summaryrefslogtreecommitdiff
path: root/src/misc/av/iouringav.cil
blob: 2e1c3aa8e79681b878e5a7ee46b652b75bf09b4b (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl>
;; SPDX-License-Identifier: Unlicense

(class io_uring (cmd override_creds sqpoll))
(classorder (unordered io_uring))

(in booleanfile.unconfined

    (allow typeattr booleanfile.typeattr (io_uring (cmd))))

(in bpffile.unconfined

    (allow typeattr bpffile.typeattr (io_uring (cmd))))

(in cgroupfile.unconfined

    (allow typeattr cgroupfile.typeattr (io_uring (cmd))))

(in debugfile.unconfined

    (allow typeattr debugfile.typeattr (io_uring (cmd))))

(in file.unconfined

    (allow typeattr file.typeattr (io_uring (cmd))))

(in fs.unconfined

    (allow typeattr fs.typeattr (io_uring (cmd))))

(in invalid.unconfined

    (allow typeattr .invalid (io_uring (cmd override_creds))))

(in mcs

    (mlsconstrain (io_uring (override_creds))
		  (or (dom h1 h2)
		      (neq t1 constrained.typeattr))))

(in nodedev.unconfined

    (allow typeattr nodedev.typeattr (io_uring (cmd))))

(in procfile.unconfined

    (allow typeattr procfile.typeattr (io_uring (cmd))))

(in pstorefile.unconfined

    (allow typeattr pstorefile.typeattr (io_uring (cmd))))

(in ptytermdev.unconfined

    (allow typeattr ptytermdev.typeattr (io_uring (cmd))))

(in rbacsep

    (constrain (io_uring (override_creds))
	       (or (or (or (eq r1 r2)
			   (and (eq r1 exempt.roleattr)
				(neq t1 constrained.typeattr)))
		       (eq t1 exempt.subj.typeattr))
		   (and (eq t1 exemptsource.typeattr)
			(eq t2 exempttarget.typeattr)))))

(in securityfile.unconfined

    (allow typeattr securityfile.typeattr (io_uring (cmd))))

(in serialtermdev.unconfined

    (allow typeattr serialtermdev.typeattr (io_uring (cmd))))

(in stordev.unconfined

    (allow typeattr stordev.typeattr (io_uring (cmd))))

(in subj.unconfined

    (allow typeattr self (io_uring (sqpoll)))
    (allow typeattr subj.typeattr (io_uring (override_creds))))

(in sysctlfile.unconfined

    (allow typeattr sysctlfile.typeattr (io_uring (cmd))))

(in sysfile.unconfined

    (allow typeattr sysfile.typeattr (io_uring (cmd))))

(in tracefile.unconfined

    (allow typeattr tracefile.typeattr (io_uring (cmd))))

(in unlabeled.unconfined

    (allow typeattr .unlabeled (io_uring (cmd))))
generated by cgit v1.2.3 (git 2.46.0) at 2025-09-20 23:26:34 +0000