class infoflow
class infoflow2
class infoflow3
class infoflow4
class infoflow5
class infoflow6
class infoflow7

sid test1
sid test2a
sid test2b
sid test10
sid test11a
sid test11b
sid test11c
sid test20
sid test21a
sid test21b
sid test21c
sid test30
sid test31a
sid test31b
sid test31c
sid test40
sid test41
sid test42
sid test43
sid test44
sid test45

common infoflow
{
	low_w
	med_w
	hi_w
	low_r
	med_r
	hi_r
}

class infoflow
inherits infoflow

class infoflow2
inherits infoflow
{
	super_w
	super_r
}

class infoflow3
{
	null
}

class infoflow4
inherits infoflow

class infoflow5
inherits infoflow

class infoflow6
inherits infoflow

class infoflow7
inherits infoflow
{
	super_w
	super_r
	super_none
	super_both
	super_unmapped
}

sensitivity s0;
sensitivity s1;
sensitivity s2;
sensitivity s3;
sensitivity s4;
sensitivity s5;
sensitivity s6;

dominance { s0 s1 s2 s3 s4 s5 s6 }

category c0;
category c1;
category c2;
category c3;
category c4;

#level decl
level s0:c0.c4;
level s1:c0.c4;
level s2:c0.c4;
level s3:c0.c4;
level s4:c0.c4;
level s5:c0.c4;
level s6:c0.c4;

#some constraints
mlsconstrain infoflow hi_r ((l1 dom l2) or (t1 == mls_exempt));

attribute mls_exempt;

type system;
role system;
role system types system;

role role20_r;
role role21a_r;
role role21b_r;
role role21c_r;

role role20_r types system;
role role21a_r types system;
role role21b_r types system;
role role21c_r types system;

type type30;
type type31a;
type type31b;
type type31c;
role system types { type30 type31a type31b type31c };

allow system self:infoflow hi_w;

#users
user system roles { system role20_r role21a_r role21b_r role21c_r } level s0 range s0 - s6:c0.c4;
user user10 roles system level s0 range s0 - s2:c0.c4;
user user11a roles system level s0 range s0 - s2:c0.c4;
user user11b roles system level s0 range s0 - s2:c0.c4;
user user11c roles system level s0 range s0 - s2:c0.c4;

#normal constraints
constrain infoflow hi_w (u1 == u2);

#########################################
#
# Initial SID query tests
#

# test 1:
# name: test1, exact
# user: unset
# role: unset
# type: unset
# range: unset
sid test1 system:system:system:s0:c0.c4

# test 2:
# name: test2(a|b), regex
# user: unset
# role: unset
# type: unset
# range: unset
sid test2a system:system:system:s0:c0.c1
sid test2b system:system:system:s0:c2.c4

# test 10:
# name: unset
# user: user10, exact
# role: unset
# type: unset
# range: unset
sid test10 user10:system:system:s0:c0.c1

# test 11:
# name: unset
# user: user11(a|b), regex
# role: unset
# type: unset
# range: unset
sid test11a user11a:system:system:s0:c0.c1
sid test11b user11b:system:system:s0:c0.c1
sid test11c user11c:system:system:s0:c0.c1

# test 20:
# name: unset
# user: unset
# role: role20_r, exact
# type: unset
# range: unset
sid test20 system:role20_r:system:s0:c0.c1

# test 21:
# name: unset
# user: unset
# role: role20(a|c)_r, regex
# type: unset
# range: unset
sid test21a system:role21a_r:system:s0:c0.c1
sid test21b system:role21b_r:system:s0:c0.c1
sid test21c system:role21c_r:system:s0:c0.c1

# test 30:
# name: unset
# user: unset
# role: unset
# type: type30
# range: unset
sid test30 system:system:type30:s0:c0.c1

# test 31:
# name: unset
# user: unset
# role: unset
# type: type31(b|c)
# range: unset
sid test31a system:system:type31a:s0:c0.c1
sid test31b system:system:type31b:s0:c0.c1
sid test31c system:system:type31c:s0:c0.c1

# test 40:
# name: unset
# user: unset
# role: unset
# type: unset
# range: equal
sid test40 system:system:system:s0:c1 - s0:c0.c4

# test 41:
# name: unset
# user: unset
# role: unset
# type: unset
# range: overlap
sid test41 system:system:system:s1:c1 - s1:c1.c3

# test 42:
# name: unset
# user: unset
# role: unset
# type: unset
# range: subset
sid test42 system:system:system:s2:c1 - s2:c1.c3

# test 43:
# name: unset
# user: unset
# role: unset
# type: unset
# range: superset
sid test43 system:system:system:s3:c1 - s3:c1.c3

# test 44:
# name: unset
# user: unset
# role: unset
# type: unset
# range: proper subset
sid test44 system:system:system:s4:c1 - s4:c1.c3

# test 45:
# name: unset
# user: unset
# role: unset
# type: unset
# range: proper superset
sid test45 system:system:system:s5:c1 - s5:c1.c3

#fs_use
fs_use_trans devpts system:object_r:system:s0;
fs_use_xattr ext3 system:object_r:system:s0;
fs_use_task pipefs system:object_r:system:s0;

#genfscon
genfscon proc / system:object_r:system:s1
genfscon proc /sys system:object_r:system:s0
genfscon selinuxfs / system:object_r:system:s2:c0.c4

portcon tcp 80 system:object_r:system:s0

netifcon eth0 system:object_r:system:s0 system:object_r:system:s0

nodecon 127.0.0.1 255.255.255.255 system:object_r:system:s0
nodecon ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system:object_r:system:s0