Gitiles
Code Review Sign In
192.168.1.100 / T108 / e958203796650e3959a43708d67534bf36f4c83b / . / marvell / services / selinux-policy / src / tmpfile / locktmpfile.cil
blob: 3896a765fd25ebbca407bf3146045a1245ee968e [file] [log] [blame]
b.liue9582032025-04-17 19:18:16 +0800[diff] [blame^]1;; -*- mode: CIL; fill-column: 79; indent-tabs-mode: nil; -*-
2;; SPDX-FileCopyrightText: © 2021 Dominick Grift <dominick.grift@defensec.nl>
3;; SPDX-License-Identifier: Unlicense
4
5(in .file
6 (call .tmpfile.obj_type_transition_locktmpfile (unconfined.subj_typeattr)))
7
8(in .tmpfile
9
10 ;;
11 ;; Contexts
12 ;;
13
14 (filecon
15 "/tmp/lock"
16 dir
17 locktmpfile_file_context)
18 (filecon
19 "/tmp/lock/.*"
20 any
21 locktmpfile_file_context)
22
23 ;;
24 ;; Macros
25 ;;
26
27 (macro obj_type_transition_locktmpfile ((type ARG1))
28 (call .tmp.fs_obj_type_transition
29 (ARG1 locktmpfile dir "lock")))
30
31 ;;
32 ;; Policy
33 ;;
34
35 (blockinherit lock.obj_template)
36
37 (block lock
38
39 ;;
40 ;; Policy
41 ;;
42
43 (blockinherit .file.obj_all_macro_template)
44
45 (call tmpfile.obj_type (obj_typeattr))
46
47 ;;
48 ;; Templates
49 ;;
50
51 (block obj_base_template
52
53 ;;
54 ;; Contexts
55 ;;
56
57 (context
58 locktmpfile_file_context
59 (.u
60 .r
61 locktmpfile
62 (systemlow
63 systemlow)))
64
65 ;;
66 ;; Policy
67 ;;
68
69 (blockabstract obj_base_template)
70
71 (type
72 locktmpfile)
73
74 (call .tmpfile.lock.obj_type (locktmpfile)))
75
76 (block obj_macro_template
77
78 ;;
79 ;; Macros
80 ;;
81
82 (macro addname_locktmpfile_dirs ((type ARG1))
83 (allow ARG1 locktmpfile addname_dir))
84
85 (macro append_locktmpfile_blk_files ((type ARG1))
86 (allow ARG1 locktmpfile append_blk_file))
87
88 (macro append_locktmpfile_chr_files ((type ARG1))
89 (allow ARG1 locktmpfile append_chr_file))
90
91 (macro append_locktmpfile_fifo_files ((type ARG1))
92 (allow ARG1 locktmpfile append_fifo_file))
93
94 (macro append_locktmpfile_files ((type ARG1))
95 (allow ARG1 locktmpfile append_file))
96
97 (macro appendinherited_locktmpfile_blk_files ((type ARG1))
98 (allow ARG1 locktmpfile appendinherited_blk_file))
99
100 (macro appendinherited_locktmpfile_chr_files ((type ARG1))
101 (allow ARG1 locktmpfile appendinherited_chr_file))
102
103 (macro appendinherited_locktmpfile_fifo_files ((type ARG1))
104 (allow ARG1 locktmpfile appendinherited_fifo_file))
105
106 (macro appendinherited_locktmpfile_files ((type ARG1))
107 (allow ARG1 locktmpfile appendinherited_file))
108
109 (macro create_locktmpfile ((type ARG1))
110 (allow ARG1 locktmpfile (allfiles (create))))
111
112 (macro create_locktmpfile_blk_files ((type ARG1))
113 (allow ARG1 locktmpfile create_blk_file))
114
115 (macro create_locktmpfile_chr_files ((type ARG1))
116 (allow ARG1 locktmpfile create_chr_file))
117
118 (macro create_locktmpfile_dirs ((type ARG1))
119 (allow ARG1 locktmpfile create_dir))
120
121 (macro create_locktmpfile_fifo_files ((type ARG1))
