Gitiles
Code Review Sign In
192.168.1.100 / T108 / e958203796650e3959a43708d67534bf36f4c83b / . / marvell / services / selinux-policy / src / file / execfile / procdexecfile.cil
blob: 9df3408897b22d4c2d6c9938f06ee6a711f9e238 [file] [log] [blame]
b.liue9582032025-04-17 19:18:16 +0800[diff] [blame^]1;; -*- mode: CIL; fill-column: 79; indent-tabs-mode: nil; -*-
2;; SPDX-FileCopyrightText: © 2021 Dominick Grift <dominick.grift@defensec.nl>
3;; SPDX-License-Identifier: Unlicense
4
5(in .file
6 (call .procd.obj_type_transition_execfile (unconfined.subj_typeattr)))
7
8(block procd
9
10 ;;
11 ;; Contexts
12 ;;
13
14 (filecon
15 "/usr/bin/askfirst"
16 file
17 execfile_file_context)
18 (filecon
19 "/usr/bin/procd"
20 file
21 execfile_file_context)
22 (filecon
23 "/usr/bin/upgraded"
24 file
25 execfile_file_context)
26 (filecon
27 "/usr/bin/init"
28 file
29 execfile_file_context)
30 (filecon
31 "/usr/bin/service"
32 file
33 execfile_file_context)
34 (filecon
35 "/usr/bin/ujail"
36 file
37 execfile_file_context)
38 (filecon
39 "/usr/bin/utrace"
40 file
41 execfile_file_context)
42 (filecon
43 "/sbin/procd"
44 file
45 execfile_file_context)
46 (filecon
47 "/rom/sbin/procd"
48 file
49 execfile_file_context)
50
51 ;;
52 ;; Macros
53 ;;
54
55 (macro getattr_execfile_files ((type ARG1))
56 (allow ARG1 execfile (file (getattr))))
57
58 (macro obj_type_transition_execfile ((type ARG1))
59 (call .file.execfile_obj_type_transition
60 (ARG1 execfile file "askfirst"))
61 (call .file.execfile_obj_type_transition
62 (ARG1 execfile file "procd"))
63 (call .file.execfile_obj_type_transition
64 (ARG1 execfile file "upgraded"))
65 (call .file.execfile_obj_type_transition
66 (ARG1 execfile file "init"))
67 (call .file.execfile_obj_type_transition
68 (ARG1 execfile file "service"))
69 (call .file.execfile_obj_type_transition
70 (ARG1 execfile file "ujail"))
71 (call .file.execfile_obj_type_transition
72 (ARG1 execfile file "utrace")))
73
74 ;;
75 ;; Policy
76 ;;
77
78 (blockinherit .file.exec.obj_template))