225fc7 100644 --- a/src/sys/procfile/cpuprocfile.cil +++ b/src/sys/procfile/cpuprocfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in cpu diff --git a/src/sys/procfile/cryptoprocfile.cil b/src/sys/procfile/cryptoprocfile.cil index cab3e66..eb6700b 100644 --- a/src/sys/procfile/cryptoprocfile.cil +++ b/src/sys/procfile/cryptoprocfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in crypto diff --git a/src/sys/procfile/devicesprocfile.cil b/src/sys/procfile/devicesprocfile.cil index a82c1bf..6715db8 100644 --- a/src/sys/procfile/devicesprocfile.cil +++ b/src/sys/procfile/devicesprocfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in devices diff --git a/src/sys/procfile/diskstatsprocfile.cil b/src/sys/procfile/diskstatsprocfile.cil index 047c45f..62ebbf5 100644 --- a/src/sys/procfile/diskstatsprocfile.cil +++ b/src/sys/procfile/diskstatsprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block diskstats - (genfscon "proc" "/diskstats" procfile_context) + (genfscon "proc" "/diskstats" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/dmaprocfile.cil b/src/sys/procfile/dmaprocfile.cil index daff60b..f206b9f 100644 --- a/src/sys/procfile/dmaprocfile.cil +++ b/src/sys/procfile/dmaprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block dma - (genfscon "proc" "/dma" procfile_context) + (genfscon "proc" "/dma" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/driverprocfile.cil b/src/sys/procfile/driverprocfile.cil index 09ea110..7873fe8 100644 --- a/src/sys/procfile/driverprocfile.cil +++ b/src/sys/procfile/driverprocfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block driver - (genfscon "proc" "/driver" procfile_context) + (genfscon "proc" "/driver" procfile_context) - (blockinherit .procfile.macro_template_dirs) - (blockinherit .procfile.template)) + (blockinherit .procfile.macro_template_dirs) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/dynamicdebugprocfile.cil b/src/sys/procfile/dynamicdebugprocfile.cil index 580c13e..d2f739b 100644 --- a/src/sys/procfile/dynamicdebugprocfile.cil +++ b/src/sys/procfile/dynamicdebugprocfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block dynamicdebug - (genfscon "proc" "/dynamic_debug" procfile_context) + (genfscon "proc" "/dynamic_debug" procfile_context) - (blockinherit .procfile.macro_template_dirs) - (blockinherit .procfile.base_template)) + (blockinherit .procfile.macro_template_dirs) + (blockinherit .procfile.base_template)) diff --git a/src/sys/procfile/execdomainsprocfile.cil b/src/sys/procfile/execdomainsprocfile.cil index 50d728b..a7cf172 100644 --- a/src/sys/procfile/execdomainsprocfile.cil +++ b/src/sys/procfile/execdomainsprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block execdomains - (genfscon "proc" "/execdomains" procfile_context) + (genfscon "proc" "/execdomains" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/fbprocfile.cil b/src/sys/procfile/fbprocfile.cil index cdfeeea..a828599 100644 --- a/src/sys/procfile/fbprocfile.cil +++ b/src/sys/procfile/fbprocfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in fb diff --git a/src/sys/procfile/filesystemsprocfile.cil b/src/sys/procfile/filesystemsprocfile.cil index 285a9f9..428081f 100644 --- a/src/sys/procfile/filesystemsprocfile.cil +++ b/src/sys/procfile/filesystemsprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block filesystems - (genfscon "proc" "/filesystems" procfile_context) + (genfscon "proc" "/filesystems" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/fsprocfile.cil b/src/sys/procfile/fsprocfile.cil index 7e1887c..053da22 100644 --- a/src/sys/procfile/fsprocfile.cil +++ b/src/sys/procfile/fsprocfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in fs diff --git a/src/sys/procfile/interruptsprocfile.cil b/src/sys/procfile/interruptsprocfile.cil index 43ab72c..fc2f54e 100644 --- a/src/sys/procfile/interruptsprocfile.cil +++ b/src/sys/procfile/interruptsprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block interrupts - (genfscon "proc" "/interrupts" procfile_context) + (genfscon "proc" "/interrupts" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/iomemprocfile.cil b/src/sys/procfile/iomemprocfile.cil index 3576e07..ed926e8 100644 --- a/src/sys/procfile/iomemprocfile.cil +++ b/src/sys/procfile/iomemprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block iomem - (genfscon "proc" "/iomem" procfile_context) + (genfscon "proc" "/iomem" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/ioportsprocfile.cil b/src/sys/procfile/ioportsprocfile.cil index 452c017..45123a0 100644 --- a/src/sys/procfile/ioportsprocfile.cil +++ b/src/sys/procfile/ioportsprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block ioports - (genfscon "proc" "/ioports" procfile_context) + (genfscon "proc" "/ioports" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/irqprocfile.cil b/src/sys/procfile/irqprocfile.cil index 5dec01f..0c35353 100644 --- a/src/sys/procfile/irqprocfile.cil +++ b/src/sys/procfile/irqprocfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block irq - (genfscon "proc" "/irq" procfile_context) + (genfscon "proc" "/irq" procfile_context) - (blockinherit .procfile.macro_template_dirs) - (blockinherit .procfile.template)) + (blockinherit .procfile.macro_template_dirs) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/jffs2bbcprocfile.cil b/src/sys/procfile/jffs2bbcprocfile.cil index 01fed13..75038ed 100644 --- a/src/sys/procfile/jffs2bbcprocfile.cil +++ b/src/sys/procfile/jffs2bbcprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block jffs2bbc - (genfscon "proc" "/jffs2_bbc" procfile_context) + (genfscon "proc" "/jffs2_bbc" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/kallsymsprocfile.cil b/src/sys/procfile/kallsymsprocfile.cil index 7043b3d..e9b2648 100644 --- a/src/sys/procfile/kallsymsprocfile.cil +++ b/src/sys/procfile/kallsymsprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block kallsyms - (genfscon "proc" "/kallsyms" procfile_context) + (genfscon "proc" "/kallsyms" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/kcoreprocfile.cil b/src/sys/procfile/kcoreprocfile.cil index f6cfe61..f7c1a64 100644 --- a/src/sys/procfile/kcoreprocfile.cil +++ b/src/sys/procfile/kcoreprocfile.cil @@ -1,47 +1,47 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block kcore - (genfscon "proc" "/kcore" procfile_context) + (genfscon "proc" "/kcore" procfile_context) - (blockinherit .procfile.template) + (blockinherit .procfile.template) - (call .procfile.exception.type (procfile)) + (call .procfile.exception.type (procfile)) - (block read + (block read - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute not_typeattr) - (typeattribute typeattr) + (typeattribute not_typeattr) + (typeattribute typeattr) - (typeattributeset not_typeattr (not typeattr)) + (typeattributeset not_typeattr (not typeattr)) - (neverallow not_typeattr procfile (file (read)))) + (neverallow not_typeattr procfile (file (read)))) - (block readwrite + (block readwrite - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (call read.type (typeattr)) - (call write.type (typeattr))) + (call read.type (typeattr)) + (call write.type (typeattr))) - (block write + (block write - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute not_typeattr) - (typeattribute typeattr) + (typeattribute not_typeattr) + (typeattribute typeattr) - (typeattributeset not_typeattr (not typeattr)) + (typeattributeset not_typeattr (not typeattr)) - (neverallow not_typeattr procfile (file (append write))))) + (neverallow not_typeattr procfile (file (append write))))) (in procfile.unconfined diff --git a/src/sys/procfile/keysprocfile.cil b/src/sys/procfile/keysprocfile.cil index db8164c..92ef55a 100644 --- a/src/sys/procfile/keysprocfile.cil +++ b/src/sys/procfile/keysprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block keys - (genfscon "proc" "/keys" procfile_context) + (genfscon "proc" "/keys" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/keyusersprocfile.cil b/src/sys/procfile/keyusersprocfile.cil index 6431035..f10090e 100644 --- a/src/sys/procfile/keyusersprocfile.cil +++ b/src/sys/procfile/keyusersprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block keyusers - (genfscon "proc" "/key-users" procfile_context) + (genfscon "proc" "/key-users" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/kmsgprocfile.cil b/src/sys/procfile/kmsgprocfile.cil index a85c7ad..b7de676 100644 --- a/src/sys/procfile/kmsgprocfile.cil +++ b/src/sys/procfile/kmsgprocfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in kmsg diff --git a/src/sys/procfile/kpagecgroupprocfile.cil b/src/sys/procfile/kpagecgroupprocfile.cil index eacb8fc..e22fcb1 100644 --- a/src/sys/procfile/kpagecgroupprocfile.cil +++ b/src/sys/procfile/kpagecgroupprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block kpagecgroup - (genfscon "proc" "/kpagecgroup" procfile_context) + (genfscon "proc" "/kpagecgroup" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/kpagecountprocfile.cil b/src/sys/procfile/kpagecountprocfile.cil index 1c698c5..0005c3c 100644 --- a/src/sys/procfile/kpagecountprocfile.cil +++ b/src/sys/procfile/kpagecountprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block kpagecount - (genfscon "proc" "/kpagecount" procfile_context) + (genfscon "proc" "/kpagecount" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/kpageflagsprocfile.cil b/src/sys/procfile/kpageflagsprocfile.cil index e4c639c..b21f97f 100644 --- a/src/sys/procfile/kpageflagsprocfile.cil +++ b/src/sys/procfile/kpageflagsprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block kpageflags - (genfscon "proc" "/kpageflags" procfile_context) + (genfscon "proc" "/kpageflags" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/latencystatsprocfile.cil b/src/sys/procfile/latencystatsprocfile.cil index fb479bf..0bbebfb 100644 --- a/src/sys/procfile/latencystatsprocfile.cil +++ b/src/sys/procfile/latencystatsprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block latencystats - (genfscon "proc" "/latency_stats" procfile_context) + (genfscon "proc" "/latency_stats" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/loadavgprocfile.cil b/src/sys/procfile/loadavgprocfile.cil index 2bf731b..af2f762 100644 --- a/src/sys/procfile/loadavgprocfile.cil +++ b/src/sys/procfile/loadavgprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block loadavg - (genfscon "proc" "/loadavg" procfile_context) + (genfscon "proc" "/loadavg" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/lockdepchainsprocfile.cil b/src/sys/procfile/lockdepchainsprocfile.cil index 992c2cb..3954b36 100644 --- a/src/sys/procfile/lockdepchainsprocfile.cil +++ b/src/sys/procfile/lockdepchainsprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block lockdepchains - (genfscon "proc" "/lockdep_chains" procfile_context) + (genfscon "proc" "/lockdep_chains" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/lockdepprocfile.cil b/src/sys/procfile/lockdepprocfile.cil index 4f9d227..10e2cab 100644 --- a/src/sys/procfile/lockdepprocfile.cil +++ b/src/sys/procfile/lockdepprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block lockdep - (genfscon "proc" "/lockdep" procfile_context) + (genfscon "proc" "/lockdep" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/lockdepstatsprocfile.cil b/src/sys/procfile/lockdepstatsprocfile.cil index d4d81a8..e4d98e6 100644 --- a/src/sys/procfile/lockdepstatsprocfile.cil +++ b/src/sys/procfile/lockdepstatsprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block lockdepstats - (genfscon "proc" "/lockdep_stats" procfile_context) + (genfscon "proc" "/lockdep_stats" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/locksprocfile.cil b/src/sys/procfile/locksprocfile.cil index 3c24537..310a7f0 100644 --- a/src/sys/procfile/locksprocfile.cil +++ b/src/sys/procfile/locksprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block locks - (genfscon "proc" "/locks" procfile_context) + (genfscon "proc" "/locks" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/lockstatprocfile.cil b/src/sys/procfile/lockstatprocfile.cil index 6874bc8..0ddaa4a 100644 --- a/src/sys/procfile/lockstatprocfile.cil +++ b/src/sys/procfile/lockstatprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block lockstat - (genfscon "proc" "/lock_stat" procfile_context) + (genfscon "proc" "/lock_stat" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/mdstatprocfile.cil b/src/sys/procfile/mdstatprocfile.cil index b5813e6..47066a8 100644 --- a/src/sys/procfile/mdstatprocfile.cil +++ b/src/sys/procfile/mdstatprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block mdstat - (genfscon "proc" "/mdstat" procfile_context) + (genfscon "proc" "/mdstat" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/meminfoprocfile.cil b/src/sys/procfile/meminfoprocfile.cil index 602f876..a158ecb 100644 --- a/src/sys/procfile/meminfoprocfile.cil +++ b/src/sys/procfile/meminfoprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block meminfo - (genfscon "proc" "/meminfo" procfile_context) + (genfscon "proc" "/meminfo" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/miscprocfile.cil b/src/sys/procfile/miscprocfile.cil index cb4c5b2..63b2caa 100644 --- a/src/sys/procfile/miscprocfile.cil +++ b/src/sys/procfile/miscprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block misc - (genfscon "proc" "/misc" procfile_context) + (genfscon "proc" "/misc" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/modulesprocfile.cil b/src/sys/procfile/modulesprocfile.cil index 7d209c8..81c48a6 100644 --- a/src/sys/procfile/modulesprocfile.cil +++ b/src/sys/procfile/modulesprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block modules - (genfscon "proc" "/modules" procfile_context) + (genfscon "proc" "/modules" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/mptprocfile.cil b/src/sys/procfile/mptprocfile.cil index 02fe2cd..91f9890 100644 --- a/src/sys/procfile/mptprocfile.cil +++ b/src/sys/procfile/mptprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block mpt - (genfscon "proc" "/mpt" procfile_context) + (genfscon "proc" "/mpt" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/mtdprocfile.cil b/src/sys/procfile/mtdprocfile.cil index 2e856e7..c33531f 100644 --- a/src/sys/procfile/mtdprocfile.cil +++ b/src/sys/procfile/mtdprocfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in mtd diff --git a/src/sys/procfile/mtrrprocfile.cil b/src/sys/procfile/mtrrprocfile.cil index a3e40ef..f88bc2d 100644 --- a/src/sys/procfile/mtrrprocfile.cil +++ b/src/sys/procfile/mtrrprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block mtrr - (genfscon "proc" "/mtrr" procfile_context) + (genfscon "proc" "/mtrr" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/netprocfile.cil b/src/sys/procfile/netprocfile.cil index 2b18e74..6c61ebe 100644 --- a/src/sys/procfile/netprocfile.cil +++ b/src/sys/procfile/netprocfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in net diff --git a/src/sys/procfile/pagetypeinfoprocfile.cil b/src/sys/procfile/pagetypeinfoprocfile.cil index eb2b60b..94745ec 100644 --- a/src/sys/procfile/pagetypeinfoprocfile.cil +++ b/src/sys/procfile/pagetypeinfoprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block pagetypeinfo - (genfscon "proc" "/pagetypeinfo" procfile_context) + (genfscon "proc" "/pagetypeinfo" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/partitionsprocfile.cil b/src/sys/procfile/partitionsprocfile.cil index 2f32ff7..9f5d84e 100644 --- a/src/sys/procfile/partitionsprocfile.cil +++ b/src/sys/procfile/partitionsprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block partitions - (genfscon "proc" "/partitions" procfile_context) + (genfscon "proc" "/partitions" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/pressureprocfile.cil b/src/sys/procfile/pressureprocfile.cil index 9dfc9fc..987e2c3 100644 --- a/src/sys/procfile/pressureprocfile.cil +++ b/src/sys/procfile/pressureprocfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block pressure - (genfscon "proc" "/pressure" procfile_context) + (genfscon "proc" "/pressure" procfile_context) - (blockinherit .procfile.macro_template_dirs) - (blockinherit .procfile.template)) + (blockinherit .procfile.macro_template_dirs) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/scheddebugprocfile.cil b/src/sys/procfile/scheddebugprocfile.cil index 58eb532..5368784 100644 --- a/src/sys/procfile/scheddebugprocfile.cil +++ b/src/sys/procfile/scheddebugprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block scheddebug - (genfscon "proc" "/sched_debug" procfile_context) + (genfscon "proc" "/sched_debug" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/schedstatprocfile.cil b/src/sys/procfile/schedstatprocfile.cil index e8c6beb..3d828e6 100644 --- a/src/sys/procfile/schedstatprocfile.cil +++ b/src/sys/procfile/schedstatprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block schedstat - (genfscon "proc" "/schedstat" procfile_context) + (genfscon "proc" "/schedstat" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/scsiprocfile.cil b/src/sys/procfile/scsiprocfile.cil index 9b1b7f1..383f3f0 100644 --- a/src/sys/procfile/scsiprocfile.cil +++ b/src/sys/procfile/scsiprocfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block scsi - (genfscon "proc" "/scsi" procfile_context) + (genfscon "proc" "/scsi" procfile_context) - (blockinherit .procfile.macro_template_dirs) - (blockinherit .procfile.template)) + (blockinherit .procfile.macro_template_dirs) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/slabinfoprocfile.cil b/src/sys/procfile/slabinfoprocfile.cil index 8c206b6..2ee0e18 100644 --- a/src/sys/procfile/slabinfoprocfile.cil +++ b/src/sys/procfile/slabinfoprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block slabinfo - (genfscon "proc" "/slabinfo" procfile_context) + (genfscon "proc" "/slabinfo" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/softirqsprocfile.cil b/src/sys/procfile/softirqsprocfile.cil index d72bb19..1a8412a 100644 --- a/src/sys/procfile/softirqsprocfile.cil +++ b/src/sys/procfile/softirqsprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block softirqs - (genfscon "proc" "/softirqs" procfile_context) + (genfscon "proc" "/softirqs" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/statprocfile.cil b/src/sys/procfile/statprocfile.cil index 989de56..b7e8023 100644 --- a/src/sys/procfile/statprocfile.cil +++ b/src/sys/procfile/statprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block stat - (genfscon "proc" "/stat" procfile_context) + (genfscon "proc" "/stat" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/swapsprocfile.cil b/src/sys/procfile/swapsprocfile.cil index 5124b0e..ea98b38 100644 --- a/src/sys/procfile/swapsprocfile.cil +++ b/src/sys/procfile/swapsprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block swaps - (genfscon "proc" "/swaps" procfile_context) + (genfscon "proc" "/swaps" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/sysctlfile.cil b/src/sys/procfile/sysctlfile.cil index 7813107..0278393 100644 --- a/src/sys/procfile/sysctlfile.cil +++ b/src/sys/procfile/sysctlfile.cil @@ -1,141 +1,141 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block sysctlfile - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) - (call .procfile.type (typeattr)) + (call .procfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (context sysctlfile_context (.sys.id .sys.role sysctlfile .sys.lowlow)) + (context sysctlfile_context (.sys.id .sys.role sysctlfile .sys.lowlow)) - (type sysctlfile) - (call .sysctlfile.type (sysctlfile))) + (type sysctlfile) + (call .sysctlfile.type (sysctlfile))) - (block macro_template_dirs + (block macro_template_dirs - (blockabstract macro_template_dirs) + (blockabstract macro_template_dirs) - (macro addname_sysctlfile_dirs ((type ARG1)) - (allow ARG1 sysctlfile addname_dir)) + (macro addname_sysctlfile_dirs ((type ARG1)) + (allow ARG1 sysctlfile addname_dir)) - (macro create_sysctlfile_dirs ((type ARG1)) - (allow ARG1 sysctlfile create_dir)) + (macro create_sysctlfile_dirs ((type ARG1)) + (allow ARG1 sysctlfile create_dir)) - (macro delete_sysctlfile_dirs ((type ARG1)) - (allow ARG1 sysctlfile delete_dir)) + (macro delete_sysctlfile_dirs ((type ARG1)) + (allow ARG1 sysctlfile delete_dir)) - (macro deletename_sysctlfile_dirs ((type ARG1)) - (allow ARG1 sysctlfile deletename_dir)) + (macro deletename_sysctlfile_dirs ((type ARG1)) + (allow ARG1 sysctlfile deletename_dir)) - (macro list_sysctlfile_dirs ((type ARG1)) - (allow ARG1 sysctlfile list_dir)) + (macro list_sysctlfile_dirs ((type ARG1)) + (allow ARG1 sysctlfile list_dir)) - (macro listinherited_sysctlfile_dirs ((type ARG1)) - (allow ARG1 sysctlfile listinherited_dir)) + (macro listinherited_sysctlfile_dirs ((type ARG1)) + (allow ARG1 sysctlfile listinherited_dir)) - (macro manage_sysctlfile_dirs ((type ARG1)) - (allow ARG1 sysctlfile manage_dir)) + (macro manage_sysctlfile_dirs ((type ARG1)) + (allow ARG1 sysctlfile manage_dir)) - (macro mounton_sysctlfile_dirs ((type ARG1)) - (allow ARG1 sysctlfile mounton_dir)) + (macro mounton_sysctlfile_dirs ((type ARG1)) + (allow ARG1 sysctlfile mounton_dir)) - (macro readwrite_sysctlfile_dirs ((type ARG1)) - (allow ARG1 sysctlfile readwrite_dir)) + (macro readwrite_sysctlfile_dirs ((type ARG1)) + (allow ARG1 sysctlfile readwrite_dir)) - (macro readwriteinherited_sysctlfile_dirs ((type ARG1)) - (allow ARG1 sysctlfile readwriteinherited_dir)) + (macro readwriteinherited_sysctlfile_dirs ((type ARG1)) + (allow ARG1 sysctlfile readwriteinherited_dir)) - (macro rename_sysctlfile_dirs ((type ARG1)) - (allow ARG1 sysctlfile rename_dir)) + (macro rename_sysctlfile_dirs ((type ARG1)) + (allow ARG1 sysctlfile rename_dir)) - (macro search_sysctlfile_dirs ((type ARG1)) - (allow ARG1 sysctlfile search_dir)) + (macro search_sysctlfile_dirs ((type ARG1)) + (allow ARG1 sysctlfile search_dir)) - (macro write_sysctlfile_dirs ((type ARG1)) - (allow ARG1 sysctlfile write_dir)) + (macro write_sysctlfile_dirs ((type ARG1)) + (allow ARG1 sysctlfile write_dir)) - (macro writeinherited_sysctlfile_dirs ((type ARG1)) - (allow ARG1 sysctlfile writeinherited_dir))) + (macro writeinherited_sysctlfile_dirs ((type ARG1)) + (allow ARG1 sysctlfile writeinherited_dir))) - (block macro_template_files + (block macro_template_files - (blockabstract macro_template_files) + (blockabstract macro_template_files) - (macro append_sysctlfile_files ((type ARG1)) - (allow ARG1 sysctlfile append_file)) + (macro append_sysctlfile_files ((type ARG1)) + (allow ARG1 sysctlfile append_file)) - (macro appendinherited_sysctlfile_files ((type ARG1)) - (allow ARG1 sysctlfile appendinherited_file)) + (macro appendinherited_sysctlfile_files ((type ARG1)) + (allow ARG1 sysctlfile appendinherited_file)) - (macro create_sysctlfile_files ((type ARG1)) - (allow ARG1 sysctlfile create_file)) + (macro create_sysctlfile_files ((type ARG1)) + (allow ARG1 sysctlfile create_file)) - (macro delete_sysctlfile_files ((type ARG1)) - (allow ARG1 sysctlfile delete_file)) + (macro delete_sysctlfile_files ((type ARG1)) + (allow ARG1 sysctlfile delete_file)) - (macro execute_sysctlfile_files ((type ARG1)) - (allow ARG1 sysctlfile execute_file)) + (macro execute_sysctlfile_files ((type ARG1)) + (allow ARG1 sysctlfile execute_file)) - (macro manage_sysctlfile_files ((type ARG1)) - (allow ARG1 sysctlfile manage_file)) + (macro manage_sysctlfile_files ((type ARG1)) + (allow ARG1 sysctlfile manage_file)) - (macro mapexecute_sysctlfile_files ((type ARG1)) - (allow ARG1 sysctlfile mapexecute_file)) + (macro mapexecute_sysctlfile_files ((type ARG1)) + (allow ARG1 sysctlfile mapexecute_file)) - (macro mounton_sysctlfile_files ((type ARG1)) - (allow ARG1 sysctlfile mounton_file)) + (macro mounton_sysctlfile_files ((type ARG1)) + (allow ARG1 sysctlfile mounton_file)) - (macro read_sysctlfile_files ((type ARG1)) - (allow ARG1 sysctlfile read_file)) + (macro read_sysctlfile_files ((type ARG1)) + (allow ARG1 sysctlfile read_file)) - (macro readinherited_sysctlfile_files ((type ARG1)) - (allow ARG1 sysctlfile readinherited_file)) + (macro readinherited_sysctlfile_files ((type ARG1)) + (allow ARG1 sysctlfile readinherited_file)) - (macro readwrite_sysctlfile_files ((type ARG1)) - (allow ARG1 sysctlfile readwrite_file)) + (macro readwrite_sysctlfile_files ((type ARG1)) + (allow ARG1 sysctlfile readwrite_file)) - (macro readwriteinherited_sysctlfile_files ((type ARG1)) - (allow ARG1 sysctlfile readwriteinherited_file)) + (macro readwriteinherited_sysctlfile_files ((type ARG1)) + (allow ARG1 sysctlfile readwriteinherited_file)) - (macro rename_sysctlfile_files ((type ARG1)) - (allow ARG1 sysctlfile rename_file)) + (macro rename_sysctlfile_files ((type ARG1)) + (allow ARG1 sysctlfile rename_file)) - (macro write_sysctlfile_files ((type ARG1)) - (allow ARG1 sysctlfile write_file)) + (macro write_sysctlfile_files ((type ARG1)) + (allow ARG1 sysctlfile write_file)) - (macro writeinherited_sysctlfile_files ((type ARG1)) - (allow ARG1 sysctlfile writeinherited_file))) + (macro writeinherited_sysctlfile_files ((type ARG1)) + (allow ARG1 sysctlfile writeinherited_file))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysctlfile.base_template) - (blockinherit .sysctlfile.macro_template_files)) + (blockinherit .sysctlfile.base_template) + (blockinherit .sysctlfile.macro_template_files)) - (block unconfined + (block unconfined - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (allow typeattr sysctlfile.typeattr - (dir (not (audit_access execmod relabelfrom relabelto)))) - (allow typeattr sysctlfile.typeattr - (file (not (audit_access entrypoint execmod relabelfrom - relabelto)))))) + (allow typeattr sysctlfile.typeattr + (dir (not (audit_access execmod relabelfrom relabelto)))) + (allow typeattr sysctlfile.typeattr + (file (not (audit_access entrypoint execmod relabelfrom + relabelto)))))) (in procfile.unconfined diff --git a/src/sys/procfile/sysctlfile/abisysctlfile.cil b/src/sys/procfile/sysctlfile/abisysctlfile.cil index 2830104..ff28c8a 100644 --- a/src/sys/procfile/sysctlfile/abisysctlfile.cil +++ b/src/sys/procfile/sysctlfile/abisysctlfile.cil @@ -1,38 +1,38 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block abi - (genfscon "proc" "/sys/abi" sysctlfile_context) + (genfscon "proc" "/sys/abi" sysctlfile_context) - (blockinherit .sysctlfile.abi.template) - (blockinherit .sysctlfile.macro_template_dirs)) + (blockinherit .sysctlfile.abi.template) + (blockinherit .sysctlfile.macro_template_dirs)) (in sysctlfile (block abi - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) - (call .sysctlfile.type (typeattr)) + (call .sysctlfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysctlfile.base_template) + (blockinherit .sysctlfile.base_template) - (call .sysctlfile.abi.type (sysctlfile))) + (call .sysctlfile.abi.type (sysctlfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysctlfile.abi.base_template) - (blockinherit .sysctlfile.macro_template_files)))) + (blockinherit .sysctlfile.abi.base_template) + (blockinherit .sysctlfile.macro_template_files)))) diff --git a/src/sys/procfile/sysctlfile/cryptosysctlfile.cil b/src/sys/procfile/sysctlfile/cryptosysctlfile.cil index 2c94fc4..9048c8f 100644 --- a/src/sys/procfile/sysctlfile/cryptosysctlfile.cil +++ b/src/sys/procfile/sysctlfile/cryptosysctlfile.cil @@ -1,38 +1,38 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block crypto - (genfscon "proc" "/sys/crypto" sysctlfile_context) + (genfscon "proc" "/sys/crypto" sysctlfile_context) - (blockinherit .sysctlfile.crypto.template) - (blockinherit .sysctlfile.macro_template_dirs)) + (blockinherit .sysctlfile.crypto.template) + (blockinherit .sysctlfile.macro_template_dirs)) (in sysctlfile (block crypto - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) - (call .sysctlfile.type (typeattr)) + (call .sysctlfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysctlfile.base_template) + (blockinherit .sysctlfile.base_template) - (call .sysctlfile.crypto.type (sysctlfile))) + (call .sysctlfile.crypto.type (sysctlfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysctlfile.crypto.base_template) - (blockinherit .sysctlfile.macro_template_files)))) + (blockinherit .sysctlfile.crypto.base_template) + (blockinherit .sysctlfile.macro_template_files)))) diff --git a/src/sys/procfile/sysctlfile/debugsysctlfile.cil b/src/sys/procfile/sysctlfile/debugsysctlfile.cil index 83d5cc1..334dee8 100644 --- a/src/sys/procfile/sysctlfile/debugsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/debugsysctlfile.cil @@ -1,38 +1,38 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block debug - (genfscon "proc" "/sys/debug" sysctlfile_context) + (genfscon "proc" "/sys/debug" sysctlfile_context) - (blockinherit .sysctlfile.debug.template) - (blockinherit .sysctlfile.macro_template_dirs)) + (blockinherit .sysctlfile.debug.template) + (blockinherit .sysctlfile.macro_template_dirs)) (in sysctlfile (block debug - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) - (call .sysctlfile.type (typeattr)) + (call .sysctlfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysctlfile.base_template) + (blockinherit .sysctlfile.base_template) - (call .sysctlfile.debug.type (sysctlfile))) + (call .sysctlfile.debug.type (sysctlfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysctlfile.debug.base_template) - (blockinherit .sysctlfile.macro_template_files)))) + (blockinherit .sysctlfile.debug.base_template) + (blockinherit .sysctlfile.macro_template_files)))) diff --git a/src/sys/procfile/sysctlfile/devsysctlfile.cil b/src/sys/procfile/sysctlfile/devsysctlfile.cil index 09bea5b..98015e8 100644 --- a/src/sys/procfile/sysctlfile/devsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/devsysctlfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in dev @@ -12,27 +12,27 @@ (block dev - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) - (call .sysctlfile.type (typeattr)) + (call .sysctlfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysctlfile.base_template) + (blockinherit .sysctlfile.base_template) - (call .sysctlfile.dev.type (sysctlfile))) + (call .sysctlfile.dev.type (sysctlfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysctlfile.dev.base_template) - (blockinherit .sysctlfile.macro_template_files)))) + (blockinherit .sysctlfile.dev.base_template) + (blockinherit .sysctlfile.macro_template_files)))) diff --git a/src/sys/procfile/sysctlfile/fssysctlfile.cil b/src/sys/procfile/sysctlfile/fssysctlfile.cil index 521453f..232712d 100644 --- a/src/sys/procfile/sysctlfile/fssysctlfile.cil +++ b/src/sys/procfile/sysctlfile/fssysctlfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in fs @@ -12,27 +12,27 @@ (block fs - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) - (call .sysctlfile.type (typeattr)) + (call .sysctlfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysctlfile.base_template) + (blockinherit .sysctlfile.base_template) - (call .sysctlfile.fs.type (sysctlfile))) + (call .sysctlfile.fs.type (sysctlfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysctlfile.fs.base_template) - (blockinherit .sysctlfile.macro_template_files)))) + (blockinherit .sysctlfile.fs.base_template) + (blockinherit .sysctlfile.macro_template_files)))) diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile.cil index 7add8ee..b5042ff 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile.cil @@ -1,38 +1,38 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block kernel - (genfscon "proc" "/sys/kernel" sysctlfile_context) + (genfscon "proc" "/sys/kernel" sysctlfile_context) - (blockinherit .sysctlfile.kernel.template) - (blockinherit .sysctlfile.macro_template_dirs)) + (blockinherit .sysctlfile.kernel.template) + (blockinherit .sysctlfile.macro_template_dirs)) (in sysctlfile (block kernel - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) - (call .sysctlfile.type (typeattr)) + (call .sysctlfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysctlfile.base_template) + (blockinherit .sysctlfile.base_template) - (call .sysctlfile.kernel.type (sysctlfile))) + (call .sysctlfile.kernel.type (sysctlfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysctlfile.kernel.base_template) - (blockinherit .sysctlfile.macro_template_files)))) + (blockinherit .sysctlfile.kernel.base_template) + (blockinherit .sysctlfile.macro_template_files)))) diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/caplastcapkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/caplastcapkernelsysctlfile.cil index 1346ed4..8a26f12 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile/caplastcapkernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/caplastcapkernelsysctlfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block caplastcap - (genfscon "proc" "/sys/kernel/cap_last_cap" sysctlfile_context) + (genfscon "proc" "/sys/kernel/cap_last_cap" sysctlfile_context) - (blockinherit .sysctlfile.kernel.template)) + (blockinherit .sysctlfile.kernel.template)) diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/corepatternkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/corepatternkernelsysctlfile.cil index c5aa488..221f610 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile/corepatternkernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/corepatternkernelsysctlfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block corepattern - (genfscon "proc" "/sys/kernel/core_pattern" sysctlfile_context) + (genfscon "proc" "/sys/kernel/core_pattern" sysctlfile_context) - (blockinherit .sysctlfile.kernel.template)) + (blockinherit .sysctlfile.kernel.template)) diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/corepipelimitkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/corepipelimitkernelsysctlfile.cil index 3d8e125..07c2c21 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile/corepipelimitkernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/corepipelimitkernelsysctlfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block corepipelimit - (genfscon "proc" "/sys/kernel/core_pipe_limit" sysctlfile_context) + (genfscon "proc" "/sys/kernel/core_pipe_limit" sysctlfile_context) - (blockinherit .sysctlfile.kernel.template)) + (blockinherit .sysctlfile.kernel.template)) diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/firmwareconfigkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/firmwareconfigkernelsysctlfile.cil index 2883343..e748b52 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile/firmwareconfigkernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/firmwareconfigkernelsysctlfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block firmwareconfig - (genfscon "proc" "/sys/kernel/firmware_config" sysctlfile_context) + (genfscon "proc" "/sys/kernel/firmware_config" sysctlfile_context) - (blockinherit .sysctlfile.kernel.template) - (blockinherit .sysctlfile.macro_template_dirs)) + (blockinherit .sysctlfile.kernel.template) + (blockinherit .sysctlfile.macro_template_dirs)) diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/hostnamekernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/hostnamekernelsysctlfile.cil index bbd8959..04b1245 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile/hostnamekernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/hostnamekernelsysctlfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block hostname - (genfscon "proc" "/sys/kernel/hostname" sysctlfile_context) + (genfscon "proc" "/sys/kernel/hostname" sysctlfile_context) - (blockinherit .sysctlfile.kernel.template)) + (blockinherit .sysctlfile.kernel.template)) diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/keyskernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/keyskernelsysctlfile.cil index 33e904f..e0a5ebe 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile/keyskernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/keyskernelsysctlfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in keys diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/modprobekernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/modprobekernelsysctlfile.cil index 6a36fdb..1215415 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile/modprobekernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/modprobekernelsysctlfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block modprobe - (genfscon "proc" "/sys/kernel/modprobe" sysctlfile_context) + (genfscon "proc" "/sys/kernel/modprobe" sysctlfile_context) - (blockinherit .sysctlfile.kernel.template)) + (blockinherit .sysctlfile.kernel.template)) diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/nslastpidkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/nslastpidkernelsysctlfile.cil index 2f13fef..b93c838 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile/nslastpidkernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/nslastpidkernelsysctlfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block nslastpid - (genfscon "proc" "/sys/kernel/ns_last_pid" sysctlfile_context) + (genfscon "proc" "/sys/kernel/ns_last_pid" sysctlfile_context) - (blockinherit .sysctlfile.kernel.template)) + (blockinherit .sysctlfile.kernel.template)) diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/osreleasekernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/osreleasekernelsysctlfile.cil index 19d8b11..7da0826 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile/osreleasekernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/osreleasekernelsysctlfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block osrelease - (genfscon "proc" "/sys/kernel/osrelease" sysctlfile_context) + (genfscon "proc" "/sys/kernel/osrelease" sysctlfile_context) - (blockinherit .sysctlfile.kernel.template)) + (blockinherit .sysctlfile.kernel.template)) diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/overflowuidkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/overflowuidkernelsysctlfile.cil index 1df73c2..683cbca 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile/overflowuidkernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/overflowuidkernelsysctlfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block overflowuid - (genfscon "proc" "/sys/kernel/overflowgid" sysctlfile_context) - (genfscon "proc" "/sys/kernel/overflowuid" sysctlfile_context) + (genfscon "proc" "/sys/kernel/overflowgid" sysctlfile_context) + (genfscon "proc" "/sys/kernel/overflowuid" sysctlfile_context) - (blockinherit .sysctlfile.kernel.template)) + (blockinherit .sysctlfile.kernel.template)) diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/pidmaxkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/pidmaxkernelsysctlfile.cil index d9a21ff..e4f14fd 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile/pidmaxkernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/pidmaxkernelsysctlfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block pidmax - (genfscon "proc" "/sys/kernel/pid_max" sysctlfile_context) + (genfscon "proc" "/sys/kernel/pid_max" sysctlfile_context) - (blockinherit .sysctlfile.kernel.template)) + (blockinherit .sysctlfile.kernel.template)) diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/poweroffcmdkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/poweroffcmdkernelsysctlfile.cil index 1e29497..244b7fd 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile/poweroffcmdkernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/poweroffcmdkernelsysctlfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block poweroffcmd - (genfscon "proc" "/sys/kernel/poweroff_cmd" sysctlfile_context) + (genfscon "proc" "/sys/kernel/poweroff_cmd" sysctlfile_context) - (blockinherit .sysctlfile.kernel.template)) + (blockinherit .sysctlfile.kernel.template)) diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/ptykernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/ptykernelsysctlfile.cil index b9580ae..68699aa 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile/ptykernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/ptykernelsysctlfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block pty - (genfscon "proc" "/sys/kernel/pty" sysctlfile_context) + (genfscon "proc" "/sys/kernel/pty" sysctlfile_context) - (blockinherit .sysctlfile.kernel.template) - (blockinherit .sysctlfile.macro_template_dirs)) + (blockinherit .sysctlfile.kernel.template) + (blockinherit .sysctlfile.macro_template_dirs)) diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/randomkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/randomkernelsysctlfile.cil index 73a6c6c..f31f9e6 