122 (allow ARG1 locktmpfile create_fifo_file))
123
124 (macro create_locktmpfile_files ((type ARG1))
125 (allow ARG1 locktmpfile create_file))
126
127 (macro create_locktmpfile_lnk_files ((type ARG1))
128 (allow ARG1 locktmpfile create_lnk_file))
129
130 (macro create_locktmpfile_sock_files ((type ARG1))
131 (allow ARG1 locktmpfile create_sock_file))
132
133 (macro deletename_locktmpfile_dirs ((type ARG1))
134 (allow ARG1 locktmpfile deletename_dir))
135
136 (macro delete_locktmpfile ((type ARG1))
137 (allow ARG1 locktmpfile (allfiles (delete))))
138
139 (macro delete_locktmpfile_blk_files ((type ARG1))
140 (allow ARG1 locktmpfile delete_blk_file))
141
142 (macro delete_locktmpfile_chr_files ((type ARG1))
143 (allow ARG1 locktmpfile delete_chr_file))
144
145 (macro delete_locktmpfile_dirs ((type ARG1))
146 (allow ARG1 locktmpfile delete_dir))
147
148 (macro delete_locktmpfile_fifo_files ((type ARG1))
149 (allow ARG1 locktmpfile delete_fifo_file))
150
151 (macro delete_locktmpfile_files ((type ARG1))
152 (allow ARG1 locktmpfile delete_file))
153
154 (macro delete_locktmpfile_lnk_files ((type ARG1))
155 (allow ARG1 locktmpfile delete_lnk_file))
156
157 (macro delete_locktmpfile_sock_files ((type ARG1))
158 (allow ARG1 locktmpfile delete_sock_file))
159
160 (macro execute_locktmpfile_files ((type ARG1))
161 (allow ARG1 locktmpfile execute_file))
162
163 (macro list_locktmpfile_dirs ((type ARG1))
164 (allow ARG1 locktmpfile list_dir))
165
166 (macro listinherited_locktmpfile_dirs ((type ARG1))
167 (allow ARG1 locktmpfile listinherited_dir))
168
169 (macro locktmpfile_obj_type_transition
170 ((type ARG1)(type ARG2)(class ARG3)(name ARG4))
171 (typetransition ARG1 locktmpfile ARG3 ARG4 ARG2)
172 (call addname_locktmpfile_dirs (ARG1)))
173
174 (macro manage_locktmpfile ((type ARG1))
175 (allow ARG1 locktmpfile (allfiles (manage))))
176
177 (macro manage_locktmpfile_blk_files ((type ARG1))
178 (allow ARG1 locktmpfile manage_blk_file))
179
180 (macro manage_locktmpfile_chr_files ((type ARG1))
181 (allow ARG1 locktmpfile manage_chr_file))
182
183 (macro manage_locktmpfile_dirs ((type ARG1))
184 (allow ARG1 locktmpfile manage_dir))
185
186 (macro manage_locktmpfile_fifo_files ((type ARG1))
187 (allow ARG1 locktmpfile manage_fifo_file))
188
189 (macro manage_locktmpfile_files ((type ARG1))
190 (allow ARG1 locktmpfile manage_file))
191
192 (macro manage_locktmpfile_lnk_files ((type ARG1))
193 (allow ARG1 locktmpfile manage_lnk_file))
194
195 (macro manage_locktmpfile_sock_files ((type ARG1))
196 (allow ARG1 locktmpfile manage_sock_file))
197
198 (macro mapexecute_locktmpfile_chr_files ((type ARG1))
199 (allow ARG1 locktmpfile mapexecute_chr_file))
200
201 (macro mapexecute_locktmpfile_files ((type ARG1))
202 (allow ARG1 locktmpfile mapexecute_file))
203
204 (macro mounton_locktmpfile ((type ARG1))
205 (allow ARG1 locktmpfile (allfiles (mounton))))
206
207 (macro mounton_locktmpfile_blk_files ((type ARG1))
