Gitiles
Code Review Sign In
192.168.1.100 / T108 / e958203796650e3959a43708d67534bf36f4c83b / . / marvell / services / selinux-policy / src / tmpfile / logtmpfile.cil
blob: c6224c0b25e920c5e017e8759a9d3f772851ab04 [file] [log] [blame]
b.liue9582032025-04-17 19:18:16 +0800[diff] [blame^]1;; -*- mode: CIL; fill-column: 79; indent-tabs-mode: nil; -*-
2;; SPDX-FileCopyrightText: © 2021 Dominick Grift <dominick.grift@defensec.nl>
3;; SPDX-License-Identifier: Unlicense
4
5(in .file
6 (call .tmpfile.obj_type_transition_logtmpfile (unconfined.subj_typeattr)))
7
8(in .tmpfile
9
10 ;;
11 ;; Contexts
12 ;;
13
14 (filecon
15 "/tmp/log"
16 dir
17 logtmpfile_file_context)
18 (filecon
19 "/tmp/log/.*"
20 any
21 logtmpfile_file_context)
22
23 ;;
24 ;; Macros
25 ;;
26
27 (macro obj_type_transition_logtmpfile ((type ARG1))
28 (call .tmp.fs_obj_type_transition
29 (ARG1 logtmpfile dir "log")))
30
31 ;;
32 ;; Policy
33 ;;
34
35 (blockinherit log.obj_template)
36
37 (block log
38
39 ;;
40 ;; Policy
41 ;;
42
43 (blockinherit .file.obj_all_macro_template)
44
45 (call tmpfile.obj_type (obj_typeattr))
46
47 ;;
48 ;; Templates
49 ;;
50
51 (block obj_base_template
52
53 ;;
54 ;; Contexts
55 ;;
56
57 (context
58 logtmpfile_file_context
59 (.u
60 .r
61 logtmpfile
62 (systemlow
63 systemlow)))
64
65 ;;
66 ;; Policy
67 ;;
68
69 (blockabstract obj_base_template)
70
71 (type
72 logtmpfile)
73
74 (call .tmpfile.log.obj_type (logtmpfile)))
75
76 (block obj_macro_template
77
78 ;;
79 ;; Macros
80 ;;
81
82 (macro addname_logtmpfile_dirs ((type ARG1))
83 (allow ARG1 logtmpfile addname_dir))
84
85 (macro append_logtmpfile_blk_files ((type ARG1))
86 (allow ARG1 logtmpfile append_blk_file))
87
88 (macro append_logtmpfile_chr_files ((type ARG1))
89 (allow ARG1 logtmpfile append_chr_file))
90
91 (macro append_logtmpfile_fifo_files ((type ARG1))
92 (allow ARG1 logtmpfile append_fifo_file))
93
94 (macro append_logtmpfile_files ((type ARG1))
95 (allow ARG1 logtmpfile append_file))
96
97 (macro appendinherited_logtmpfile_blk_files ((type ARG1))
98 (allow ARG1 logtmpfile appendinherited_blk_file))
99
100 (macro appendinherited_logtmpfile_chr_files ((type ARG1))
101 (allow ARG1 logtmpfile appendinherited_chr_file))
102
103 (macro appendinherited_logtmpfile_fifo_files ((type ARG1))
104 (allow ARG1 logtmpfile appendinherited_fifo_file))
105
106 (macro appendinherited_logtmpfile_files ((type ARG1))
107 (allow ARG1 logtmpfile appendinherited_file))
108
109 (macro create_logtmpfile ((type ARG1))
110 (allow ARG1 logtmpfile (allfiles (create))))
111
112 (macro create_logtmpfile_blk_files ((type ARG1))
113 (allow ARG1 logtmpfile create_blk_file))
114
115 (macro create_logtmpfile_chr_files ((type ARG1))
116 (allow ARG1 logtmpfile create_chr_file))
117
118 (macro create_logtmpfile_dirs ((type ARG1))
119 (allow ARG1 logtmpfile create_dir))
120
121 (macro create_logtmpfile_fifo_files ((type ARG1))
