| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame^] | 1 | ;; -*- mode: CIL; fill-column: 79; indent-tabs-mode: nil; -*- |
| 2 | ;; SPDX-FileCopyrightText: © 2021 Dominick Grift <dominick.grift@defensec.nl> |
| 3 | ;; SPDX-License-Identifier: Unlicense |
| 4 | |
| 5 | (in .file |
| 6 | (call .resolv.obj_type_transition_tmpfile (unconfined.subj_typeattr))) |
| 7 | |
| 8 | (block resolv |
| 9 | |
| 10 | ;; |
| 11 | ;; Contexts |
| 12 | ;; |
| 13 | |
| 14 | (filecon |
| 15 | "/tmp/resolv\.conf" |
| 16 | symlink |
| 17 | tmpfile_file_context) |
| 18 | (filecon |
| 19 | "/tmp/resolv\.conf\.auto" |
| 20 | file |
| 21 | tmpfile_file_context) |
| 22 | (filecon |
| 23 | "/tmp/resolv\.conf\.ppp" |
| 24 | file |
| 25 | tmpfile_file_context) |
| 26 | (filecon |
| 27 | "/tmp/resolv\.conf\.d" |
| 28 | dir |
| 29 | tmpfile_file_context) |
| 30 | (filecon |
| 31 | "/tmp/resolv\.conf\,d/.*" |
| 32 | any |
| 33 | tmpfile_file_context) |
| 34 | |
| 35 | ;; |
| 36 | ;; Macros |
| 37 | ;; |
| 38 | |
| 39 | (macro obj_type_transition_tmpfile ((type ARG1)) |
| 40 | (call .tmp.fs_obj_type_transition |
| 41 | (ARG1 tmpfile file "resolv.conf")) |
| 42 | (call .tmp.fs_obj_type_transition |
| 43 | (ARG1 tmpfile file "resolv.conf.auto")) |
| 44 | (call .tmp.fs_obj_type_transition |
| 45 | (ARG1 tmpfile file "resolv.conf.ppp")) |
| 46 | (call .tmp.fs_obj_type_transition |
| 47 | (ARG1 tmpfile dir "resolv.conf.d"))) |
| 48 | |
| 49 | (macro watch_tmpfile_dirs ((type ARG1)) |
| 50 | (allow ARG1 tmpfile (dir (watch)))) |
| 51 | |
| 52 | ;; |
| 53 | ;; Policy |
| 54 | ;; |
| 55 | |
| 56 | (blockinherit .tmpfile.obj_template) |
| 57 | |
| 58 | (block read |
| 59 | |
| 60 | ;; |
| 61 | ;; Policy |
| 62 | ;; |
| 63 | |
| 64 | (blockinherit subj.subj_all_macro_template) |
| 65 | |
| 66 | (call read_tmpfile_files (subj_typeattr)) |
| 67 | (call search_tmpfile_dirs (subj_typeattr)) |
| 68 | |
| 69 | (call .file.read_conffile_lnk_files (subj_typeattr)) |
| 70 | |
| 71 | (call .tmp.read_fs_lnk_files (subj_typeattr)))) |