From ce5472845b17575d112a169724573ce9ce3b4ca0 Mon Sep 17 00:00:00 2001 From: James Carter Date: Thu, 11 Jun 2015 13:34:16 -0400 Subject: [PATCH] secilc: Add a CIL policy file to test bounds checking. Signed-off-by: James Carter --- secilc/test/bounds.cil | 241 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 241 insertions(+) create mode 100644 secilc/test/bounds.cil diff --git a/secilc/test/bounds.cil b/secilc/test/bounds.cil new file mode 100644 index 00000000..e72560e8 --- /dev/null +++ b/secilc/test/bounds.cil @@ -0,0 +1,241 @@ +(class CLASS (PERM)) +(classorder (CLASS)) +(sid SID) +(sidorder (SID)) +(user USER) +(role ROLE) +(type TYPE) +(category CAT) +(categoryorder (CAT)) +(sensitivity SENS) +(sensitivityorder (SENS)) +(sensitivitycategory SENS (CAT)) +(allow TYPE self (CLASS (PERM))) +(roletype ROLE TYPE) +(userrole USER ROLE) +(userlevel USER (SENS)) +(userrange USER ((SENS)(SENS (CAT)))) +(sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) + +(class c1 (p1a p1b p1c)) +(class c2 (p2a p2b p2c)) +(class c3 (p3a p3b p3c)) + +(classorder (CLASS c1 c2 c3)) + +(classpermission cp1) +(classpermissionset cp1 (c1 (p1a p1b))) +(classpermissionset cp1 (c2 (p2a))) + +(classmap cm1 (mp1)) +(classmapping cm1 mp1 + (c1 (p1a))) + +(boolean b_b1 false) +(boolean b_b2 false) +(boolean b_b3 false) + + +(type b_ta) +(type b_tb) +(type b_tc) +(type b_td) + + +;; All of these rules should pass the bounds check +(type b_t1) +(type b_t1_c) +(typebounds b_t1 b_t1_c) + +(allow b_t1 self (CLASS (PERM))) +(allow b_t1_c self (CLASS (PERM))) +(allow b_t1 b_ta (CLASS (PERM))) +(allow b_t1_c b_ta (CLASS (PERM))) +(allow b_ta b_t1 (CLASS (PERM))) +(allow b_ta b_t1_c (CLASS (PERM))) + +(booleanif b_b1 + (false + (allow b_t1 b_tb (CLASS (PERM))) + (allow b_t1_c b_tb (CLASS (PERM))) + (allow b_tb b_t1 (CLASS (PERM))) + (allow b_tb b_t1_c (CLASS (PERM))))) + +(allow b_t1 b_tc (CLASS (PERM))) +(allow b_tc b_t1 (CLASS (PERM))) +(booleanif b_b2 + (false + (allow b_t1_c b_tc (CLASS (PERM))) + (allow b_tc b_t1_c (CLASS (PERM))))) + +(allow b_t1_c b_td (CLASS (PERM))) +(allow b_td b_t1_c (CLASS (PERM))) +(booleanif b_b3 + (true + (allow b_t1 b_td (CLASS (PERM))) + (allow b_td b_t1 (CLASS (PERM)))) + (false + (allow b_t1 b_td (CLASS (PERM))) + (allow b_td b_t1 (CLASS (PERM))))) + + +;; All of these rules should pass the bounds check +(type b_t2) +(type b_t2_c) +(typebounds b_t2 b_t2_c) +(typeattribute b_a2) +(typeattribute b_a2_c) +(typeattributeset b_a2 b_t2) +(typeattributeset b_a2_c b_t2_c) + +(allow b_a2 self (CLASS (PERM))) +(allow b_a2_c self (CLASS (PERM))) +(allow b_a2 b_ta (CLASS (PERM))) +(allow b_a2_c b_ta (CLASS (PERM))) +(allow b_ta b_a2 (CLASS (PERM))) +(allow b_ta b_a2_c (CLASS (PERM))) + +(booleanif b_b1 + (false + (allow b_a2 b_tb (CLASS (PERM))) + (allow b_a2_c b_tb (CLASS (PERM))) + (allow b_tb b_a2 (CLASS (PERM))) + (allow b_tb b_a2_c (CLASS (PERM))))) + +(allow b_a2 b_tc (CLASS (PERM))) +(allow b_tc b_a2 (CLASS (PERM))) +(booleanif b_b2 + (false + (allow b_a2_c b_tc (CLASS (PERM))) + (allow b_tc b_a2_c (CLASS (PERM))))) + +(allow b_a2_c b_td (CLASS (PERM))) +(allow