122 (allow ARG1 logtmpfile create_fifo_file))
123
124 (macro create_logtmpfile_files ((type ARG1))
125 (allow ARG1 logtmpfile create_file))
126
127 (macro create_logtmpfile_lnk_files ((type ARG1))
128 (allow ARG1 logtmpfile create_lnk_file))
129
130 (macro create_logtmpfile_sock_files ((type ARG1))
131 (allow ARG1 logtmpfile create_sock_file))
132
133 (macro deletename_logtmpfile_dirs ((type ARG1))
134 (allow ARG1 logtmpfile deletename_dir))
135
136 (macro delete_logtmpfile ((type ARG1))
137 (allow ARG1 logtmpfile (allfiles (delete))))
138
139 (macro delete_logtmpfile_blk_files ((type ARG1))
140 (allow ARG1 logtmpfile delete_blk_file))
141
142 (macro delete_logtmpfile_chr_files ((type ARG1))
143 (allow ARG1 logtmpfile delete_chr_file))
144
145 (macro delete_logtmpfile_dirs ((type ARG1))
146 (allow ARG1 logtmpfile delete_dir))
147
148 (macro delete_logtmpfile_fifo_files ((type ARG1))
149 (allow ARG1 logtmpfile delete_fifo_file))
150
151 (macro delete_logtmpfile_files ((type ARG1))
152 (allow ARG1 logtmpfile delete_file))
153
154 (macro delete_logtmpfile_lnk_files ((type ARG1))
155 (allow ARG1 logtmpfile delete_lnk_file))
156
157 (macro delete_logtmpfile_sock_files ((type ARG1))
158 (allow ARG1 logtmpfile delete_sock_file))
159
160 (macro execute_logtmpfile_files ((type ARG1))
161 (allow ARG1 logtmpfile execute_file))
162
163 (macro list_logtmpfile_dirs ((type ARG1))
164 (allow ARG1 logtmpfile list_dir))
165
166 (macro listinherited_logtmpfile_dirs ((type ARG1))
167 (allow ARG1 logtmpfile listinherited_dir))
168
169 (macro logtmpfile_obj_type_transition
170 ((type ARG1)(type ARG2)(class ARG3)(name ARG4))
171 (typetransition ARG1 logtmpfile ARG3 ARG4 ARG2)
172 (call addname_logtmpfile_dirs (ARG1)))
173
174 (macro manage_logtmpfile ((type ARG1))
175 (allow ARG1 logtmpfile (allfiles (manage))))
176
177 (macro manage_logtmpfile_blk_files ((type ARG1))
178 (allow ARG1 logtmpfile manage_blk_file))
179
180 (macro manage_logtmpfile_chr_files ((type ARG1))
181 (allow ARG1 logtmpfile manage_chr_file))
182
183 (macro manage_logtmpfile_dirs ((type ARG1))
184 (allow ARG1 logtmpfile manage_dir))
185
186 (macro manage_logtmpfile_fifo_files ((type ARG1))
187 (allow ARG1 logtmpfile manage_fifo_file))
188
189 (macro manage_logtmpfile_files ((type ARG1))
190 (allow ARG1 logtmpfile manage_file))
191
192 (macro manage_logtmpfile_lnk_files ((type ARG1))
193 (allow ARG1 logtmpfile manage_lnk_file))
194
195 (macro manage_logtmpfile_sock_files ((type ARG1))
196 (allow ARG1 logtmpfile manage_sock_file))
197
198 (macro mapexecute_logtmpfile_chr_files ((type ARG1))
199 (allow ARG1 logtmpfile mapexecute_chr_file))
200
201 (macro mapexecute_logtmpfile_files ((type ARG1))
202 (allow ARG1 logtmpfile mapexecute_file))
203
204 (macro mounton_logtmpfile ((type ARG1))
205 (allow ARG1 logtmpfile (allfiles (mounton))))
206
207 (macro mounton_logtmpfile_blk_files ((type ARG1))
