selinux/libsepol/tests/policies/test-linker/module2.conf

67 lines
1.2 KiB
Plaintext

module linker_test_2 1.0;
require {
class file { read write };
class lnk_file { unlink };
attribute g_b_attr_5;
attribute g_b_attr_6;
attribute g_m1_attr_3;
attribute o3_m1_attr_2;
}
type tag_g_m2;
type g_m2_type_1;
role g_m2_role_1;
role g_m2_role_1 types g_m2_type_1;
type g_m2_type_4, g_b_attr_5;
type g_m2_type_5, g_b_attr_6;
#add types to role declared in base test
type g_m2_type_2;
role g_b_role_3;
role g_b_role_3 types g_m2_type_2;
#optional base role w/ adds in 2 modules
role o4_b_role_1;
role o4_b_role_1 types g_m2_type_1;
# attr a added to in base optional, declared/added to in module, added to in other module
type g_m2_type_3, g_m1_attr_3;
# attr a added to in base optional, declared/added in module optional, added to in other module
type g_m2_type_6, o3_m1_attr_2;
# cond mapping tests
bool g_m2_bool_1 true;
bool g_m2_bool_2 false;
if (g_m2_bool_1 && g_m2_bool_2) {
allow g_m2_type_1 g_m2_type_2 : lnk_file unlink;
}
optional {
require {
type optional_type;
}
type tag_o1_m2;
type o1_m2_type_1;
role o1_m2_role_1;
role o1_m2_role_1 types o1_m2_type_1;
}
optional {
require {
attribute g_m1_attr_4;
attribute o4_m1_attr_1;
}
type tag_o2_m2;
type o2_m2_type_1, g_m1_attr_4;
type o2_m2_type_2, o4_m1_attr_1;
}