mirror of
https://github.com/SELinuxProject/setools
synced 2025-02-22 15:06:49 +00:00
133 lines
2.2 KiB
Plaintext
133 lines
2.2 KiB
Plaintext
class infoflow
|
|
class infoflow2
|
|
class infoflow3
|
|
class infoflow4
|
|
class infoflow5
|
|
class infoflow6
|
|
class infoflow7
|
|
|
|
sid kernel
|
|
sid security
|
|
|
|
common infoflow
|
|
{
|
|
low_w
|
|
med_w
|
|
hi_w
|
|
low_r
|
|
med_r
|
|
hi_r
|
|
}
|
|
|
|
class infoflow
|
|
inherits infoflow
|
|
|
|
class infoflow2
|
|
inherits infoflow
|
|
{
|
|
super_w
|
|
super_r
|
|
}
|
|
|
|
class infoflow3
|
|
{
|
|
null
|
|
}
|
|
|
|
class infoflow4
|
|
inherits infoflow
|
|
|
|
class infoflow5
|
|
inherits infoflow
|
|
|
|
class infoflow6
|
|
inherits infoflow
|
|
|
|
class infoflow7
|
|
inherits infoflow
|
|
{
|
|
super_w
|
|
super_r
|
|
super_none
|
|
super_both
|
|
super_unmapped
|
|
}
|
|
|
|
sensitivity sens;
|
|
|
|
dominance { sens }
|
|
|
|
category begin;
|
|
|
|
# test1
|
|
# name: test1
|
|
# alias: unset
|
|
category test1;
|
|
|
|
# test2
|
|
# name: test2(a|b)
|
|
# alias: unset
|
|
category test2a;
|
|
category test2b;
|
|
|
|
# test 10
|
|
# name: unset
|
|
# alias: test10a
|
|
category test10c1 alias { test10a test10c };
|
|
category test10c2 alias { test10b test10d };
|
|
|
|
# test 11
|
|
# name: unset
|
|
# alias: test11(a|b)
|
|
category test11c1 alias { test11a test11c };
|
|
category test11c2 alias { test11b test11d };
|
|
category test11c3 alias { test11e test11f };
|
|
|
|
category end;
|
|
|
|
#level decl
|
|
level sens:begin.end;
|
|
|
|
#some constraints
|
|
mlsconstrain infoflow hi_r ((l1 dom l2) or (t1 == mls_exempt));
|
|
|
|
attribute mls_exempt;
|
|
|
|
type system;
|
|
role system;
|
|
role system types system;
|
|
|
|
################################################################################
|
|
# Type enforcement declarations and rules
|
|
|
|
|
|
################################################################################
|
|
|
|
#users
|
|
user system roles system level sens range sens - sens:begin.end;
|
|
|
|
#normal constraints
|
|
constrain infoflow hi_w (u1 == u2);
|
|
|
|
#isids
|
|
sid kernel system:system:system:sens:begin
|
|
sid security system:system:system:sens:begin
|
|
|
|
#fs_use
|
|
fs_use_trans devpts system:object_r:system:sens;
|
|
fs_use_xattr ext3 system:object_r:system:sens;
|
|
fs_use_task pipefs system:object_r:system:sens;
|
|
|
|
#genfscon
|
|
genfscon proc / system:object_r:system:sens
|
|
genfscon proc /sys system:object_r:system:sens
|
|
genfscon selinuxfs / system:object_r:system:sens:begin.end
|
|
|
|
portcon tcp 80 system:object_r:system:sens
|
|
|
|
netifcon eth0 system:object_r:system:sens system:object_r:system:sens
|
|
|
|
nodecon 127.0.0.1 255.255.255.255 system:object_r:system:sens:begin
|
|
nodecon ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system:object_r:system:sens:begin
|
|
|