208 (allow ARG1 logtmpfile mounton_blk_file))
209
210 (macro mounton_logtmpfile_chr_files ((type ARG1))
211 (allow ARG1 logtmpfile mounton_chr_file))
212
213 (macro mounton_logtmpfile_dirs ((type ARG1))
214 (allow ARG1 logtmpfile mounton_dir))
215
216 (macro mounton_logtmpfile_fifo_files ((type ARG1))
217 (allow ARG1 logtmpfile mounton_fifo_file))
218
219 (macro mounton_logtmpfile_files ((type ARG1))
220 (allow ARG1 logtmpfile mounton_file))
221
222 (macro mounton_logtmpfile_lnk_files ((type ARG1))
223 (allow ARG1 logtmpfile mounton_lnk_file))
224
225 (macro mounton_logtmpfile_sock_files ((type ARG1))
226 (allow ARG1 logtmpfile mounton_sock_file))
227
228 (macro read_logtmpfile ((type ARG1))
229 (allow ARG1 logtmpfile (allfiles (read))))
230
231 (macro read_logtmpfile_blk_files ((type ARG1))
232 (allow ARG1 logtmpfile read_blk_file))
233
234 (macro read_logtmpfile_chr_files ((type ARG1))
235 (allow ARG1 logtmpfile read_chr_file))
236
237 (macro read_logtmpfile_fifo_files ((type ARG1))
238 (allow ARG1 logtmpfile read_fifo_file))
239
240 (macro read_logtmpfile_files ((type ARG1))
241 (allow ARG1 logtmpfile read_file))
242
243 (macro readinherited_logtmpfile_blk_files ((type ARG1))
244 (allow ARG1 logtmpfile readinherited_blk_file))
245
246 (macro readinherited_logtmpfile_chr_files ((type ARG1))
247 (allow ARG1 logtmpfile readinherited_chr_file))
248
249 (macro readinherited_logtmpfile_fifo_files ((type ARG1))
250 (allow ARG1 logtmpfile readinherited_fifo_file))
251
252 (macro readinherited_logtmpfile_files ((type ARG1))
253 (allow ARG1 logtmpfile readinherited_file))
254
255 (macro readinherited_logtmpfile_sock_files ((type ARG1))
256 (allow ARG1 logtmpfile readinherited_sock_file))
257
258 (macro read_logtmpfile_lnk_files ((type ARG1))
259 (allow ARG1 logtmpfile read_lnk_file))
260
261 (macro read_logtmpfile_sock_files ((type ARG1))
262 (allow ARG1 logtmpfile read_sock_file))
263
264 (macro readwrite_logtmpfile ((type ARG1))
265 (allow ARG1 logtmpfile (allfiles (readwrite))))
266
267 (macro readwrite_logtmpfile_blk_files ((type ARG1))
268 (allow ARG1 logtmpfile readwrite_blk_file))
269
270 (macro readwrite_logtmpfile_chr_files ((type ARG1))
271 (allow ARG1 logtmpfile readwrite_chr_file))
272
273 (macro readwrite_logtmpfile_dirs ((type ARG1))
274 (allow ARG1 logtmpfile readwrite_dir))
275
276 (macro readwrite_logtmpfile_fifo_files ((type ARG1))
277 (allow ARG1 logtmpfile readwrite_fifo_file))
278
279 (macro readwrite_logtmpfile_files ((type ARG1))
280 (allow ARG1 logtmpfile readwrite_file))
281
282 (macro readwriteinherited_logtmpfile_blk_files ((type ARG1))
283 (allow ARG1 logtmpfile readwriteinherited_blk_file))
284
285 (macro readwriteinherited_logtmpfile_chr_files ((type ARG1))
286 (allow ARG1 logtmpfile readwriteinherited_chr_file))
287
288 (macro readwriteinherited_logtmpfile_dirs ((type ARG1))
289 (allow ARG1 logtmpfile readwriteinherited_dir))
