1*2d543d20SAndroid Build Coastguard Workermodule my_module 1.0; 2*2d543d20SAndroid Build Coastguard Worker 3*2d543d20SAndroid Build Coastguard Workerrequire { 4*2d543d20SAndroid Build Coastguard Worker bool allow_ypbind, secure_mode, allow_execstack; 5*2d543d20SAndroid Build Coastguard Worker type system_t, sysadm_t; 6*2d543d20SAndroid Build Coastguard Worker class file {read write}; 7*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_2, attr_check_base_3; 8*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_optional_2; 9*2d543d20SAndroid Build Coastguard Worker} 10*2d543d20SAndroid Build Coastguard Worker 11*2d543d20SAndroid Build Coastguard Workerbool module_1_bool true; 12*2d543d20SAndroid Build Coastguard Worker 13*2d543d20SAndroid Build Coastguard Workerif (module_1_bool && allow_ypbind && secure_mode && allow_execstack) { 14*2d543d20SAndroid Build Coastguard Worker allow system_t sysadm_t : file { read write }; 15*2d543d20SAndroid Build Coastguard Worker} 16*2d543d20SAndroid Build Coastguard Worker 17*2d543d20SAndroid Build Coastguard Workeroptional { 18*2d543d20SAndroid Build Coastguard Worker bool module_1_bool_2 false; 19*2d543d20SAndroid Build Coastguard Worker require { 20*2d543d20SAndroid Build Coastguard Worker bool optional_bool_1, optional_bool_2; 21*2d543d20SAndroid Build Coastguard Worker class file { execute ioctl }; 22*2d543d20SAndroid Build Coastguard Worker } 23*2d543d20SAndroid Build Coastguard Worker if (optional_bool_1 && optional_bool_2 || module_1_bool_2) { 24*2d543d20SAndroid Build Coastguard Worker allow system_t sysadm_t : file {execute ioctl}; 25*2d543d20SAndroid Build Coastguard Worker } 26*2d543d20SAndroid Build Coastguard Worker} 27*2d543d20SAndroid Build Coastguard Worker# Type - attribute mapping test 28*2d543d20SAndroid Build Coastguard Workertype module_t; 29*2d543d20SAndroid Build Coastguard Workerattribute attr_check_mod_1; 30*2d543d20SAndroid Build Coastguard Workerattribute attr_check_mod_2; 31*2d543d20SAndroid Build Coastguard Workerattribute attr_check_mod_3; 32*2d543d20SAndroid Build Coastguard Workerattribute attr_check_mod_4; 33*2d543d20SAndroid Build Coastguard Workerattribute attr_check_mod_5; 34*2d543d20SAndroid Build Coastguard Workerattribute attr_check_mod_6; 35*2d543d20SAndroid Build Coastguard Workerattribute attr_check_mod_7; 36*2d543d20SAndroid Build Coastguard Workerattribute attr_check_mod_8; 37*2d543d20SAndroid Build Coastguard Workerattribute attr_check_mod_9; 38*2d543d20SAndroid Build Coastguard Workerattribute attr_check_mod_10; 39*2d543d20SAndroid Build Coastguard Workerattribute attr_check_mod_11; 40*2d543d20SAndroid Build Coastguard Workeroptional { 41*2d543d20SAndroid Build Coastguard Worker require { 42*2d543d20SAndroid Build Coastguard Worker type base_t; 43*2d543d20SAndroid Build Coastguard Worker } 44*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_optional_1; 45*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_optional_2; 46*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_optional_3; 47*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_optional_4; 48*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_optional_5; 49*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_optional_6; 50*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_optional_7; 51*2d543d20SAndroid Build Coastguard Worker} 52*2d543d20SAndroid Build Coastguard Workeroptional { 53*2d543d20SAndroid Build Coastguard Worker require { 54*2d543d20SAndroid Build Coastguard Worker type does_not_exist_t; 55*2d543d20SAndroid Build Coastguard Worker } 56*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_optional_disabled_4; 57*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_optional_disabled_7; 58*2d543d20SAndroid Build Coastguard Worker} 59*2d543d20SAndroid Build Coastguard Workertype attr_check_base_2_1_t, attr_check_base_2; 60*2d543d20SAndroid