| module my_module 1.0; |
| |
| require { |
| bool allow_ypbind, secure_mode, allow_execstack; |
| type system_t, sysadm_t; |
| class file {read write}; |
| attribute attr_check_base_2, attr_check_base_3; |
| attribute attr_check_base_optional_2; |
| } |
| |
| bool module_1_bool true; |
| |
| if (module_1_bool && allow_ypbind && secure_mode && allow_execstack) { |
| allow system_t sysadm_t : file { read write }; |
| } |
| |
| optional { |
| bool module_1_bool_2 false; |
| require { |
| bool optional_bool_1, optional_bool_2; |
| class file { execute ioctl }; |
| } |
| if (optional_bool_1 && optional_bool_2 || module_1_bool_2) { |
| allow system_t sysadm_t : file {execute ioctl}; |
| } |
| } |
| # Type - attribute mapping test |
| type module_t; |
| attribute attr_check_mod_1; |
| attribute attr_check_mod_2; |
| attribute attr_check_mod_3; |
| attribute attr_check_mod_4; |
| attribute attr_check_mod_5; |
| attribute attr_check_mod_6; |
| attribute attr_check_mod_7; |
| attribute attr_check_mod_8; |
| attribute attr_check_mod_9; |
| attribute attr_check_mod_10; |
| attribute attr_check_mod_11; |
| optional { |
| require { |
| type base_t; |
| } |
| attribute attr_check_mod_optional_1; |
| attribute attr_check_mod_optional_2; |
| attribute attr_check_mod_optional_3; |
| attribute attr_check_mod_optional_4; |
| attribute attr_check_mod_optional_5; |
| attribute attr_check_mod_optional_6; |
| attribute attr_check_mod_optional_7; |
| } |
| optional { |
| require { |
| type does_not_exist_t; |
| } |
| attribute attr_check_mod_optional_disabled_4; |
| attribute attr_check_mod_optional_disabled_7; |
| } |
| type attr_check_base_2_1_t, attr_check_base_2; |
| type attr_check_base_2_2_t; |
| typeattribute attr_check_base_2_2_t attr_check_base_2; |
| type attr_check_base_3_3_t, attr_check_base_3; |
| type attr_check_base_3_4_t; |
| typeattribute attr_check_base_3_4_t attr_check_base_3; |
| optional { |
| require { |
| attribute attr_check_base_5; |
| } |
| type attr_check_base_5_1_t, attr_check_base_5; |
| type attr_check_base_5_2_t; |
| typeattribute attr_check_base_5_2_t attr_check_base_5; |
| } |
| optional { |
| require { |
| attribute attr_check_base_6; |
| } |
| type attr_check_base_6_3_t, attr_check_base_6; |
| type attr_check_base_6_4_t; |
| typeattribute attr_check_base_6_4_t attr_check_base_6; |
| } |
| optional { |
| require { |
| type does_not_exist_t; |
| attribute attr_check_base_8; |
| } |
| type attr_check_base_8_1_t, attr_check_base_8; |
| type attr_check_base_8_2_t; |
| typeattribute attr_check_base_8_2_t attr_check_base_8; |
| } |
| optional { |
| require { |
| type does_not_exist_t; |
| attribute attr_check_base_9; |
| } |
| type attr_check_base_9_3_t, attr_check_base_9; |
| type attr_check_base_9_4_t; |
| typeattribute attr_check_base_9_4_t attr_check_base_9; |
| } |
| optional { |
| require { |
| type does_not_exist_t; |
| attribute attr_check_base_10; |
| } |
| type attr_check_base_10_3_t, attr_check_base_10; |
| type attr_check_base_10_4_t; |
| typeattribute attr_check_base_10_4_t attr_check_base_10; |
| } |
| optional { |
| require { |
| attribute attr_check_base_11; |
| } |
| type attr_check_base_11_3_t, attr_check_base_11; |
| type attr_check_base_11_4_t; |
| typeattribute attr_check_base_11_4_t attr_check_base_11; |
| } |
| type attr_check_base_optional_2_1_t, attr_check_base_optional_2; |
| type attr_check_base_optional_2_2_t; |
| typeattribute attr_check_base_optional_2_2_t attr_check_base_optional_2; |
