mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-13 09:34:54 +00:00
139 lines
2.7 KiB
Plaintext
139 lines
2.7 KiB
Plaintext
module linker_test_1 1.0;
|
|
|
|
require {
|
|
class file { read write };
|
|
class lnk_file append;
|
|
role g_b_role_2;
|
|
attribute g_b_attr_3;
|
|
attribute g_b_attr_5;
|
|
attribute o4_b_attr_1;
|
|
type g_b_type_3;
|
|
}
|
|
|
|
type tag_g_m1;
|
|
|
|
#test for type in module and attr in module, added to in module
|
|
attribute g_m1_attr_1;
|
|
type g_m1_type_1, g_m1_attr_1;
|
|
type g_m1_type_2;
|
|
typeattribute g_m1_type_2 g_m1_attr_1;
|
|
|
|
#add role in module test
|
|
role g_m1_role_1 types g_m1_type_1;
|
|
|
|
# test for attr declared in base, added to in module
|
|
type g_m1_type_3;
|
|
typeattribute g_m1_type_3 g_b_attr_3;
|
|
|
|
# test for attr declared in base, added to in 2 modules
|
|
type g_m1_type_4;
|
|
typeattribute g_m1_type_4 g_b_attr_5;
|
|
|
|
# test for attr declared in base optional, added to in module
|
|
type g_m1_type_5;
|
|
typeattribute g_m1_type_5 o4_b_attr_1;
|
|
|
|
# test for attr declared in module, added to in base optional
|
|
attribute g_m1_attr_2;
|
|
|
|
#add type to base role test
|
|
role g_b_role_2 types g_m1_type_1;
|
|
role g_b_role_3 types g_m1_type_2;
|
|
|
|
#add type to base optional role test
|
|
role o1_b_role_2 types g_m1_type_1;
|
|
|
|
#optional base role w/ adds in 2 modules
|
|
role o4_b_role_1 types g_m1_type_2;
|
|
|
|
# attr a added to in base optional, declared/added to in module, added to in other module
|
|
attribute g_m1_attr_3;
|
|
type g_m1_type_6, g_m1_attr_3;
|
|
|
|
# attr a added to in base optional, declared/added in module , added to in other module optional
|
|
attribute g_m1_attr_4;
|
|
type g_m1_type_7, g_m1_attr_4;
|
|
|
|
# alias tests
|
|
typealias g_b_type_3 alias g_m_alias_1;
|
|
|
|
# single boolean in module
|
|
bool g_m1_bool_1 true;
|
|
if (g_m1_bool_1) {
|
|
allow g_m1_type_1 g_m1_type_2 : lnk_file append;
|
|
}
|
|
|
|
|
|
optional {
|
|
require {
|
|
type optional_type;
|
|
attribute g_b_attr_4;
|
|
attribute o1_b_attr_2;
|
|
class lnk_file { ioctl };
|
|
}
|
|
|
|
type tag_o1_m1;
|
|
|
|
attribute o1_m1_attr_1;
|
|
type o1_m1_type_2, o1_m1_attr_1;
|
|
|
|
type o1_m1_type_1;
|
|
role o1_m1_role_1 types o1_m1_type_1;
|
|
|
|
type o1_m1_type_3;
|
|
typeattribute o1_m1_type_3 g_b_attr_4;
|
|
|
|
type o1_m1_type_5;
|
|
typeattribute o1_m1_type_5 o1_b_attr_2;
|
|
|
|
bool o1_m1_bool_1 false;
|
|
if (o1_m1_bool_1) {
|
|
allow o1_m1_type_2 o1_m1_type_1 : lnk_file ioctl;
|
|
}
|
|
|
|
}
|
|
|
|
optional {
|
|
require {
|
|
type optional_type;
|
|
#role g_b_role_4; // This causes a bug where the role scope doesn't get copied into base
|
|
}
|
|
|
|
type tag_o2_m1;
|
|
|
|
role g_b_role_4 types g_m1_type_2;
|
|
}
|
|
|
|
optional {
|
|
require {
|
|
attribute g_b_attr_6;
|
|
}
|
|
|
|
type tag_o3_m1;
|
|
|
|
type o3_m1_type_1;
|
|
role o3_b_role_1 types o3_m1_type_1;
|
|
|
|
type o3_m1_type_2, g_b_attr_6;
|
|
|
|
attribute o3_m1_attr_1;
|
|
|
|
# attr a added to in base optional, declared/added in module optional, added to in other module
|
|
attribute o3_m1_attr_2;
|
|
type o3_m1_type_3, o3_m1_attr_2;
|
|
|
|
}
|
|
|
|
optional {
|
|
require {
|
|
type enable_optional;
|
|
}
|
|
type tag_o4_m1;
|
|
|
|
attribute o4_m1_attr_1;
|
|
type o4_m1_type_1;
|
|
typeattribute o4_m1_type_1 o4_m1_attr_1;
|
|
|
|
|
|
}
|