1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
class testing
class fooclass
sid test_sid
#end
#sid decl
sid security
class testing
{
read
open
close
write
exec
}
class fooclass
{
read
open
close
write
exec
}
#end
#attribs
attribute attrs;
#end
type foo_t, attrs;
type typea_t;
type typeb_t;
type typec_t;
#end
bool foo_b true;
bool baz_b false;
#end
role foo_r types foo_t;
role rolea_r;
role roleb_r;
#end
#role decl
allow typea_t typeb_t : testing write;
allow typea_t typeb_t : testing {open close};
type_transition typea_t typeb_t : testing typec_t;
#end
#audit rules
#dontaudit {kernel} unknown : dir search;
allow rolea_r roleb_r;
#end
#rbac stuff
#allow system {guest local_user};
#allow local_user guest;
user foo_u roles foo_r;
#end
sid test_sid foo_u:foo_r:foo_t
|
