Blame - marvell/services/selinux-policy/src/file/miscfile/cronmiscfile.cil - T108

blob: 547a28322ce544ec7feee171eed425e3c95eace0 [file] [log] [blame]

b.liu	e958203	2025-04-17 19:18:16 +0800	[diff] [blame^]	1	;; -- mode: CIL; fill-column: 79; indent-tabs-mode: nil; --
				2	;; SPDX-FileCopyrightText: © 2021 Dominick Grift <dominick.grift@defensec.nl>
				3	;; SPDX-License-Identifier: Unlicense
				4
				5	(in .file
				6	(call .cron.conffile_obj_type_transition_miscfile
				7	(unconfined.subj_typeattr))
				8	(call .cron.spooltmpfile_obj_type_transition_miscfile
				9	(unconfined.subj_typeattr)))
				10
				11	(block cron
				12
				13	;;
				14	;; Contexts
				15	;;
				16
				17	(filecon
				18	"/etc/crontabs"
				19	dir
				20	miscfile_file_context)
				21	(filecon
				22	"/etc/crontabs/.*"
				23	any
				24	miscfile_file_context)
				25
				26	(filecon
				27	"/tmp/spool/cron"
				28	dir
				29	miscfile_file_context)
				30	(filecon
				31	"/tmp/spool/cron/.*"
				32	any
				33	miscfile_file_context)
				34
				35	;;
				36	;; Macros
				37	;;
				38
				39	(macro conffile_obj_type_transition_miscfile ((type ARG1))
				40	(call .file.conffile_obj_type_transition
				41	(ARG1 miscfile dir "crontabs")))
				42
				43	(macro getattr_miscfile_files ((type ARG1))
				44	(allow ARG1 miscfile (file (getattr))))
				45
				46	(macro spooltmpfile_obj_type_transition_miscfile ((type ARG1))
				47	(call .tmpfile.spooltmpfile_obj_type_transition
				48	(ARG1 miscfile dir "cron")))
				49
				50	;;
				51	;; Policy
				52	;;
				53
				54	(blockinherit .file.misc.obj_template)
				55
				56	(call .tmp.associate_filesystems (miscfile))
				57	(call .xattr.associate_filesystems (miscfile)))