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile/randomkernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/randomkernelsysctlfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in kernel diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/seccompkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/seccompkernelsysctlfile.cil index a8c2e02..c578b05 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile/seccompkernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/seccompkernelsysctlfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block seccomp - (genfscon "proc" "/sys/kernel/seccomp" sysctlfile_context) + (genfscon "proc" "/sys/kernel/seccomp" sysctlfile_context) - (blockinherit .sysctlfile.kernel.template) - (blockinherit .sysctlfile.macro_template_dirs)) + (blockinherit .sysctlfile.kernel.template) + (blockinherit .sysctlfile.macro_template_dirs)) diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/threadsmaxkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/threadsmaxkernelsysctlfile.cil index 5ad8c6b..7ff0675 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile/threadsmaxkernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/threadsmaxkernelsysctlfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block threadsmax - (genfscon "proc" "/sys/kernel/threads-max" sysctlfile_context) + (genfscon "proc" "/sys/kernel/threads-max" sysctlfile_context) - (blockinherit .sysctlfile.kernel.template)) + (blockinherit .sysctlfile.kernel.template)) diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/usermodehelperkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/usermodehelperkernelsysctlfile.cil index c11e8b3..33c519c 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile/usermodehelperkernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/usermodehelperkernelsysctlfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block usermodehelper - (genfscon "proc" "/sys/kernel/usermodehelper" sysctlfile_context) + (genfscon "proc" "/sys/kernel/usermodehelper" sysctlfile_context) - (blockinherit .sysctlfile.kernel.template) - (blockinherit .sysctlfile.macro_template_dirs)) + (blockinherit .sysctlfile.kernel.template) + (blockinherit .sysctlfile.macro_template_dirs)) diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/yamakernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/yamakernelsysctlfile.cil index d013eff..92cb7f0 100644 --- a/src/sys/procfile/sysctlfile/kernelsysctlfile/yamakernelsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/yamakernelsysctlfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block yama - (genfscon "proc" "/sys/kernel/yama" sysctlfile_context) + (genfscon "proc" "/sys/kernel/yama" sysctlfile_context) - (blockinherit .sysctlfile.kernel.template) - (blockinherit .sysctlfile.macro_template_dirs)) + (blockinherit .sysctlfile.kernel.template) + (blockinherit .sysctlfile.macro_template_dirs)) diff --git a/src/sys/procfile/sysctlfile/netsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile.cil index fb473f6..a25cd5e 100644 --- a/src/sys/procfile/sysctlfile/netsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/netsysctlfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in net @@ -12,27 +12,27 @@ (block net - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) - (call .sysctlfile.type (typeattr)) + (call .sysctlfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysctlfile.base_template) + (blockinherit .sysctlfile.base_template) - (call .sysctlfile.net.type (sysctlfile))) + (call .sysctlfile.net.type (sysctlfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysctlfile.net.base_template) - (blockinherit .sysctlfile.macro_template_files)))) + (blockinherit .sysctlfile.net.base_template) + (blockinherit .sysctlfile.macro_template_files)))) diff --git a/src/sys/procfile/sysctlfile/netsysctlfile/corenetsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile/corenetsysctlfile.cil index 6be3c52..c69f268 100644 --- a/src/sys/procfile/sysctlfile/netsysctlfile/corenetsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/netsysctlfile/corenetsysctlfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block core - (genfscon "proc" "/sys/net/core" sysctlfile_context) + (genfscon "proc" "/sys/net/core" sysctlfile_context) - (blockinherit .sysctlfile.macro_template_dirs) - (blockinherit .sysctlfile.net.template)) + (blockinherit .sysctlfile.macro_template_dirs) + (blockinherit .sysctlfile.net.template)) diff --git a/src/sys/procfile/sysctlfile/netsysctlfile/ipv4netsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile/ipv4netsysctlfile.cil index e49ec99..2c42170 100644 --- a/src/sys/procfile/sysctlfile/netsysctlfile/ipv4netsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/netsysctlfile/ipv4netsysctlfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block ipv4 - (genfscon "proc" "/sys/net/ipv4" sysctlfile_context) + (genfscon "proc" "/sys/net/ipv4" sysctlfile_context) - (blockinherit .sysctlfile.macro_template_dirs) - (blockinherit .sysctlfile.net.template)) + (blockinherit .sysctlfile.macro_template_dirs) + (blockinherit .sysctlfile.net.template)) diff --git a/src/sys/procfile/sysctlfile/netsysctlfile/ipv6netsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile/ipv6netsysctlfile.cil index c432e1f..bbe1b31 100644 --- a/src/sys/procfile/sysctlfile/netsysctlfile/ipv6netsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/netsysctlfile/ipv6netsysctlfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block ipv6 - (genfscon "proc" "/sys/net/ipv6" sysctlfile_context) + (genfscon "proc" "/sys/net/ipv6" sysctlfile_context) - (blockinherit .sysctlfile.macro_template_dirs) - (blockinherit .sysctlfile.net.template)) + (blockinherit .sysctlfile.macro_template_dirs) + (blockinherit .sysctlfile.net.template)) diff --git a/src/sys/procfile/sysctlfile/netsysctlfile/mptcpnetsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile/mptcpnetsysctlfile.cil index 85931b8..f90c666 100644 --- a/src/sys/procfile/sysctlfile/netsysctlfile/mptcpnetsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/netsysctlfile/mptcpnetsysctlfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block mptcp - (genfscon "proc" "/sys/net/mptcp" sysctlfile_context) + (genfscon "proc" "/sys/net/mptcp" sysctlfile_context) - (blockinherit .sysctlfile.macro_template_dirs) - (blockinherit .sysctlfile.net.template)) + (blockinherit .sysctlfile.macro_template_dirs) + (blockinherit .sysctlfile.net.template)) diff --git a/src/sys/procfile/sysctlfile/netsysctlfile/netfilternetsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile/netfilternetsysctlfile.cil index 0345816..ac2e4b3 100644 --- a/src/sys/procfile/sysctlfile/netsysctlfile/netfilternetsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/netsysctlfile/netfilternetsysctlfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block netfilter - (genfscon "proc" "/sys/net/netfilter" sysctlfile_context) + (genfscon "proc" "/sys/net/netfilter" sysctlfile_context) - (blockinherit .sysctlfile.macro_template_dirs) - (blockinherit .sysctlfile.net.template)) + (blockinherit .sysctlfile.macro_template_dirs) + (blockinherit .sysctlfile.net.template)) diff --git a/src/sys/procfile/sysctlfile/netsysctlfile/unixnetsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile/unixnetsysctlfile.cil index 7a6f5a6..1949de7 100644 --- a/src/sys/procfile/sysctlfile/netsysctlfile/unixnetsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/netsysctlfile/unixnetsysctlfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block unix - (genfscon "proc" "/sys/net/unix" sysctlfile_context) + (genfscon "proc" "/sys/net/unix" sysctlfile_context) - (blockinherit .sysctlfile.macro_template_dirs) - (blockinherit .sysctlfile.net.template)) + (blockinherit .sysctlfile.macro_template_dirs) + (blockinherit .sysctlfile.net.template)) diff --git a/src/sys/procfile/sysctlfile/sunrpcsysctlfile.cil b/src/sys/procfile/sysctlfile/sunrpcsysctlfile.cil index e5a50d0..72694ae 100644 --- a/src/sys/procfile/sysctlfile/sunrpcsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/sunrpcsysctlfile.cil @@ -1,38 +1,38 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block sunrpc - (genfscon "proc" "/sys/sunrpc" sysctlfile_context) + (genfscon "proc" "/sys/sunrpc" sysctlfile_context) - (blockinherit .sysctlfile.macro_template_dirs) - (blockinherit .sysctlfile.sunrpc.template)) + (blockinherit .sysctlfile.macro_template_dirs) + (blockinherit .sysctlfile.sunrpc.template)) (in sysctlfile (block sunrpc - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) - (call .sysctlfile.type (typeattr)) + (call .sysctlfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysctlfile.base_template) + (blockinherit .sysctlfile.base_template) - (call .sysctlfile.sunrpc.type (sysctlfile))) + (call .sysctlfile.sunrpc.type (sysctlfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysctlfile.macro_template_files) - (blockinherit .sysctlfile.sunrpc.base_template)))) + (blockinherit .sysctlfile.macro_template_files) + (blockinherit .sysctlfile.sunrpc.base_template)))) diff --git a/src/sys/procfile/sysctlfile/usersysctlfile.cil b/src/sys/procfile/sysctlfile/usersysctlfile.cil index cd375d7..b948f70 100644 --- a/src/sys/procfile/sysctlfile/usersysctlfile.cil +++ b/src/sys/procfile/sysctlfile/usersysctlfile.cil @@ -1,38 +1,38 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block user - (genfscon "proc" "/sys/user" sysctlfile_context) + (genfscon "proc" "/sys/user" sysctlfile_context) - (blockinherit .sysctlfile.macro_template_dirs) - (blockinherit .sysctlfile.user.template)) + (blockinherit .sysctlfile.macro_template_dirs) + (blockinherit .sysctlfile.user.template)) (in sysctlfile (block user - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) - (call .sysctlfile.type (typeattr)) + (call .sysctlfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysctlfile.base_template) + (blockinherit .sysctlfile.base_template) - (call .sysctlfile.user.type (sysctlfile))) + (call .sysctlfile.user.type (sysctlfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysctlfile.user.base_template) - (blockinherit .sysctlfile.macro_template_files)))) + (blockinherit .sysctlfile.user.base_template) + (blockinherit .sysctlfile.macro_template_files)))) diff --git a/src/sys/procfile/sysctlfile/vmsysctlfile.cil b/src/sys/procfile/sysctlfile/vmsysctlfile.cil index 0e874da..220f015 100644 --- a/src/sys/procfile/sysctlfile/vmsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/vmsysctlfile.cil @@ -1,38 +1,38 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block vm - (genfscon "proc" "/sys/vm" sysctlfile_context) + (genfscon "proc" "/sys/vm" sysctlfile_context) - (blockinherit .sysctlfile.macro_template_dirs) - (blockinherit .sysctlfile.vm.template)) + (blockinherit .sysctlfile.macro_template_dirs) + (blockinherit .sysctlfile.vm.template)) (in sysctlfile (block vm - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) - (call .sysctlfile.type (typeattr)) + (call .sysctlfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysctlfile.base_template) + (blockinherit .sysctlfile.base_template) - (call .sysctlfile.vm.type (sysctlfile))) + (call .sysctlfile.vm.type (sysctlfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysctlfile.vm.base_template) - (blockinherit .sysctlfile.macro_template_files)))) + (blockinherit .sysctlfile.vm.base_template) + (blockinherit .sysctlfile.macro_template_files)))) diff --git a/src/sys/procfile/sysctlfile/vmsysctlfile/overcommitmemoryvmsysctlfile.cil b/src/sys/procfile/sysctlfile/vmsysctlfile/overcommitmemoryvmsysctlfile.cil index f4e04f5..a055ce1 100644 --- a/src/sys/procfile/sysctlfile/vmsysctlfile/overcommitmemoryvmsysctlfile.cil +++ b/src/sys/procfile/sysctlfile/vmsysctlfile/overcommitmemoryvmsysctlfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block overcommitmemory - (genfscon "proc" "/sys/vm/overcommit_memory" sysctlfile_context) + (genfscon "proc" "/sys/vm/overcommit_memory" sysctlfile_context) - (blockinherit .sysctlfile.vm.template)) + (blockinherit .sysctlfile.vm.template)) diff --git a/src/sys/procfile/sysctlprocfile.cil b/src/sys/procfile/sysctlprocfile.cil index 49ec73d..032b193 100644 --- a/src/sys/procfile/sysctlprocfile.cil +++ b/src/sys/procfile/sysctlprocfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block sysctl - (genfscon "proc" "/sys" procfile_context) + (genfscon "proc" "/sys" procfile_context) - (blockinherit .procfile.base_template) - (blockinherit .procfile.macro_template_dirs)) + (blockinherit .procfile.base_template) + (blockinherit .procfile.macro_template_dirs)) diff --git a/src/sys/procfile/sysrqtriggerprocfile.cil b/src/sys/procfile/sysrqtriggerprocfile.cil index d621331..df041c7 100644 --- a/src/sys/procfile/sysrqtriggerprocfile.cil +++ b/src/sys/procfile/sysrqtriggerprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block sysrqtrigger - (genfscon "proc" "/sysrq-trigger" procfile_context) + (genfscon "proc" "/sysrq-trigger" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/sysvipcprocfile.cil b/src/sys/procfile/sysvipcprocfile.cil index a0af69d..eb890d0 100644 --- a/src/sys/procfile/sysvipcprocfile.cil +++ b/src/sys/procfile/sysvipcprocfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block sysvipc - (genfscon "proc" "/sysvipc" procfile_context) + (genfscon "proc" "/sysvipc" procfile_context) - (blockinherit .procfile.macro_template_dirs) - (blockinherit .procfile.template)) + (blockinherit .procfile.macro_template_dirs) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/timerlistprocfile.cil