1(class CLASS (PERM)) 2(class C1 (p1a p1b p1c p1d p1e)) 3(classorder (CLASS C1)) 4(sid SID) 5(sidorder (SID)) 6(user USER) 7(role ROLE) 8(type TYPE) 9(category CAT) 10(categoryorder (CAT)) 11(sensitivity SENS) 12(sensitivityorder (SENS)) 13(sensitivitycategory SENS (CAT)) 14(allow TYPE self (CLASS (PERM))) 15(roletype ROLE TYPE) 16(userrole USER ROLE) 17(userlevel USER (SENS)) 18(userrange USER ((SENS)(SENS (CAT)))) 19(sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) 20 21(type ta) 22(type tb) 23(type tc) 24(type td) 25 26(typeattribute aab) 27(typeattributeset aab (ta tb)) 28 29(typeattribute aac) 30(typeattributeset aac (ta tc)) 31 32(typeattribute abc) 33(typeattributeset abc (tb tc)) 34 35(typeattribute aabc) 36(typeattributeset aabc (ta tb tc)) 37 38(typeattribute a_all_not_ta) 39(typeattributeset a_all_not_ta (and (all) (not ta))) 40 41(typeattribute a_all_not_aab) 42(typeattributeset a_all_not_aab (and (all) (not aab))) 43 44; Test 01 45(allow ta notself (C1 (p1a))) 46; (neverallow ta a_all_not_ta (C1 (p1a))) ; This check should fail 47 48; Test 02 49(allow aab notself (C1 (p1b))) 50; (neverallow aab a_all_not_aab (C1 (p1b))) ; This check should fail 51 52; Test 03 53(allow aab other (C1 (p1c))) 54; (neverallow ta tb (C1 (p1c))) ; This check should fail 55; (neverallow tb ta (C1 (p1c))) ; This check should fail 56 57; Test 04 58(allow aabc other (C1 (p1d))) 59; (neverallow ta abc (C1 (p1d))) ; This check should fail 60; (neverallow tb aac (C1 (p1d))) ; This check should fail 61; (neverallow tc aab (C1 (p1d))) ; This check should fail 62 63; Test 05 64(allow ta other (C1 (p1e))) ; other used with a single type results in no rule 65(neverallow ta a_all_not_ta (C1 (p1e))) 66