class infoflow
class infoflow2
class infoflow3
class infoflow4
class infoflow5
class infoflow6
class infoflow7

sid kernel
sid security

common infoflow
{
	low_w
	med_w
	hi_w
	low_r
	med_r
	hi_r
}

class infoflow
inherits infoflow

class infoflow2
inherits infoflow
{
	super_w
	super_r
}

class infoflow3
{
	null
}

class infoflow4
inherits infoflow

class infoflow5
inherits infoflow

class infoflow6
inherits infoflow

class infoflow7
inherits infoflow
{
	super_w
	super_r
	super_none
	super_both
	super_unmapped
}

sensitivity sens;

# test1
# name: test1
# alias: unset
# sens: unset
sensitivity test1;

# test2
# name: test2(a|b)
# alias: unset
# sens: unset
sensitivity test2a;
sensitivity test2b;

# test 10
# name: unset
# alias: test10a
# sens: unset
sensitivity test10s1 alias { test10a test10c };
sensitivity test10s2 alias { test10b test10d };

# test 11
# name: unset
# alias: test11(a|b)
# sens: unset
sensitivity test11s1 alias { test11a test11c };
sensitivity test11s2 alias { test11b test11d };
sensitivity test11s3 alias { test11e test11f };


# test 20
# name: unset
# alias: unset
# sens: test20
sensitivity test20;

# test 21
# name: unset
# alias: unset
# sens: test21crit, dom
sensitivity test21;
sensitivity test21crit;

# test 22
# name: unset
# alias: unset
# sens: test22crit, domby
sensitivity test22;
sensitivity test22crit;

dominance { test21 test21crit test1 test2a test2b test10s1 sens test10s2 test11s1 test11s2 test11s3 test20 test22crit test22 }

category begin;
category end;

#level decl
level sens:begin.end;
level test1;
level test2a;
level test2b;
level test10s1;
level test10s2;
level test11s1;
level test11s2;
level test11s3;
level test20;
level test21;
level test21crit;
level test22;
level test22crit;

#some constraints
mlsconstrain infoflow hi_r ((l1 dom l2) or (t1 == mls_exempt));

attribute mls_exempt;

type system;
role system;
role system types system;

################################################################################
# Type enforcement declarations and rules

allow system system:infoflow3 null;

################################################################################

#users
user system roles system level sens range sens - sens:begin.end;

#normal constraints
constrain infoflow hi_w (u1 == u2);

#isids
sid kernel system:system:system:sens:begin
sid security system:system:system:sens:begin

#fs_use
fs_use_trans devpts system:object_r:system:sens;
fs_use_xattr ext3 system:object_r:system:sens;
fs_use_task pipefs system:object_r:system:sens;

#genfscon
genfscon proc / system:object_r:system:sens
genfscon proc /sys system:object_r:system:sens
genfscon selinuxfs / system:object_r:system:sens:begin.end

portcon tcp 80 system:object_r:system:sens

netifcon eth0 system:object_r:system:sens system:object_r:system:sens

nodecon 127.0.0.1 255.255.255.255 system:object_r:system:sens:begin
nodecon ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system:object_r:system:sens:begin