xref: /aosp_15_r20/external/selinux/secilc/test/bounds.cil (revision 2d543d20722ada2425b5bdab9d0d1d29470e7bba)

(class CLASS (PERM))
(classorder (CLASS))
(sid SID)
(sidorder (SID))
(user USER)
(role ROLE)
(type TYPE)
(category CAT)
(categoryorder (CAT))
(sensitivity SENS)
(sensitivityorder (SENS))
(sensitivitycategory SENS (CAT))
(allow TYPE self (CLASS (PERM)))
(roletype ROLE TYPE)
(userrole USER ROLE)
(userlevel USER (SENS))
(userrange USER ((SENS)(SENS (CAT))))
(sidcontext SID (USER ROLE TYPE ((SENS)(SENS))))

(class c1 (p1a p1b p1c))
(class c2 (p2a p2b p2c))
(class c3 (p3a p3b p3c))

(classorder (CLASS c1 c2 c3))

(classpermission cp1)
(classpermissionset cp1 (c1 (p1a p1b)))
(classpermissionset cp1 (c2 (p2a)))

(classmap cm1 (mp1))
(classmapping cm1 mp1
	      (c1 (p1a)))

(boolean b_b1 false)
(boolean b_b2 false)
(boolean b_b3 false)


(type b_ta)
(type b_tb)
(type b_tc)
(type b_td)


;; All of these rules should pass the bounds check
(type b_t1)
(type b_t1_c)
(typebounds b_t1 b_t1_c)

(allow b_t1 self (CLASS (PERM)))
(allow b_t1_c self (CLASS (PERM)))
(allow b_t1 b_ta (CLASS (PERM)))
(allow b_t1_c b_ta (CLASS (PERM)))
(allow b_ta b_t1 (CLASS (PERM)))
(allow b_ta b_t1_c (CLASS (PERM)))

(booleanif b_b1
  (false
    (allow b_t1 b_tb (CLASS (PERM)))
    (allow b_t1_c b_tb (CLASS (PERM)))
    (allow b_tb b_t1 (CLASS (PERM)))
    (allow b_tb b_t1_c (CLASS (PERM)))))

(allow b_t1 b_tc (CLASS (PERM)))
(allow b_tc b_t1 (CLASS (PERM)))
(booleanif b_b2
  (false
    (allow b_t1_c b_tc (CLASS (PERM)))
    (allow b_tc b_t1_c (CLASS (PERM)))))

(allow b_t1_c b_td (CLASS (PERM)))
(allow b_td b_t1_c (CLASS (PERM)))
(booleanif b_b3
  (true
    (allow b_t1 b_td (CLASS (PERM)))
    (allow b_td b_t1 (CLASS (PERM))))
  (false
    (allow b_t1 b_td (CLASS (PERM)))
    (allow b_td b_t1 (CLASS (PERM)))))


;; All of these rules should pass the bounds check
(type b_t2)
(type b_t2_c)
(typebounds b_t2 b_t2_c)
(typeattribute b_a2)
(typeattribute b_a2_c)
(typeattributeset b_a2 b_t2)
(typeattributeset b_a2_c b_t2_c)

(allow b_a2 self (CLASS (PERM)))
(allow b_a2_c self (CLASS (PERM)))
(allow b_a2 b_ta (CLASS (PERM)))
(allow b_a2_c b_ta (CLASS (PERM)))
(allow b_ta b_a2 (CLASS (PERM)))
(allow b_ta b_a2_c (CLASS (PERM)))

(booleanif b_b1
  (false
    (allow b_a2 b_tb (CLASS (PERM)))
    (allow b_a2_c b_tb (CLASS (PERM)))
    (allow b_tb b_a2 (CLASS (PERM)))
    (allow b_tb b_a2_c (CLASS (PERM)))))

(allow b_a2 b_tc (CLASS (PERM)))
(allow b_tc b_a2 (CLASS (PERM)))
(booleanif b_b2
  (false
    (allow b_a2_c b_tc (CLASS (PERM)))
    (allow b_tc b_a2_c (CLASS (PERM)))))

(allow b_a2_c b_td (CLASS (PERM)))
(allow b_td b_a2_c (CLASS (PERM)))
(booleanif b_b3
  (true
    (allow b_a2 b_td (CLASS (PERM)))
    (allow b_td b_a2 (CLASS (PERM))))
  (false
    (allow b_a2 b_td (CLASS (PERM)))
    (allow b_td b_a2 (CLASS (PERM)))))


;; All of these rules should fail the bounds check
(type b_t3)
(type b_t3_c)
(typebounds b_t3 b_t3_c)