b/src/sys/procfile/timerlistprocfile.cil index db65876..c148df4 100644 --- a/src/sys/procfile/timerlistprocfile.cil +++ b/src/sys/procfile/timerlistprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block timerlist - (genfscon "proc" "/timer_list" procfile_context) + (genfscon "proc" "/timer_list" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/ttyprocfile.cil b/src/sys/procfile/ttyprocfile.cil index 573b5f7..f0a7c50 100644 --- a/src/sys/procfile/ttyprocfile.cil +++ b/src/sys/procfile/ttyprocfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in tty diff --git a/src/sys/procfile/uptimeprocfile.cil b/src/sys/procfile/uptimeprocfile.cil index 26155ac..d423f17 100644 --- a/src/sys/procfile/uptimeprocfile.cil +++ b/src/sys/procfile/uptimeprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block uptime - (genfscon "proc" "/uptime" procfile_context) + (genfscon "proc" "/uptime" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/versionprocfile.cil b/src/sys/procfile/versionprocfile.cil index 42fb962..27fd757 100644 --- a/src/sys/procfile/versionprocfile.cil +++ b/src/sys/procfile/versionprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block version - (genfscon "proc" "/version" procfile_context) + (genfscon "proc" "/version" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/vmallocprocfile.cil b/src/sys/procfile/vmallocprocfile.cil index 030659d..a1bc3fc 100644 --- a/src/sys/procfile/vmallocprocfile.cil +++ b/src/sys/procfile/vmallocprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block vmallocinfo - (genfscon "proc" "/vmallocinfo" procfile_context) + (genfscon "proc" "/vmallocinfo" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/vmstatprocfile.cil b/src/sys/procfile/vmstatprocfile.cil index 42b33a3..24d8e8d 100644 --- a/src/sys/procfile/vmstatprocfile.cil +++ b/src/sys/procfile/vmstatprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block vmstat - (genfscon "proc" "/vmstat" procfile_context) + (genfscon "proc" "/vmstat" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/procfile/zoneinfoprocfile.cil b/src/sys/procfile/zoneinfoprocfile.cil index ee1074f..d52fa01 100644 --- a/src/sys/procfile/zoneinfoprocfile.cil +++ b/src/sys/procfile/zoneinfoprocfile.cil @@ -1,8 +1,8 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block zoneinfo - (genfscon "proc" "/zoneinfo" procfile_context) + (genfscon "proc" "/zoneinfo" procfile_context) - (blockinherit .procfile.template)) + (blockinherit .procfile.template)) diff --git a/src/sys/pstorefile.cil b/src/sys/pstorefile.cil index 1806014..c5c96dd 100644 --- a/src/sys/pstorefile.cil +++ b/src/sys/pstorefile.cil @@ -1,140 +1,140 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block pstorefile - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) - (call .obj.type (typeattr)) + (call .obj.type (typeattr)) - (call .pstore.associate_fs (typeattr)) + (call .pstore.associate_fs (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (context pstorefile_context (.sys.id .sys.role pstorefile .sys.lowlow)) + (context pstorefile_context (.sys.id .sys.role pstorefile .sys.lowlow)) - (type pstorefile) - (call .pstorefile.type (pstorefile))) + (type pstorefile) + (call .pstorefile.type (pstorefile))) - (block macro_template_dirs + (block macro_template_dirs - (blockabstract macro_template_dirs) + (blockabstract macro_template_dirs) - (macro addname_pstorefile_dirs ((type ARG1)) - (allow ARG1 pstorefile addname_dir)) + (macro addname_pstorefile_dirs ((type ARG1)) + (allow ARG1 pstorefile addname_dir)) - (macro create_pstorefile_dirs ((type ARG1)) - (allow ARG1 pstorefile create_dir)) + (macro create_pstorefile_dirs ((type ARG1)) + (allow ARG1 pstorefile create_dir)) - (macro delete_pstorefile_dirs ((type ARG1)) - (allow ARG1 pstorefile delete_dir)) + (macro delete_pstorefile_dirs ((type ARG1)) + (allow ARG1 pstorefile delete_dir)) - (macro deletename_pstorefile_dirs ((type ARG1)) - (allow ARG1 pstorefile deletename_dir)) + (macro deletename_pstorefile_dirs ((type ARG1)) + (allow ARG1 pstorefile deletename_dir)) - (macro list_pstorefile_dirs ((type ARG1)) - (allow ARG1 pstorefile list_dir)) + (macro list_pstorefile_dirs ((type ARG1)) + (allow ARG1 pstorefile list_dir)) - (macro listinherited_pstorefile_dirs ((type ARG1)) - (allow ARG1 pstorefile listinherited_dir)) + (macro listinherited_pstorefile_dirs ((type ARG1)) + (allow ARG1 pstorefile listinherited_dir)) - (macro manage_pstorefile_dirs ((type ARG1)) - (allow ARG1 pstorefile manage_dir)) + (macro manage_pstorefile_dirs ((type ARG1)) + (allow ARG1 pstorefile manage_dir)) - (macro mounton_pstorefile_dirs ((type ARG1)) - (allow ARG1 pstorefile mounton_dir)) + (macro mounton_pstorefile_dirs ((type ARG1)) + (allow ARG1 pstorefile mounton_dir)) - (macro readwrite_pstorefile_dirs ((type ARG1)) - (allow ARG1 pstorefile readwrite_dir)) + (macro readwrite_pstorefile_dirs ((type ARG1)) + (allow ARG1 pstorefile readwrite_dir)) - (macro readwriteinherited_pstorefile_dirs ((type ARG1)) - (allow ARG1 pstorefile readwriteinherited_dir)) + (macro readwriteinherited_pstorefile_dirs ((type ARG1)) + (allow ARG1 pstorefile readwriteinherited_dir)) - (macro rename_pstorefile_dirs ((type ARG1)) - (allow ARG1 pstorefile rename_dir)) + (macro rename_pstorefile_dirs ((type ARG1)) + (allow ARG1 pstorefile rename_dir)) - (macro search_pstorefile_dirs ((type ARG1)) - (allow ARG1 pstorefile search_dir)) + (macro search_pstorefile_dirs ((type ARG1)) + (allow ARG1 pstorefile search_dir)) - (macro write_pstorefile_dirs ((type ARG1)) - (allow ARG1 pstorefile write_dir)) + (macro write_pstorefile_dirs ((type ARG1)) + (allow ARG1 pstorefile write_dir)) - (macro writeinherited_pstorefile_dirs ((type ARG1)) - (allow ARG1 pstorefile writeinherited_dir))) + (macro writeinherited_pstorefile_dirs ((type ARG1)) + (allow ARG1 pstorefile writeinherited_dir))) - (block macro_template_files + (block macro_template_files - (blockabstract macro_template_files) + (blockabstract macro_template_files) - (macro append_pstorefile_files ((type ARG1)) - (allow ARG1 pstorefile append_file)) + (macro append_pstorefile_files ((type ARG1)) + (allow ARG1 pstorefile append_file)) - (macro appendinherited_pstorefile_files ((type ARG1)) - (allow ARG1 pstorefile appendinherited_file)) + (macro appendinherited_pstorefile_files ((type ARG1)) + (allow ARG1 pstorefile appendinherited_file)) - (macro create_pstorefile_files ((type ARG1)) - (allow ARG1 pstorefile create_file)) + (macro create_pstorefile_files ((type ARG1)) + (allow ARG1 pstorefile create_file)) - (macro delete_pstorefile_files ((type ARG1)) - (allow ARG1 pstorefile delete_file)) + (macro delete_pstorefile_files ((type ARG1)) + (allow ARG1 pstorefile delete_file)) - (macro execute_pstorefile_files ((type ARG1)) - (allow ARG1 pstorefile execute_file)) + (macro execute_pstorefile_files ((type ARG1)) + (allow ARG1 pstorefile execute_file)) - (macro manage_pstorefile_files ((type ARG1)) - (allow ARG1 pstorefile manage_file)) + (macro manage_pstorefile_files ((type ARG1)) + (allow ARG1 pstorefile manage_file)) - (macro mapexecute_pstorefile_files ((type ARG1)) - (allow ARG1 pstorefile mapexecute_file)) + (macro mapexecute_pstorefile_files ((type ARG1)) + (allow ARG1 pstorefile mapexecute_file)) - (macro mounton_pstorefile_files ((type ARG1)) - (allow ARG1 pstorefile mounton_file)) + (macro mounton_pstorefile_files ((type ARG1)) + (allow ARG1 pstorefile mounton_file)) - (macro read_pstorefile_files ((type ARG1)) - (allow ARG1 pstorefile read_file)) + (macro read_pstorefile_files ((type ARG1)) + (allow ARG1 pstorefile read_file)) - (macro readinherited_pstorefile_files ((type ARG1)) - (allow ARG1 pstorefile readinherited_file)) + (macro readinherited_pstorefile_files ((type ARG1)) + (allow ARG1 pstorefile readinherited_file)) - (macro readwrite_pstorefile_files ((type ARG1)) - (allow ARG1 pstorefile readwrite_file)) + (macro readwrite_pstorefile_files ((type ARG1)) + (allow ARG1 pstorefile readwrite_file)) - (macro readwriteinherited_pstorefile_files ((type ARG1)) - (allow ARG1 pstorefile readwriteinherited_file)) + (macro readwriteinherited_pstorefile_files ((type ARG1)) + (allow ARG1 pstorefile readwriteinherited_file)) - (macro rename_pstorefile_files ((type ARG1)) - (allow ARG1 pstorefile rename_file)) + (macro rename_pstorefile_files ((type ARG1)) + (allow ARG1 pstorefile rename_file)) - (macro write_pstorefile_files ((type ARG1)) - (allow ARG1 pstorefile write_file)) + (macro write_pstorefile_files ((type ARG1)) + (allow ARG1 pstorefile write_file)) - (macro writeinherited_pstorefile_files ((type ARG1)) - (allow ARG1 pstorefile writeinherited_file))) + (macro writeinherited_pstorefile_files ((type ARG1)) + (allow ARG1 pstorefile writeinherited_file))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .pstorefile.base_template) - (blockinherit .pstorefile.macro_template_files)) + (blockinherit .pstorefile.base_template) + (blockinherit .pstorefile.macro_template_files)) - (block unconfined + (block unconfined - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (allow typeattr pstorefile.typeattr (dir (not execmod))) - (allow typeattr pstorefile.typeattr (file (not (entrypoint execmod)))))) + (allow typeattr pstorefile.typeattr (dir (not execmod))) + (allow typeattr pstorefile.typeattr (file (not (entrypoint execmod)))))) (in sys.unconfined diff --git a/src/sys/securityfile.cil b/src/sys/securityfile.cil index a89d5a9..a8f0da3 100644 --- a/src/sys/securityfile.cil +++ b/src/sys/securityfile.cil @@ -1,181 +1,181 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block securityfile - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) - (blockinherit .file.all_macro_template_lnk_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_lnk_files) - (call .obj.type (typeattr)) + (call .obj.type (typeattr)) - (call .security.associate_fs (typeattr)) + (call .security.associate_fs (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (context securityfile_context - (.sys.id .sys.role securityfile .sys.lowlow)) + (context securityfile_context + (.sys.id .sys.role securityfile .sys.lowlow)) - (type securityfile) - (call .securityfile.type (securityfile))) + (type securityfile) + (call .securityfile.type (securityfile))) - (block macro_template_dirs + (block macro_template_dirs - (blockabstract macro_template_dirs) + (blockabstract macro_template_dirs) - (macro addname_securityfile_dirs ((type ARG1)) - (allow ARG1 securityfile addname_dir)) + (macro addname_securityfile_dirs ((type ARG1)) + (allow ARG1 securityfile addname_dir)) - (macro create_securityfile_dirs ((type ARG1)) - (allow ARG1 securityfile create_dir)) + (macro create_securityfile_dirs ((type ARG1)) + (allow ARG1 securityfile create_dir)) - (macro delete_securityfile_dirs ((type ARG1)) - (allow ARG1 securityfile delete_dir)) + (macro delete_securityfile_dirs ((type ARG1)) + (allow ARG1 securityfile delete_dir)) - (macro deletename_securityfile_dirs ((type ARG1)) - (allow ARG1 securityfile deletename_dir)) + (macro deletename_securityfile_dirs ((type ARG1)) + (allow ARG1 securityfile deletename_dir)) - (macro list_securityfile_dirs ((type ARG1)) - (allow ARG1 securityfile list_dir)) + (macro list_securityfile_dirs ((type ARG1)) + (allow ARG1 securityfile list_dir)) - (macro listinherited_securityfile_dirs ((type ARG1)) - (allow ARG1 securityfile listinherited_dir)) + (macro listinherited_securityfile_dirs ((type ARG1)) + (allow ARG1 securityfile listinherited_dir)) - (macro manage_securityfile_dirs ((type ARG1)) - (allow ARG1 securityfile manage_dir)) + (macro manage_securityfile_dirs ((type ARG1)) + (allow ARG1 securityfile manage_dir)) - (macro mounton_securityfile_dirs ((type ARG1)) - (allow ARG1 securityfile mounton_dir)) + (macro mounton_securityfile_dirs ((type ARG1)) + (allow ARG1 securityfile mounton_dir)) - (macro readwrite_securityfile_dirs ((type ARG1)) - (allow ARG1 securityfile readwrite_dir)) + (macro readwrite_securityfile_dirs ((type ARG1)) + (allow ARG1 securityfile readwrite_dir)) - (macro readwriteinherited_securityfile_dirs ((type ARG1)) - (allow ARG1 securityfile readwriteinherited_dir)) + (macro readwriteinherited_securityfile_dirs ((type ARG1)) + (allow ARG1 securityfile readwriteinherited_dir)) - (macro rename_securityfile_dirs ((type ARG1)) - (allow ARG1 securityfile rename_dir)) + (macro rename_securityfile_dirs ((type ARG1)) + (allow ARG1 securityfile rename_dir)) - (macro search_securityfile_dirs ((type ARG1)) - (allow ARG1 securityfile search_dir)) + (macro search_securityfile_dirs ((type ARG1)) + (allow ARG1 securityfile search_dir)) - (macro write_securityfile_dirs ((type ARG1)) - (allow ARG1 securityfile write_dir)) + (macro write_securityfile_dirs ((type ARG1)) + (allow ARG1 securityfile write_dir)) - (macro writeinherited_securityfile_dirs ((type ARG1)) - (allow ARG1 securityfile writeinherited_dir))) + (macro writeinherited_securityfile_dirs ((type ARG1)) + (allow ARG1 securityfile writeinherited_dir))) - (block macro_template_files + (block macro_template_files - (blockabstract macro_template_files) + (blockabstract macro_template_files) - (macro append_securityfile_files ((type ARG1)) - (allow ARG1 securityfile append_file)) + (macro append_securityfile_files ((type ARG1)) + (allow ARG1 securityfile append_file)) - (macro appendinherited_securityfile_files ((type ARG1)) - (allow ARG1 securityfile appendinherited_file)) + (macro appendinherited_securityfile_files ((type ARG1)) + (allow ARG1 securityfile appendinherited_file)) - (macro create_securityfile_files ((type