setools/tests/typequery.conf

class infoflow
class infoflow2
class infoflow3
class infoflow4
class infoflow5
class infoflow6
class infoflow7

sid kernel
sid security

common infoflow
{
	low_w
	med_w
	hi_w
	low_r
	med_r
	hi_r
}

class infoflow
inherits infoflow

class infoflow2
inherits infoflow
{
	super_w
	super_r
}

class infoflow3
{
	null
}

class infoflow4
inherits infoflow

class infoflow5
inherits infoflow

class infoflow6
inherits infoflow

class infoflow7
inherits infoflow
{
	super_w
	super_r
	super_none
	super_both
	super_unmapped
}

sensitivity low_s;
sensitivity medium_s alias med;
sensitivity high_s;

dominance { low_s med high_s }

category here;
category there;
category elsewhere alias lost;

#level decl
level low_s:here.there;
level med:here, elsewhere;
level high_s:here.lost;

#some constraints
mlsconstrain infoflow hi_r ((l1 dom l2) or (t1 == mls_exempt));

attribute mls_exempt;

type system;
role system;
role system types system;

################################################################################
# Type enforcement declarations and rules

allow system system:infoflow3 null;

########################################
#
# Type Query
#

# test 1
# name: test1
# attrs: unset
# alias: unset
type test1;

# test 2
# name: test2(a|b) regex
# attrs: unset
# alias: unset
type test2a;
type test2b;

# test 10
# name: unset
# attrs: test10a,test10b
# alias: unset
attribute test10a;
attribute test10b;
attribute test10c;
type test10t1, test10a;
type test10t2, test10a, test10b;
type test10t3, test10a, test10b, test10c;
type test10t4, test10b, test10c;
type test10t5, test10a, test10c;
type test10t6, test10b;
type test10t7, test10c;

# test 11
# name: unset
# attrs: test11a,test11b equal
# alias: unset
attribute test11a;
attribute test11b;
attribute test11c;
type test11t1, test11a;
type test11t2, test11a, test11b;
type test11t3, test11a, test11b, test11c;
type test11t4, test11b, test11c;
type test11t5, test11a, test11c;
type test11t6, test11b;
type test11t7, test11c;

# test 12
# name: unset
# attrs: test12(a|b) regex
# alias: unset
attribute test12a;
attribute test12b;
attribute test12c;
type test12t1, test12a;
type test12t2, test12a, test12b;
type test12t3, test12a, test12b, test12c;
type test12t4, test12b, test12c;
type test12t5, test12a, test12c;
type test12t6, test12b;
type test12t7, test12c;

# test 20
# name: unset
# attrs: unset
# alias: test20a
type test20t1 alias { test20a test20c };
type test20t2 alias { test20b test20d };

# test 21
# name: unset
# attrs: unset
# alias: test21(a|b)
type test21t1 alias { test21a test21c };
type test21t2 alias { test21b test21d };
type test21t3 alias { test21e test21f };

# test 22
# name: test22alias
# deref: True
# attrs: unset
# alias: unset
type test22 alias { test22alias test22a };

# test 30
# name: test30
# attrs: unset
# alias: unset
type test30;
type test30a;
permissive test30;

################################################################################

#users
user system roles system level med range low_s - high_s:here.lost;

#normal constraints
constrain infoflow hi_w (u1 == u2);

#isids
sid kernel system:system:system:medium_s:here
sid security system:system:system:high_s:lost

#fs_use
fs_use_trans devpts system:object_r:system:low_s;
fs_use_xattr ext3 system:object_r:system:low_s;
fs_use_task pipefs system:object_r:system:low_s;

#genfscon
genfscon proc / system:object_r:system:med
genfscon proc /sys system:object_r:system:low_s
genfscon selinuxfs / system:object_r:system:high_s:here.there

portcon tcp 80 system:object_r:system:low_s

netifcon eth0 system:object_r:system:low_s system:object_r:system:low_s

nodecon 127.0.0.1 255.255.255.255 system:object_r:system:low_s:here
nodecon ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system:object_r:system:low_s:here