1 2class testing 3class fooclass 4 5sid test_sid 6#end 7 8#sid decl 9sid security 10 11 12class testing 13{ 14 read 15 open 16 close 17 write 18 exec 19} 20class fooclass 21{ 22 read 23 open 24 close 25 write 26 exec 27} 28#end 29 30#attribs 31 32attribute attrs; 33#end 34 35 36type foo_t, attrs; 37type typea_t; 38type typeb_t; 39type typec_t; 40#end 41 42 43bool foo_b true; 44bool baz_b false; 45#end 46 47 48role foo_r types foo_t; 49role rolea_r; 50role roleb_r; 51#end 52 53#role decl 54 55 56allow typea_t typeb_t : testing write; 57allow typea_t typeb_t : testing {open close}; 58type_transition typea_t typeb_t : testing typec_t; 59#end 60 61#audit rules 62#dontaudit {kernel} unknown : dir search; 63 64 65allow rolea_r roleb_r; 66#end 67 68#rbac stuff 69#allow system {guest local_user}; 70#allow local_user guest; 71 72 73user foo_u roles foo_r; 74#end 75 76sid test_sid foo_u:foo_r:foo_t 77