• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1module my_module 1.0;
2
3require {
4	bool allow_ypbind, secure_mode, allow_execstack;
5	type system_t, sysadm_t;
6	class file {read write};
7	attribute attr_check_base_2, attr_check_base_3;
8	attribute attr_check_base_optional_2;
9}
10
11bool module_1_bool true;
12
13if (module_1_bool && allow_ypbind && secure_mode && allow_execstack) {
14	allow system_t sysadm_t : file { read write };
15}
16
17optional {
18	bool module_1_bool_2 false;
19	require {
20		bool optional_bool_1, optional_bool_2;
21		class file { execute ioctl };
22	}
23	if (optional_bool_1 && optional_bool_2 || module_1_bool_2) {
24		allow system_t sysadm_t : file {execute ioctl};
25	}
26}
27# Type - attribute mapping test
28type module_t;
29attribute attr_check_mod_1;
30attribute attr_check_mod_2;
31attribute attr_check_mod_3;
32attribute attr_check_mod_4;
33attribute attr_check_mod_5;
34attribute attr_check_mod_6;
35attribute attr_check_mod_7;
36attribute attr_check_mod_8;
37attribute attr_check_mod_9;
38attribute attr_check_mod_10;
39attribute attr_check_mod_11;
40optional {
41	require {
42		type base_t;
43	}
44	attribute attr_check_mod_optional_1;
45	attribute attr_check_mod_optional_2;
46	attribute attr_check_mod_optional_3;
47	attribute attr_check_mod_optional_4;
48	attribute attr_check_mod_optional_5;
49	attribute attr_check_mod_optional_6;
50	attribute attr_check_mod_optional_7;
51}
52optional {
53	require {
54		type does_not_exist_t;
55	}
56	attribute attr_check_mod_optional_disabled_4;
57	attribute attr_check_mod_optional_disabled_7;
58}
59type attr_check_base_2_1_t, attr_check_base_2;
60type attr_check_base_2_2_t;
61typeattribute attr_check_base_2_2_t attr_check_base_2;
62type attr_check_base_3_3_t, attr_check_base_3;
63type attr_check_base_3_4_t;
64typeattribute attr_check_base_3_4_t attr_check_base_3;
65optional {
66	require {
67		attribute attr_check_base_5;
68	}
69	type attr_check_base_5_1_t, attr_check_base_5;
70	type attr_check_base_5_2_t;
71	typeattribute attr_check_base_5_2_t attr_check_base_5;
72}
73optional {
74	require {
75		attribute attr_check_base_6;
76	}
77	type attr_check_base_6_3_t, attr_check_base_6;
78	type attr_check_base_6_4_t;
79	typeattribute attr_check_base_6_4_t attr_check_base_6;
80}
81optional {
82	require {
83		type does_not_exist_t;
84		attribute attr_check_base_8;
85	}
86	type attr_check_base_8_1_t, attr_check_base_8;
87	type attr_check_base_8_2_t;
88	typeattribute attr_check_base_8_2_t attr_check_base_8;
89}
90optional {
91	require {
92		type does_not_exist_t;
93		attribute attr_check_base_9;
94	}
95	type attr_check_base_9_3_t, attr_check_base_9;
96	type attr_check_base_9_4_t;
97	typeattribute attr_check_base_9_4_t attr_check_base_9;
98}
99optional {
100	require {
101		type does_not_exist_t;
102		attribute attr_check_base_10;
103	}
104	type attr_check_base_10_3_t, attr_check_base_10;
105	type attr_check_base_10_4_t;
106	typeattribute attr_check_base_10_4_t attr_check_base_10;
107}
108optional {
109	require {
110		attribute attr_check_base_11;
111	}
112	type attr_check_base_11_3_t, attr_check_base_11;
113	type attr_check_base_11_4_t;
114	typeattribute attr_check_base_11_4_t attr_check_base_11;
115}
116type attr_check_base_optional_2_1_t, attr_check_base_optional_2;
117type attr_check_base_optional_2_2_t;
118typeattribute attr_check_base_optional_2_2_t attr_check_base_optional_2;
119optional {