b_td b_a2_c (CLASS (PERM))) +(booleanif b_b3 + (true + (allow b_a2 b_td (CLASS (PERM))) + (allow b_td b_a2 (CLASS (PERM)))) + (false + (allow b_a2 b_td (CLASS (PERM))) + (allow b_td b_a2 (CLASS (PERM))))) + + +;; All of these rules should fail the bounds check +(type b_t3) +(type b_t3_c) +(typebounds b_t3 b_t3_c) + +(allow b_t3 self (CLASS (PERM))) +(allow b_t3_c self (c1 (p1a))) +(allow b_t3 b_ta (CLASS (PERM))) +(allow b_t3_c b_ta (c1 (p1a))) +(allow b_ta b_t3 (CLASS (PERM))) +(allow b_ta b_t3_c (c1 (p1a))) + +(booleanif b_b1 + (false + (allow b_t3_c b_tb (c1 (p1a))) + (allow b_tb b_t3_c (c1 (p1a))))) + +(booleanif b_b2 + (true + (allow b_t3_c b_tc (c1 (p1a))) + (allow b_tc b_t3_c (c1 (p1a)))) + (false + (allow b_t3 b_tc (c1 (p1a))) + (allow b_tc b_t3 (c1 (p1a))))) + +(allow b_t3_c b_td (c1 (p1a))) +(allow b_td b_t3_c (c1 (p1a))) +(booleanif b_b3 + (false + (allow b_t3 b_td (c1 (p1a))) + (allow b_td b_t3 (c1 (p1a))))) + + +;; All of these rules should fail the bounds check +(type b_t4) +(type b_t4_c) +(typebounds b_t4 b_t4_c) +(typeattribute b_a4) +(typeattribute b_a4_c) +(typeattributeset b_a4 b_t4) +(typeattributeset b_a4_c b_t4_c) + +(allow b_a4 self (CLASS (PERM))) +(allow b_a4_c self (c1 (p1a))) +(allow b_a4 b_ta (CLASS (PERM))) +(allow b_a4_c b_ta (c1 (p1a))) +(allow b_ta b_a4 (CLASS (PERM))) +(allow b_ta b_a4_c (c1 (p1a))) + +(booleanif b_b1 + (false + (allow b_a4_c b_tb (c1 (p1a))) + (allow b_tb b_a4_c (c1 (p1a))))) + +(booleanif b_b2 + (true + (allow b_a4_c b_tc (c1 (p1a))) + (allow b_tc b_a4_c (c1 (p1a)))) + (false + (allow b_a4 b_tc (c1 (p1a))) + (allow b_tc b_a4 (c1 (p1a))))) + +(allow b_a4_c b_td (c1 (p1a))) +(allow b_td b_a4_c (c1 (p1a))) +(booleanif b_b3 + (false + (allow b_a4 b_td (c1 (p1a))) + (allow b_td b_a4 (c1 (p1a))))) + + +;; Marked rules should fail, all others should pass +(type b_t5) +(type b_t5_c) +(typebounds b_t5 b_t5_c) + +(allow b_t5 b_ta cp1) +(allow b_t5_c b_ta (c1 (p1a))) +(allow b_t5_c b_ta (c2 (p2a))) +(allow b_t5_c b_ta (c2 (p2b))) ;; Fail +(allow b_t5_c b_ta (c3 (p3a))) ;; Fail + +(allow b_t5 b_tb (c1 (p1a p1b))) +(allow b_t5 b_tb (c2 (p2a))) +(allow b_t5_c b_tb cp1) + +(allow b_t5 b_tc (cm1 (mp1))) +(allow b_t5_c b_tc (c1 (p1a))) +(allow b_t5_c b_tc (c1 (p1b))) ;; Fail +(allow b_t5_c b_tc (c2 (p2a))) ;; Fail + +(allow b_t5 b_tc (c1 (p1a))) +(allow b_t5_c b_tc (cm1 (mp1))) + + +;; Marked rules should fail, all others should pass +(type b_t6a) +(type b_t6a_c) +(type b_t6b) +(type b_t6b_c) +(typebounds b_t6a b_t6a_c) +(typebounds b_t6b b_t6b_c) + +(allow b_t6a b_t6b (CLASS (PERM))) +(allow b_t6a_c b_t6b_c (CLASS (PERM))) + +;; Needs: (allow b_t6a b_t6b (c1 (p1a))) +(allow b_t6a_c b_t6b (c1 (p1a))) ;; Fail +(allow b_t6a_c b_t6b_c (c1 (p1a))) ;; Fail + +;; Needs: (allow b_t6a b_t6b (c2 (p2a))) +(allow b_t6a b_t6b_c (c2 (p2a))) ;; Fail +(allow b_t6a_c b_t6b (c2 (p2a))) ;; Fail +(allow b_t6a_c b_t6b_c (c2 (p2a))) + +;; Needs: (allow b_t6a b_t6b (c3 (p3c))) +(allow b_t6a b_t6b (c3 (p3a p3b))) +(allow b_t6a b_t6b_c (c3 (p3b p3c))) ;; Fail +(allow b_t6a_c b_t6b (c3 (p3a p3c))) ;; Fail +(allow b_t6a_c b_t6b_c (c3 (p3a p3b p3c))) ;; Fail