class infoflow
class infoflow2
class infoflow3
class infoflow4
class infoflow5
class infoflow6
class infoflow7
class process
class file
class sock_file

sid kernel
sid security

common infoflow
{
	low_w
	med_w
	hi_w
	low_r
	med_r
	hi_r
}

class infoflow
inherits infoflow

class infoflow2
inherits infoflow
{
	super_w
	super_r
}

class infoflow3
{
	null
}

class infoflow4
inherits infoflow

class infoflow5
inherits infoflow

class infoflow6
inherits infoflow

class infoflow7
inherits infoflow
{
	super_w
	super_r
	super_none
	super_both
	super_unmapped
}

class process
{
	transition
	dyntransition
	setexec
	setcurrent
}

class file
{
	execute
	entrypoint
}

class sock_file
{
    execute
}

sensitivity low_s;
sensitivity medium_s alias med;
sensitivity high_s;

dominance { low_s med high_s }

category here;
category there;
category elsewhere alias lost;

#level decl
level low_s:here.there;
level med:here, elsewhere;
level high_s:here.lost;

#some constraints
mlsconstrain infoflow hi_r ((l1 dom l2) or (t1 == mls_exempt));

attribute mls_exempt;

type system;
role system;
role system types system;

################################################################################
# Type enforcement declarations and rules

########################################
#
# Domain transition analysis
#

# The extent of the valid transition graph:
#
# start -> trans1 -> trans2 -> trans3 -> trans5
#  |
#  | -> dyntrans100 -> bothtrans200
#
# Everything else is invalid

# test 1
# type_transition  start -> trans1
type start;
type trans1;
type trans1_exec;
allow start trans1:process transition;
allow start trans1_exec:file execute;
allow trans1 trans1_exec:file entrypoint;
type_transition start trans1_exec:process trans1;

# test 2
# setexec trans1 -> trans2
type trans2;
type trans2_exec;
allow trans1 self:process setexec;
allow trans1 trans2:process transition;
allow trans1 trans2_exec:file execute;
allow trans2 trans2_exec:file entrypoint;

# test 3
# type_transiton and setexec trans2 -> trans3
# 2 entrypoints
type trans3;
type trans3_exec1;
type trans3_exec2;
allow trans2 self:process setexec;
allow trans2 trans3:process transition;
allow trans2 { trans3_exec1 trans3_exec2 }:file execute;
allow trans3 { trans3_exec1 trans3_exec2 }:file entrypoint;
type_transition trans2 trans3_exec1:process trans3;

# test 4
# invalid transition, no type_transition/setexec
type trans4;
type trans4_exec;
allow start trans4:process transition;
allow start trans4_exec:file execute;
allow trans4 trans4_exec:file entrypoint;

# test 5
# type_transition trans3 -> trans5
# 1 entrypoint w/conditional type_trans
# This makes sure the type_transition fully
# matches as expected.
type trans5;
type trans5_exec;
bool trans5 false;
allow trans3 trans5:process transition;
allow trans3 trans5_exec:file execute;
allow trans5 trans5_exec:file entrypoint;
if(trans5) {
type_transition trans3 trans5_exec:process trans5;
} else {
type_transition trans3 trans5_exec:process trans4;
}


# test 100
# dyntrans start -> dyntrans100
type dyntrans100;
allow start self:process setcurrent;
allow start dyntrans100:process dyntransition;

# test 101
# invalid dyntransition, no setcurrent
type dyntrans101;
type dyntrans102;
allow dyntrans101 dyntrans102:process dyntransition;


# test 200
# all transition possiblities dyntrans100 -> bothtrans200
type bothtrans200;
type bothtrans200_exec;
allow dyntrans100 self:process { setexec setcurrent };
allow dyntrans100 bothtrans200:process { transition dyntransition };
allow dyntrans100 bothtrans200_exec:file execute;
allow bothtrans200 bothtrans200_exec:file entrypoint;
type_transition dyntrans100 bothtrans200_exec:process bothtrans200;

# test 201
# no loops in graph
type bothtrans201;
type bothtrans201_exec;
allow bothtrans201 self:process { setexec setcurrent };
allow bothtrans201 bothtrans201:process { transition dyntransition };
allow bothtrans201 bothtrans201_exec:file { execute entrypoint };

# test 300
# auditallow by itself does not work for execute perms
type trans300;
type trans300_exec;
allow start trans300:process transition;
auditallow start trans300_exec:file execute;
allow trans300 trans300_exec:file entrypoint;
type_transition start trans300_exec:process trans300;

# test 301
# wrong class for type transition
type trans301;
type trans301_exec;
allow start trans301:process transition;
allow start trans301_exec:file execute;
allow trans301 trans301_exec:file entrypoint;
type_transition start trans301_exec:file trans301;

# test 302
# wrong class for exec perms
type trans302;
type trans302_exec;
allow start trans302:process transition;
allow start trans302_exec:sock_file execute;
allow trans302 trans302_exec:file entrypoint;
type_transition start trans302_exec:file trans302;

################################################################################

#users
user system roles system level med range low_s - high_s:here.lost;

#normal constraints
constrain infoflow hi_w (u1 == u2);

#isids
sid kernel system:system:system:medium_s:here
sid security system:system:system:high_s:lost

#fs_use
fs_use_trans devpts system:object_r:system:low_s;
fs_use_xattr ext3 system:object_r:system:low_s;
fs_use_task pipefs system:object_r:system:low_s;

#genfscon
genfscon proc / system:object_r:system:med
genfscon proc /sys system:object_r:system:low_s
genfscon selinuxfs / system:object_r:system:high_s:here.there

portcon tcp 80 system:object_r:system:low_s

netifcon eth0 system:object_r:system:low_s system:object_r:system:low_s

nodecon 127.0.0.1 255.255.255.255 system:object_r:system:low_s:here
nodecon ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system:object_r:system:low_s:here