Build Coastguard Workertype attr_check_base_2_2_t; 61*2d543d20SAndroid Build Coastguard Workertypeattribute attr_check_base_2_2_t attr_check_base_2; 62*2d543d20SAndroid Build Coastguard Workertype attr_check_base_3_3_t, attr_check_base_3; 63*2d543d20SAndroid Build Coastguard Workertype attr_check_base_3_4_t; 64*2d543d20SAndroid Build Coastguard Workertypeattribute attr_check_base_3_4_t attr_check_base_3; 65*2d543d20SAndroid Build Coastguard Workeroptional { 66*2d543d20SAndroid Build Coastguard Worker require { 67*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_5; 68*2d543d20SAndroid Build Coastguard Worker } 69*2d543d20SAndroid Build Coastguard Worker type attr_check_base_5_1_t, attr_check_base_5; 70*2d543d20SAndroid Build Coastguard Worker type attr_check_base_5_2_t; 71*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_base_5_2_t attr_check_base_5; 72*2d543d20SAndroid Build Coastguard Worker} 73*2d543d20SAndroid Build Coastguard Workeroptional { 74*2d543d20SAndroid Build Coastguard Worker require { 75*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_6; 76*2d543d20SAndroid Build Coastguard Worker } 77*2d543d20SAndroid Build Coastguard Worker type attr_check_base_6_3_t, attr_check_base_6; 78*2d543d20SAndroid Build Coastguard Worker type attr_check_base_6_4_t; 79*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_base_6_4_t attr_check_base_6; 80*2d543d20SAndroid Build Coastguard Worker} 81*2d543d20SAndroid Build Coastguard Workeroptional { 82*2d543d20SAndroid Build Coastguard Worker require { 83*2d543d20SAndroid Build Coastguard Worker type does_not_exist_t; 84*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_8; 85*2d543d20SAndroid Build Coastguard Worker } 86*2d543d20SAndroid Build Coastguard Worker type attr_check_base_8_1_t, attr_check_base_8; 87*2d543d20SAndroid Build Coastguard Worker type attr_check_base_8_2_t; 88*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_base_8_2_t attr_check_base_8; 89*2d543d20SAndroid Build Coastguard Worker} 90*2d543d20SAndroid Build Coastguard Workeroptional { 91*2d543d20SAndroid Build Coastguard Worker require { 92*2d543d20SAndroid Build Coastguard Worker type does_not_exist_t; 93*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_9; 94*2d543d20SAndroid Build Coastguard Worker } 95*2d543d20SAndroid Build Coastguard Worker type attr_check_base_9_3_t, attr_check_base_9; 96*2d543d20SAndroid Build Coastguard Worker type attr_check_base_9_4_t; 97*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_base_9_4_t attr_check_base_9; 98*2d543d20SAndroid Build Coastguard Worker} 99*2d543d20SAndroid Build Coastguard Workeroptional { 100*2d543d20SAndroid Build Coastguard Worker require { 101*2d543d20SAndroid Build Coastguard Worker type does_not_exist_t; 102*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_10; 103*2d543d20SAndroid Build Coastguard Worker } 104*2d543d20SAndroid Build Coastguard Worker type attr_check_base_10_3_t, attr_check_base_10; 105*2d543d20SAndroid Build Coastguard Worker type attr_check_base_10_4_t; 106*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_base_10_4_t attr_check_base_10; 107*2d543d20SAndroid Build Coastguard Worker} 108*2d543d20SAndroid Build Coastguard Workeroptional { 109*2d543d20SAndroid Build Coastguard Worker require { 110*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_11; 111*2d543d20SAndroid Build Coastguard Worker } 112*2d543d20SAndroid Build Coastguard Worker type attr_check_base_11_3_t, attr_check_base_11; 113*2d543d20SAndroid Build Coastguard Worker type attr_check_base_11_4_t; 114*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_base_11_4_t attr_check_base_11; 115*2d543d20SAndroid Build Coastguard Worker} 116*2d543d20SAndroid Build Coastguard Workertype attr_check_base_optional_2_1_t, attr_check_base_optional_2; 117*2d543d20SAndroid Build Coastguard Workertype attr_check_base_optional_2_2_t; 