src/misc/av/bpfav.cil


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
;; SPDX-License-Identifier: Unlicense

(class bpf (map_create map_read map_write prog_load prog_run))
(classorder (unordered bpf))

(in invalid.unconfined

    (allow typeattr .invalid (bpf (map_read map_write prog_run))))

(in mcs

    (mlsconstrain (bpf (map_read map_write prog_run))
		  (or (dom h1 h2)
		      (neq t1 constrained.typeattr))))

(in rbacsep

    (constrain (bpf (map_read map_write prog_run))
	       (or (or (or (eq r1 r2)
			   (and (eq r1 exempt.roleattr)
				(neq t1 constrained.typeattr)))
		       (eq t1 exempt.subj.typeattr))
		   (and (eq t1 exemptsource.typeattr)
			(eq t2 exempttarget.typeattr)))))

(in subj.unconfined

    (allow typeattr self (bpf (not (map_read map_write prog_run))))
    (allow typeattr subj.typeattr (bpf (map_read map_write prog_run))))