1 files changed, 47 insertions, 0 deletions

diff --git a/blog/access-control/xdgfile.cil b/blog/access-control/xdgfile.cil
new file mode 100644
index 0000000..67f5e31
--- /dev/null
+++ b/blog/access-control/xdgfile.cil
@@ -0,0 +1,47 @@
+;; create out xdg namespace
+(block xdg
+    ;; we will create a subnamespace for each xdg file type (e.g config, cache, share, state)
+    (block config
+        ;; this next block isn't technically required but it shows that we are a subtype of .file.home
+        (block home
+            ;; create a macro to allow type transitions for files in our context
+            (macro file_type_transition_file ((type ARG1) (class ARG2) (name ARG3))
+                (call .home.file_type_transition_file (ARG1 file ARG2 ARG3)))
+            
+            ;; inherit the template which defines some types for us and also provides some macros
+            (blockinherit .file.home.template)
+
+            ;; define a context for the ~/.cache directory itself
+            ;; hint: HOME_DIR is one of the few variables that can be interpolated into strings
+            (filecon "HOME_DIR/\.config" dir file_context)
+            (filecon "HOME_DIR/\.config/.*" file file_context)))
+
+    (block cache
+        (block home
+            (macro file_type_transition_file ((type ARG1) (class ARG2) (name ARG3))
+                (call .home.file_type_transition_file (ARG1 file ARG2 ARG3)))
+            
+            (blockinherit .file.home.template)
+
+            (filecon "HOME_DIR/\.cache" dir file_context)
+            (filecon "HOME_DIR/\.cache/.*" file file_context)))
+
+    (block share
+        (block home
+            (macro file_type_transition_file ((type ARG1) (class ARG2) (name ARG3))
+                (call .home.file_type_transition_file (ARG1 file ARG2 ARG3)))
+            
+            (blockinherit .file.home.template)
+
+            (filecon "HOME_DIR/\.local/share" dir file_context)
+            (filecon "HOME_DIR/\.local/share/.*" file file_context)))
+
+    (block state
+        (block home
+            (macro file_type_transition_file ((type ARG1) (class ARG2) (name ARG3))
+                (call .home.file_type_transition_file (ARG1 file ARG2 ARG3)))
+            
+            (blockinherit .file.home.template)
+
+            (filecon "HOME_DIR/\.local/state" dir file_context)
+            (filecon "HOME_DIR/\.local/state/.*" file file_context))))