| |
| class testing |
| class fooclass |
| |
| sid test_sid |
| #end |
| |
| #sid decl |
| sid security |
| |
| |
| class testing |
| { |
| read |
| open |
| close |
| write |
| exec |
| } |
| class fooclass |
| { |
| read |
| open |
| close |
| write |
| exec |
| } |
| #end |
| |
| #attribs |
| |
| attribute attrs; |
| #end |
| |
| |
| type foo_t, attrs; |
| type typea_t; |
| type typeb_t; |
| type typec_t; |
| #end |
| |
| |
| bool foo_b true; |
| bool baz_b false; |
| #end |
| |
| |
| role foo_r types foo_t; |
| role rolea_r; |
| role roleb_r; |
| #end |
| |
| #role decl |
| |
| |
| allow typea_t typeb_t : testing write; |
| allow typea_t typeb_t : testing {open close}; |
| type_transition typea_t typeb_t : testing typec_t; |
| #end |
| |
| #audit rules |
| #dontaudit {kernel} unknown : dir search; |
| |
| |
| allow rolea_r roleb_r; |
| #end |
| |
| #rbac stuff |
| #allow system {guest local_user}; |
| #allow local_user guest; |
| |
| |
| user foo_u roles foo_r; |
| #end |
| |
| sid test_sid foo_u:foo_r:foo_t |