selinux/checkpolicy/tests/policy_minimal.conf

# handle_unknown deny
class CLASS1
sid kernel
class CLASS1 { PERM1 }
type TYPE1;
allow TYPE1 self:CLASS1 { PERM1 };
role ROLE1;
role ROLE1 types { TYPE1 };
user USER1 roles ROLE1;
sid kernel USER1:ROLE1:TYPE1
checkpolicy: add round-trip tests Add round-trip tests for checkpolicy(8). Test standard and MLS minimal policies as well as SELinux and Xen policies with each available statement. The output is checked against an expected result and then then checked for idempotence. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> 2023-11-01 16:37:00 +00:00			`# handle_unknown deny`
			`class CLASS1`
			`sid kernel`
			`class CLASS1 { PERM1 }`
			`type TYPE1;`
			`allow TYPE1 self:CLASS1 { PERM1 };`
			`role ROLE1;`
			`role ROLE1 types { TYPE1 };`
			`user USER1 roles ROLE1;`
			`sid kernel USER1:ROLE1:TYPE1`