RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-02-28 18:11:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
e8c172c720
setools/tests/conditionalinfoflow.conf
Riechers, Daniel J b662b07cc0 infoflow: adds boolean selection to seinfoflow 
Adds the option to the infoflow analysis to filter conditional policy based on the default or user specified boolean values.

Signed-off-by: Daniel Riechers <daniel.riechers@rockwellcollins.com>
Signed-off-by: David Graziano <david.graziano@rockwellcollins.com>
2019-02-06 21:02:46 +00:00

53 lines
858 B
Plaintext
Raw Blame History

class infoflow
sid kernel
class infoflow
{
hi_w
hi_r
med_r
med_w
}
type system;
role system;
role system types system;
#################################################
type src;
type tgt;
type flow_true;
type flow_false;
type src_remain;
type tgt_remain;
type flow_remain;
bool condition false;
allow src_remain flow_remain:infoflow hi_w;
allow tgt_remain flow_remain:infoflow hi_r;
if (condition) {
allow src flow_true:infoflow hi_w;
allow tgt flow_true:infoflow hi_r;
allow tgt flow_true:infoflow hi_r;
allow src_remain flow_remain:infoflow med_w;
allow tgt_remain flow_remain:infoflow med_r;
}
else {
allow src flow_false:infoflow hi_w;
allow tgt flow_false:infoflow hi_r;
}
#################################################
#users
user system roles system;
#isids
sid kernel system:system:system
Reference in New Issue View Git Blame Copy Permalink