From 0c187b6ff97f91c41dab65a6426dc61f77305cdf Mon Sep 17 00:00:00 2001
From: Dominick Grift <dominick.grift@defensec.nl>
Date: Sun, 20 Aug 2023 15:44:41 +0200
Subject: Import dssp5

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
---
 src/misc/av/binderav.cil | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 src/misc/av/binderav.cil

(limited to 'src/misc/av/binderav.cil')

diff --git a/src/misc/av/binderav.cil b/src/misc/av/binderav.cil
new file mode 100644
index 0000000..a6108c4
--- /dev/null
+++ b/src/misc/av/binderav.cil
@@ -0,0 +1,41 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(class binder (call impersonate set_context_mgr transfer))
+(classorder (unordered binder))
+
+(macro call_invalid_binders ((type ARG1))
+       (allow ARG1 .invalid (binder (call))))
+
+(macro transfer_invalid_binders ((type ARG1))
+       (allow ARG1 .invalid (binder (transfer))))
+
+(in invalid.unconfined
+
+    (allow typeattr .invalid (binder (not (impersonate set_context_mgr)))))
+
+(in subj
+
+    (macro call_all_binders ((type ARG1))
+	   (allow ARG1 typeattr (binder (call))))
+
+    (macro impersonate_all_binders ((type ARG1))
+	   (allow ARG1 typeattr (binder (impersonate))))
+
+    (macro transfer_all_binders ((type ARG1))
+	   (allow ARG1 typeattr (binder (transfer)))))
+
+(in subj.macro_template
+
+    (macro call_subj_binders ((type ARG1))
+	   (allow ARG1 subj (binder (call))))
+
+    (macro impersonate_subj_binders ((type ARG1))
+	   (allow ARG1 subj (binder (impersonate))))
+
+    (macro transfer_subj_binders ((type ARG1))
+	   (allow ARG1 subj (binder (transfer)))))
+
+(in subj.unconfined
+
+    (allow typeattr .subj.typeattr (binder (all))))
-- 
cgit v1.2.3