ARG1)) - (allow ARG1 securityfile create_file)) + (macro create_securityfile_files ((type ARG1)) + (allow ARG1 securityfile create_file)) - (macro delete_securityfile_files ((type ARG1)) - (allow ARG1 securityfile delete_file)) + (macro delete_securityfile_files ((type ARG1)) + (allow ARG1 securityfile delete_file)) - (macro execute_securityfile_files ((type ARG1)) - (allow ARG1 securityfile execute_file)) + (macro execute_securityfile_files ((type ARG1)) + (allow ARG1 securityfile execute_file)) - (macro manage_securityfile_files ((type ARG1)) - (allow ARG1 securityfile manage_file)) + (macro manage_securityfile_files ((type ARG1)) + (allow ARG1 securityfile manage_file)) - (macro mapexecute_securityfile_files ((type ARG1)) - (allow ARG1 securityfile mapexecute_file)) + (macro mapexecute_securityfile_files ((type ARG1)) + (allow ARG1 securityfile mapexecute_file)) - (macro mounton_securityfile_files ((type ARG1)) - (allow ARG1 securityfile mounton_file)) + (macro mounton_securityfile_files ((type ARG1)) + (allow ARG1 securityfile mounton_file)) - (macro read_securityfile_files ((type ARG1)) - (allow ARG1 securityfile read_file)) + (macro read_securityfile_files ((type ARG1)) + (allow ARG1 securityfile read_file)) - (macro readinherited_securityfile_files ((type ARG1)) - (allow ARG1 securityfile readinherited_file)) + (macro readinherited_securityfile_files ((type ARG1)) + (allow ARG1 securityfile readinherited_file)) - (macro readwrite_securityfile_files ((type ARG1)) - (allow ARG1 securityfile readwrite_file)) + (macro readwrite_securityfile_files ((type ARG1)) + (allow ARG1 securityfile readwrite_file)) - (macro readwriteinherited_securityfile_files ((type ARG1)) - (allow ARG1 securityfile readwriteinherited_file)) + (macro readwriteinherited_securityfile_files ((type ARG1)) + (allow ARG1 securityfile readwriteinherited_file)) - (macro rename_securityfile_files ((type ARG1)) - (allow ARG1 securityfile rename_file)) + (macro rename_securityfile_files ((type ARG1)) + (allow ARG1 securityfile rename_file)) - (macro write_securityfile_files ((type ARG1)) - (allow ARG1 securityfile write_file)) + (macro write_securityfile_files ((type ARG1)) + (allow ARG1 securityfile write_file)) - (macro writeinherited_securityfile_files ((type ARG1)) - (allow ARG1 securityfile writeinherited_file))) + (macro writeinherited_securityfile_files ((type ARG1)) + (allow ARG1 securityfile writeinherited_file))) - (block macro_template_lnk_files + (block macro_template_lnk_files - (blockabstract macro_template_lnk_files) + (blockabstract macro_template_lnk_files) - (macro create_securityfile_lnk_files ((type ARG1)) - (allow ARG1 securityfile create_lnk_file)) + (macro create_securityfile_lnk_files ((type ARG1)) + (allow ARG1 securityfile create_lnk_file)) - (macro delete_securityfile_lnk_files ((type ARG1)) - (allow ARG1 securityfile delete_lnk_file)) + (macro delete_securityfile_lnk_files ((type ARG1)) + (allow ARG1 securityfile delete_lnk_file)) - (macro manage_securityfile_lnk_files ((type ARG1)) - (allow ARG1 securityfile manage_lnk_file)) + (macro manage_securityfile_lnk_files ((type ARG1)) + (allow ARG1 securityfile manage_lnk_file)) - (macro read_securityfile_lnk_files ((type ARG1)) - (allow ARG1 securityfile read_lnk_file)) + (macro read_securityfile_lnk_files ((type ARG1)) + (allow ARG1 securityfile read_lnk_file)) - (macro readwrite_securityfile_lnk_files ((type ARG1)) - (allow ARG1 securityfile readwrite_lnk_file)) + (macro readwrite_securityfile_lnk_files ((type ARG1)) + (allow ARG1 securityfile readwrite_lnk_file)) - (macro relabel_securityfile_lnk_files ((type ARG1)) - (allow ARG1 securityfile relabel_lnk_file)) + (macro relabel_securityfile_lnk_files ((type ARG1)) + (allow ARG1 securityfile relabel_lnk_file)) - (macro relabelfrom_securityfile_lnk_files ((type ARG1)) - (allow ARG1 securityfile relabelfrom_lnk_file)) + (macro relabelfrom_securityfile_lnk_files ((type ARG1)) + (allow ARG1 securityfile relabelfrom_lnk_file)) - (macro relabelto_securityfile_lnk_files ((type ARG1)) - (allow ARG1 securityfile relabelto_lnk_file)) + (macro relabelto_securityfile_lnk_files ((type ARG1)) + (allow ARG1 securityfile relabelto_lnk_file)) - (macro rename_securityfile_lnk_files ((type ARG1)) - (allow ARG1 securityfile rename_lnk_file)) + (macro rename_securityfile_lnk_files ((type ARG1)) + (allow ARG1 securityfile rename_lnk_file)) - (macro write_securityfile_lnk_files ((type ARG1)) - (allow ARG1 securityfile write_lnk_file))) + (macro write_securityfile_lnk_files ((type ARG1)) + (allow ARG1 securityfile write_lnk_file))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .securityfile.base_template) - (blockinherit .securityfile.macro_template_files)) + (blockinherit .securityfile.base_template) + (blockinherit .securityfile.macro_template_files)) - (block unconfined + (block unconfined - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (allow typeattr securityfile.typeattr - (dir (not (audit_access execmod relabelfrom relabelto)))) - (allow typeattr securityfile.typeattr - (file (not (audit_access entrypoint execmod relabelfrom relabelto)))) - (allow typeattr securityfile.typeattr - (lnk_file (not (audit_access execmod map mounton relabelfrom - relabelto)))))) + (allow typeattr securityfile.typeattr + (dir (not (audit_access execmod relabelfrom relabelto)))) + (allow typeattr securityfile.typeattr + (file (not (audit_access entrypoint execmod relabelfrom relabelto)))) + (allow typeattr securityfile.typeattr + (lnk_file (not (audit_access execmod map mounton relabelfrom + relabelto)))))) (in sys.unconfined diff --git a/src/sys/sysfile.cil b/src/sys/sysfile.cil index 6f73380..9d90eb1 100644 --- a/src/sys/sysfile.cil +++ b/src/sys/sysfile.cil @@ -1,171 +1,171 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block sysfile - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) - (blockinherit .file.all_macro_template_lnk_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_lnk_files) - (call .obj.type (typeattr)) + (call .obj.type (typeattr)) - (call .sys.associate_fs (typeattr)) + (call .sys.associate_fs (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (context sysfile_context (.sys.id .sys.role sysfile .sys.lowlow)) + (context sysfile_context (.sys.id .sys.role sysfile .sys.lowlow)) - (type sysfile) - (call .sysfile.type (sysfile))) + (type sysfile) + (call .sysfile.type (sysfile))) - (block macro_template_dirs + (block macro_template_dirs - (blockabstract macro_template_dirs) + (blockabstract macro_template_dirs) - (macro addname_sysfile_dirs ((type ARG1)) - (allow ARG1 sysfile addname_dir)) + (macro addname_sysfile_dirs ((type ARG1)) + (allow ARG1 sysfile addname_dir)) - (macro create_sysfile_dirs ((type ARG1)) - (allow ARG1 sysfile create_dir)) + (macro create_sysfile_dirs ((type ARG1)) + (allow ARG1 sysfile create_dir)) - (macro delete_sysfile_dirs ((type ARG1)) - (allow ARG1 sysfile delete_dir)) + (macro delete_sysfile_dirs ((type ARG1)) + (allow ARG1 sysfile delete_dir)) - (macro deletename_sysfile_dirs ((type ARG1)) - (allow ARG1 sysfile deletename_dir)) + (macro deletename_sysfile_dirs ((type ARG1)) + (allow ARG1 sysfile deletename_dir)) - (macro list_sysfile_dirs ((type ARG1)) - (allow ARG1 sysfile list_dir)) + (macro list_sysfile_dirs ((type ARG1)) + (allow ARG1 sysfile list_dir)) - (macro listinherited_sysfile_dirs ((type ARG1)) - (allow ARG1 sysfile listinherited_dir)) + (macro listinherited_sysfile_dirs ((type ARG1)) + (allow ARG1 sysfile listinherited_dir)) - (macro manage_sysfile_dirs ((type ARG1)) - (allow ARG1 sysfile manage_dir)) + (macro manage_sysfile_dirs ((type ARG1)) + (allow ARG1 sysfile manage_dir)) - (macro mounton_sysfile_dirs ((type ARG1)) - (allow ARG1 sysfile mounton_dir)) + (macro mounton_sysfile_dirs ((type ARG1)) + (allow ARG1 sysfile mounton_dir)) - (macro readwrite_sysfile_dirs ((type ARG1)) - (allow ARG1 sysfile readwrite_dir)) + (macro readwrite_sysfile_dirs ((type ARG1)) + (allow ARG1 sysfile readwrite_dir)) - (macro readwriteinherited_sysfile_dirs ((type ARG1)) - (allow ARG1 sysfile readwriteinherited_dir)) + (macro readwriteinherited_sysfile_dirs ((type ARG1)) + (allow ARG1 sysfile readwriteinherited_dir)) - (macro rename_sysfile_dirs ((type ARG1)) - (allow ARG1 sysfile rename_dir)) + (macro rename_sysfile_dirs ((type ARG1)) + (allow ARG1 sysfile rename_dir)) - (macro search_sysfile_dirs ((type ARG1)) - (allow ARG1 sysfile search_dir)) + (macro search_sysfile_dirs ((type ARG1)) + (allow ARG1 sysfile search_dir)) - (macro write_sysfile_dirs ((type ARG1)) - (allow ARG1 sysfile write_dir)) + (macro write_sysfile_dirs ((type ARG1)) + (allow ARG1 sysfile write_dir)) - (macro writeinherited_sysfile_dirs ((type ARG1)) - (allow ARG1 sysfile writeinherited_dir))) + (macro writeinherited_sysfile_dirs ((type ARG1)) + (allow ARG1 sysfile writeinherited_dir))) - (block macro_template_files + (block macro_template_files - (blockabstract macro_template_files) + (blockabstract macro_template_files) - (macro append_sysfile_files ((type ARG1)) - (allow ARG1 sysfile append_file)) + (macro append_sysfile_files ((type ARG1)) + (allow ARG1 sysfile append_file)) - (macro appendinherited_sysfile_files ((type ARG1)) - (allow ARG1 sysfile appendinherited_file)) + (macro appendinherited_sysfile_files ((type ARG1)) + (allow ARG1 sysfile appendinherited_file)) - (macro create_sysfile_files ((type ARG1)) - (allow ARG1 sysfile create_file)) + (macro create_sysfile_files ((type ARG1)) + (allow ARG1 sysfile create_file)) - (macro delete_sysfile_files ((type ARG1)) - (allow ARG1 sysfile delete_file)) + (macro delete_sysfile_files ((type ARG1)) + (allow ARG1 sysfile delete_file)) - (macro execute_sysfile_files ((type ARG1)) - (allow ARG1 sysfile execute_file)) + (macro execute_sysfile_files ((type ARG1)) + (allow ARG1 sysfile execute_file)) - (macro manage_sysfile_files ((type ARG1)) - (allow ARG1 sysfile manage_file)) + (macro manage_sysfile_files ((type ARG1)) + (allow ARG1 sysfile manage_file)) - (macro mapexecute_sysfile_files ((type ARG1)) - (allow ARG1 sysfile mapexecute_file)) + (macro mapexecute_sysfile_files ((type ARG1)) + (allow ARG1 sysfile mapexecute_file)) - (macro mounton_sysfile_files ((type ARG1)) - (allow ARG1 sysfile mounton_file)) + (macro mounton_sysfile_files ((type ARG1)) + (allow ARG1 sysfile mounton_file)) - (macro read_sysfile_files ((type ARG1)) - (allow ARG1 sysfile read_file)) + (macro read_sysfile_files ((type ARG1)) + (allow ARG1 sysfile read_file)) - (macro readinherited_sysfile_files ((type ARG1)) - (allow ARG1 sysfile readinherited_file)) + (macro readinherited_sysfile_files ((type ARG1)) + (allow ARG1 sysfile readinherited_file)) - (macro readwrite_sysfile_files ((type ARG1)) - (allow ARG1 sysfile readwrite_file)) + (macro readwrite_sysfile_files ((type ARG1)) + (allow ARG1 sysfile readwrite_file)) - (macro readwriteinherited_sysfile_files ((type ARG1)) - (allow ARG1 sysfile readwriteinherited_file)) + (macro readwriteinherited_sysfile_files ((type ARG1)) + (allow ARG1 sysfile readwriteinherited_file)) - (macro rename_sysfile_files ((type ARG1)) - (allow ARG1 sysfile rename_file)) + (macro rename_sysfile_files ((type ARG1)) + (allow ARG1 sysfile rename_file)) - (macro write_sysfile_files ((type ARG1)) - (allow ARG1 sysfile write_file)) + (macro write_sysfile_files ((type ARG1)) + (allow ARG1 sysfile write_file)) - (macro writeinherited_sysfile_files ((type ARG1)) - (allow ARG1 sysfile writeinherited_file))) + (macro writeinherited_sysfile_files ((type ARG1)) + (allow ARG1 sysfile writeinherited_file))) - (block macro_template_lnk_files + (block macro_template_lnk_files - (blockabstract macro_template_lnk_files) + (blockabstract macro_template_lnk_files) - (macro create_sysfile_lnk_files ((type ARG1)) - (allow ARG1 sysfile create_lnk_file)) + (macro create_sysfile_lnk_files ((type ARG1)) + (allow ARG1 sysfile create_lnk_file)) - (macro delete_sysfile_lnk_files ((type ARG1)) - (allow ARG1 sysfile delete_lnk_file)) + (macro delete_sysfile_lnk_files ((type ARG1)) + (allow ARG1 sysfile delete_lnk_file)) - (macro manage_sysfile_lnk_files ((type ARG1)) - (allow ARG1 sysfile manage_lnk_file)) + (macro manage_sysfile_lnk_files ((type ARG1)) + (allow ARG1 sysfile manage_lnk_file)) - (macro read_sysfile_lnk_files ((type ARG1)) - (allow ARG1 sysfile read_lnk_file)) + (macro read_sysfile_lnk_files ((type ARG1)) + (allow ARG1 sysfile read_lnk_file)) - (macro readwrite_sysfile_lnk_files ((type ARG1)) - (allow ARG1 sysfile readwrite_lnk_file)) + (macro readwrite_sysfile_lnk_files ((type ARG1)) + (allow ARG1 sysfile readwrite_lnk_file)) - (macro rename_sysfile_lnk_files ((type ARG1)) - (allow ARG1 sysfile rename_lnk_file)) + (macro rename_sysfile_lnk_files ((type ARG1)) + (allow ARG1 sysfile rename_lnk_file)) - (macro write_sysfile_lnk_files ((type ARG1)) - (allow ARG1 sysfile write_lnk_file))) + (macro write_sysfile_lnk_files ((type ARG1)) + (allow ARG1 sysfile write_lnk_file))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysfile.base_template) - (blockinherit .sysfile.macro_template_dirs) - (blockinherit .sysfile.macro_template_files) - (blockinherit .sysfile.macro_template_lnk_files)) + (blockinherit .sysfile.base_template) + (blockinherit .sysfile.macro_template_dirs) + (blockinherit .sysfile.macro_template_files) + (blockinherit .sysfile.macro_template_lnk_files)) - (block unconfined + (block unconfined - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (allow typeattr sysfile.typeattr (dir (not (audit_access execmod)))) - (allow typeattr