class infoflow
class infoflow2
class infoflow3
class infoflow4
class infoflow5
class infoflow6
class infoflow7
class removed_class
class modified_add_perm
class modified_remove_perm
class modified_change_common

sid kernel
sid security

common infoflow
{
	low_w
	med_w
	hi_w
	low_r
	med_r
	hi_r
}

common removed_common
{
    old_com
}

common modified_remove_perm
{
    same_perm
    removed_perm
}

common modified_add_perm
{
    matched_perm
}

class infoflow
inherits infoflow

class infoflow2
inherits infoflow
{
	super_w
	super_r
}

class infoflow3
{
	null
}

class infoflow4
inherits infoflow

class infoflow5
inherits infoflow

class infoflow6
inherits infoflow

class infoflow7
inherits infoflow
{
	super_w
	super_r
	super_none
	super_both
	super_unmapped
}

class removed_class
{
    null_perm
}

class modified_add_perm
{
    same_perm
}

class modified_remove_perm
{
    same_perm
    removed_perm
}

class modified_change_common
inherits removed_common

sensitivity low_s;
sensitivity medium_s alias med;
sensitivity high_s;

dominance { low_s med high_s }

category here;
category there;
category elsewhere alias lost;

#level decl
level low_s:here.there;
level med:here, elsewhere;
level high_s:here.lost;

#some constraints
mlsconstrain infoflow hi_r ((l1 dom l2) or (t1 == mls_exempt));

attribute mls_exempt;
attribute an_attr;

type system;
role system;
role system types system;

################################################################################
# Type enforcement declarations and rules

type removed_type;

type modified_remove_attr, an_attr;

type modified_remove_alias alias an_alias;

type modified_remove_permissive;
permissive modified_remove_permissive;

type modified_add_attr;

type modified_add_alias;

type modified_add_permissive;

role removed_role;

role modified_add_type;

role modified_remove_type;
role modified_remove_type types { system };

################################################################################

#users
user system roles system level med range low_s - high_s:here.lost;

#normal constraints
constrain infoflow hi_w (u1 == u2);

#isids
sid kernel system:system:system:medium_s:here
sid security system:system:system:high_s:lost

#fs_use
fs_use_trans devpts system:object_r:system:low_s;
fs_use_xattr ext3 system:object_r:system:low_s;
fs_use_task pipefs system:object_r:system:low_s;

#genfscon
genfscon proc / system:object_r:system:med
genfscon proc /sys system:object_r:system:low_s
genfscon selinuxfs / system:object_r:system:high_s:here.there

portcon tcp 80 system:object_r:system:low_s

netifcon eth0 system:object_r:system:low_s system:object_r:system:low_s

nodecon 127.0.0.1 255.255.255.255 system:object_r:system:low_s:here
nodecon ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system:object_r:system:low_s:here