selinux/libsepol/tests/policies/test-linker/module1.conf
2008-08-19 15:30:36 -04:00

139 lines
2.7 KiB
Plaintext

module linker_test_1 1.0;
require {
class file { read write };
class lnk_file append;
role g_b_role_2;
attribute g_b_attr_3;
attribute g_b_attr_5;
attribute o4_b_attr_1;
type g_b_type_3;
}
type tag_g_m1;
#test for type in module and attr in module, added to in module
attribute g_m1_attr_1;
type g_m1_type_1, g_m1_attr_1;
type g_m1_type_2;
typeattribute g_m1_type_2 g_m1_attr_1;
#add role in module test
role g_m1_role_1 types g_m1_type_1;
# test for attr declared in base, added to in module
type g_m1_type_3;
typeattribute g_m1_type_3 g_b_attr_3;
# test for attr declared in base, added to in 2 modules
type g_m1_type_4;
typeattribute g_m1_type_4 g_b_attr_5;
# test for attr declared in base optional, added to in module
type g_m1_type_5;
typeattribute g_m1_type_5 o4_b_attr_1;
# test for attr declared in module, added to in base optional
attribute g_m1_attr_2;
#add type to base role test
role g_b_role_2 types g_m1_type_1;
role g_b_role_3 types g_m1_type_2;
#add type to base optional role test
role o1_b_role_2 types g_m1_type_1;
#optional base role w/ adds in 2 modules
role o4_b_role_1 types g_m1_type_2;
# attr a added to in base optional, declared/added to in module, added to in other module
attribute g_m1_attr_3;
type g_m1_type_6, g_m1_attr_3;
# attr a added to in base optional, declared/added in module , added to in other module optional
attribute g_m1_attr_4;
type g_m1_type_7, g_m1_attr_4;
# alias tests
typealias g_b_type_3 alias g_m_alias_1;
# single boolean in module
bool g_m1_bool_1 true;
if (g_m1_bool_1) {
allow g_m1_type_1 g_m1_type_2 : lnk_file append;
}
optional {
require {
type optional_type;
attribute g_b_attr_4;
attribute o1_b_attr_2;
class lnk_file { ioctl };
}
type tag_o1_m1;
attribute o1_m1_attr_1;
type o1_m1_type_2, o1_m1_attr_1;
type o1_m1_type_1;
role o1_m1_role_1 types o1_m1_type_1;
type o1_m1_type_3;
typeattribute o1_m1_type_3 g_b_attr_4;
type o1_m1_type_5;
typeattribute o1_m1_type_5 o1_b_attr_2;
bool o1_m1_bool_1 false;
if (o1_m1_bool_1) {
allow o1_m1_type_2 o1_m1_type_1 : lnk_file ioctl;
}
}
optional {
require {
type optional_type;
#role g_b_role_4; // This causes a bug where the role scope doesn't get copied into base
}
type tag_o2_m1;
role g_b_role_4 types g_m1_type_2;
}
optional {
require {
attribute g_b_attr_6;
}
type tag_o3_m1;
type o3_m1_type_1;
role o3_b_role_1 types o3_m1_type_1;
type o3_m1_type_2, g_b_attr_6;
attribute o3_m1_attr_1;
# attr a added to in base optional, declared/added in module optional, added to in other module
attribute o3_m1_attr_2;
type o3_m1_type_3, o3_m1_attr_2;
}
optional {
require {
type enable_optional;
}
type tag_o4_m1;
attribute o4_m1_attr_1;
type o4_m1_type_1;
typeattribute o4_m1_type_1 o4_m1_attr_1;
}