blob: 96ade2e45b5218c9216908d69856217095988d94 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
;; SPDX-FileCopyrightText: © 2024 Dominick Grift <dominick.grift@defensec.nl>
;; SPDX-License-Identifier: Unlicense
(block sysctlfile
(macro type ((type ARG1))
(typeattributeset typeattr ARG1))
(typeattribute typeattr)
(blockinherit .file.all_macro_template_dirs)
(blockinherit .file.all_macro_template_files)
(call .procfile.type (typeattr))
(block base_template
(blockabstract base_template)
(context sysctlfile_context (.sys.id .sys.role sysctlfile .sys.lowlow))
(type sysctlfile)
(call .sysctlfile.type (sysctlfile)))
(block macro_template_dirs
(blockabstract macro_template_dirs)
(macro addname_sysctlfile_dirs ((type ARG1))
(allow ARG1 sysctlfile addname_dir))
(macro create_sysctlfile_dirs ((type ARG1))
(allow ARG1 sysctlfile create_dir))
(macro delete_sysctlfile_dirs ((type ARG1))
(allow ARG1 sysctlfile delete_dir))
(macro deletename_sysctlfile_dirs ((type ARG1))
(allow ARG1 sysctlfile deletename_dir))
(macro list_sysctlfile_dirs ((type ARG1))
(allow ARG1 sysctlfile list_dir))
(macro listinherited_sysctlfile_dirs ((type ARG1))
(allow ARG1 sysctlfile listinherited_dir))
(macro manage_sysctlfile_dirs ((type ARG1))
(allow ARG1 sysctlfile manage_dir))
(macro mounton_sysctlfile_dirs ((type ARG1))
(allow ARG1 sysctlfile mounton_dir))
(macro readwrite_sysctlfile_dirs ((type ARG1))
(allow ARG1 sysctlfile readwrite_dir))
(macro readwriteinherited_sysctlfile_dirs ((type ARG1))
(allow ARG1 sysctlfile readwriteinherited_dir))
(macro rename_sysctlfile_dirs ((type ARG1))
(allow ARG1 sysctlfile rename_dir))
(macro search_sysctlfile_dirs ((type ARG1))
(allow ARG1 sysctlfile search_dir))
(macro write_sysctlfile_dirs ((type ARG1))
(allow ARG1 sysctlfile write_dir))
(macro writeinherited_sysctlfile_dirs ((type ARG1))
(allow ARG1 sysctlfile writeinherited_dir)))
(block macro_template_files
(blockabstract macro_template_files)
(macro append_sysctlfile_files ((type ARG1))
(allow ARG1 sysctlfile append_file))
(macro appendinherited_sysctlfile_files ((type ARG1))
(allow ARG1 sysctlfile appendinherited_file))
(macro create_sysctlfile_files ((type ARG1))
(allow ARG1 sysctlfile create_file))
(macro delete_sysctlfile_files ((type ARG1))
(allow ARG1 sysctlfile delete_file))
(macro execute_sysctlfile_files ((type ARG1))
(allow ARG1 sysctlfile execute_file))
(macro manage_sysctlfile_files ((type ARG1))
(allow ARG1 sysctlfile manage_file))
(macro mapexecute_sysctlfile_files ((type ARG1))
(allow ARG1 sysctlfile mapexecute_file))
(macro mounton_sysctlfile_files ((type ARG1))
(allow ARG1 sysctlfile mounton_file))
(macro read_sysctlfile_files ((type ARG1))
(allow ARG1 sysctlfile read_file))
(macro readinherited_sysctlfile_files ((type ARG1))
(allow ARG1 sysctlfile readinherited_file))
(macro readwrite_sysctlfile_files ((type ARG1))
(allow ARG1 sysctlfile readwrite_file))
(macro readwriteinherited_sysctlfile_files ((type ARG1))
(allow ARG1 sysctlfile readwriteinherited_file))
(macro rename_sysctlfile_files ((type ARG1))
(allow ARG1 sysctlfile rename_file))
(macro write_sysctlfile_files ((type ARG1))
(allow ARG1 sysctlfile write_file))
(macro writeinherited_sysctlfile_files ((type ARG1))
(allow ARG1 sysctlfile writeinherited_file)))
(block template
(blockabstract template)
(blockinherit .sysctlfile.base_template)
(blockinherit .sysctlfile.macro_template_files))
(block unconfined
(macro type ((type ARG1))
(typeattributeset typeattr ARG1))
(typeattribute typeattr)
(allow typeattr sysctlfile.typeattr
(dir (not (audit_access execmod relabelfrom relabelto))))
(allow typeattr sysctlfile.typeattr
(file (not (audit_access entrypoint execmod relabelfrom
relabelto))))))
|
