1*2d543d20SAndroid Build Coastguard Worker;; Minimum stuff 2*2d543d20SAndroid Build Coastguard Worker(class CLASS (PERM)) 3*2d543d20SAndroid Build Coastguard Worker(classorder (CLASS)) 4*2d543d20SAndroid Build Coastguard Worker(sid SID) 5*2d543d20SAndroid Build Coastguard Worker(sidorder (SID)) 6*2d543d20SAndroid Build Coastguard Worker(user USER) 7*2d543d20SAndroid Build Coastguard Worker(role ROLE) 8*2d543d20SAndroid Build Coastguard Worker(type TYPE) 9*2d543d20SAndroid Build Coastguard Worker(category CAT) 10*2d543d20SAndroid Build Coastguard Worker(categoryorder (CAT)) 11*2d543d20SAndroid Build Coastguard Worker(sensitivity SENS) 12*2d543d20SAndroid Build Coastguard Worker(sensitivityorder (SENS)) 13*2d543d20SAndroid Build Coastguard Worker(sensitivitycategory SENS (CAT)) 14*2d543d20SAndroid Build Coastguard Worker(allow TYPE self (CLASS (PERM))) 15*2d543d20SAndroid Build Coastguard Worker(roletype ROLE TYPE) 16*2d543d20SAndroid Build Coastguard Worker(userrole USER ROLE) 17*2d543d20SAndroid Build Coastguard Worker(userlevel USER (SENS)) 18*2d543d20SAndroid Build Coastguard Worker(userrange USER ((SENS)(SENS (CAT)))) 19*2d543d20SAndroid Build Coastguard Worker(sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) 20*2d543d20SAndroid Build Coastguard Worker;; Extra stuff 21*2d543d20SAndroid Build Coastguard Worker(common COMMON (PERM1 PERM2 PERM3 PERM4)) 22*2d543d20SAndroid Build Coastguard Worker(classcommon CLASS COMMON) 23*2d543d20SAndroid Build Coastguard Worker 24*2d543d20SAndroid Build Coastguard Worker 25*2d543d20SAndroid Build Coastguard Worker;; Tests 1 and 2 show that the order of inheritance matters 26*2d543d20SAndroid Build Coastguard Worker;; 27*2d543d20SAndroid Build Coastguard Worker(block b1 28*2d543d20SAndroid Build Coastguard Worker (type ta)) 29*2d543d20SAndroid Build Coastguard Worker 30*2d543d20SAndroid Build Coastguard Worker(block b1a 31*2d543d20SAndroid Build Coastguard Worker (block b1 32*2d543d20SAndroid Build Coastguard Worker (type tb))) 33*2d543d20SAndroid Build Coastguard Worker 34*2d543d20SAndroid Build Coastguard Worker(block b1b 35*2d543d20SAndroid Build Coastguard Worker (blockinherit b1) ;; Results in b1b.ta 36*2d543d20SAndroid Build Coastguard Worker (blockinherit b1a)) 37*2d543d20SAndroid Build Coastguard Worker 38*2d543d20SAndroid Build Coastguard Worker 39*2d543d20SAndroid Build Coastguard Worker(block b2 40*2d543d20SAndroid Build Coastguard Worker (type ta)) 41*2d543d20SAndroid Build Coastguard Worker 42*2d543d20SAndroid Build Coastguard Worker(block b2a 43*2d543d20SAndroid Build Coastguard Worker (block b2 44*2d543d20SAndroid Build Coastguard Worker (type tb))) 45*2d543d20SAndroid Build Coastguard Worker 46*2d543d20SAndroid Build Coastguard Worker(block b2b 47*2d543d20SAndroid Build Coastguard Worker (blockinherit b2a) 48*2d543d20SAndroid Build Coastguard Worker (blockinherit b2)) 49*2d543d20SAndroid Build Coastguard Worker 50*2d543d20SAndroid Build Coastguard Worker 51*2d543d20SAndroid Build Coastguard Worker;; All of these work 52*2d543d20SAndroid Build Coastguard Worker(block b3a 53*2d543d20SAndroid Build Coastguard Worker (type t3a) 54*2d543d20SAndroid Build Coastguard Worker (block b 55*2d543d20SAndroid Build Coastguard Worker (type t) 56*2d543d20SAndroid Build Coastguard Worker (allow t3a t (CLASS (PERM))) 57*2d543d20SAndroid Build Coastguard Worker ) 58*2d543d20SAndroid Build Coastguard Worker) 59*2d543d20SAndroid Build Coastguard Worker 60*2d543d20SAndroid Build Coastguard Worker(block b3b 61*2d543d20SAndroid Build Coastguard Worker (blockinherit b3a) 62*2d543d20SAndroid Build Coastguard Worker) 63*2d543d20SAndroid Build Coastguard Worker 64*2d543d20SAndroid Build Coastguard Worker(block b3c 65*2d543d20SAndroid Build Coastguard Worker (blockinherit