RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-01-30 03:32:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
62ffea7fce
setools/tests/userquery.conf
Chris PeBenito 4684eca5bc tests: Revise unit tests for binary-only policy support. 
Closes #72
2018-06-15 20:26:49 -04:00

263 lines
5.5 KiB
Plaintext
Raw Blame History

class infoflow
class infoflow2
class infoflow3
class infoflow4
class infoflow5
class infoflow6
class infoflow7
sid kernel
sid security
common infoflow
{
low_w
med_w
hi_w
low_r
med_r
hi_r
}
class infoflow
inherits infoflow
class infoflow2
inherits infoflow
{
super_w
super_r
}
class infoflow3
{
null
}
class infoflow4
inherits infoflow
class infoflow5
inherits infoflow
class infoflow6
inherits infoflow
class infoflow7
inherits infoflow
{
super_w
super_r
super_none
super_both
super_unmapped
}
sensitivity s0;
sensitivity s1;
sensitivity s2;
sensitivity s3;
sensitivity s4;
sensitivity s5;
sensitivity s6;
dominance { s0 s1 s2 s3 s4 s5 s6 }
category c0;
category c1;
category c2;
category c3;
category c4;
category c5;
category c6;
category c7;
#level decl
level s0:c0.c7;
level s1:c0.c7;
level s2:c0.c7;
level s3:c0.c7;
level s4:c0.c7;
level s5:c0.c7;
level s6:c0.c7;
#some constraints
mlsconstrain infoflow hi_r ((l1 dom l2) or (t1 == mls_exempt));
attribute mls_exempt;
type system;
role system;
role system types system;
################################################################################
# Type enforcement declarations and rules
allow system system:infoflow3 null;
########################################
#
# User Query
#
role test1_r;
role test2a_r;
role test2b_r;
role test10a_r;
role test10b_r;
role test10c_r;
role test11a_r;
role test11b_r;
role test11c_r;
role test12a_r;
role test12b_r;
role test12c_r;
# test 1
# name: test1_u
# roles: unset
user test1_u roles test1_r level s3:c5,c7 range s3:c5,c7;
# test 2
# name: test2_u(1|2) regex
# roles: unset
user test2_u1 roles test2a_r level s3:c5,c7 range s3:c5,c7;
user test2_u2 roles test2b_r level s3:c5,c7 range s3:c5,c7;
# test 10
# name: unset
# roles: test10a_r,test10b_r
user test10_u1 roles test10a_r level s3:c5,c7 range s3:c5,c7;
user test10_u2 roles { test10a_r test10b_r } level s3:c5,c7 range s3:c5,c7;
user test10_u3 roles { test10a_r test10b_r test10c_r } level s3:c5,c7 range s3:c5,c7;
user test10_u4 roles { test10b_r test10c_r } level s3:c5,c7 range s3:c5,c7;
user test10_u5 roles { test10a_r test10c_r } level s3:c5,c7 range s3:c5,c7;
user test10_u6 roles test10b_r level s3:c5,c7 range s3:c5,c7;
user test10_u7 roles test10c_r level s3:c5,c7 range s3:c5,c7;
# test 11
# name: unset
# roles: test11a_r,test11b_r equal
user test11_u1 roles test11a_r level s3:c5,c7 range s3:c5,c7;
user test11_u2 roles { test11a_r test11b_r } level s3:c5,c7 range s3:c5,c7;
user test11_u3 roles { test11a_r test11b_r test11c_r } level s3:c5,c7 range s3:c5,c7;
user test11_u4 roles { test11b_r test11c_r } level s3:c5,c7 range s3:c5,c7;
user test11_u5 roles { test11a_r test11c_r } level s3:c5,c7 range s3:c5,c7;
user test11_u6 roles test11b_r level s3:c5,c7 range s3:c5,c7;
user test11_u7 roles test11c_r level s3:c5,c7 range s3:c5,c7;
# test 12
# name: unset
# roles: test12(a|b)_r regex
user test12_u1 roles test12a_r level s3:c5,c7 range s3:c5,c7;
user test12_u2 roles { test12a_r test12b_r } level s3:c5,c7 range s3:c5,c7;
user test12_u3 roles { test12a_r test12b_r test12c_r } level s3:c5,c7 range s3:c5,c7;
user test12_u4 roles { test12b_r test12c_r } level s3:c5,c7 range s3:c5,c7;
user test12_u5 roles { test12a_r test12c_r } level s3:c5,c7 range s3:c5,c7;
user test12_u6 roles test12b_r level s3:c5,c7 range s3:c5,c7;
user test12_u7 roles test12c_r level s3:c5,c7 range s3:c5,c7;
# test 20
# name: unset
# roles: unset
# level: equal
# range: unset
user test20 roles system level s3:c0,c4 range s3 - s3:c0.c4,c7;
# test 21
# name: unset
# roles: unset
# level: high, dom
# range: unset
user test21 roles system level s2:c1,c4 range s2 - s2:c0.c4,c7;
# test 22
# name: unset
# roles: unset
# level: high, domby
# range: unset
user test22 roles system level s4:c2,c4 range s4 - s4:c0.c4,c7;
# test 23
# name: unset
# roles: unset
# level: high, incomp
# range: unset
user test23 roles system level s3:c6 range s3 - s3:c0.c7;
# test 40:
# name: unset
# roles: unset
# level: unset
# range: equal
user test40 roles system level s0:c5 range s0:c5 - s0:c0.c5;
# test 41:
# name: unset
# roles: unset
# level: unset
# range: overlap
user test41 roles system level s1:c5 range s1:c5 - s1:c1.c3,c5;
# test 42:
# name: unset
# roles: unset
# level: unset
# range: subset
user test42 roles system level s2:c5 range s2:c5 - s2:c1.c3,c5;
# test 43:
# name: unset
# roles: unset
# level: unset
# range: superset
user test43 roles system level s3:c5 range s3:c5 - s3:c1.c3,c5,c6;
# test 44:
# name: unset
# roles: unset
# level: unset
# range: proper subset
user test44 roles system level s4:c5 range s4:c5 - s4:c1.c3,c5;
# test 45:
# name: unset
# roles: unset
# level: unset
# range: proper superset
user test45 roles system level s5:c5 range s5:c5 - s5:c1.c3,c5;
################################################################################
#users
user system roles system level s0:c5 range s0:c5;
#normal constraints
constrain infoflow hi_w (u1 == u2);
#isids
sid kernel system:system:system:s0:c5
sid security system:system:system:s0:c5
#fs_use
fs_use_trans devpts system:object_r:system:s0:c5;
fs_use_xattr ext3 system:object_r:system:s0:c5;
fs_use_task pipefs system:object_r:system:s0:c5;
#genfscon
genfscon proc / system:object_r:system:s3
genfscon proc /sys system:object_r:system:s0:c5
genfscon selinuxfs / system:object_r:system:s3:c0.c4
portcon tcp 80 system:object_r:system:s0:c5
netifcon eth0 system:object_r:system:s0:c5 system:object_r:system:s0:c5
nodecon 127.0.0.1 255.255.255.255 system:object_r:system:s0:c5
nodecon ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system:object_r:system:s0:c5
Reference in New Issue View Git Blame Copy Permalink