sysfile.typeattr - (file (not (audit_access entrypoint execmod)))) - (allow typeattr sysfile.typeattr - (lnk_file (not (audit_access execmod map mounton)))))) + (allow typeattr sysfile.typeattr (dir (not (audit_access execmod)))) + (allow typeattr sysfile.typeattr + (file (not (audit_access entrypoint execmod)))) + (allow typeattr sysfile.typeattr + (lnk_file (not (audit_access execmod map mounton)))))) (in sys.unconfined diff --git a/src/sys/sysfile/blocksysfile.cil b/src/sys/sysfile/blocksysfile.cil index a43c924..2bbe680 100644 --- a/src/sys/sysfile/blocksysfile.cil +++ b/src/sys/sysfile/blocksysfile.cil @@ -1,40 +1,40 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block block - (genfscon "sysfs" "/block" sysfile_context) + (genfscon "sysfs" "/block" sysfile_context) - (blockinherit .sysfile.block.template) - (blockinherit .sysfile.macro_template_dirs) - (blockinherit .sysfile.macro_template_lnk_files)) + (blockinherit .sysfile.block.template) + (blockinherit .sysfile.macro_template_dirs) + (blockinherit .sysfile.macro_template_lnk_files)) (in sysfile (block block - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) - (blockinherit .file.all_macro_template_lnk_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_lnk_files) - (call .sysfile.type (typeattr)) + (call .sysfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysfile.base_template) + (blockinherit .sysfile.base_template) - (call .sysfile.block.type (sysfile))) + (call .sysfile.block.type (sysfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysfile.block.base_template) - (blockinherit .sysfile.macro_template_files)))) + (blockinherit .sysfile.block.base_template) + (blockinherit .sysfile.macro_template_files)))) diff --git a/src/sys/sysfile/bussysfile.cil b/src/sys/sysfile/bussysfile.cil index ad8f867..ef5577a 100644 --- a/src/sys/sysfile/bussysfile.cil +++ b/src/sys/sysfile/bussysfile.cil @@ -1,40 +1,40 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block bus - (genfscon "sysfs" "/bus" sysfile_context) + (genfscon "sysfs" "/bus" sysfile_context) - (blockinherit .sysfile.bus.template) - (blockinherit .sysfile.macro_template_dirs) - (blockinherit .sysfile.macro_template_lnk_files)) + (blockinherit .sysfile.bus.template) + (blockinherit .sysfile.macro_template_dirs) + (blockinherit .sysfile.macro_template_lnk_files)) (in sysfile (block bus - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) - (blockinherit .file.all_macro_template_lnk_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_lnk_files) - (call .sysfile.type (typeattr)) + (call .sysfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysfile.base_template) + (blockinherit .sysfile.base_template) - (call .sysfile.bus.type (sysfile))) + (call .sysfile.bus.type (sysfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysfile.bus.base_template) - (blockinherit .sysfile.macro_template_files)))) + (blockinherit .sysfile.bus.base_template) + (blockinherit .sysfile.macro_template_files)))) diff --git a/src/sys/sysfile/classsysfile.cil b/src/sys/sysfile/classsysfile.cil index bfce0e0..7492964 100644 --- a/src/sys/sysfile/classsysfile.cil +++ b/src/sys/sysfile/classsysfile.cil @@ -1,40 +1,40 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block class - (genfscon "sysfs" "/class" sysfile_context) + (genfscon "sysfs" "/class" sysfile_context) - (blockinherit .sysfile.class.template) - (blockinherit .sysfile.macro_template_dirs) - (blockinherit .sysfile.macro_template_lnk_files)) + (blockinherit .sysfile.class.template) + (blockinherit .sysfile.macro_template_dirs) + (blockinherit .sysfile.macro_template_lnk_files)) (in sysfile (block class - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) - (blockinherit .file.all_macro_template_lnk_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_lnk_files) - (call .sysfile.type (typeattr)) + (call .sysfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysfile.base_template) + (blockinherit .sysfile.base_template) - (call .sysfile.class.type (sysfile))) + (call .sysfile.class.type (sysfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysfile.class.base_template) - (blockinherit .sysfile.macro_template_files)))) + (blockinherit .sysfile.class.base_template) + (blockinherit .sysfile.macro_template_files)))) diff --git a/src/sys/sysfile/classsysfile/zramcontrolclasssysfile.cil b/src/sys/sysfile/classsysfile/zramcontrolclasssysfile.cil index fb3a4a6..71ad51b 100644 --- a/src/sys/sysfile/classsysfile/zramcontrolclasssysfile.cil +++ b/src/sys/sysfile/classsysfile/zramcontrolclasssysfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block zramcontrol - (genfscon "sysfs" "/class/zram-control" sysfile_context) + (genfscon "sysfs" "/class/zram-control" sysfile_context) - (blockinherit .sysfile.class.template) - (blockinherit .sysfile.macro_template_dirs)) + (blockinherit .sysfile.class.template) + (blockinherit .sysfile.macro_template_dirs)) diff --git a/src/sys/sysfile/devicessysfile.cil b/src/sys/sysfile/devicessysfile.cil index f82e0ea..87a7513 100644 --- a/src/sys/sysfile/devicessysfile.cil +++ b/src/sys/sysfile/devicessysfile.cil @@ -1,40 +1,40 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block devices - (genfscon "sysfs" "/devices" sysfile_context) + (genfscon "sysfs" "/devices" sysfile_context) - (blockinherit .sysfile.devices.template) - (blockinherit .sysfile.macro_template_dirs) - (blockinherit .sysfile.macro_template_lnk_files)) + (blockinherit .sysfile.devices.template) + (blockinherit .sysfile.macro_template_dirs) + (blockinherit .sysfile.macro_template_lnk_files)) (in sysfile (block devices - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) - (blockinherit .file.all_macro_template_lnk_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_lnk_files) - (call .sysfile.type (typeattr)) + (call .sysfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysfile.base_template) + (blockinherit .sysfile.base_template) - (call .sysfile.devices.type (sysfile))) + (call .sysfile.devices.type (sysfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysfile.devices.base_template) - (blockinherit .sysfile.macro_template_files)))) + (blockinherit .sysfile.devices.base_template) + (blockinherit .sysfile.macro_template_files)))) diff --git a/src/sys/sysfile/devicessysfile/cpudevicessysfile.cil b/src/sys/sysfile/devicessysfile/cpudevicessysfile.cil index 8290623..dcae8ff 100644 --- a/src/sys/sysfile/devicessysfile/cpudevicessysfile.cil +++ b/src/sys/sysfile/devicessysfile/cpudevicessysfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in cpu diff --git a/src/sys/sysfile/devicessysfile/memorydevicessysfile.cil b/src/sys/sysfile/devicessysfile/memorydevicessysfile.cil index 85eca32..98b4115 100644 --- a/src/sys/sysfile/devicessysfile/memorydevicessysfile.cil +++ b/src/sys/sysfile/devicessysfile/memorydevicessysfile.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block memory - (genfscon "sysfs" "/devices/system/memory" sysfile_context) + (genfscon "sysfs" "/devices/system/memory" sysfile_context) - (blockinherit .sysfile.devices.template) - (blockinherit .sysfile.macro_template_dirs) - (blockinherit .sysfile.macro_template_lnk_files)) + (blockinherit .sysfile.devices.template) + (blockinherit .sysfile.macro_template_dirs) + (blockinherit .sysfile.macro_template_lnk_files)) diff --git a/src/sys/sysfile/devicessysfile/nodedevicessysfile.cil b/src/sys/sysfile/devicessysfile/nodedevicessysfile.cil index 0243019..491a2c9 100644 --- a/src/sys/sysfile/devicessysfile/nodedevicessysfile.cil +++ b/src/sys/sysfile/devicessysfile/nodedevicessysfile.cil @@ -1,10 +1,10 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block node - (genfscon "sysfs" "/devices/system/node" sysfile_context) + (genfscon "sysfs" "/devices/system/node" sysfile_context) - (blockinherit .sysfile.devices.template) - (blockinherit .sysfile.macro_template_dirs) - (blockinherit .sysfile.macro_template_lnk_files)) + (blockinherit .sysfile.devices.template) + (blockinherit .sysfile.macro_template_dirs) + (blockinherit .sysfile.macro_template_lnk_files)) diff --git a/src/sys/sysfile/devicessysfile/zramdevicessysfile.cil b/src/sys/sysfile/devicessysfile/zramdevicessysfile.cil index de2ea49..88937c6 100644 --- a/src/sys/sysfile/devicessysfile/zramdevicessysfile.cil +++ b/src/sys/sysfile/devicessysfile/zramdevicessysfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in zram diff --git a/src/sys/sysfile/devsysfile.cil b/src/sys/sysfile/devsysfile.cil index 635d02a..5eadf4e 100644 --- a/src/sys/sysfile/devsysfile.cil +++ b/src/sys/sysfile/devsysfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in dev @@ -13,28 +13,28 @@ (block dev - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) - (blockinherit .file.all_macro_template_lnk_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_lnk_files) - (call .sysfile.type (typeattr)) + (call .sysfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysfile.base_template) + (blockinherit .sysfile.base_template) - (call .sysfile.dev.type (sysfile))) + (call .sysfile.dev.type (sysfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysfile.dev.base_template) - (blockinherit .sysfile.macro_template_files)))) + (blockinherit .sysfile.dev.base_template) + (blockinherit .sysfile.macro_template_files)))) diff --git a/src/sys/sysfile/firmwaresysfile.cil b/src/sys/sysfile/firmwaresysfile.cil index 7399981..2ba838e 100644 --- a/src/sys/sysfile/firmwaresysfile.cil +++ b/src/sys/sysfile/firmwaresysfile.cil @@ -1,40 +1,40 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block firmware - (genfscon "sysfs" "/firmware" sysfile_context) + (genfscon "sysfs" "/firmware" sysfile_context) - (blockinherit .sysfile.firmware.template) - (blockinherit .sysfile.macro_template_dirs) - (blockinherit .sysfile.macro_template_lnk_files)) + (blockinherit .sysfile.firmware.template) + (blockinherit .sysfile.macro_template_dirs) + (blockinherit .sysfile.macro_template_lnk_files)) (in sysfile (block firmware - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) - (blockinherit .file.all_macro_template_lnk_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_lnk_files) - (call .sysfile.type (typeattr)) + (call .sysfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysfile.base_template) + (blockinherit .sysfile.base_template) - (call .sysfile.firmware.type (sysfile))) + (call .sysfile.firmware.type (sysfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysfile.firmware.base_template) - (blockinherit .sysfile.macro_template_files)))) + (blockinherit .sysfile.firmware.base_template) + (blockinherit .sysfile.macro_template_files)))) diff --git a/src/sys/sysfile/fssysfile.cil b/src/sys/sysfile/fssysfile.cil index 16d34b6..559ad79 100644 --- a/src/sys/sysfile/fssysfile.cil +++ b/src/sys/sysfile/fssysfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in fs @@ -13,28 +13,28 @@ (block fs - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) - (blockinherit .file.all_macro_template_lnk_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_lnk_files) - (call .sysfile.type (typeattr)) + (call .sysfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysfile.base_template) + (blockinherit .sysfile.base_template) - (call .sysfile.fs.type (sysfile))) + (call .sysfile.fs.type (sysfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysfile.fs.base_template) - (blockinherit .sysfile.macro_template_files)))) + (blockinherit .sysfile.fs.base_template) + (blockinherit .sysfile.macro_template_files)))) diff --git a/src/sys/sysfile/fssysfile/bcachefssysfile.cil b/src/sys/sysfile/fssysfile/bcachefssysfile.cil index 0f03921..edaf9b8 100644 --- a/src/sys/sysfile/fssysfile/bcachefssysfile.cil +++ b/src/sys/sysfile/fssysfile/bcachefssysfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block bcachefs - (genfscon "sysfs" "/fs/bcachefs" sysfile_context) + (genfscon "sysfs" "/fs/bcachefs" sysfile_context) - (blockinherit .sysfile.fs.template) - (blockinherit .sysfile.macro_template_dirs)) + (blockinherit .sysfile.fs.template) + (blockinherit .sysfile.macro_template_dirs)) diff --git a/src/sys/sysfile/fssysfile/btrfssysfile.cil b/src/sys/sysfile/fssysfile/btrfssysfile.cil index 97632ef..37e5beb 100644 --- a/src/sys/sysfile/fssysfile/btrfssysfile.cil +++ b/src/sys/sysfile/fssysfile/btrfssysfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block btrfs - (genfscon "sysfs" "/fs/btrfs" sysfile_context) + (genfscon "sysfs" "/fs/btrfs" sysfile_context) - (blockinherit .sysfile.fs.template) - (blockinherit .sysfile.macro_template_dirs)) + (blockinherit .sysfile.fs.template) + (blockinherit .sysfile.macro_template_dirs)) diff --git a/src/sys/sysfile/fssysfile/ext4fssysfile.cil b/src/sys/sysfile/fssysfile/ext4fssysfile.cil index 4bef76d..79f681f 100644 --- a/src/sys/sysfile/fssysfile/ext4fssysfile.cil +++ b/src/sys/sysfile/fssysfile/ext4fssysfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block ext4 - (genfscon "sysfs" "/fs/ext4" sysfile_context) + (genfscon "sysfs" "/fs/ext4" sysfile_context) - (blockinherit .sysfile.fs.template) - (blockinherit .sysfile.macro_template_dirs)) + (blockinherit .sysfile.fs.template) + (blockinherit .sysfile.macro_template_dirs)) diff --git a/src/sys/sysfile/fssysfile/f2fssysfile.cil b/src/sys/sysfile/fssysfile/f2fssysfile.cil index e00bc0b..a6850ea 100644 --- a/src/sys/sysfile/fssysfile/f2fssysfile.cil +++ b/src/sys/sysfile/fssysfile/f2fssysfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block f2fs - (genfscon "sysfs" "/fs/f2fs" sysfile_context) + (genfscon "sysfs" "/fs/f2fs" sysfile_context) - (blockinherit .sysfile.fs.template) - (blockinherit .sysfile.macro_template_dirs)) + (blockinherit .sysfile.fs.template) + (blockinherit .sysfile.macro_template_dirs)) diff --git a/src/sys/sysfile/fssysfile/fusefssysfile.cil b/src/sys/sysfile/fssysfile/fusefssysfile.cil index de62c6b..64f1f9d 100644 --- a/src/sys/sysfile/fssysfile/fusefssysfile.cil +++ b/src/sys/sysfile/fssysfile/fusefssysfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in fuse diff --git a/src/sys/sysfile/fssysfile/xfssysfile.cil b/src/sys/sysfile/fssysfile/xfssysfile.cil index 09984a7..8f1816f 100644 --- a/src/sys/sysfile/fssysfile/xfssysfile.cil +++ b/src/sys/sysfile/fssysfile/xfssysfile.cil @@ -1,9 +1,9 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block xfs - (genfscon "sysfs" "/fs/xfs" sysfile_context) + (genfscon "sysfs" "/fs/xfs" sysfile_context) - (blockinherit .sysfile.fs.template) - (blockinherit .sysfile.macro_template_dirs)) + (blockinherit .sysfile.fs.template) + (blockinherit .sysfile.macro_template_dirs)) diff --git a/src/sys/sysfile/hypervisorsysfile.cil b/src/sys/sysfile/hypervisorsysfile.cil index 09fd77d..ee37010 100644 --- a/src/sys/sysfile/hypervisorsysfile.cil +++ b/src/sys/sysfile/hypervisorsysfile.cil @@ -1,40 +1,40 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block hypervisor - (genfscon "sysfs" "/hypervisor" sysfile_context) + (genfscon "sysfs" "/hypervisor" sysfile_context) - (blockinherit .sysfile.hypervisor.template) - (blockinherit .sysfile.macro_template_dirs) - (blockinherit .sysfile.macro_template_lnk_files)) + (blockinherit .sysfile.hypervisor.template) + (blockinherit .sysfile.macro_template_dirs) + (blockinherit .sysfile.macro_template_lnk_files)) (in sysfile (block hypervisor - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) - (blockinherit .file.all_macro_template_lnk_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_lnk_files) - (call .sysfile.type (typeattr)) + (call .sysfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysfile.base_template) + (blockinherit .sysfile.base_template) - (call .sysfile.hypervisor.type (sysfile))) + (call .sysfile.hypervisor.type (sysfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysfile.hypervisor.base_template) - (blockinherit .sysfile.macro_template_files)))) + (blockinherit .sysfile.hypervisor.base_template) + (blockinherit .sysfile.macro_template_files)))) diff --git a/src/sys/sysfile/kernelsysfile.cil b/src/sys/sysfile/kernelsysfile.cil index 1c6c98b..5a1aacb 100644 --- a/src/sys/sysfile/kernelsysfile.cil +++ b/src/sys/sysfile/kernelsysfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in kernel @@ -13,28 +13,28 @@ (block kernel - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) - (blockinherit .file.all_macro_template_lnk_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_lnk_files) - (call .sysfile.type (typeattr)) + (call .sysfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysfile.base_template) + (blockinherit .sysfile.base_template) - (call .sysfile.kernel.type (sysfile))) + (call .sysfile.kernel.type (sysfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysfile.kernel.base_template) - (blockinherit .sysfile.macro_template_files)))) + (blockinherit .sysfile.kernel.base_template) + (blockinherit .sysfile.macro_template_files)))) diff --git a/src/sys/sysfile/kernelsysfile/ksmkernelsysfile.cil b/src/sys/sysfile/kernelsysfile/ksmkernelsysfile.cil index 3a6682e..f020dfb 100644 --- a/src/sys/sysfile/kernelsysfile/ksmkernelsysfile.cil +++ b/src/sys/sysfile/kernelsysfile/ksmkernelsysfile.cil @@ -1,4 +1,4 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (in ksm diff --git a/src/sys/sysfile/modulesysfile.cil b/src/sys/sysfile/modulesysfile.cil index 5b20a9d..21356e7 100644 --- a/src/sys/sysfile/modulesysfile.cil +++ b/src/sys/sysfile/modulesysfile.cil @@ -1,40 +1,40 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block module - (genfscon "sysfs" "/module" sysfile_context) + (genfscon "sysfs" "/module" sysfile_context) - (blockinherit .sysfile.macro_template_dirs) - (blockinherit .sysfile.macro_template_lnk_files) - (blockinherit .sysfile.module.template)) + (blockinherit .sysfile.macro_template_dirs) + (blockinherit .sysfile.macro_template_lnk_files) + (blockinherit .sysfile.module.template)) (in sysfile (block module - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) - (blockinherit .file.all_macro_template_lnk_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_lnk_files) - (call .sysfile.type (typeattr)) + (call .sysfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysfile.base_template) + (blockinherit .sysfile.base_template) - (call .sysfile.module.type (sysfile))) + (call .sysfile.module.type (sysfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysfile.module.base_template) - (blockinherit .sysfile.macro_template_files)))) + (blockinherit .sysfile.module.base_template) + (blockinherit .sysfile.macro_template_files)))) diff --git a/src/sys/sysfile/powersysfile.cil b/src/sys/sysfile/powersysfile.cil index aa14ba4..adf958c 100644 --- a/src/sys/sysfile/powersysfile.cil +++ b/src/sys/sysfile/powersysfile.cil @@ -1,40 +1,40 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block power - (genfscon "sysfs" "/power" sysfile_context) + (genfscon "sysfs" "/power" sysfile_context) - (blockinherit .sysfile.macro_template_dirs) - (blockinherit .sysfile.macro_template_lnk_files) - (blockinherit .sysfile.power.template)) + (blockinherit .sysfile.macro_template_dirs) + (blockinherit .sysfile.macro_template_lnk_files) + (blockinherit .sysfile.power.template)) (in sysfile (block power - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) - (blockinherit .file.all_macro_template_lnk_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_lnk_files) - (call .sysfile.type (typeattr)) + (call .sysfile.type (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (blockinherit .sysfile.base_template) + (blockinherit .sysfile.base_template) - (call .sysfile.power.type (sysfile))) + (call .sysfile.power.type (sysfile))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .sysfile.power.base_template) - (blockinherit .sysfile.macro_template_files)))) + (blockinherit .sysfile.power.base_template) + (blockinherit .sysfile.macro_template_files)))) diff --git a/src/sys/tracefile.cil b/src/sys/tracefile.cil index d9155cf..62f4b95 100644 --- a/src/sys/tracefile.cil +++ b/src/sys/tracefile.cil @@ -1,141 +1,141 @@ -;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> +;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense (block tracefile - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (blockinherit .file.all_macro_template_dirs) - (blockinherit .file.all_macro_template_files) + (blockinherit .file.all_macro_template_dirs) + (blockinherit .file.all_macro_template_files) - (call .obj.type (typeattr)) + (call .obj.type (typeattr)) - (call .trace.associate_fs (typeattr)) + (call .trace.associate_fs (typeattr)) - (block base_template + (block base_template - (blockabstract base_template) + (blockabstract base_template) - (context tracefile_context (.sys.id .sys.role tracefile .sys.lowlow)) + (context tracefile_context (.sys.id .sys.role tracefile .sys.lowlow)) - (type tracefile) - (call .tracefile.type (tracefile))) + (type tracefile) + (call .tracefile.type (tracefile))) - (block macro_template_dirs + (block macro_template_dirs - (blockabstract macro_template_dirs) + (blockabstract macro_template_dirs) - (macro addname_tracefile_dirs ((type ARG1)) - (allow ARG1 tracefile addname_dir)) + (macro addname_tracefile_dirs ((type ARG1)) + (allow ARG1 tracefile addname_dir)) - (macro create_tracefile_dirs ((type ARG1)) - (allow ARG1 tracefile create_dir)) + (macro create_tracefile_dirs ((type ARG1)) + (allow ARG1 tracefile create_dir)) - (macro delete_tracefile_dirs ((type ARG1)) - (allow ARG1 tracefile delete_dir)) + (macro delete_tracefile_dirs ((type ARG1)) + (allow ARG1 tracefile delete_dir)) - (macro deletename_tracefile_dirs ((type ARG1)) - (allow ARG1 tracefile deletename_dir)) + (macro deletename_tracefile_dirs ((type ARG1)) + (allow ARG1 tracefile deletename_dir)) - (macro list_tracefile_dirs ((type ARG1)) - (allow ARG1 tracefile list_dir)) + (macro list_tracefile_dirs ((type ARG1)) + (allow ARG1 tracefile list_dir)) - (macro listinherited_tracefile_dirs ((type ARG1)) - (allow ARG1 tracefile listinherited_dir)) + (macro listinherited_tracefile_dirs ((type ARG1)) + (allow ARG1 tracefile listinherited_dir)) - (macro manage_tracefile_dirs ((type ARG1)) - (allow ARG1 tracefile manage_dir)) + (macro manage_tracefile_dirs ((type ARG1)) + (allow ARG1 tracefile manage_dir)) - (macro mounton_tracefile_dirs ((type ARG1)) - (allow ARG1 tracefile mounton_dir)) + (macro mounton_tracefile_dirs ((type ARG1)) + (allow ARG1 tracefile mounton_dir)) - (macro readwrite_tracefile_dirs ((type ARG1)) - (allow ARG1 tracefile readwrite_dir)) + (macro readwrite_tracefile_dirs ((type ARG1)) + (allow ARG1 tracefile readwrite_dir)) - (macro readwriteinherited_tracefile_dirs ((type ARG1)) - (allow ARG1 tracefile readwriteinherited_dir)) + (macro readwriteinherited_tracefile_dirs ((type ARG1)) + (allow ARG1 tracefile readwriteinherited_dir)) - (macro rename_tracefile_dirs ((type ARG1)) - (allow ARG1 tracefile rename_dir)) + (macro rename_tracefile_dirs ((type ARG1)) + (allow ARG1 tracefile rename_dir)) - (macro search_tracefile_dirs ((type ARG1)) - (allow ARG1 tracefile search_dir)) + (macro search_tracefile_dirs ((type ARG1)) + (allow ARG1 tracefile search_dir)) - (macro write_tracefile_dirs ((type ARG1)) - (allow ARG1 tracefile write_dir)) + (macro write_tracefile_dirs ((type ARG1)) + (allow ARG1 tracefile write_dir)) - (macro writeinherited_tracefile_dirs ((type ARG1)) - (allow ARG1 tracefile writeinherited_dir))) + (macro writeinherited_tracefile_dirs ((type ARG1)) + (allow ARG1 tracefile writeinherited_dir))) - (block macro_template_files + (block macro_template_files - (blockabstract macro_template_files) + (blockabstract macro_template_files) - (macro append_tracefile_files ((type ARG1)) - (allow ARG1 tracefile append_file)) + (macro append_tracefile_files ((type ARG1)) + (allow ARG1 tracefile append_file)) - (macro appendinherited_tracefile_files ((type ARG1)) - (allow ARG1 tracefile appendinherited_file)) + (macro appendinherited_tracefile_files ((type ARG1)) + (allow ARG1 tracefile appendinherited_file)) - (macro create_tracefile_files ((type ARG1)) - (allow ARG1 tracefile create_file)) + (macro create_tracefile_files ((type ARG1)) + (allow ARG1 tracefile create_file)) - (macro delete_tracefile_files ((type ARG1)) - (allow ARG1 tracefile delete_file)) + (macro delete_tracefile_files ((type ARG1)) + (allow ARG1 tracefile delete_file)) - (macro execute_tracefile_files ((type ARG1)) - (allow ARG1 tracefile execute_file)) + (macro execute_tracefile_files ((type ARG1)) + (allow ARG1 tracefile execute_file)) - (macro manage_tracefile_files ((type ARG1)) - (allow ARG1 tracefile manage_file)) + (macro manage_tracefile_files ((type ARG1)) + (allow ARG1 tracefile manage_file)) - (macro mapexecute_tracefile_files ((type ARG1)) - (allow ARG1 tracefile mapexecute_file)) + (macro mapexecute_tracefile_files ((type ARG1)) + (allow ARG1 tracefile mapexecute_file)) - (macro mounton_tracefile_files ((type ARG1)) - (allow ARG1 tracefile mounton_file)) + (macro mounton_tracefile_files ((type ARG1)) + (allow ARG1 tracefile mounton_file)) - (macro read_tracefile_files ((type ARG1)) - (allow ARG1 tracefile read_file)) + (macro read_tracefile_files ((type ARG1)) + (allow ARG1 tracefile read_file)) - (macro readinherited_tracefile_files ((type ARG1)) - (allow ARG1 tracefile readinherited_file)) + (macro readinherited_tracefile_files ((type ARG1)) + (allow ARG1 tracefile readinherited_file)) - (macro readwrite_tracefile_files ((type ARG1)) - (allow ARG1 tracefile readwrite_file)) + (macro readwrite_tracefile_files ((type ARG1)) + (allow ARG1 tracefile readwrite_file)) - (macro readwriteinherited_tracefile_files ((type ARG1)) - (allow ARG1 tracefile readwriteinherited_file)) + (macro readwriteinherited_tracefile_files ((type ARG1)) + (allow ARG1 tracefile readwriteinherited_file)) - (macro rename_tracefile_files ((type ARG1)) - (allow ARG1 tracefile rename_file)) + (macro rename_tracefile_files ((type ARG1)) + (allow ARG1 tracefile rename_file)) - (macro write_tracefile_files ((type ARG1)) - (allow ARG1 tracefile write_file)) + (macro write_tracefile_files ((type ARG1)) + (allow ARG1 tracefile write_file)) - (macro writeinherited_tracefile_files ((type ARG1)) - (allow ARG1 tracefile writeinherited_file))) + (macro writeinherited_tracefile_files ((type ARG1)) + (allow ARG1 tracefile writeinherited_file))) - (block template + (block template - (blockabstract template) + (blockabstract template) - (blockinherit .tracefile.base_template) - (blockinherit .tracefile.macro_template_files)) + (blockinherit .tracefile.base_template) + (blockinherit .tracefile.macro_template_files)) - (block unconfined + (block unconfined - (macro type ((type ARG1)) - (typeattributeset typeattr ARG1)) + (macro type ((type ARG1)) + (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr) - (allow typeattr tracefile.typeattr (dir (not (audit_access execmod)))) - (allow typeattr tracefile.typeattr - (file (not (audit_access entrypoint execmod)))))) + (allow typeattr tracefile.typeattr (dir (not (audit_access execmod)))) + (allow typeattr tracefile.typeattr + (file (not (audit_access entrypoint execmod)))))) (in sys.unconfined |