File: categoryquery.conf

package info (click to toggle)
setools 4.3.0-2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 3,900 kB
  • sloc: python: 20,968; makefile: 14
file content (133 lines) | stat: -rw-r--r-- 2,280 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
 
class infoflow
class infoflow2
class infoflow3
class infoflow4
class infoflow5
class infoflow6
class infoflow7

sid kernel
sid security

common infoflow
{
	low_w
	med_w
	hi_w
	low_r
	med_r
	hi_r
}

class infoflow
inherits infoflow

class infoflow2
inherits infoflow
{
	super_w
	super_r
}

class infoflow3
{
	null
}

class infoflow4
inherits infoflow

class infoflow5
inherits infoflow

class infoflow6
inherits infoflow

class infoflow7
inherits infoflow
{
	super_w
	super_r
	super_none
	super_both
	super_unmapped
}

sensitivity sens;

dominance { sens }

category begin;

# test1
# name: test1
# alias: unset
category test1;

# test2
# name: test2(a|b)
# alias: unset
category test2a;
category test2b;

# test 10
# name: unset
# alias: test10a
category test10c1 alias { test10a test10c };
category test10c2 alias { test10b test10d };

# test 11
# name: unset
# alias: test11(a|b)
category test11c1 alias { test11a test11c };
category test11c2 alias { test11b test11d };
category test11c3 alias { test11e test11f };

category end;

#level decl
level sens:begin.end;

#some constraints
mlsconstrain infoflow hi_r ((l1 dom l2) or (t1 == mls_exempt));

attribute mls_exempt;

type system;
role system;
role system types system;

################################################################################
# Type enforcement declarations and rules

allow system system:infoflow3 null;

################################################################################

#users
user system roles system level sens range sens - sens:begin.end;

#normal constraints
constrain infoflow hi_w (u1 == u2);

#isids
sid kernel system:system:system:sens:begin
sid security system:system:system:sens:begin

#fs_use
fs_use_trans devpts system:object_r:system:sens;
fs_use_xattr ext3 system:object_r:system:sens;
fs_use_task pipefs system:object_r:system:sens;

#genfscon
genfscon proc / system:object_r:system:sens
genfscon proc /sys system:object_r:system:sens
genfscon selinuxfs / system:object_r:system:sens:begin.end

portcon tcp 80 system:object_r:system:sens

netifcon eth0 system:object_r:system:sens system:object_r:system:sens

nodecon 127.0.0.1 255.255.255.255 system:object_r:system:sens:begin
nodecon ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system:object_r:system:sens:begin