b3a.b) 66*2d543d20SAndroid Build Coastguard Worker) 67*2d543d20SAndroid Build Coastguard Worker 68*2d543d20SAndroid Build Coastguard Worker(block b3d 69*2d543d20SAndroid Build Coastguard Worker (type t3a) 70*2d543d20SAndroid Build Coastguard Worker (blockinherit b3a) 71*2d543d20SAndroid Build Coastguard Worker) 72*2d543d20SAndroid Build Coastguard Worker 73*2d543d20SAndroid Build Coastguard Worker(block b3e 74*2d543d20SAndroid Build Coastguard Worker (type t3a) 75*2d543d20SAndroid Build Coastguard Worker (blockinherit b3a.b) 76*2d543d20SAndroid Build Coastguard Worker) 77*2d543d20SAndroid Build Coastguard Worker 78*2d543d20SAndroid Build Coastguard Worker 79*2d543d20SAndroid Build Coastguard Worker;; Since block is abstract, allow rule will not be in policy 80*2d543d20SAndroid Build Coastguard Worker(type t4) 81*2d543d20SAndroid Build Coastguard Worker(block b4 82*2d543d20SAndroid Build Coastguard Worker (blockabstract b4) 83*2d543d20SAndroid Build Coastguard Worker (allow t4 self (CLASS (PERM))) 84*2d543d20SAndroid Build Coastguard Worker) 85*2d543d20SAndroid Build Coastguard Worker 86*2d543d20SAndroid Build Coastguard Worker 87*2d543d20SAndroid Build Coastguard Worker;; Inheriting the abstract block causes the allow rule to be in the policy 88*2d543d20SAndroid Build Coastguard Worker(type t5) 89*2d543d20SAndroid Build Coastguard Worker(block b5 90*2d543d20SAndroid Build Coastguard Worker (blockabstract b5) 91*2d543d20SAndroid Build Coastguard Worker (allow t5 self (CLASS (PERM))) 92*2d543d20SAndroid Build Coastguard Worker) 93*2d543d20SAndroid Build Coastguard Worker(blockinherit b5) 94*2d543d20SAndroid Build Coastguard Worker 95*2d543d20SAndroid Build Coastguard Worker 96*2d543d20SAndroid Build Coastguard Worker;; A sub-block can be inherited out of an abstract block 97*2d543d20SAndroid Build Coastguard Worker(type t6) 98*2d543d20SAndroid Build Coastguard Worker(block b6 99*2d543d20SAndroid Build Coastguard Worker (blockabstract b6) 100*2d543d20SAndroid Build Coastguard Worker (allow t6 self (CLASS (PERM1))) 101*2d543d20SAndroid Build Coastguard Worker (block b 102*2d543d20SAndroid Build Coastguard Worker (blockabstract b) 103*2d543d20SAndroid Build Coastguard Worker (allow t6 self (CLASS (PERM))) 104*2d543d20SAndroid Build Coastguard Worker ) 105*2d543d20SAndroid Build Coastguard Worker) 106*2d543d20SAndroid Build Coastguard Worker(blockinherit b6.b) 107*2d543d20SAndroid Build Coastguard Worker 108*2d543d20SAndroid Build Coastguard Worker;; 109*2d543d20SAndroid Build Coastguard Worker;; Expected: 110*2d543d20SAndroid Build Coastguard Worker;; 111*2d543d20SAndroid Build Coastguard Worker;; Types: 112*2d543d20SAndroid Build Coastguard Worker;; b1.ta, b1a.b1.tb, b1b.b1.tb, b1b.ta 113*2d543d20SAndroid Build Coastguard Worker;; b2.ta, b2a.b2.tb, b2b.b2.tb, b2b.ta 114*2d543d20SAndroid Build Coastguard Worker;; b3a.b.t, b3a.t3a, b3b.b.t, b3b.t3a, b3c.t, b3d.b.t, b3d.t3a, b3e.t, b3e.t3a 115*2d543d20SAndroid Build Coastguard Worker;; t4 116*2d543d20SAndroid Build Coastguard Worker;; t5 117*2d543d20SAndroid Build Coastguard Worker;; t6 118*2d543d20SAndroid Build Coastguard Worker;; 119*2d543d20SAndroid Build Coastguard Worker;; Allow rules: 120*2d543d20SAndroid Build Coastguard Worker;; allow b3a.t3a b3a.b.t : CLASS { PERM }; 121*2d543d20SAndroid Build Coastguard Worker;; allow b3a.t3a b3c.t : CLASS { PERM }; 122*2d543d20SAndroid Build Coastguard Worker;; allow b3b.t3a b3b.b.t : CLASS { PERM }; 123*2d543d20SAndroid Build Coastguard Worker;; allow b3d.t3a b3d.b.t : CLASS { PERM }; 124*2d543d20SAndroid Build Coastguard Worker;; allow b3e.t3a b3e.t : CLASS { PERM }; 125*2d543d20SAndroid Build Coastguard Worker;; allow t5 t5 : CLASS { PERM }; 126*2d543d20SAndroid Build Coastguard Worker;; allow t6 t6 : CLASS { PERM };