| optional { |
| require { |
| attribute attr_check_base_optional_5; |
| } |
| type attr_check_base_optional_5_1_t, attr_check_base_optional_5; |
| type attr_check_base_optional_5_2_t; |
| typeattribute attr_check_base_optional_5_2_t attr_check_base_optional_5; |
| } |
| #optional { |
| # require { |
| # attribute attr_check_base_optional_6; |
| # } |
| # type attr_check_base_optional_6_3_t, attr_check_base_optional_6; |
| # type attr_check_base_optional_6_4_t; |
| # typeattribute attr_check_base_optional_6_4_t attr_check_base_optional_6; |
| #} |
| optional { |
| require { |
| type does_not_exist_t; |
| attribute attr_check_base_optional_8; |
| } |
| type attr_check_base_optional_8_1_t, attr_check_base_optional_8; |
| type attr_check_base_optional_8_2_t; |
| typeattribute attr_check_base_optional_8_2_t attr_check_base_optional_8; |
| } |
| type attr_check_mod_2_1_t, attr_check_mod_2; |
| type attr_check_mod_2_2_t; |
| typeattribute attr_check_mod_2_2_t attr_check_mod_2; |
| optional { |
| require { |
| attribute attr_check_mod_5; |
| } |
| type attr_check_mod_5_1_t, attr_check_mod_5; |
| type attr_check_mod_5_2_t; |
| typeattribute attr_check_mod_5_2_t attr_check_mod_5; |
| } |
| optional { |
| require { |
| attribute attr_check_mod_6; |
| } |
| type attr_check_mod_6_3_t, attr_check_mod_6; |
| type attr_check_mod_6_4_t; |
| typeattribute attr_check_mod_6_4_t attr_check_mod_6; |
| } |
| optional { |
| require { |
| type does_not_exist_t; |
| } |
| type attr_check_mod_8_1_t, attr_check_mod_8; |
| type attr_check_mod_8_2_t; |
| typeattribute attr_check_mod_8_2_t attr_check_mod_8; |
| } |
| optional { |
| require { |
| type does_not_exist_t; |
| } |
| type attr_check_mod_9_3_t, attr_check_mod_9; |
| type attr_check_mod_9_4_t; |
| typeattribute attr_check_mod_9_4_t attr_check_mod_9; |
| } |
| optional { |
| require { |
| type does_not_exist_t; |
| } |
| type attr_check_mod_10_3_t, attr_check_mod_10; |
| type attr_check_mod_10_4_t; |
| typeattribute attr_check_mod_10_4_t attr_check_mod_10; |
| } |
| optional { |
| require { |
| type base_t; |
| } |
| type attr_check_mod_11_3_t, attr_check_mod_11; |
| type attr_check_mod_11_4_t; |
| typeattribute attr_check_mod_11_4_t attr_check_mod_11; |
| } |
| #optional { |
| # require { |
| # attribute attr_check_mod_optional_5; |
| # } |
| # type attr_check_mod_optional_5_1_t, attr_check_mod_optional_5; |
| # type attr_check_mod_optional_5_2_t; |
| # typeattribute attr_check_mod_optional_5_2_t attr_check_mod_optional_5; |
| #} |
| #optional { |
| # require { |
| # attribute attr_check_mod_optional_6; |
| # } |
| # type attr_check_mod_optional_6_3_t, attr_check_mod_optional_6; |
| # type attr_check_mod_optional_6_4_t; |
| # typeattribute attr_check_mod_optional_6_4_t attr_check_mod_optional_6; |
| #} |
| optional { |
| require { |
| attribute attr_check_base_optional_disabled_5; |
| } |
| type attr_check_base_optional_disabled_5_1_t, attr_check_base_optional_disabled_5; |
| type attr_check_base_optional_disabled_5_2_t; |
| typeattribute attr_check_base_optional_disabled_5_2_t attr_check_base_optional_disabled_5; |
| } |
| optional { |
| require { |
| type does_not_exist_t; |
| attribute attr_check_base_optional_disabled_8; |
| } |
| type attr_check_base_optional_disabled_8_1_t, attr_check_base_optional_disabled_8; |
| type attr_check_base_optional_disabled_8_2_t; |
| typeattribute attr_check_base_optional_disabled_8_2_t attr_check_base_optional_disabled_8; |
| } |
| |
