RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-01-30 03:32:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
62ffea7fce
setools/tests/rolequery.conf
Chris PeBenito 4684eca5bc tests: Revise unit tests for binary-only policy support. 
Closes #72
2018-06-15 20:26:49 -04:00

193 lines
3.5 KiB
Plaintext
Raw Blame History

class infoflow
class infoflow2
class infoflow3
class infoflow4
class infoflow5
class infoflow6
class infoflow7
sid kernel
sid security
common infoflow
{
low_w
med_w
hi_w
low_r
med_r
hi_r
}
class infoflow
inherits infoflow
class infoflow2
inherits infoflow
{
super_w
super_r
}
class infoflow3
{
null
}
class infoflow4
inherits infoflow
class infoflow5
inherits infoflow
class infoflow6
inherits infoflow
class infoflow7
inherits infoflow
{
super_w
super_r
super_none
super_both
super_unmapped
}
sensitivity low_s;
sensitivity medium_s alias med;
sensitivity high_s;
dominance { low_s med high_s }
category here;
category there;
category elsewhere alias lost;
#level decl
level low_s:here.there;
level med:here, elsewhere;
level high_s:here.lost;
#some constraints
mlsconstrain infoflow hi_r ((l1 dom l2) or (t1 == mls_exempt));
attribute mls_exempt;
type system;
role system;
role system types system;
################################################################################
# Type enforcement declarations and rules
allow system system:infoflow3 null;
########################################
#
# Role Query
#
# test 1
# name: test1
# types: unset
role test1;
# test 2
# name: test2(a|b) regex
# types: unset
role test2a;
role test2b;
# test 10
# name: unset
# types: test10a,test10b
type test10a;
type test10b;
type test10c;
role test10r1;
role test10r2;
role test10r3;
role test10r4;
role test10r5;
role test10r6;
role test10r7;
role test10r1 types test10a;
role test10r2 types { test10a test10b };
role test10r3 types { test10a test10b test10c };
role test10r4 types { test10b test10c };
role test10r5 types { test10a test10c };
role test10r6 types test10b;
role test10r7 types test10c;
# test 11
# name: unset
# types: test11a,test11b equal
type test11a;
type test11b;
type test11c;
role test11r1;
role test11r2;
role test11r3;
role test11r4;
role test11r5;
role test11r6;
role test11r7;
role test11r1 types test11a;
role test11r2 types { test11a test11b };
role test11r3 types { test11a test11b test11c };
role test11r4 types { test11b test11c };
role test11r5 types { test11a test11c };
role test11r6 types test11b;
role test11r7 types test11c;
# test 12
# name: unset
# types: test12(a|b) regex
type test12a;
type test12b;
type test12c;
role test12r1;
role test12r2;
role test12r3;
role test12r4;
role test12r5;
role test12r6;
role test12r7;
role test12r1 types test12a;
role test12r2 types { test12a test12b };
role test12r3 types { test12a test12b test12c };
role test12r4 types { test12b test12c };
role test12r5 types { test12a test12c };
role test12r6 types test12b;
role test12r7 types test12c;
################################################################################
#users
user system roles system level med range low_s - high_s:here.lost;
#normal constraints
constrain infoflow hi_w (u1 == u2);
#isids
sid kernel system:system:system:medium_s:here
sid security system:system:system:high_s:lost
#fs_use
fs_use_trans devpts system:object_r:system:low_s;
fs_use_xattr ext3 system:object_r:system:low_s;
fs_use_task pipefs system:object_r:system:low_s;
#genfscon
genfscon proc / system:object_r:system:med
genfscon proc /sys system:object_r:system:low_s
genfscon selinuxfs / system:object_r:system:high_s:here.there
portcon tcp 80 system:object_r:system:low_s
netifcon eth0 system:object_r:system:low_s system:object_r:system:low_s
nodecon 127.0.0.1 255.255.255.255 system:object_r:system:low_s:here
nodecon ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system:object_r:system:low_s:here
Reference in New Issue View Git Blame Copy Permalink