mirror of
https://github.com/SELinuxProject/setools
synced 2025-02-22 15:16:58 +00:00
150 lines
2.0 KiB
Plaintext
150 lines
2.0 KiB
Plaintext
class infoflow
|
|
class infoflow2
|
|
class infoflow3
|
|
class infoflow4
|
|
class infoflow5
|
|
class infoflow6
|
|
class infoflow7
|
|
class infoflow8
|
|
class infoflow9
|
|
class infoflow10
|
|
|
|
sid kernel
|
|
sid security
|
|
|
|
common infoflow
|
|
{
|
|
low_w
|
|
med_w
|
|
hi_w
|
|
low_r
|
|
med_r
|
|
hi_r
|
|
}
|
|
|
|
common com_a
|
|
{
|
|
hi_w
|
|
hi_r
|
|
super_r
|
|
super_w
|
|
}
|
|
|
|
common com_b
|
|
{
|
|
send
|
|
recv
|
|
}
|
|
|
|
common com_c
|
|
{
|
|
getattr
|
|
setattr
|
|
read
|
|
write
|
|
}
|
|
|
|
class infoflow
|
|
inherits infoflow
|
|
|
|
class infoflow2
|
|
inherits infoflow
|
|
{
|
|
super_w
|
|
super_r
|
|
}
|
|
|
|
class infoflow3
|
|
{
|
|
null
|
|
}
|
|
|
|
class infoflow4
|
|
inherits infoflow
|
|
{
|
|
super_w
|
|
super_r
|
|
super_none
|
|
super_both
|
|
super_unmapped
|
|
}
|
|
|
|
class infoflow5
|
|
inherits com_a
|
|
|
|
class infoflow6
|
|
inherits com_b
|
|
|
|
class infoflow7
|
|
inherits infoflow
|
|
{
|
|
unmapped
|
|
}
|
|
|
|
class infoflow8
|
|
{
|
|
super_w
|
|
super_r
|
|
}
|
|
|
|
class infoflow9
|
|
inherits com_c
|
|
|
|
class infoflow10
|
|
{
|
|
read
|
|
write
|
|
}
|
|
|
|
sensitivity low_s;
|
|
sensitivity medium_s alias med;
|
|
sensitivity high_s;
|
|
|
|
dominance { low_s med high_s }
|
|
|
|
category here;
|
|
category there;
|
|
category elsewhere alias lost;
|
|
|
|
#level decl
|
|
level low_s:here.there;
|
|
level med:here, elsewhere;
|
|
level high_s:here.lost;
|
|
|
|
#some constraints
|
|
mlsconstrain infoflow hi_r ((l1 dom l2) or (t1 == mls_exempt));
|
|
|
|
attribute mls_exempt;
|
|
|
|
type system;
|
|
role system;
|
|
role system types system;
|
|
|
|
#users
|
|
user system roles system level med range low_s - high_s:here.lost;
|
|
|
|
#normal constraints
|
|
constrain infoflow hi_w (u1 == u2);
|
|
|
|
#isids
|
|
sid kernel system:system:system:medium_s:here
|
|
sid security system:system:system:high_s:lost
|
|
|
|
#fs_use
|
|
fs_use_trans devpts system:object_r:system:low_s;
|
|
fs_use_xattr ext3 system:object_r:system:low_s;
|
|
fs_use_task pipefs system:object_r:system:low_s;
|
|
|
|
#genfscon
|
|
genfscon proc / system:object_r:system:med
|
|
genfscon proc /sys system:object_r:system:low_s
|
|
genfscon selinuxfs / system:object_r:system:high_s:here.there
|
|
|
|
portcon tcp 80 system:object_r:system:low_s
|
|
|
|
netifcon eth0 system:object_r:system:low_s system:object_r:system:low_s
|
|
|
|
nodecon 127.0.0.1 255.255.255.255 system:object_r:system:low_s:here
|
|
nodecon ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system:object_r:system:low_s:here
|
|
|