208 (allow ARG1 locktmpfile mounton_blk_file))
209
210 (macro mounton_locktmpfile_chr_files ((type ARG1))
211 (allow ARG1 locktmpfile mounton_chr_file))
212
213 (macro mounton_locktmpfile_dirs ((type ARG1))
214 (allow ARG1 locktmpfile mounton_dir))
215
216 (macro mounton_locktmpfile_fifo_files ((type ARG1))
217 (allow ARG1 locktmpfile mounton_fifo_file))
218
219 (macro mounton_locktmpfile_files ((type ARG1))
220 (allow ARG1 locktmpfile mounton_file))
221
222 (macro mounton_locktmpfile_lnk_files ((type ARG1))
223 (allow ARG1 locktmpfile mounton_lnk_file))
224
225 (macro mounton_locktmpfile_sock_files ((type ARG1))
226 (allow ARG1 locktmpfile mounton_sock_file))
227
228 (macro read_locktmpfile ((type ARG1))
229 (allow ARG1 locktmpfile (allfiles (read))))
230
231 (macro read_locktmpfile_blk_files ((type ARG1))
232 (allow ARG1 locktmpfile read_blk_file))
233
234 (macro read_locktmpfile_chr_files ((type ARG1))
235 (allow ARG1 locktmpfile read_chr_file))
236
237 (macro read_locktmpfile_fifo_files ((type ARG1))
238 (allow ARG1 locktmpfile read_fifo_file))
239
240 (macro read_locktmpfile_files ((type ARG1))
241 (allow ARG1 locktmpfile read_file))
242
243 (macro readinherited_locktmpfile_blk_files ((type ARG1))
244 (allow ARG1 locktmpfile readinherited_blk_file))
245
246 (macro readinherited_locktmpfile_chr_files ((type ARG1))
247 (allow ARG1 locktmpfile readinherited_chr_file))
248
249 (macro readinherited_locktmpfile_fifo_files ((type ARG1))
250 (allow ARG1 locktmpfile readinherited_fifo_file))
251
252 (macro readinherited_locktmpfile_files ((type ARG1))
253 (allow ARG1 locktmpfile readinherited_file))
254
255 (macro readinherited_locktmpfile_sock_files ((type ARG1))
256 (allow ARG1 locktmpfile readinherited_sock_file))
257
258 (macro read_locktmpfile_lnk_files ((type ARG1))
259 (allow ARG1 locktmpfile read_lnk_file))
260
261 (macro read_locktmpfile_sock_files ((type ARG1))
262 (allow ARG1 locktmpfile read_sock_file))
263
264 (macro readwrite_locktmpfile ((type ARG1))
265 (allow ARG1 locktmpfile (allfiles (readwrite))))
266
267 (macro readwrite_locktmpfile_blk_files ((type ARG1))
268 (allow ARG1 locktmpfile readwrite_blk_file))
269
270 (macro readwrite_locktmpfile_chr_files ((type ARG1))
271 (allow ARG1 locktmpfile readwrite_chr_file))
272
273 (macro readwrite_locktmpfile_dirs ((type ARG1))
274 (allow ARG1 locktmpfile readwrite_dir))
275
276 (macro readwrite_locktmpfile_fifo_files ((type ARG1))
277 (allow ARG1 locktmpfile readwrite_fifo_file))
278
279 (macro readwrite_locktmpfile_files ((type ARG1))
280 (allow ARG1 locktmpfile readwrite_file))
281
282 (macro readwriteinherited_locktmpfile_blk_files ((type ARG1))
283 (allow ARG1 locktmpfile readwriteinherited_blk_file))
284
285 (macro readwriteinherited_locktmpfile_chr_files ((type ARG1))
286 (allow ARG1 locktmpfile readwriteinherited_chr_file))
287
288 (macro readwriteinherited_locktmpfile_dirs ((type ARG1))
289 (allow ARG1 locktmpfile readwriteinherited_dir))
