xref: /aosp_15_r20/external/selinux/checkpolicy/tests/policy_allonce_mls.expected.conf (revision 2d543d20722ada2425b5bdab9d0d1d29470e7bba) 
1# handle_unknown deny
2class CLASS1
3class CLASS2
4class CLASS3
5class dir
6class file
7class process
8sid kernel
9common COMMON1 { CPERM1 }
10class CLASS1 { PERM1 ioctl }
11class CLASS2 inherits COMMON1
12class CLASS3 inherits COMMON1 { PERM1 }
13default_user { CLASS1 } source;
14default_role { CLASS2 } target;
15default_type { CLASS3 } source;
16sensitivity s0;
17sensitivity s1;
18sensitivity s2 alias SENSALIAS;
19dominance { s0 s1 s2 }
20category c0;
21category c1 alias CATALIAS;
22level s0:c0;
23level s1:c0,c1;
24level s2;
25mlsconstrain CLASS1 { PERM1 } l1 == l2;
26mlsvalidatetrans CLASS1 (r1 domby r2 and l1 incomp h2);
27policycap open_perms;
28attribute ATTR1;
29attribute ATTR2;
30bool BOOL1 true;
31type TYPE1;
32type TYPE2;
33type TYPE3;
34type TYPE4;
35typealias TYPE1 alias TYPEALIAS1;
36typealias TYPE3 alias TYPEALIAS3A;
37typealias TYPE3 alias TYPEALIAS3B;
38typealias TYPE4 alias TYPEALIAS4;
39typebounds TYPE4 TYPE3;
40typeattribute TYPE4 ATTR2;
41permissive TYPE1;
42allow TYPE1 self:CLASS1 { PERM1 };
43allow TYPE1 self:CLASS2 { CPERM1 };
44auditallow TYPE1 TYPE3:CLASS1 { PERM1 };
45auditallow TYPE2 TYPE3:CLASS1 { PERM1 };
46dontaudit TYPE1 TYPE2:CLASS3 { CPERM1 PERM1 };
47dontaudit TYPE1 TYPE3:CLASS3 { CPERM1 PERM1 };
48allowxperm TYPE1 TYPE2:CLASS1 ioctl { 0x1 };
49auditallowxperm TYPE1 TYPE2:CLASS1 ioctl { 0x2 };
50dontauditxperm TYPE1 TYPE2:CLASS1 ioctl { 0x3 };
51type_transition TYPE1 TYPE2:CLASS1 TYPE3;
52type_member TYPE1 TYPE2:CLASS1 TYPE2;
53type_change TYPE1 TYPE2:CLASS1 TYPE3;
54type_transition TYPE1 TYPE3:CLASS1 TYPE1 "FILENAME";
55type_transition TYPE1 TYPE4:CLASS1 TYPE1 "FILENAME";
56type_transition TYPE2 TYPE3:CLASS1 TYPE1 "FILENAME";
57type_transition TYPE2 TYPE4:CLASS1 TYPE1 "FILENAME";
58range_transition TYPE1 TYPE2:CLASS1 s1:c0,c1 - s1:c0,c1;
59if (BOOL1) {
60} else {
61    allow TYPE1 self:CLASS1 { PERM1 ioctl };
62}
63role ROLE1;
64role ROLE2;
65role ROLE3;
66role ROLE1 types { TYPE1 };
67role_transition ROLE1 TYPE1:CLASS1 ROLE2;
68role_transition ROLE1 TYPE1:process ROLE2;
69allow ROLE1 ROLE2;
70user USER1 roles ROLE1 level s0 range s0 - s1:c0,c1;
71constrain CLASS1 { PERM1 } (u1 == u2 or (r1 == r2 and t1 == t2));
72validatetrans CLASS2 (u1 == u2 and t3 == ATTR1);
73sid kernel USER1:ROLE1:TYPE1:s0 - s1:c0,c1
74fs_use_xattr btrfs USER1:ROLE1:TYPE1:s0 - s1:c0,c1;
75fs_use_trans devpts USER1:ROLE1:TYPE1:s0 - s0;
76fs_use_task pipefs USER1:ROLE1:TYPE1:s0 - s1;
77genfscon proc "/" -d USER1:ROLE1:TYPE1:s0 - s0
78genfscon proc "/file1" -- USER1:ROLE1:TYPE1:s0 - s0
79genfscon proc "/path/to/file" USER1:ROLE1:TYPE1:s0 - s0
80portcon tcp 80 USER1:ROLE1:TYPE1:s0 - s0
81portcon udp 100-200 USER1:ROLE1:TYPE1:s0 - s0
82netifcon lo USER1:ROLE1:TYPE1:s0 - s0 USER1:ROLE1:TYPE1:s0 - s0
83nodecon 127.0.0.1 255.255.255.255 USER1:ROLE1:TYPE1:s0 - s0
84nodecon ::ffff:127.0.0.1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff USER1:ROLE1:TYPE1:s0 - s0
85ibpkeycon fe80:: 65535 USER1:ROLE1:TYPE1:s0 - s0
86ibpkeycon fe80:: 0-16 USER1:ROLE1:TYPE1:s0 - s0
87ibendportcon mlx4_0 2 USER1:ROLE1:TYPE1:s0 - s0
88ibendportcon mlx5_0 1 USER1:ROLE1:TYPE1:s0 - s0
89