1;; Minimum stuff
2(class CLASS (PERM))
3(classorder (CLASS))
4(sid SID)
5(sidorder (SID))
6(user USER)
7(role ROLE)
8(type TYPE)
9(category CAT)
10(categoryorder (CAT))
11(sensitivity SENS)
12(sensitivityorder (SENS))
13(sensitivitycategory SENS (CAT))
14(allow TYPE self (CLASS (PERM)))
15(roletype ROLE TYPE)
16(userrole USER ROLE)
17(userlevel USER (SENS))
18(userrange USER ((SENS)(SENS (CAT))))
19(sidcontext SID (USER ROLE TYPE ((SENS)(SENS))))
20;; Extra stuff
21(common COMMON (PERM1 PERM2 PERM3 PERM4))
22(classcommon CLASS COMMON)
23
24
25;; Check resolution failure handling for optionals
26(type t1)
27(optional o1
28  (allow t1 self (CLASS (PERM))) ;; Should not appear in policy
29  (allow UNKNOWN self (CLASS (PERM)))
30)
31
32
33;; These should not cause an error
34(block b2a
35  (type t2)
36  (allow t2 self (CLASS (PERM1)))
37)
38
39(block b2b
40  (optional o2b
41    (type t2)
42    (allow t2 DNE (CLASS (PERM)))
43  )
44  (blockinherit b2a)
45)
46
47(block b2c
48  (optional o2c
49    (type t2)
50    (allow t2 self (CLASS (PERM)))
51  )
52  (blockinherit b2a)
53)
54
55
56;; This is not allowed
57;;(block b3
58;;  (optional o3
59;;    (type t3)
60;;    (allow t3 DNE (CLASS (PERM)))
61;;  )
62;;  (type t3)
63;;  (allow t3 self (CLASS (PERM1)))
64;;)
65
66
67;;
68;; Expected:
69;;
70;; Types:
71;;   t1
72;;   b2a.t2, b2b.t2, b2c.t2
73;;
74;; Allow rules:
75;;  allow b2a.t2 b2a.t2 : CLASS { PERM1 };
76;;  allow b2b.t2 b2b.t2 : CLASS { PERM1 };
77;;  allow b2c.t2 b2c.t2 : CLASS { PERM PERM1 };
78
79