290
291 (macro readwriteinherited_logtmpfile_fifo_files ((type ARG1))
292 (allow ARG1 logtmpfile readwriteinherited_fifo_file))
293
294 (macro readwriteinherited_logtmpfile_files ((type ARG1))
295 (allow ARG1 logtmpfile readwriteinherited_file))
296
297 (macro readwriteinherited_logtmpfile_sock_files ((type ARG1))
298 (allow ARG1 logtmpfile readwriteinherited_sock_file))
299
300 (macro readwrite_logtmpfile_lnk_files ((type ARG1))
301 (allow ARG1 logtmpfile readwrite_lnk_file))
302
303 (macro readwrite_logtmpfile_sock_files ((type ARG1))
304 (allow ARG1 logtmpfile readwrite_sock_file))
305
306 (macro relabel_logtmpfile ((type ARG1))
307 (allow ARG1 logtmpfile (allfiles (relabel))))
308
309 (macro relabel_logtmpfile_blk_files ((type ARG1))
310 (allow ARG1 logtmpfile relabel_blk_file))
311
312 (macro relabel_logtmpfile_chr_files ((type ARG1))
313 (allow ARG1 logtmpfile relabel_chr_file))
314
315 (macro relabel_logtmpfile_dirs ((type ARG1))
316 (allow ARG1 logtmpfile relabel_dir))
317
318 (macro relabel_logtmpfile_fifo_files ((type ARG1))
319 (allow ARG1 logtmpfile relabel_fifo_file))
320
321 (macro relabel_logtmpfile_files ((type ARG1))
322 (allow ARG1 logtmpfile relabel_file))
323
324 (macro relabel_logtmpfile_lnk_files ((type ARG1))
325 (allow ARG1 logtmpfile relabel_lnk_file))
326
327 (macro relabel_logtmpfile_sock_files ((type ARG1))
328 (allow ARG1 logtmpfile relabel_sock_file))
329
330 (macro relabelfrom_logtmpfile ((type ARG1))
331 (allow ARG1 logtmpfile (allfiles (relabelfrom))))
332
333 (macro relabelfrom_logtmpfile_blk_files ((type ARG1))
334 (allow ARG1 logtmpfile relabelfrom_blk_file))
335
336 (macro relabelfrom_logtmpfile_chr_files ((type ARG1))
337 (allow ARG1 logtmpfile relabelfrom_chr_file))
338
339 (macro relabelfrom_logtmpfile_dirs ((type ARG1))
340 (allow ARG1 logtmpfile relabelfrom_dir))
341
342 (macro relabelfrom_logtmpfile_fifo_files ((type ARG1))
343 (allow ARG1 logtmpfile relabelfrom_fifo_file))
344
345 (macro relabelfrom_logtmpfile_files ((type ARG1))
346 (allow ARG1 logtmpfile relabelfrom_file))
347
348 (macro relabelfrom_logtmpfile_lnk_files ((type ARG1))
349 (allow ARG1 logtmpfile relabelfrom_lnk_file))
350
351 (macro relabelfrom_logtmpfile_sock_files ((type ARG1))
352 (allow ARG1 logtmpfile relabelfrom_sock_file))
353
354 (macro relabelto_logtmpfile ((type ARG1))
355 (allow ARG1 logtmpfile (allfiles (relabelto))))
356
357 (macro relabelto_logtmpfile_blk_files ((type ARG1))
358 (allow ARG1 logtmpfile relabelto_blk_file))
359
360 (macro relabelto_logtmpfile_chr_files ((type ARG1))
361 (allow ARG1 logtmpfile relabelto_chr_file))
362
363 (macro relabelto_logtmpfile_dirs ((type ARG1))
364 (allow ARG1 logtmpfile relabelto_dir))
365
366 (macro relabelto_logtmpfile_fifo_files ((type ARG1))
367 (allow ARG1 logtmpfile relabelto_fifo_file))
368
369 (macro relabelto_logtmpfile_files ((type ARG1))
