File: test.te

package info (click to toggle)
kf6-syntax-highlighting 6.13.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 47,568 kB
  • sloc: xml: 197,750; cpp: 12,850; python: 3,023; sh: 955; perl: 546; ruby: 488; pascal: 393; javascript: 161; php: 150; jsp: 132; lisp: 131; haskell: 124; ada: 119; ansic: 107; makefile: 96; f90: 94; ml: 85; cobol: 81; yacc: 71; csh: 62; erlang: 54; sql: 51; java: 47; objc: 37; awk: 31; asm: 30; tcl: 29; fortran: 18; cs: 10
file content (140 lines) | stat: -rw-r--r-- 4,016 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
 
# Sample SELinux Policy

## <summary>
##  Sample SELinux Policy
## </summary>
## <desc>
## <p>
##  This module is not functional,
##  but only to test the syntax highlighting.
## </p>
## </desc>
## <required val="true">
##  Depended on by other required modules.
## </required>

policycap open_perms;
module myapp 1.0;

require {
	type httpd_t;
	type httpd_sys_content_t;
	type initrc_t;
	class sock_file write;
	class unix_stream_socket connectto;
}

allow httpd_t httpd_sys_content_t:sock_file write;
allow httpd_t initrc_t:unix_stream_socket connectto;

# Refpolicy
tunable_policy(`allow_execmem',`
	/usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0,a,b);
')
# M4 Macros
regexp(`GNUs not Unix', `\w\(\w+\)$', `*** \& *** \1 ***')
ifdef(`distro_ubuntu',`
	unconfined_domain(chkpwd_t)
')

dominance { gen_dominance(0,decr($1)) };
neverallow user=_isolated domain=((?!isolated_app).)*

allow consoletype_t self:capability { sys_admin sys_tty_config };
allow consoletype_t self:msg { send receive };

# sample for administrative user
user jadmin roles { staff_r sysadm_r };
# sample for regular user
user jdoe roles { user_r };

default_user process source;
default_range process source low;
default_range name GLBLUB;

sid devnull;
sid sysctl;

common file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton };
class dir inherits file { add_name remove_name reparent search rmdir open audit_access execmod };
class class;

sensitivity s0 alias sens0;
category c0 alias cat0;

mlsconstrain dir { search read ioctl lock }
	(( h1 dom h2 ) or ( t1 == mcsreadall ) or
	(( t1 != mcs_constrained_type ) and (t2 == domain)));

attribute_role dpkg_roles;
roleattribute system_r dpkg_roles;

role system_r types system_t;
role_transition hello init_script_file_type system_r;

level s0:c0;
user user_u roles role_r level s1:c1 range s1:c1 - s2:c2;
range_transition initrc_t auditd_exec_t:process s15:c0.c255 - s20;
range_transition source target:class s1 - s2 dsd;
range_transition source target:class s1 ;

attribute filesystem_type;
type dhcp_etc_t;
typealias dhcp_etc_t ALIAS { etc_dhcp_t etc_dhcpc_t etc_dhcpd_t };

bool le_boolean true;
TUNABLE allow_java_execstack false;

type_transition root_xdrawable_t input_xevent_t:x_event root_input_xevent_t;
AUDITALLOW xserver_t { root_xdrawable_t x_domain }:x_drawable send;

optional {
	neverallow untrusted_app *:{ netlink_route_socket netlink_selinux_socket } ioctl;
	neverallowxperm shell domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
};

if le_boolean {
	DONTAUDIT untrusted_app asec_public_file:file { execute execmod };
} else {
	ALLOW untrusted_app perfprofd_data_file:file r_file_perms;
	allow untrusted_app perfprofd_data_file:dir r_dir_perms;
};

sid devnull system_u:object_r:null_device_t:s0
genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)
genfscon rootfs / gen_context(system_u:object_r:root_t,s0)

genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
genfscon selinuxfs / u:object_r:selinuxfs:s0
fs_use_trans devtmpfs system_u:object_r:device_t:s0;
fs_use_task pipefs u:object_r:pipefs:s0;
fs_use_xattr xfs u:object_r:labeledfs:s0;
fs_use_xattr btrfs u:object_r:labeledfs:s0;

portcon tcp 80 u:object_r:http_port:s0;
portcon udp 1024-65535 gen_context(system_u:object_r:unreserved_port_t, s0);
netifcon $2 gen_context(system_u:object_r:$1,$3) gen_context(system_u:object_r:unlabeled_t,$3);

nodecon 2001:0DB8:AC10:FE01:: 2001:0DE0:DA88:2222:: system_u:object_r:hello_t:s0;
nodecon ipv4 127.0.0.2 255.255.255.255 system_u:object_r:node_t:s0;

#line 118

# Regular Expressions
regexp(`Hello(!|\^\^)+', `
	^\s*(?<hello>\.)
	(
		hello[^\s\x12/][1-9]*|  # Hello
		bye
	)\s*$
') 
"aa/aa(?=sdf sdf)ds(aa aa)df[^ a]"
"open
"text\"aaa
"filename\s\w\%(?=aa)aa"
"/path\s\w(?=aa)aa"

u:role:type:sen:cat:other
u:role:type:sen:cat - sen:cat:other
u:role:type:s0.s1:c0 , c1 - s2.s3:c2.c3,c4:other
u:role:type:s0,other