blob: aba09a95dda1421c9c676bd12b689f830a85ec05 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl>
;; SPDX-License-Identifier: Unlicense
(block debugfile
(macro type ((type ARG1))
(typeattributeset typeattr ARG1))
(typeattribute typeattr)
(blockinherit .file.all_macro_template_dirs)
(blockinherit .file.all_macro_template_files)
(call .obj.type (typeattr))
(call .debug.associate_fs (typeattr))
(block base_template
(blockabstract base_template)
(context debugfile_context (.sys.id .sys.role debugfile .sys.lowlow))
(type debugfile)
(call .debugfile.type (debugfile)))
(block macro_template_dirs
(blockabstract macro_template_dirs)
(macro addname_debugfile_dirs ((type ARG1))
(allow ARG1 debugfile addname_dir))
(macro create_debugfile_dirs ((type ARG1))
(allow ARG1 debugfile create_dir))
(macro delete_debugfile_dirs ((type ARG1))
(allow ARG1 debugfile delete_dir))
(macro deletename_debugfile_dirs ((type ARG1))
(allow ARG1 debugfile deletename_dir))
(macro list_debugfile_dirs ((type ARG1))
(allow ARG1 debugfile list_dir))
(macro listinherited_debugfile_dirs ((type ARG1))
(allow ARG1 debugfile listinherited_dir))
(macro manage_debugfile_dirs ((type ARG1))
(allow ARG1 debugfile manage_dir))
(macro mounton_debugfile_dirs ((type ARG1))
(allow ARG1 debugfile mounton_dir))
(macro readwrite_debugfile_dirs ((type ARG1))
(allow ARG1 debugfile readwrite_dir))
(macro readwriteinherited_debugfile_dirs ((type ARG1))
(allow ARG1 debugfile readwriteinherited_dir))
(macro rename_debugfile_dirs ((type ARG1))
(allow ARG1 debugfile rename_dir))
(macro search_debugfile_dirs ((type ARG1))
(allow ARG1 debugfile search_dir))
(macro write_debugfile_dirs ((type ARG1))
(allow ARG1 debugfile write_dir))
(macro writeinherited_debugfile_dirs ((type ARG1))
(allow ARG1 debugfile writeinherited_dir)))
(block macro_template_files
(blockabstract macro_template_files)
(macro append_debugfile_files ((type ARG1))
(allow ARG1 debugfile append_file))
(macro appendinherited_debugfile_files ((type ARG1))
(allow ARG1 debugfile appendinherited_file))
(macro create_debugfile_files ((type ARG1))
(allow ARG1 debugfile create_file))
(macro delete_debugfile_files ((type ARG1))
(allow ARG1 debugfile delete_file))
(macro execute_debugfile_files ((type ARG1))
(allow ARG1 debugfile execute_file))
(macro manage_debugfile_files ((type ARG1))
(allow ARG1 debugfile manage_file))
(macro mapexecute_debugfile_files ((type ARG1))
(allow ARG1 debugfile mapexecute_file))
(macro mounton_debugfile_files ((type ARG1))
(allow ARG1 debugfile mounton_file))
(macro read_debugfile_files ((type ARG1))
(allow ARG1 debugfile read_file))
(macro readinherited_debugfile_files ((type ARG1))
(allow ARG1 debugfile readinherited_file))
(macro readwrite_debugfile_files ((type ARG1))
(allow ARG1 debugfile readwrite_file))
(macro readwriteinherited_debugfile_files ((type ARG1))
(allow ARG1 debugfile readwriteinherited_file))
(macro rename_debugfile_files ((type ARG1))
(allow ARG1 debugfile rename_file))
(macro write_debugfile_files ((type ARG1))
(allow ARG1 debugfile write_file))
(macro writeinherited_debugfile_files ((type ARG1))
(allow ARG1 debugfile writeinherited_file)))
(block template
(blockabstract template)
(blockinherit .debugfile.base_template)
(blockinherit .debugfile.macro_template_files))
(block unconfined
(macro type ((type ARG1))
(typeattributeset typeattr ARG1))
(typeattribute typeattr)
(allow typeattr debugfile.typeattr (dir (not (audit_access execmod))))
(allow typeattr debugfile.typeattr
(file (not (audit_access entrypoint execmod))))))
(in sys.unconfined
(call .debugfile.unconfined.type (typeattr)))
|
