1*2d543d20SAndroid Build Coastguard Worker# handle_unknown deny 2*2d543d20SAndroid Build Coastguard Workerclass CLASS1 3*2d543d20SAndroid Build Coastguard Workerclass CLASS2 4*2d543d20SAndroid Build Coastguard Workerclass CLASS3 5*2d543d20SAndroid Build Coastguard Workerclass dir 6*2d543d20SAndroid Build Coastguard Workerclass file 7*2d543d20SAndroid Build Coastguard Workerclass process 8*2d543d20SAndroid Build Coastguard Workersid xen 9*2d543d20SAndroid Build Coastguard Workercommon COMMON1 { CPERM1 } 10*2d543d20SAndroid Build Coastguard Workerclass CLASS1 { PERM1 } 11*2d543d20SAndroid Build Coastguard Workerclass CLASS2 inherits COMMON1 12*2d543d20SAndroid Build Coastguard Workerclass CLASS3 inherits COMMON1 { PERM1 } 13*2d543d20SAndroid Build Coastguard Workerdefault_user { CLASS1 } source; 14*2d543d20SAndroid Build Coastguard Workerdefault_role { CLASS2 } target; 15*2d543d20SAndroid Build Coastguard Workerdefault_type { CLASS3 } source; 16*2d543d20SAndroid Build Coastguard Workerpolicycap open_perms; 17*2d543d20SAndroid Build Coastguard Workerattribute ATTR1; 18*2d543d20SAndroid Build Coastguard Workerattribute ATTR2; 19*2d543d20SAndroid Build Coastguard Workerbool BOOL1 true; 20*2d543d20SAndroid Build Coastguard Workertype TYPE1; 21*2d543d20SAndroid Build Coastguard Workertype TYPE2; 22*2d543d20SAndroid Build Coastguard Workertype TYPE3; 23*2d543d20SAndroid Build Coastguard Workertype TYPE4; 24*2d543d20SAndroid Build Coastguard Workertypealias TYPE1 alias TYPEALIAS1; 25*2d543d20SAndroid Build Coastguard Workertypealias TYPE3 alias TYPEALIAS3A; 26*2d543d20SAndroid Build Coastguard Workertypealias TYPE3 alias TYPEALIAS3B; 27*2d543d20SAndroid Build Coastguard Workertypealias TYPE4 alias TYPEALIAS4; 28*2d543d20SAndroid Build Coastguard Workertypebounds TYPE4 TYPE3; 29*2d543d20SAndroid Build Coastguard Workertypeattribute TYPE4 ATTR2; 30*2d543d20SAndroid Build Coastguard Workerpermissive TYPE1; 31*2d543d20SAndroid Build Coastguard Workerallow TYPE1 self:CLASS1 { PERM1 }; 32*2d543d20SAndroid Build Coastguard Workerallow TYPE1 self:CLASS2 { CPERM1 }; 33*2d543d20SAndroid Build Coastguard Workerauditallow TYPE1 TYPE3:CLASS1 { PERM1 }; 34*2d543d20SAndroid Build Coastguard Workerauditallow TYPE2 TYPE3:CLASS1 { PERM1 }; 35*2d543d20SAndroid Build Coastguard Workerdontaudit TYPE1 TYPE2:CLASS3 { CPERM1 PERM1 }; 36*2d543d20SAndroid Build Coastguard Workerdontaudit TYPE1 TYPE3:CLASS3 { CPERM1 PERM1 }; 37*2d543d20SAndroid Build Coastguard Workertype_transition TYPE1 TYPE2:CLASS1 TYPE3; 38*2d543d20SAndroid Build Coastguard Workertype_member TYPE1 TYPE2:CLASS1 TYPE2; 39*2d543d20SAndroid Build Coastguard Workertype_change TYPE1 TYPE2:CLASS1 TYPE3; 40*2d543d20SAndroid Build Coastguard Workertype_transition TYPE1 TYPE3:CLASS1 TYPE1 "FILENAME"; 41*2d543d20SAndroid Build Coastguard Workertype_transition TYPE1 TYPE4:CLASS1 TYPE1 "FILENAME"; 42*2d543d20SAndroid Build Coastguard Workertype_transition TYPE2 TYPE3:CLASS1 TYPE1 "FILENAME"; 43*2d543d20SAndroid Build Coastguard Workertype_transition TYPE2 TYPE4:CLASS1 TYPE1 "FILENAME"; 44*2d543d20SAndroid Build Coastguard Workerif (BOOL1) { 45*2d543d20SAndroid Build Coastguard Worker} else { 46*2d543d20SAndroid Build Coastguard Worker allow TYPE1 self:CLASS1 { PERM1 }; 47*2d543d20SAndroid Build Coastguard Worker} 48*2d543d20SAndroid Build Coastguard Workerrole ROLE1; 49*2d543d20SAndroid Build Coastguard Workerrole ROLE2; 50*2d543d20SAndroid Build Coastguard Workerrole ROLE3; 51*2d543d20SAndroid Build Coastguard Workerrole ROLE1 types { TYPE1 }; 52*2d543d20SAndroid Build Coastguard Workerrole_transition ROLE1 TYPE1:CLASS1 ROLE2; 53*2d543d20SAndroid Build Coastguard Workerrole_transition ROLE1 TYPE1:process ROLE2; 54*2d543d20SAndroid Build Coastguard Workerallow ROLE1 ROLE2; 55*2d543d20SAndroid Build Coastguard Workeruser USER1 roles ROLE1; 56*2d543d20SAndroid Build Coastguard Workerconstrain CLASS1 { PERM1 } (u1 == u2 or (r1 == r2 and t1 == t2)); 57*2d543d20SAndroid Build Coastguard Workervalidatetrans CLASS2 (u1 == u2 and t3 == ATTR1); 58*2d543d20SAndroid Build Coastguard Workersid xen USER1:ROLE1:TYPE1 59*2d543d20SAndroid Build Coastguard Workerpirqcon 13 USER1:ROLE1:TYPE1 60*2d543d20SAndroid Build Coastguard Workeriomemcon 0xd USER1:ROLE1:TYPE1 61*2d543d20SAndroid Build Coastguard Workeriomemcon 0x17-0x1f USER1:ROLE1:TYPE1 62*2d543d20SAndroid Build Coastguard Workerioportcon 0xd USER1:ROLE1:TYPE1 63*2d543d20SAndroid Build Coastguard Workerioportcon 0x17-0x1f USER1:ROLE1:TYPE1 64*2d543d20SAndroid Build Coastguard Workerpcidevicecon 0xd USER1:ROLE1:TYPE1 65*2d543d20SAndroid Build Coastguard Workerdevicetreecon "/path/to/device" USER1:ROLE1:TYPE1 66