120	require {
121		attribute attr_check_base_optional_5;
122	}
123	type attr_check_base_optional_5_1_t, attr_check_base_optional_5;
124	type attr_check_base_optional_5_2_t;
125	typeattribute attr_check_base_optional_5_2_t attr_check_base_optional_5;
126}
127#optional {
128#	require {
129#		attribute attr_check_base_optional_6;
130#	}
131#	type attr_check_base_optional_6_3_t, attr_check_base_optional_6;
132#	type attr_check_base_optional_6_4_t;
133#	typeattribute attr_check_base_optional_6_4_t attr_check_base_optional_6;
134#}
135optional {
136	require {
137		type does_not_exist_t;
138		attribute attr_check_base_optional_8;
139	}
140	type attr_check_base_optional_8_1_t, attr_check_base_optional_8;
141	type attr_check_base_optional_8_2_t;
142	typeattribute attr_check_base_optional_8_2_t attr_check_base_optional_8;
143}
144type attr_check_mod_2_1_t, attr_check_mod_2;
145type attr_check_mod_2_2_t;
146typeattribute attr_check_mod_2_2_t attr_check_mod_2;
147optional {
148	require {
149		attribute attr_check_mod_5;
150	}
151	type attr_check_mod_5_1_t, attr_check_mod_5;
152	type attr_check_mod_5_2_t;
153	typeattribute attr_check_mod_5_2_t attr_check_mod_5;
154}
155optional {
156	require {
157		attribute attr_check_mod_6;
158	}
159	type attr_check_mod_6_3_t, attr_check_mod_6;
160	type attr_check_mod_6_4_t;
161	typeattribute attr_check_mod_6_4_t attr_check_mod_6;
162}
163optional {
164	require {
165		type does_not_exist_t;
166	}
167	type attr_check_mod_8_1_t, attr_check_mod_8;
168	type attr_check_mod_8_2_t;
169	typeattribute attr_check_mod_8_2_t attr_check_mod_8;
170}
171optional {
172	require {
173		type does_not_exist_t;
174	}
175	type attr_check_mod_9_3_t, attr_check_mod_9;
176	type attr_check_mod_9_4_t;
177	typeattribute attr_check_mod_9_4_t attr_check_mod_9;
178}
179optional {
180	require {
181		type does_not_exist_t;
182	}
183	type attr_check_mod_10_3_t, attr_check_mod_10;
184	type attr_check_mod_10_4_t;
185	typeattribute attr_check_mod_10_4_t attr_check_mod_10;
186}
187optional {
188	require {
189		type base_t;
190	}
191	type attr_check_mod_11_3_t, attr_check_mod_11;
192	type attr_check_mod_11_4_t;
193	typeattribute attr_check_mod_11_4_t attr_check_mod_11;
194}
195#optional {
196#	require {
197#		attribute attr_check_mod_optional_5;
198#	}
199#	type attr_check_mod_optional_5_1_t, attr_check_mod_optional_5;
200#	type attr_check_mod_optional_5_2_t;
201#	typeattribute attr_check_mod_optional_5_2_t attr_check_mod_optional_5;
202#}
203#optional {
204#	require {
205#		attribute attr_check_mod_optional_6;
206#	}
207#	type attr_check_mod_optional_6_3_t, attr_check_mod_optional_6;
208#	type attr_check_mod_optional_6_4_t;
209#	typeattribute attr_check_mod_optional_6_4_t attr_check_mod_optional_6;
210#}
211optional {
212	require {
213		attribute attr_check_base_optional_disabled_5;
214	}
215	type attr_check_base_optional_disabled_5_1_t, attr_check_base_optional_disabled_5;
216	type attr_check_base_optional_disabled_5_2_t;
217	typeattribute attr_check_base_optional_disabled_5_2_t attr_check_base_optional_disabled_5;
218}
219optional {
220	require {
221		type does_not_exist_t;
222		attribute attr_check_base_optional_disabled_8;
223	}
224	type attr_check_base_optional_disabled_8_1_t, attr_check_base_optional_disabled_8;
225	type attr_check_base_optional_disabled_8_2_t;
226	typeattribute attr_check_base_optional_disabled_8_2_t attr_check_base_optional_disabled_8;
227}
228
229