Home | History | Annotate | Download | only in test 
      1 (class CLASS (PERM))
      2 (classorder (CLASS))
      3 (sid SID)
      4 (sidorder (SID))
      5 (user USER)
      6 (role ROLE)
      7 (type TYPE)
      8 (category CAT)
      9 (categoryorder (CAT))
     10 (sensitivity SENS)
     11 (sensitivityorder (SENS))
     12 (sensitivitycategory SENS (CAT))
     13 (allow TYPE self (CLASS (PERM)))
     14 (roletype ROLE TYPE)
     15 (userrole USER ROLE)
     16 (userlevel USER (SENS))
     17 (userrange USER ((SENS)(SENS (CAT))))
     18 (sidcontext SID (USER ROLE TYPE ((SENS)(SENS))))
     19 
     20 (class c1 (p1a p1b p1c))
     21 (class c2 (p2a p2b p2c))
     22 (class c3 (p3a p3b p3c))
     23 
     24 (classorder (CLASS c1 c2 c3))
     25 
     26 (classpermission cp1)
     27 (classpermissionset cp1 (c1 (p1a p1b)))
     28 (classpermissionset cp1 (c2 (p2a)))
     29 
     30 (classmap cm1 (mp1))
     31 (classmapping cm1 mp1
     32 	      (c1 (p1a)))
     33 
     34 (boolean b_b1 false)
     35 (boolean b_b2 false)
     36 (boolean b_b3 false)
     37 
     38 
     39 (type b_ta)
     40 (type b_tb)
     41 (type b_tc)
     42 (type b_td)
     43 
     44 
     45 ;; All of these rules should pass the bounds check
     46 (type b_t1)
     47 (type b_t1_c)
     48 (typebounds b_t1 b_t1_c)
     49 
     50 (allow b_t1 self (CLASS (PERM)))
     51 (allow b_t1_c self (CLASS (PERM)))
     52 (allow b_t1 b_ta (CLASS (PERM)))
     53 (allow b_t1_c b_ta (CLASS (PERM)))
     54 (allow b_ta b_t1 (CLASS (PERM)))
     55 (allow b_ta b_t1_c (CLASS (PERM)))
     56 
     57 (booleanif b_b1
     58   (false
     59     (allow b_t1 b_tb (CLASS (PERM)))
     60     (allow b_t1_c b_tb (CLASS (PERM)))
     61     (allow b_tb b_t1 (CLASS (PERM)))
     62     (allow b_tb b_t1_c (CLASS (PERM)))))
     63 
     64 (allow b_t1 b_tc (CLASS (PERM)))
     65 (allow b_tc b_t1 (CLASS (PERM)))
     66 (booleanif b_b2
     67   (false
     68     (allow b_t1_c b_tc (CLASS (PERM)))
     69     (allow b_tc b_t1_c (CLASS (PERM)))))
     70 
     71 (allow b_t1_c b_td (CLASS (PERM)))
     72 (allow b_td b_t1_c (CLASS (PERM)))
     73 (booleanif b_b3
     74   (true
     75     (allow b_t1 b_td (CLASS (PERM)))
     76     (allow b_td b_t1 (CLASS (PERM))))
     77   (false
     78     (allow b_t1 b_td (CLASS (PERM)))
     79     (allow b_td b_t1 (CLASS (PERM)))))
     80 
     81 
     82 ;; All of these rules should pass the bounds check
     83 (type b_t2)
     84 (type b_t2_c)
     85 (typebounds b_t2 b_t2_c)
     86 (typeattribute b_a2)
     87 (typeattribute b_a2_c)
     88 (typeattributeset b_a2 b_t2)
     89 (typeattributeset b_a2_c b_t2_c)
     90 
     91 (allow b_a2 self (CLASS (PERM)))
     92 (allow b_a2_c self (CLASS (PERM)))
     93 (allow b_a2 b_ta (CLASS (PERM)))
     94 (allow b_a2_c b_ta (CLASS (PERM)))
     95 (allow b_ta b_a2 (CLASS (PERM)))
     96 (allow b_ta b_a2_c (CLASS (PERM)))
     97 
     98 (booleanif b_b1
     99   (false
    100     (allow b_a2 b_tb (CLASS (PERM)))
    101     (allow b_a2_c b_tb (CLASS (PERM)))
    102     (allow b_tb b_a2 (CLASS (PERM)))
    103     (allow b_tb b_a2_c (CLASS (PERM)))))
    104 
    105 (allow b_a2 b_tc (CLASS (PERM)))
    106 (allow b_tc b_a2 (CLASS (PERM)))
    107 (booleanif b_b2
    108   (false
    109     (allow b_a2_c b_tc (CLASS (PERM)))
    110     (allow b_tc b_a2_c (CLASS (PERM)))))
    111 
    112 (allow b_a2_c b_td (CLASS (PERM)))
    113 (allow b_td b_a2_c (CLASS (PERM)))
    114 (booleanif b_b3
    115   (true
    116     (allow b_a2 b_td (CLASS (PERM)))
    117     (allow b_td b_a2 (CLASS (PERM))))
    118   (false
    119     (allow b_a2 b_td (CLASS (PERM)))
    120     (allow b_td b_a2 (CLASS (PERM)))))
    121 
    122 
