class infoflow
class infoflow2
class infoflow3
class file
class process
class new_class

sid kernel
sid security

common infoflow
{
	low_w
	med_w
	hi_w
	low_r
	med_r
	hi_r
}

class infoflow
inherits infoflow

class infoflow2
inherits infoflow
{
	super
    new_perm
}

class infoflow3
{
	null
}

class new_class
{
    new_class_perm
}

class file
{
	execute
	entrypoint
}

class process
{
	transition
}

sensitivity low_s;
sensitivity medium_s alias med;
sensitivity high_s;

dominance { low_s med high_s }

category here;
category there;
category elsewhere alias lost;

#level decl
level low_s:here.there;
level med:here, elsewhere;
level high_s:here.lost;

#some constraints
mlsconstrain infoflow hi_r ((l1 dom l2) or (t1 == mls_exempt));

attribute mls_exempt;

type system;
role system;
role system types system;

################################################################################
# Note: these tests should be to determine if the graph
# is being constructed correctly.  It is assumed that the
# graph algorithms being used are correct, as they are
# unit tested by the NetworkX project itself.
#
#
# Max steps for all flows: 6
#
# Graph if min weight is 8
#
#
#        4 -> 6 -> 7       d1 <-> d2
#        ^
# 1 -> 2-/
#
#       3     5 -> 8 <-> 9
#
# Graph if min weight is 3
#
#
#        4 -> 6 -> 7       d1 <-> d2
#        ^    |
# 1 -> 2-/    |
#   \         v
#    -> 3     5 -> 8 <-> 9
#
# Graph if min weight is 1
#
#
#        4 -> 6 -> 7       d1 <-> d2
#        ^    |
# 1 -> 2-/    |
#   \         v
#    -> 3  -> 5 -> 8 <-> 9
#
#
#
attribute allnodes;
type node1, allnodes;
type node2, allnodes;
type node3, allnodes;
type node4, allnodes;
type node5, allnodes;
type node6, allnodes;
type node7, allnodes;
type node8, allnodes;
type node9, allnodes;

# no infoflow
allow allnodes allnodes:infoflow3 null;

# 1->2 (10, 5)
allow node1 node2:infoflow med_w;
allow node2 node1:infoflow hi_r;

# 1->3 (5, 1)
allow node3 node1:infoflow { low_r med_r };

# 2->4 (10)
allow node2 node4:infoflow hi_w;

# 3->5 (1)
allow node5 node3:infoflow low_r;

# 4->6 (10)
allow node4 node6:infoflow2 hi_w;

# 6->5 (5)
allow node5 node6:infoflow med_r;

# 6->7 (10)
allow node6 node7:infoflow hi_w;

# 5->8 (10)
allow node5 node8:infoflow2 hi_w;

# 8 <-> 9 (10)
allow node8 node9:infoflow2 super;


# disconnected from the main graph
# for testing the handling of no
# paths.
type disconnected1;
type disconnected2;
allow disconnected1 disconnected2:infoflow2 super;


# not an infoflow:
type disconnected3;
auditallow node1 disconnected3:infoflow hi_w;

# infoflow loop that should be ignored:
allow disconnected3 self:infoflow hi_w;

################################################################################

#users
user system roles system level med range low_s - high_s:here.lost;

#normal constraints
constrain infoflow hi_w (u1 == u2);

#isids
sid kernel system:system:system:medium_s:here
sid security system:system:system:high_s:lost

#fs_use
fs_use_trans devpts system:object_r:system:low_s;
fs_use_xattr ext3 system:object_r:system:low_s;
fs_use_task pipefs system:object_r:system:low_s;

#genfscon
genfscon proc / system:object_r:system:med
genfscon proc /sys system:object_r:system:low_s
genfscon selinuxfs / system:object_r:system:high_s:here.there

portcon tcp 80 system:object_r:system:low_s

netifcon eth0 system:object_r:system:low_s system:object_r:system:low_s

nodecon 127.0.0.1 255.255.255.255 system:object_r:system:low_s:here
nodecon ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system:object_r:system:low_s:here