class infoflow
class infoflow2
class infoflow3
class infoflow4
class infoflow5
class infoflow6
class infoflow7

sid kernel
sid security

common infoflow
{
	low_w
	med_w
	hi_w
	low_r
	med_r
	hi_r
}

class infoflow
inherits infoflow

class infoflow2
inherits infoflow
{
	super_w
	super_r
}

class infoflow3
{
	null
}

class infoflow4
inherits infoflow

class infoflow5
inherits infoflow

class infoflow6
inherits infoflow

class infoflow7
inherits infoflow
{
	super_w
	super_r
	super_none
	super_both
	super_unmapped
}

sensitivity s0;
sensitivity s1;
sensitivity s2;

dominance { s0 s1 s2 }

category c0;
category c1;
category c2;
category c3;
category c4;
category c5;
category c6;
category c7;
category c8;
category c9;
category c10;
category c11;
category c12;
category c13;

#level decl
level s0:c0.c2;
level s1:c0.c13;
level s2:c0.c13;

#some constraints
mlsconstrain infoflow hi_r ((l1 dom l2) or (t1 == mls_exempt));

attribute mls_exempt;

type system;
role system;
role system types system;

role role20_r;
role role21a_r;
role role21b_r;
role role21c_r;

role role20_r types system;
role role21a_r types system;
role role21b_r types system;
role role21c_r types system;

type type30;
type type31a;
type type31b;
type type31c;
role system types { type30 type31a type31b type31c };

allow system self:infoflow hi_w;

#users
user system roles { system role20_r role21a_r role21b_r role21c_r } level s0 range s0 - s2:c0.c4;
user user10 roles system level s0 range s0 - s2:c0.c4;
user user11a roles system level s0 range s0 - s2:c0.c4;
user user11b roles system level s0 range s0 - s2:c0.c4;
user user11c roles system level s0 range s0 - s2:c0.c4;

#normal constraints
constrain infoflow hi_w (u1 == u2);

#isids
sid kernel system:system:system:s0
sid security system:system:system:s0

#fs_use
fs_use_trans devpts system:object_r:system:s0;
fs_use_xattr ext3 system:object_r:system:s0;
fs_use_task pipefs system:object_r:system:s0;

#genfscon
genfscon proc / system:object_r:system:s1
genfscon proc /sys system:object_r:system:s0
genfscon selinuxfs / system:object_r:system:s2:c0.c4
portcon tcp 1 system:system:system:s0:c0.c1
netifcon eth0 system:object_r:system:s0 system:object_r:system:s0
nodecon 127.0.0.1 255.255.255.255 system:object_r:system:s0
nodecon ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system:object_r:system:s0