    123 ;; All of these rules should fail the bounds check
    124 (type b_t3)
    125 (type b_t3_c)
    126 (typebounds b_t3 b_t3_c)
    127 
    128 (allow b_t3 self (CLASS (PERM)))
    129 (allow b_t3_c self (c1 (p1a)))
    130 (allow b_t3 b_ta (CLASS (PERM)))
    131 (allow b_t3_c b_ta (c1 (p1a)))
    132 (allow b_ta b_t3 (CLASS (PERM)))
    133 (allow b_ta b_t3_c (c1 (p1a)))
    134 
    135 (booleanif b_b1
    136   (false
    137     (allow b_t3_c b_tb (c1 (p1a)))
    138     (allow b_tb b_t3_c (c1 (p1a)))))
    139 
    140 (booleanif b_b2
    141   (true
    142     (allow b_t3_c b_tc (c1 (p1a)))
    143     (allow b_tc b_t3_c (c1 (p1a))))
    144   (false
    145     (allow b_t3 b_tc (c1 (p1a)))
    146     (allow b_tc b_t3 (c1 (p1a)))))
    147 
    148 (allow b_t3_c b_td (c1 (p1a)))
    149 (allow b_td b_t3_c (c1 (p1a)))
    150 (booleanif b_b3
    151   (false
    152     (allow b_t3 b_td (c1 (p1a)))
    153     (allow b_td b_t3 (c1 (p1a)))))
    154 
    155 
    156 ;; All of these rules should fail the bounds check
    157 (type b_t4)
    158 (type b_t4_c)
    159 (typebounds b_t4 b_t4_c)
    160 (typeattribute b_a4)
    161 (typeattribute b_a4_c)
    162 (typeattributeset b_a4 b_t4)
    163 (typeattributeset b_a4_c b_t4_c)
    164 
    165 (allow b_a4 self (CLASS (PERM)))
    166 (allow b_a4_c self (c1 (p1a)))
    167 (allow b_a4 b_ta (CLASS (PERM)))
    168 (allow b_a4_c b_ta (c1 (p1a)))
    169 (allow b_ta b_a4 (CLASS (PERM)))
    170 (allow b_ta b_a4_c (c1 (p1a)))
    171 
    172 (booleanif b_b1
    173   (false
    174     (allow b_a4_c b_tb (c1 (p1a)))
    175     (allow b_tb b_a4_c (c1 (p1a)))))
    176 
    177 (booleanif b_b2
    178   (true
    179     (allow b_a4_c b_tc (c1 (p1a)))
    180     (allow b_tc b_a4_c (c1 (p1a))))
    181   (false
    182     (allow b_a4 b_tc (c1 (p1a)))
    183     (allow b_tc b_a4 (c1 (p1a)))))
    184 
    185 (allow b_a4_c b_td (c1 (p1a)))
    186 (allow b_td b_a4_c (c1 (p1a)))
    187 (booleanif b_b3
    188   (false
    189     (allow b_a4 b_td (c1 (p1a)))
    190     (allow b_td b_a4 (c1 (p1a)))))
    191 
    192 
    193 ;; Marked rules should fail, all others should pass
    194 (type b_t5)
    195 (type b_t5_c)
    196 (typebounds b_t5 b_t5_c)
    197 
    198 (allow b_t5 b_ta cp1)
    199 (allow b_t5_c b_ta (c1 (p1a)))
    200 (allow b_t5_c b_ta (c2 (p2a)))
    201 (allow b_t5_c b_ta (c2 (p2b))) ;; Fail
    202 (allow b_t5_c b_ta (c3 (p3a))) ;; Fail
    203 
    204 (allow b_t5 b_tb (c1 (p1a p1b)))
    205 (allow b_t5 b_tb (c2 (p2a)))
    206 (allow b_t5_c b_tb cp1)
    207 
    208 (allow b_t5 b_tc (cm1 (mp1)))
    209 (allow b_t5_c b_tc (c1 (p1a)))
    210 (allow b_t5_c b_tc (c1 (p1b))) ;; Fail
    211 (allow b_t5_c b_tc (c2 (p2a))) ;; Fail
    212 
    213 (allow b_t5 b_tc (c1 (p1a)))
    214 (allow b_t5_c b_tc (cm1 (mp1)))
    215 
    216 
    217 ;; Marked rules should fail, all others should pass
    218 (type b_t6a)
    219 (type b_t6a_c)
    220 (type b_t6b)
    221 (type b_t6b_c)
    222 (typebounds b_t6a b_t6a_c)
    223 (typebounds b_t6b b_t6b_c)
    224 
    225 (allow b_t6a b_t6b (CLASS (PERM)))
    226 (allow b_t6a_c b_t6b_c (CLASS (PERM)))
    227 
    228 ;; Needs: (allow b_t6a b_t6b (c1 (p1a)))
    229 (allow b_t6a_c b_t6b (c1 (p1a))) ;; Fail
    230 (allow b_t6a_c b_t6b_c (c1 (p1a))) ;; Fail
    231 
    232 ;; Needs: (allow b_t6a b_t6b (c2 (p2a)))
    233 (allow b_t6a b_t6b_c (c2 (p2a))) ;; Fail
    234 (allow b_t6a_c b_t6b (c2 (p2a))) ;; Fail
    235 (allow b_t6a_c b_t6b_c (c2 (p2a)))
    236 
    237 ;; Needs: (allow b_t6a b_t6b (c3 (p3c)))
    238 (allow b_t6a b_t6b (c3 (p3a p3b)))
    239 (allow b_t6a b_t6b_c (c3 (p3b p3c))) ;; Fail
    240 (allow b_t6a_c b_t6b (c3 (p3a p3c))) ;; Fail
    241 (allow b_t6a_c b_t6b_c (c3 (p3a p3b p3c))) ;; Fail
    242