mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-21 21:50:00 +00:00
66 lines
1.7 KiB
Plaintext
66 lines
1.7 KiB
Plaintext
|
(handleunknown deny)
|
||
|
(class cl01 (p01a p01b p11a p11b))
|
||
|
(classorder (cl01))
|
||
|
(sid kernel)
|
||
|
(sidorder (kernel))
|
||
|
(mls true)
|
||
|
(sensitivity s01)
|
||
|
(sensitivityorder (s01))
|
||
|
(category c01)
|
||
|
(categoryorder (c01))
|
||
|
(sensitivitycategory s01 (c01))
|
||
|
(typeattribute at01)
|
||
|
(typeattribute at02)
|
||
|
(boolean b01 false)
|
||
|
(type tp01)
|
||
|
(type tp02)
|
||
|
(type tp04)
|
||
|
(type tpr1)
|
||
|
(type tpr2)
|
||
|
(type tpr3)
|
||
|
(type tpr4)
|
||
|
(type tpr5)
|
||
|
(typeattributeset at01 (tp01))
|
||
|
(typeattributeset at02 (tp01 tp02))
|
||
|
(allow at02 tpr1 (cl01 (p11a p01a p01b)))
|
||
|
(allow at02 tpr3 (cl01 (p11a p01a p01b)))
|
||
|
(allow tp01 at01 (cl01 (p11b)))
|
||
|
(allow tp01 self (cl01 (p11a p01a)))
|
||
|
(allow tp01 tp01 (cl01 (p01b)))
|
||
|
(allow tp01 tpr1 (cl01 (p11a p11b p01a p01b)))
|
||
|
(allow tp02 tpr1 (cl01 (p11a p01a)))
|
||
|
(dontaudit at02 tpr2 (cl01 (p11a p01a p01b)))
|
||
|
(dontaudit at02 tpr4 (cl01 (p11a p01a p01b)))
|
||
|
(dontaudit tp01 tpr2 (cl01 (p11a p11b p01a p01b)))
|
||
|
(dontaudit tp02 tpr2 (cl01 (p11a p01a)))
|
||
|
(booleanif (b01)
|
||
|
(true
|
||
|
(allow tp01 tpr3 (cl01 (p11a p11b p01a p01b)))
|
||
|
(allow tp01 tpr5 (cl01 (p11a p11b p01a p01b)))
|
||
|
(allow tp02 tpr3 (cl01 (p11a p01a)))
|
||
|
(allow tp02 tpr5 (cl01 (p11a p01a)))
|
||
|
(dontaudit tp01 tpr4 (cl01 (p11a p11b p01a p01b)))
|
||
|
(dontaudit tp02 tpr4 (cl01 (p11a p01a)))
|
||
|
)
|
||
|
(false
|
||
|
(allow at02 tpr5 (cl01 (p11a p01a p01b)))
|
||
|
)
|
||
|
)
|
||
|
(role object_r)
|
||
|
(role rl01)
|
||
|
(roletype rl01 tp01)
|
||
|
(roletype object_r tp01)
|
||
|
(roletype object_r tp02)
|
||
|
(roletype object_r tp04)
|
||
|
(roletype object_r tpr1)
|
||
|
(roletype object_r tpr2)
|
||
|
(roletype object_r tpr3)
|
||
|
(roletype object_r tpr4)
|
||
|
(roletype object_r tpr5)
|
||
|
(user us01)
|
||
|
(userrole us01 object_r)
|
||
|
(userrole us01 rl01)
|
||
|
(userlevel us01 (s01))
|
||
|
(userrange us01 ((s01) (s01)))
|
||
|
(sidcontext kernel (us01 rl01 tp01 ((s01) (s01))))
|