1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
(class testing (read open close write exec))
(class fooclass (read open close write exec))
(type foo_t)
(type typea_t)
(type typeb_t)
(type typec_t)
(role foo_r)
(role rolea_r)
(role roleb_r)
(user foo_u)
(user user_u)
(userrole foo_u foo_r)
(sid test_sid)
;(sidcontext test_sid (foo_u foo_r foo_t (s0 (c0)) (s0 (c0))))
;(sid test_sid_anon_l)
;(fsuse xattr ext3 con)
;(fsuse xattr ext3 con_anon_l)
;(netifcon eth0 con con_anon_l)
(ipaddr ip_v4 192.25.35.200)
(ipaddr netmask 192.168.1.1)
(ipaddr ip_v6 2001:0DB8:AC10:FE01::)
(ipaddr netmask_v6 2001:0DE0:DA88:2222::)
; will need anon levels
;(nodecon ip_v4 netmask con)
;(nodecon ip_v6 netmask_v6 con_anon_l)
;needs anon levels
;(portcon type 25 con)
;(filecon root path file con)
;(genfscon type path con)
;(netifcon eth0 con con_anon_l)
(typemember typea_t typeb_t testing typec_t)
(typechange typea_t typeb_t testing typec_t)
(typetransition typea_t typeb_t testing typec_t)
(permissionset permset (open close))
(allow typea_t typeb_t testing (write))
(allow typea_t typeb_t testing permset)
(roleallow rolea_r roleb_r)
(rolebounds rolea_r roleb_r)
(roletransition foo_r foo_t testing rolea_r)
(common fooclass (open))
(classcommon fooclass fooclass)
(nametypetransition string typea_t typeb_t fooclass foo_t)
(typepermissive foo_t)
(typebounds typea_t typeb_t)
(block test_b
(typealias .test_b.test typea_t)
(type test))
(attribute attrs)
(attributetypes attrs (foo_t))
(roletype foo_r foo_t)
(userbounds user_u foo_u)
(userrole user_u foo_r)
;(bool foo_b true)
;(bool baz_b false)
;(booleanif (&& foo_b baz_b)
; (allow typea_t typeb_t fooclass(read)))
;(class baz (read))
;(booleanif (&& foo_b baz_b)
; (allow foo_b baz_b fooclass (read)))
|