118*2d543d20SAndroid Build Coastguard Workertypeattribute attr_check_base_optional_2_2_t attr_check_base_optional_2; 119*2d543d20SAndroid Build Coastguard Workeroptional { 120*2d543d20SAndroid Build Coastguard Worker require { 121*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_optional_5; 122*2d543d20SAndroid Build Coastguard Worker } 123*2d543d20SAndroid Build Coastguard Worker type attr_check_base_optional_5_1_t, attr_check_base_optional_5; 124*2d543d20SAndroid Build Coastguard Worker type attr_check_base_optional_5_2_t; 125*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_base_optional_5_2_t attr_check_base_optional_5; 126*2d543d20SAndroid Build Coastguard Worker} 127*2d543d20SAndroid Build Coastguard Worker#optional { 128*2d543d20SAndroid Build Coastguard Worker# require { 129*2d543d20SAndroid Build Coastguard Worker# attribute attr_check_base_optional_6; 130*2d543d20SAndroid Build Coastguard Worker# } 131*2d543d20SAndroid Build Coastguard Worker# type attr_check_base_optional_6_3_t, attr_check_base_optional_6; 132*2d543d20SAndroid Build Coastguard Worker# type attr_check_base_optional_6_4_t; 133*2d543d20SAndroid Build Coastguard Worker# typeattribute attr_check_base_optional_6_4_t attr_check_base_optional_6; 134*2d543d20SAndroid Build Coastguard Worker#} 135*2d543d20SAndroid Build Coastguard Workeroptional { 136*2d543d20SAndroid Build Coastguard Worker require { 137*2d543d20SAndroid Build Coastguard Worker type does_not_exist_t; 138*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_optional_8; 139*2d543d20SAndroid Build Coastguard Worker } 140*2d543d20SAndroid Build Coastguard Worker type attr_check_base_optional_8_1_t, attr_check_base_optional_8; 141*2d543d20SAndroid Build Coastguard Worker type attr_check_base_optional_8_2_t; 142*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_base_optional_8_2_t attr_check_base_optional_8; 143*2d543d20SAndroid Build Coastguard Worker} 144*2d543d20SAndroid Build Coastguard Workertype attr_check_mod_2_1_t, attr_check_mod_2; 145*2d543d20SAndroid Build Coastguard Workertype attr_check_mod_2_2_t; 146*2d543d20SAndroid Build Coastguard Workertypeattribute attr_check_mod_2_2_t attr_check_mod_2; 147*2d543d20SAndroid Build Coastguard Workeroptional { 148*2d543d20SAndroid Build Coastguard Worker require { 149*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_5; 150*2d543d20SAndroid Build Coastguard Worker } 151*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_5_1_t, attr_check_mod_5; 152*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_5_2_t; 153*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_mod_5_2_t attr_check_mod_5; 154*2d543d20SAndroid Build Coastguard Worker} 155*2d543d20SAndroid Build Coastguard Workeroptional { 156*2d543d20SAndroid Build Coastguard Worker require { 157*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_6; 158*2d543d20SAndroid Build Coastguard Worker } 159*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_6_3_t, attr_check_mod_6; 160*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_6_4_t; 161*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_mod_6_4_t attr_check_mod_6; 162*2d543d20SAndroid Build Coastguard Worker} 163*2d543d20SAndroid Build Coastguard Workeroptional { 164*2d543d20SAndroid Build Coastguard Worker require { 165*2d543d20SAndroid Build Coastguard Worker type does_not_exist_t; 166*2d543d20SAndroid Build Coastguard Worker } 167*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_8_1_t, attr_check_mod_8; 168*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_8_2_t; 169*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_mod_8_2_t attr_check_mod_8; 170*2d543d20SAndroid Build Coastguard Worker} 171*2d543d20SAndroid Build Coastguard Workeroptional { 172*2d543d20SAndroid Build Coastguard Worker require { 173*2d543d20SAndroid Build Coastguard Worker type does_not_exist_t; 174*2d543d20SAndroid