(allow b_t3 self (CLASS (PERM)))
(allow b_t3_c self (c1 (p1a)))
(allow b_t3 b_ta (CLASS (PERM)))
(allow b_t3_c b_ta (c1 (p1a)))
(allow b_ta b_t3 (CLASS (PERM)))
(allow b_ta b_t3_c (c1 (p1a)))

(booleanif b_b1
  (false
    (allow b_t3_c b_tb (c1 (p1a)))
    (allow b_tb b_t3_c (c1 (p1a)))))

(booleanif b_b2
  (true
    (allow b_t3_c b_tc (c1 (p1a)))
    (allow b_tc b_t3_c (c1 (p1a))))
  (false
    (allow b_t3 b_tc (c1 (p1a)))
    (allow b_tc b_t3 (c1 (p1a)))))

(allow b_t3_c b_td (c1 (p1a)))
(allow b_td b_t3_c (c1 (p1a)))
(booleanif b_b3
  (false
    (allow b_t3 b_td (c1 (p1a)))
    (allow b_td b_t3 (c1 (p1a)))))


;; All of these rules should fail the bounds check
(type b_t4)
(type b_t4_c)
(typebounds b_t4 b_t4_c)
(typeattribute b_a4)
(typeattribute b_a4_c)
(typeattributeset b_a4 b_t4)
(typeattributeset b_a4_c b_t4_c)

(allow b_a4 self (CLASS (PERM)))
(allow b_a4_c self (c1 (p1a)))
(allow b_a4 b_ta (CLASS (PERM)))
(allow b_a4_c b_ta (c1 (p1a)))
(allow b_ta b_a4 (CLASS (PERM)))
(allow b_ta b_a4_c (c1 (p1a)))

(booleanif b_b1
  (false
    (allow b_a4_c b_tb (c1 (p1a)))
    (allow b_tb b_a4_c (c1 (p1a)))))

(booleanif b_b2
  (true
    (allow b_a4_c b_tc (c1 (p1a)))
    (allow b_tc b_a4_c (c1 (p1a))))
  (false
    (allow b_a4 b_tc (c1 (p1a)))
    (allow b_tc b_a4 (c1 (p1a)))))

(allow b_a4_c b_td (c1 (p1a)))
(allow b_td b_a4_c (c1 (p1a)))
(booleanif b_b3
  (false
    (allow b_a4 b_td (c1 (p1a)))
    (allow b_td b_a4 (c1 (p1a)))))


;; Marked rules should fail, all others should pass
(type b_t5)
(type b_t5_c)
(typebounds b_t5 b_t5_c)

(allow b_t5 b_ta cp1)
(allow b_t5_c b_ta (c1 (p1a)))
(allow b_t5_c b_ta (c2 (p2a)))
(allow b_t5_c b_ta (c2 (p2b))) ;; Fail
(allow b_t5_c b_ta (c3 (p3a))) ;; Fail

(allow b_t5 b_tb (c1 (p1a p1b)))
(allow b_t5 b_tb (c2 (p2a)))
(allow b_t5_c b_tb cp1)

(allow b_t5 b_tc (cm1 (mp1)))
(allow b_t5_c b_tc (c1 (p1a)))
(allow b_t5_c b_tc (c1 (p1b))) ;; Fail
(allow b_t5_c b_tc (c2 (p2a))) ;; Fail

(allow b_t5 b_tc (c1 (p1a)))
(allow b_t5_c b_tc (cm1 (mp1)))


;; Marked rules should fail, all others should pass
(type b_t6a)
(type b_t6a_c)
(type b_t6b)
(type b_t6b_c)
(typebounds b_t6a b_t6a_c)
(typebounds b_t6b b_t6b_c)

(allow b_t6a b_t6b (CLASS (PERM)))
(allow b_t6a_c b_t6b_c (CLASS (PERM)))

;; Needs: (allow b_t6a b_t6b (c1 (p1a)))
(allow b_t6a_c b_t6b (c1 (p1a))) ;; Fail
(allow b_t6a_c b_t6b_c (c1 (p1a))) ;; Fail

;; Needs: (allow b_t6a b_t6b (c2 (p2a)))
(allow b_t6a b_t6b_c (c2 (p2a))) ;; Fail
(allow b_t6a_c b_t6b (c2 (p2a))) ;; Fail
(allow b_t6a_c b_t6b_c (c2 (p2a)))

;; Needs: (allow b_t6a b_t6b (c3 (p3c)))
(allow b_t6a b_t6b (c3 (p3a p3b)))
(allow b_t6a b_t6b_c (c3 (p3b p3c))) ;; Fail
(allow b_t6a_c b_t6b (c3 (p3a p3c))) ;; Fail
(allow b_t6a_c b_t6b_c (c3 (p3a p3b p3c))) ;; Fail