blob: 4e447503c1435bc05676ad8e6d5df65b4857b791 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
;; SPDX-FileCopyrightText: © 2024 Dominick Grift <dominick.grift@defensec.nl>
;; SPDX-License-Identifier: Unlicense
(block pstorefile
(macro type ((type ARG1))
(typeattributeset typeattr ARG1))
(typeattribute typeattr)
(blockinherit .file.all_macro_template_dirs)
(blockinherit .file.all_macro_template_files)
(call .obj.type (typeattr))
(call .pstore.associate_fs (typeattr))
(block base_template
(blockabstract base_template)
(context pstorefile_context (.sys.id .sys.role pstorefile .sys.lowlow))
(type pstorefile)
(call .pstorefile.type (pstorefile)))
(block macro_template_dirs
(blockabstract macro_template_dirs)
(macro addname_pstorefile_dirs ((type ARG1))
(allow ARG1 pstorefile addname_dir))
(macro create_pstorefile_dirs ((type ARG1))
(allow ARG1 pstorefile create_dir))
(macro delete_pstorefile_dirs ((type ARG1))
(allow ARG1 pstorefile delete_dir))
(macro deletename_pstorefile_dirs ((type ARG1))
(allow ARG1 pstorefile deletename_dir))
(macro list_pstorefile_dirs ((type ARG1))
(allow ARG1 pstorefile list_dir))
(macro listinherited_pstorefile_dirs ((type ARG1))
(allow ARG1 pstorefile listinherited_dir))
(macro manage_pstorefile_dirs ((type ARG1))
(allow ARG1 pstorefile manage_dir))
(macro mounton_pstorefile_dirs ((type ARG1))
(allow ARG1 pstorefile mounton_dir))
(macro readwrite_pstorefile_dirs ((type ARG1))
(allow ARG1 pstorefile readwrite_dir))
(macro readwriteinherited_pstorefile_dirs ((type ARG1))
(allow ARG1 pstorefile readwriteinherited_dir))
(macro rename_pstorefile_dirs ((type ARG1))
(allow ARG1 pstorefile rename_dir))
(macro search_pstorefile_dirs ((type ARG1))
(allow ARG1 pstorefile search_dir))
(macro write_pstorefile_dirs ((type ARG1))
(allow ARG1 pstorefile write_dir))
(macro writeinherited_pstorefile_dirs ((type ARG1))
(allow ARG1 pstorefile writeinherited_dir)))
(block macro_template_files
(blockabstract macro_template_files)
(macro append_pstorefile_files ((type ARG1))
(allow ARG1 pstorefile append_file))
(macro appendinherited_pstorefile_files ((type ARG1))
(allow ARG1 pstorefile appendinherited_file))
(macro create_pstorefile_files ((type ARG1))
(allow ARG1 pstorefile create_file))
(macro delete_pstorefile_files ((type ARG1))
(allow ARG1 pstorefile delete_file))
(macro execute_pstorefile_files ((type ARG1))
(allow ARG1 pstorefile execute_file))
(macro manage_pstorefile_files ((type ARG1))
(allow ARG1 pstorefile manage_file))
(macro mapexecute_pstorefile_files ((type ARG1))
(allow ARG1 pstorefile mapexecute_file))
(macro mounton_pstorefile_files ((type ARG1))
(allow ARG1 pstorefile mounton_file))
(macro read_pstorefile_files ((type ARG1))
(allow ARG1 pstorefile read_file))
(macro readinherited_pstorefile_files ((type ARG1))
(allow ARG1 pstorefile readinherited_file))
(macro readwrite_pstorefile_files ((type ARG1))
(allow ARG1 pstorefile readwrite_file))
(macro readwriteinherited_pstorefile_files ((type ARG1))
(allow ARG1 pstorefile readwriteinherited_file))
(macro rename_pstorefile_files ((type ARG1))
(allow ARG1 pstorefile rename_file))
(macro write_pstorefile_files ((type ARG1))
(allow ARG1 pstorefile write_file))
(macro writeinherited_pstorefile_files ((type ARG1))
(allow ARG1 pstorefile writeinherited_file)))
(block template
(blockabstract template)
(blockinherit .pstorefile.base_template)
(blockinherit .pstorefile.macro_template_files))
(block unconfined
(macro type ((type ARG1))
(typeattributeset typeattr ARG1))
(typeattribute typeattr)
(allow typeattr pstorefile.typeattr (dir (not execmod)))
(allow typeattr pstorefile.typeattr (file (not (entrypoint execmod))))))
(in sys.unconfined
(call .pstorefile.unconfined.type (typeattr)))
|