290
291 (macro readwriteinherited_locktmpfile_fifo_files ((type ARG1))
292 (allow ARG1 locktmpfile readwriteinherited_fifo_file))
293
294 (macro readwriteinherited_locktmpfile_files ((type ARG1))
295 (allow ARG1 locktmpfile readwriteinherited_file))
296
297 (macro readwriteinherited_locktmpfile_sock_files ((type ARG1))
298 (allow ARG1 locktmpfile readwriteinherited_sock_file))
299
300 (macro readwrite_locktmpfile_lnk_files ((type ARG1))
301 (allow ARG1 locktmpfile readwrite_lnk_file))
302
303 (macro readwrite_locktmpfile_sock_files ((type ARG1))
304 (allow ARG1 locktmpfile readwrite_sock_file))
305
306 (macro relabel_locktmpfile ((type ARG1))
307 (allow ARG1 locktmpfile (allfiles (relabel))))
308
309 (macro relabel_locktmpfile_blk_files ((type ARG1))
310 (allow ARG1 locktmpfile relabel_blk_file))
311
312 (macro relabel_locktmpfile_chr_files ((type ARG1))
313 (allow ARG1 locktmpfile relabel_chr_file))
314
315 (macro relabel_locktmpfile_dirs ((type ARG1))
316 (allow ARG1 locktmpfile relabel_dir))
317
318 (macro relabel_locktmpfile_fifo_files ((type ARG1))
319 (allow ARG1 locktmpfile relabel_fifo_file))
320
321 (macro relabel_locktmpfile_files ((type ARG1))
322 (allow ARG1 locktmpfile relabel_file))
323
324 (macro relabel_locktmpfile_lnk_files ((type ARG1))
325 (allow ARG1 locktmpfile relabel_lnk_file))
326
327 (macro relabel_locktmpfile_sock_files ((type ARG1))
328 (allow ARG1 locktmpfile relabel_sock_file))
329
330 (macro relabelfrom_locktmpfile ((type ARG1))
331 (allow ARG1 locktmpfile (allfiles (relabelfrom))))
332
333 (macro relabelfrom_locktmpfile_blk_files ((type ARG1))
334 (allow ARG1 locktmpfile relabelfrom_blk_file))
335
336 (macro relabelfrom_locktmpfile_chr_files ((type ARG1))
337 (allow ARG1 locktmpfile relabelfrom_chr_file))
338
339 (macro relabelfrom_locktmpfile_dirs ((type ARG1))
340 (allow ARG1 locktmpfile relabelfrom_dir))
341
342 (macro relabelfrom_locktmpfile_fifo_files ((type ARG1))
343 (allow ARG1 locktmpfile relabelfrom_fifo_file))
344
345 (macro relabelfrom_locktmpfile_files ((type ARG1))
346 (allow ARG1 locktmpfile relabelfrom_file))
347
348 (macro relabelfrom_locktmpfile_lnk_files ((type ARG1))
349 (allow ARG1 locktmpfile relabelfrom_lnk_file))
350
351 (macro relabelfrom_locktmpfile_sock_files ((type ARG1))
352 (allow ARG1 locktmpfile relabelfrom_sock_file))
353
354 (macro relabelto_locktmpfile ((type ARG1))
355 (allow ARG1 locktmpfile (allfiles (relabelto))))
356
357 (macro relabelto_locktmpfile_blk_files ((type ARG1))
358 (allow ARG1 locktmpfile relabelto_blk_file))
359
360 (macro relabelto_locktmpfile_chr_files ((type ARG1))
361 (allow ARG1 locktmpfile relabelto_chr_file))
362
363 (macro relabelto_locktmpfile_dirs ((type ARG1))
364 (allow ARG1 locktmpfile relabelto_dir))
365
366 (macro relabelto_locktmpfile_fifo_files ((type ARG1))
367 (allow ARG1 locktmpfile relabelto_fifo_file))
368
369 (macro relabelto_locktmpfile_files ((type ARG1))