Build Coastguard Worker } 175*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_9_3_t, attr_check_mod_9; 176*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_9_4_t; 177*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_mod_9_4_t attr_check_mod_9; 178*2d543d20SAndroid Build Coastguard Worker} 179*2d543d20SAndroid Build Coastguard Workeroptional { 180*2d543d20SAndroid Build Coastguard Worker require { 181*2d543d20SAndroid Build Coastguard Worker type does_not_exist_t; 182*2d543d20SAndroid Build Coastguard Worker } 183*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_10_3_t, attr_check_mod_10; 184*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_10_4_t; 185*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_mod_10_4_t attr_check_mod_10; 186*2d543d20SAndroid Build Coastguard Worker} 187*2d543d20SAndroid Build Coastguard Workeroptional { 188*2d543d20SAndroid Build Coastguard Worker require { 189*2d543d20SAndroid Build Coastguard Worker type base_t; 190*2d543d20SAndroid Build Coastguard Worker } 191*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_11_3_t, attr_check_mod_11; 192*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_11_4_t; 193*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_mod_11_4_t attr_check_mod_11; 194*2d543d20SAndroid Build Coastguard Worker} 195*2d543d20SAndroid Build Coastguard Worker#optional { 196*2d543d20SAndroid Build Coastguard Worker# require { 197*2d543d20SAndroid Build Coastguard Worker# attribute attr_check_mod_optional_5; 198*2d543d20SAndroid Build Coastguard Worker# } 199*2d543d20SAndroid Build Coastguard Worker# type attr_check_mod_optional_5_1_t, attr_check_mod_optional_5; 200*2d543d20SAndroid Build Coastguard Worker# type attr_check_mod_optional_5_2_t; 201*2d543d20SAndroid Build Coastguard Worker# typeattribute attr_check_mod_optional_5_2_t attr_check_mod_optional_5; 202*2d543d20SAndroid Build Coastguard Worker#} 203*2d543d20SAndroid Build Coastguard Worker#optional { 204*2d543d20SAndroid Build Coastguard Worker# require { 205*2d543d20SAndroid Build Coastguard Worker# attribute attr_check_mod_optional_6; 206*2d543d20SAndroid Build Coastguard Worker# } 207*2d543d20SAndroid Build Coastguard Worker# type attr_check_mod_optional_6_3_t, attr_check_mod_optional_6; 208*2d543d20SAndroid Build Coastguard Worker# type attr_check_mod_optional_6_4_t; 209*2d543d20SAndroid Build Coastguard Worker# typeattribute attr_check_mod_optional_6_4_t attr_check_mod_optional_6; 210*2d543d20SAndroid Build Coastguard Worker#} 211*2d543d20SAndroid Build Coastguard Workeroptional { 212*2d543d20SAndroid Build Coastguard Worker require { 213*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_optional_disabled_5; 214*2d543d20SAndroid Build Coastguard Worker } 215*2d543d20SAndroid Build Coastguard Worker type attr_check_base_optional_disabled_5_1_t, attr_check_base_optional_disabled_5; 216*2d543d20SAndroid Build Coastguard Worker type attr_check_base_optional_disabled_5_2_t; 217*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_base_optional_disabled_5_2_t attr_check_base_optional_disabled_5; 218*2d543d20SAndroid Build Coastguard Worker} 219*2d543d20SAndroid Build Coastguard Workeroptional { 220*2d543d20SAndroid Build Coastguard Worker require { 221*2d543d20SAndroid Build Coastguard Worker type does_not_exist_t; 222*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_optional_disabled_8; 223*2d543d20SAndroid Build Coastguard Worker } 224*2d543d20SAndroid Build Coastguard Worker type attr_check_base_optional_disabled_8_1_t, attr_check_base_optional_disabled_8; 225*2d543d20SAndroid Build Coastguard Worker type attr_check_base_optional_disabled_8_2_t; 226*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_base_optional_disabled_8_2_t attr_check_base_optional_disabled_8; 227*2d543d20SAndroid Build Coastguard Worker} 228*2d543d20SAndroid Build Coastguard Worker 229