src/misc/av/perfeventav.cil


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl>
;; SPDX-License-Identifier: Unlicense

(class perf_event (cpu kernel open read tracepoint write))
(classorder (unordered perf_event))

(in invalid.unconfined

    (allow typeattr .invalid (perf_event (read write))))

(in mcs

    (mlsconstrain (perf_event (read write))
		  (or (dom h1 h2)
		      (neq t1 constrained.typeattr))))

(in rbacsep

    (constrain (perf_event (read write))
	       (or (or (or (eq r1 r2)
			   (and (eq r1 exempt.roleattr)
				(neq t1 constrained.typeattr)))
		       (eq t1 exempt.subj.typeattr))
		   (and (eq t1 exemptsource.typeattr)
			(eq t2 exempttarget.typeattr)))))

(in subj.unconfined

    (allow typeattr self (perf_event (not (read write))))
    (allow typeattr subj.typeattr (perf_event (read write))))