blob: 31acd47877ff79ac3ae09e44d30efec39c451742 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl>
;; SPDX-License-Identifier: Unlicense
(block bpffile
(macro type ((type ARG1))
(typeattributeset typeattr ARG1))
(typeattribute typeattr)
(blockinherit .file.all_macro_template_dirs)
(blockinherit .file.all_macro_template_files)
(call .obj.type (typeattr))
(call .bpf.associate_fs (typeattr))
(block base_template
(blockabstract base_template)
(context bpffile_context (.sys.id .sys.role bpffile .sys.lowlow))
(type bpffile)
(call .bpffile.type (bpffile)))
(block macro_template_dirs
(blockabstract macro_template_dirs)
(macro addname_bpffile_dirs ((type ARG1))
(allow ARG1 bpffile addname_dir))
(macro create_bpffile_dirs ((type ARG1))
(allow ARG1 bpffile create_dir))
(macro delete_bpffile_dirs ((type ARG1))
(allow ARG1 bpffile delete_dir))
(macro deletename_bpffile_dirs ((type ARG1))
(allow ARG1 bpffile deletename_dir))
(macro list_bpffile_dirs ((type ARG1))
(allow ARG1 bpffile list_dir))
(macro listinherited_bpffile_dirs ((type ARG1))
(allow ARG1 bpffile listinherited_dir))
(macro manage_bpffile_dirs ((type ARG1))
(allow ARG1 bpffile manage_dir))
(macro mounton_bpffile_dirs ((type ARG1))
(allow ARG1 bpffile mounton_dir))
(macro readwrite_bpffile_dirs ((type ARG1))
(allow ARG1 bpffile readwrite_dir))
(macro readwriteinherited_bpffile_dirs ((type ARG1))
(allow ARG1 bpffile readwriteinherited_dir))
(macro rename_bpffile_dirs ((type ARG1))
(allow ARG1 bpffile rename_dir))
(macro search_bpffile_dirs ((type ARG1))
(allow ARG1 bpffile search_dir))
(macro write_bpffile_dirs ((type ARG1))
(allow ARG1 bpffile write_dir))
(macro writeinherited_bpffile_dirs ((type ARG1))
(allow ARG1 bpffile writeinherited_dir)))
(block macro_template_files
(blockabstract macro_template_files)
(macro append_bpffile_files ((type ARG1))
(allow ARG1 bpffile append_file))
(macro appendinherited_bpffile_files ((type ARG1))
(allow ARG1 bpffile appendinherited_file))
(macro create_bpffile_files ((type ARG1))
(allow ARG1 bpffile create_file))
(macro delete_bpffile_files ((type ARG1))
(allow ARG1 bpffile delete_file))
(macro execute_bpffile_files ((type ARG1))
(allow ARG1 bpffile execute_file))
(macro manage_bpffile_files ((type ARG1))
(allow ARG1 bpffile manage_file))
(macro mapexecute_bpffile_files ((type ARG1))
(allow ARG1 bpffile mapexecute_file))
(macro mounton_bpffile_files ((type ARG1))
(allow ARG1 bpffile mounton_file))
(macro read_bpffile_files ((type ARG1))
(allow ARG1 bpffile read_file))
(macro readinherited_bpffile_files ((type ARG1))
(allow ARG1 bpffile readinherited_file))
(macro readwrite_bpffile_files ((type ARG1))
(allow ARG1 bpffile readwrite_file))
(macro readwriteinherited_bpffile_files ((type ARG1))
(allow ARG1 bpffile readwriteinherited_file))
(macro rename_bpffile_files ((type ARG1))
(allow ARG1 bpffile rename_file))
(macro write_bpffile_files ((type ARG1))
(allow ARG1 bpffile write_file))
(macro writeinherited_bpffile_files ((type ARG1))
(allow ARG1 bpffile writeinherited_file)))
(block template
(blockabstract template)
(blockinherit .bpffile.base_template)
(blockinherit .bpffile.macro_template_files))
(block unconfined
(macro type ((type ARG1))
(typeattributeset typeattr ARG1))
(typeattribute typeattr)
(allow typeattr bpffile.typeattr
(dir (not (audit_access execmod relabelfrom relabelto))))
(allow typeattr bpffile.typeattr
(file (not (audit_access entrypoint execmod relabelfrom
relabelto))))))
(in sys.unconfined
(call .bpffile.unconfined.type (typeattr)))
|
