1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105
|
class infoflow
class infoflow2
class infoflow3
class infoflow4
class infoflow5
class infoflow6
class infoflow7
sid kernel
sid security
common infoflow
{
low_w
med_w
hi_w
low_r
med_r
hi_r
}
class infoflow
inherits infoflow
class infoflow2
inherits infoflow
{
super_w
super_r
}
class infoflow3
{
null
}
class infoflow4
inherits infoflow
class infoflow5
inherits infoflow
class infoflow6
inherits infoflow
class infoflow7
inherits infoflow
{
super_w
super_r
super_none
super_both
super_unmapped
}
attribute mls_exempt;
type system;
role system;
role system types system;
role role20_r;
role role21a_r;
role role21b_r;
role role21c_r;
role role20_r types system;
role role21a_r types system;
role role21b_r types system;
role role21c_r types system;
type type30;
type type31a;
type type31b;
type type31c;
role system types { type30 type31a type31b type31c };
allow system self:infoflow hi_w;
#users
user system roles { system role20_r role21a_r role21b_r role21c_r };
user user10 roles system;
user user20 roles { role20_r role21a_r };
#normal constraints
constrain infoflow hi_w (u1 == u2);
#isids
sid kernel system:system:system
sid security system:system:system
#fs_use
fs_use_trans devpts system:object_r:system;
fs_use_xattr ext3 system:object_r:system;
fs_use_task pipefs system:object_r:system;
#genfscon
genfscon proc / system:object_r:system
genfscon proc /sys system:object_r:system
genfscon selinuxfs / system:object_r:system
portcon tcp 1 system:system:system
netifcon eth0 system:object_r:system system:object_r:system
nodecon 127.0.0.1 255.255.255.255 system:object_r:system
nodecon ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system:object_r:system
|