370 (allow ARG1 logtmpfile relabelto_file))
371
372 (macro relabelto_logtmpfile_lnk_files ((type ARG1))
373 (allow ARG1 logtmpfile relabelto_lnk_file))
374
375 (macro relabelto_logtmpfile_sock_files ((type ARG1))
376 (allow ARG1 logtmpfile relabelto_sock_file))
377
378 (macro rename_logtmpfile ((type ARG1))
379 (allow ARG1 logtmpfile (allfiles (rename))))
380
381 (macro rename_logtmpfile_blk_files ((type ARG1))
382 (allow ARG1 logtmpfile rename_blk_file))
383
384 (macro rename_logtmpfile_chr_files ((type ARG1))
385 (allow ARG1 logtmpfile rename_chr_file))
386
387 (macro rename_logtmpfile_dirs ((type ARG1))
388 (allow ARG1 logtmpfile rename_dir))
389
390 (macro rename_logtmpfile_fifo_files ((type ARG1))
391 (allow ARG1 logtmpfile rename_fifo_file))
392
393 (macro rename_logtmpfile_files ((type ARG1))
394 (allow ARG1 logtmpfile rename_file))
395
396 (macro rename_logtmpfile_lnk_files ((type ARG1))
397 (allow ARG1 logtmpfile rename_lnk_file))
398
399 (macro rename_logtmpfile_sock_files ((type ARG1))
400 (allow ARG1 logtmpfile rename_sock_file))
401
402 (macro search_logtmpfile_dirs ((type ARG1))
403 (allow ARG1 logtmpfile search_dir))
404
405 (macro write_logtmpfile ((type ARG1))
406 (allow ARG1 logtmpfile (allfiles (write))))
407
408 (macro write_logtmpfile_blk_files ((type ARG1))
409 (allow ARG1 logtmpfile write_blk_file))
410
411 (macro write_logtmpfile_chr_files ((type ARG1))
412 (allow ARG1 logtmpfile write_chr_file))
413
414 (macro write_logtmpfile_dirs ((type ARG1))
415 (allow ARG1 logtmpfile write_dir))
416
417 (macro write_logtmpfile_fifo_files ((type ARG1))
418 (allow ARG1 logtmpfile write_fifo_file))
419
420 (macro write_logtmpfile_files ((type ARG1))
421 (allow ARG1 logtmpfile write_file))
422
423 (macro writeinherited_logtmpfile_blk_files ((type ARG1))
424 (allow ARG1 logtmpfile writeinherited_blk_file))
425
426 (macro writeinherited_logtmpfile_chr_files ((type ARG1))
427 (allow ARG1 logtmpfile writeinherited_chr_file))
428
429 (macro writeinherited_logtmpfile_dirs ((type ARG1))
430 (allow ARG1 logtmpfile writeinherited_dir))
431
432 (macro writeinherited_logtmpfile_fifo_files ((type ARG1))
433 (allow ARG1 logtmpfile writeinherited_fifo_file))
434
435 (macro writeinherited_logtmpfile_files ((type ARG1))
436 (allow ARG1 logtmpfile writeinherited_file))
437
438 (macro writeinherited_logtmpfile_sock_files ((type ARG1))
439 (allow ARG1 logtmpfile writeinherited_sock_file))
440
441 (macro write_logtmpfile_lnk_files ((type ARG1))
442 (allow ARG1 logtmpfile write_lnk_file))
443
444 (macro write_logtmpfile_sock_files ((type ARG1))
445 (allow ARG1 logtmpfile write_sock_file))
446
447 ;;
448 ;; Policy
449 ;;
450
451 (blockabstract obj_macro_template))
452
453 (block obj_template
454
455 ;;
456 ;; Policy
457 ;;
458
459 (blockabstract obj_template)
460
461 (blockinherit .tmpfile.log.obj_base_template)
462 (blockinherit .tmpfile.log.obj_macro_template))))