370 (allow ARG1 locktmpfile relabelto_file))
371
372 (macro relabelto_locktmpfile_lnk_files ((type ARG1))
373 (allow ARG1 locktmpfile relabelto_lnk_file))
374
375 (macro relabelto_locktmpfile_sock_files ((type ARG1))
376 (allow ARG1 locktmpfile relabelto_sock_file))
377
378 (macro rename_locktmpfile ((type ARG1))
379 (allow ARG1 locktmpfile (allfiles (rename))))
380
381 (macro rename_locktmpfile_blk_files ((type ARG1))
382 (allow ARG1 locktmpfile rename_blk_file))
383
384 (macro rename_locktmpfile_chr_files ((type ARG1))
385 (allow ARG1 locktmpfile rename_chr_file))
386
387 (macro rename_locktmpfile_dirs ((type ARG1))
388 (allow ARG1 locktmpfile rename_dir))
389
390 (macro rename_locktmpfile_fifo_files ((type ARG1))
391 (allow ARG1 locktmpfile rename_fifo_file))
392
393 (macro rename_locktmpfile_files ((type ARG1))
394 (allow ARG1 locktmpfile rename_file))
395
396 (macro rename_locktmpfile_lnk_files ((type ARG1))
397 (allow ARG1 locktmpfile rename_lnk_file))
398
399 (macro rename_locktmpfile_sock_files ((type ARG1))
400 (allow ARG1 locktmpfile rename_sock_file))
401
402 (macro search_locktmpfile_dirs ((type ARG1))
403 (allow ARG1 locktmpfile search_dir))
404
405 (macro write_locktmpfile ((type ARG1))
406 (allow ARG1 locktmpfile (allfiles (write))))
407
408 (macro write_locktmpfile_blk_files ((type ARG1))
409 (allow ARG1 locktmpfile write_blk_file))
410
411 (macro write_locktmpfile_chr_files ((type ARG1))
412 (allow ARG1 locktmpfile write_chr_file))
413
414 (macro write_locktmpfile_dirs ((type ARG1))
415 (allow ARG1 locktmpfile write_dir))
416
417 (macro write_locktmpfile_fifo_files ((type ARG1))
418 (allow ARG1 locktmpfile write_fifo_file))
419
420 (macro write_locktmpfile_files ((type ARG1))
421 (allow ARG1 locktmpfile write_file))
422
423 (macro writeinherited_locktmpfile_blk_files ((type ARG1))
424 (allow ARG1 locktmpfile writeinherited_blk_file))
425
426 (macro writeinherited_locktmpfile_chr_files ((type ARG1))
427 (allow ARG1 locktmpfile writeinherited_chr_file))
428
429 (macro writeinherited_locktmpfile_dirs ((type ARG1))
430 (allow ARG1 locktmpfile writeinherited_dir))
431
432 (macro writeinherited_locktmpfile_fifo_files ((type ARG1))
433 (allow ARG1 locktmpfile writeinherited_fifo_file))
434
435 (macro writeinherited_locktmpfile_files ((type ARG1))
436 (allow ARG1 locktmpfile writeinherited_file))
437
438 (macro writeinherited_locktmpfile_sock_files ((type ARG1))
439 (allow ARG1 locktmpfile writeinherited_sock_file))
440
441 (macro write_locktmpfile_lnk_files ((type ARG1))
442 (allow ARG1 locktmpfile write_lnk_file))
443
444 (macro write_locktmpfile_sock_files ((type ARG1))
445 (allow ARG1 locktmpfile write_sock_file))
446
447 ;;
448 ;; Policy
449 ;;
450
451 (blockabstract obj_macro_template))
452
453 (block obj_template
454
455 ;;
456 ;; Policy
457 ;;
458
459 (blockabstract obj_template)
460
461 (blockinherit .tmpfile.lock.obj_base_template)
462 (blockinherit .tmpfile.lock.obj_macro_template))))