Home | History | Annotate | Download | only in test 
      1 ;; Minimum stuff
      2 (class CLASS (PERM))
      3 (classorder (CLASS))
      4 (sid SID)
      5 (sidorder (SID))
      6 (user USER)
      7 (role ROLE)
      8 (type TYPE)
      9 (category CAT)
     10 (categoryorder (CAT))
     11 (sensitivity SENS)
     12 (sensitivityorder (SENS))
     13 (sensitivitycategory SENS (CAT))
     14 (allow TYPE self (CLASS (PERM)))
     15 (roletype ROLE TYPE)
     16 (userrole USER ROLE)
     17 (userlevel USER (SENS))
     18 (userrange USER ((SENS)(SENS (CAT))))
     19 (sidcontext SID (USER ROLE TYPE ((SENS)(SENS))))
     20 ;; Extra stuff
     21 (common COMMON (PERM1 PERM2 PERM3 PERM4))
     22 (classcommon CLASS COMMON)
     23 
     24 
     25 ;; Check that "in" statements work in blocks
     26 (block b1
     27   (type t1a)
     28   (allow t1b self (CLASS (PERM1)))
     29 )
     30 
     31 (in b1
     32   (type t1b)
     33   (allow t1a self (CLASS (PERM1)))
     34 )
     35 
     36 (in b1
     37   (allow t1a self (CLASS (PERM2)))
     38   (allow b1.t1a self (CLASS (PERM3)))
     39   (allow .b1.t1a self (CLASS (PERM4)))
     40 
     41   (allow t1b self (CLASS (PERM2)))
     42   (allow b1.t1b self (CLASS (PERM3)))
     43   (allow .b1.t1b self (CLASS (PERM4)))
     44 )
     45 
     46 
     47 ;; Check that "in" statements work in optionals
     48 (optional option2
     49   (type t2a)
     50   (allow t2b self (CLASS (PERM1)))
     51 )
     52 
     53 (in option2
     54   (type t2b)
     55   (allow t2a self (CLASS (PERM1)))
     56 )
     57 
     58 (in option2
     59   (allow t2a self (CLASS (PERM2)))
     60   (allow t2b self (CLASS (PERM2)))
     61 )
     62 
     63 (allow t2a self (CLASS (PERM3)))
     64 (allow t2b self (CLASS (PERM3)))
     65 
     66 
     67 ;; Check that "in" statements work in macros
     68 (type t3a)
     69 (type t3b)
     70 (macro m3 ((type t))
     71   (allow t3a self (CLASS (PERM1)))
     72   (allow t self (CLASS (PERM1)))
     73 )
     74 
     75 (call m3 (t3b))
     76 
     77 (in m3
     78   (allow t3a self (CLASS (PERM2)))
     79 )
     80 
     81 (in m3
     82   (allow t self (CLASS (PERM3)))
     83 )
     84 
     85 
     86 ;; Check "in" statements work for nested optionals
     87 (optional o4a
     88   (optional o4b
     89     (type t4b)
     90     (allow t4b self (CLASS (PERM1)))
     91   )
     92 )
     93 
     94 (in o4a.o4b
     95   (allow t4b self (CLASS (PERM2)))
     96 )
     97 
     98 
     99 ;; Check "in: statements work for nested optionals and macros
    100 (macro m5 ()
    101   (type t5a)
    102   (type t5b)
    103   (optional o5a
    104     (allow t5a self (CLASS (PERM1)))
    105     (optional o5b
    106       (allow t5b self (CLASS (PERM1)))
    107     )
    108   )
    109 )
    110 
    111 (call m5)
    112 
    113 (in m5.o5a
    114   (allow t5a self (CLASS (PERM2)))
    115 )
    116 
    117 (in m5.o5a.o5b
    118   (allow t5b self (CLASS (PERM2)))
    119 )
    120 
    121 
    122 ;;
    123 ;; Expected:
    124 ;;
    125 ;; Types:
    126 ;;   b1.t1a, b1.t1b
    127 ;;   t2a, t2b
    128 ;;   t3a, t3b
    129 ;;   t4b
    130 ;;   t5a, t5b
    131 ;;
    132 ;; Allow rules:
    133 ;;   allow b1.t1a b1.t1a : CLASS { PERM1 PERM2 PERM3 PERM4 };
    134 ;;   allow b1.t1b b1.t1b : CLASS { PERM1 PERM2 PERM3 PERM4 };
    135 ;;   allow t2a t2a : CLASS { PERM1 PERM2 PERM3 };
    136 ;;   allow t2b t2b : CLASS { PERM1 PERM2 PERM3 };
    137 ;;   allow t3a t3a : CLASS { PERM1 PERM2 };
    138 ;;   allow t3b t3b : CLASS { PERM1 PERM3 };
    139 ;;   allow t4b t4b : CLASS { PERM1 PERM2 };
    140 ;;   allow t5a t5a : CLASS { PERM1 PERM2 };
    141 ;;   allow t5b t5b : CLASS { PERM1 PERM2 };
    142 
    143