1*2d543d20SAndroid Build Coastguard Worker;; Minimum stuff 2*2d543d20SAndroid Build Coastguard Worker(class CLASS (PERM)) 3*2d543d20SAndroid Build Coastguard Worker(classorder (CLASS)) 4*2d543d20SAndroid Build Coastguard Worker(sid SID) 5*2d543d20SAndroid Build Coastguard Worker(sidorder (SID)) 6*2d543d20SAndroid Build Coastguard Worker(user USER) 7*2d543d20SAndroid Build Coastguard Worker(role ROLE) 8*2d543d20SAndroid Build Coastguard Worker(type TYPE) 9*2d543d20SAndroid Build Coastguard Worker(category CAT) 10*2d543d20SAndroid Build Coastguard Worker(categoryorder (CAT)) 11*2d543d20SAndroid Build Coastguard Worker(sensitivity SENS) 12*2d543d20SAndroid Build Coastguard Worker(sensitivityorder (SENS)) 13*2d543d20SAndroid Build Coastguard Worker(sensitivitycategory SENS (CAT)) 14*2d543d20SAndroid Build Coastguard Worker(allow TYPE self (CLASS (PERM))) 15*2d543d20SAndroid Build Coastguard Worker(roletype ROLE TYPE) 16*2d543d20SAndroid Build Coastguard Worker(userrole USER ROLE) 17*2d543d20SAndroid Build Coastguard Worker(userlevel USER (SENS)) 18*2d543d20SAndroid Build Coastguard Worker(userrange USER ((SENS)(SENS (CAT)))) 19*2d543d20SAndroid Build Coastguard Worker(sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) 20*2d543d20SAndroid Build Coastguard Worker;; Extra stuff 21*2d543d20SAndroid Build Coastguard Worker(common COMMON (PERM1 PERM2 PERM3 PERM4)) 22*2d543d20SAndroid Build Coastguard Worker(classcommon CLASS COMMON) 23*2d543d20SAndroid Build Coastguard Worker 24*2d543d20SAndroid Build Coastguard Worker 25*2d543d20SAndroid Build Coastguard Worker;; Check resolution failure handling for optionals 26*2d543d20SAndroid Build Coastguard Worker(type t1) 27*2d543d20SAndroid Build Coastguard Worker(optional o1 28*2d543d20SAndroid Build Coastguard Worker (allow t1 self (CLASS (PERM))) ;; Should not appear in policy 29*2d543d20SAndroid Build Coastguard Worker (allow UNKNOWN self (CLASS (PERM))) 30*2d543d20SAndroid Build Coastguard Worker) 31*2d543d20SAndroid Build Coastguard Worker 32*2d543d20SAndroid Build Coastguard Worker 33*2d543d20SAndroid Build Coastguard Worker;; These should not cause an error 34*2d543d20SAndroid Build Coastguard Worker(block b2a 35*2d543d20SAndroid Build Coastguard Worker (type t2) 36*2d543d20SAndroid Build Coastguard Worker (allow t2 self (CLASS (PERM1))) 37*2d543d20SAndroid Build Coastguard Worker) 38*2d543d20SAndroid Build Coastguard Worker 39*2d543d20SAndroid Build Coastguard Worker(block b2b 40*2d543d20SAndroid Build Coastguard Worker (optional o2b 41*2d543d20SAndroid Build Coastguard Worker (type t2) 42*2d543d20SAndroid Build Coastguard Worker (allow t2 DNE (CLASS (PERM))) 43*2d543d20SAndroid Build Coastguard Worker ) 44*2d543d20SAndroid Build Coastguard Worker (blockinherit b2a) 45*2d543d20SAndroid Build Coastguard Worker) 46*2d543d20SAndroid Build Coastguard Worker 47*2d543d20SAndroid Build Coastguard Worker(block b2c 48*2d543d20SAndroid Build Coastguard Worker (optional o2c 49*2d543d20SAndroid Build Coastguard Worker (type t2) 50*2d543d20SAndroid Build Coastguard Worker (allow t2 self (CLASS (PERM))) 51*2d543d20SAndroid Build Coastguard Worker ) 52*2d543d20SAndroid Build Coastguard Worker (blockinherit b2a) 53*2d543d20SAndroid Build Coastguard Worker) 54*2d543d20SAndroid Build Coastguard Worker 55*2d543d20SAndroid Build Coastguard Worker 56*2d543d20SAndroid Build Coastguard Worker;; This is not allowed 57*2d543d20SAndroid Build Coastguard Worker;;(block b3 58*2d543d20SAndroid Build Coastguard Worker;; (optional o3 59*2d543d20SAndroid Build Coastguard Worker;; (type t3) 60*2d543d20SAndroid Build Coastguard Worker;; (allow t3 DNE (CLASS (PERM))) 61*2d543d20SAndroid Build Coastguard Worker;; ) 62*2d543d20SAndroid Build Coastguard Worker;; (type t3) 63*2d543d20SAndroid Build Coastguard Worker;; (allow t3 self (CLASS (PERM1))) 64*2d543d20SAndroid Build Coastguard Worker;;) 65*2d543d20SAndroid Build Coastguard Worker 66*2d543d20SAndroid Build Coastguard Worker 67*2d543d20SAndroid Build Coastguard Worker;; 68*2d543d20SAndroid Build Coastguard Worker;; Expected: 69*2d543d20SAndroid Build Coastguard Worker;; 70*2d543d20SAndroid Build Coastguard Worker;; Types: 71*2d543d20SAndroid Build Coastguard Worker;; t1 72*2d543d20SAndroid Build Coastguard Worker;; b2a.t2, b2b.t2, b2c.t2 73*2d543d20SAndroid Build Coastguard Worker;; 74*2d543d20SAndroid Build Coastguard Worker;; Allow rules: 75*2d543d20SAndroid Build Coastguard Worker;; allow b2a.t2 b2a.t2 : CLASS { PERM1 }; 76*2d543d20SAndroid Build Coastguard Worker;; allow b2b.t2 b2b.t2 : CLASS { PERM1 }; 77*2d543d20SAndroid Build Coastguard Worker;; allow b2c.t2 b2c.t2 : CLASS { PERM PERM1 }; 78*2d543d20SAndroid Build Coastguard Worker 79