mirror of
https://github.com/SELinuxProject/selinux
synced 2025-03-04 01:07:31 +00:00
b19eafb97f
git-subtree-dir: libsepol/cil git-subtree-split: c13ce01bafc9208ce8de322d47188bdc7e945e7d
77 lines
760 B
Plaintext
77 lines
760 B
Plaintext
|
|
class testing
|
|
class fooclass
|
|
|
|
sid test_sid
|
|
#end
|
|
|
|
#sid decl
|
|
sid security
|
|
|
|
|
|
class testing
|
|
{
|
|
read
|
|
open
|
|
close
|
|
write
|
|
exec
|
|
}
|
|
class fooclass
|
|
{
|
|
read
|
|
open
|
|
close
|
|
write
|
|
exec
|
|
}
|
|
#end
|
|
|
|
#attribs
|
|
|
|
attribute attrs;
|
|
#end
|
|
|
|
|
|
type foo_t, attrs;
|
|
type typea_t;
|
|
type typeb_t;
|
|
type typec_t;
|
|
#end
|
|
|
|
|
|
bool foo_b true;
|
|
bool baz_b false;
|
|
#end
|
|
|
|
|
|
role foo_r types foo_t;
|
|
role rolea_r;
|
|
role roleb_r;
|
|
#end
|
|
|
|
#role decl
|
|
|
|
|
|
allow typea_t typeb_t : testing write;
|
|
allow typea_t typeb_t : testing {open close};
|
|
type_transition typea_t typeb_t : testing typec_t;
|
|
#end
|
|
|
|
#audit rules
|
|
#dontaudit {kernel} unknown : dir search;
|
|
|
|
|
|
allow rolea_r roleb_r;
|
|
#end
|
|
|
|
#rbac stuff
|
|
#allow system {guest local_user};
|
|
#allow local_user guest;
|
|
|
|
|
|
user foo_u roles foo_r;
|
|
#end
|
|
|
|
sid test_sid foo_u:foo_r:foo_t
|