1 ;; Minimum stuff 2 (class CLASS (PERM)) 3 (classorder (CLASS)) 4 (sid SID) 5 (sidorder (SID)) 6 (user USER) 7 (role ROLE) 8 (type TYPE) 9 (category CAT) 10 (categoryorder (CAT)) 11 (sensitivity SENS) 12 (sensitivityorder (SENS)) 13 (sensitivitycategory SENS (CAT)) 14 (allow TYPE self (CLASS (PERM))) 15 (roletype ROLE TYPE) 16 (userrole USER ROLE) 17 (userlevel USER (SENS)) 18 (userrange USER ((SENS)(SENS (CAT)))) 19 (sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) 20 ;; Extra stuff 21 (common COMMON (PERM1 PERM2 PERM3 PERM4)) 22 (classcommon CLASS COMMON) 23 24 25 ;; Check global resolution 26 (type t0) 27 (allow t0 self (CLASS (PERM1))) 28 (allow .t0 self (CLASS (PERM2))) 29 30 31 ;; Check block and sub-block resolution 32 (block b1a 33 (type t1a) 34 (allow t1a self (CLASS (PERM))) 35 (allow b1b.t1b self (CLASS (PERM))) 36 (block b1b 37 (type t1b) 38 (allow t1a self (CLASS (PERM1))) 39 (allow t1b self (CLASS (PERM1))) 40 (allow .b1a.t1a self (CLASS (PERM2))) 41 (allow .b1a.b1b.t1b self (CLASS (PERM2))) 42 ) 43 ) 44 (allow b1a.t1a self (CLASS (PERM3))) 45 (allow b1a.b1b.t1b self (CLASS (PERM3))) 46 (allow .b1a.t1a self (CLASS (PERM4))) 47 (allow .b1a.b1b.t1b self (CLASS (PERM4))) 48 49 50 ;; Check macro arg resolution 51 (type t2) 52 (macro m2 ((type t)) 53 (allow t self (CLASS (PERM))) 54 ) 55 (call m2 (t2)) 56 57 58 ;; Check resolution for a macro with a parent decl 59 (block b3 60 (type t3) 61 (macro m3 () 62 (allow t3 self (CLASS (PERM))) 63 ) 64 ) 65 (call b3.m3) 66 67 68 ;; Check resolution for a macro with a caller decl 69 (block b4 70 (block b4a 71 (macro m4 () 72 (allow t4 self (CLASS (PERM))) 73 ) 74 ) 75 (block b4b 76 (type t4) 77 (call .b4.b4a.m4) 78 ) 79 ) 80 81 82 ;; Check resolution for blockinherits with type in inheriting block 83 (block b5a 84 (type t5a) 85 (block b5b 86 (allow t5a self (CLASS (PERM1))) 87 ) 88 ) 89 90 (block b5c 91 (type t5a) 92 (blockinherit b5a.b5b) 93 (allow t5a self (CLASS (PERM2))) 94 ) 95 96 ;; Check resolution for blockinherits with no type in inheriting block 97 (block b6a 98 (type t6a) 99 (block b6b 100 (allow t6a self (CLASS (PERM1))) 101 ) 102 ) 103 104 (block b6c 105 (blockinherit b6a.b6b) ;; This does not cause an error. 106 ;;(allow t6a self (CLASS (PERM2))) ;; This causes an error 107 ) 108 109 110 ;; Check for proper resolution of t 111 (block b7 112 (type t) 113 (macro m7 ((type t)) 114 (allow t self (CLASS (PERM))) 115 ) 116 (allow t self (CLASS (PERM1))) 117 (block b7a 118 (type t) 119 (allow t self (CLASS (PERM2))) 120 (block b7b 121 (type t) 122 (allow t self (CLASS (PERM3))) 123 (call m7 (t)) 124 ) 125 ) 126 ) 127 128 129 ;; Check that improper name causes an error 130 (block b8 131 (optional o8a 132 (type t8a) 133 ) 134 (in o8a 135 (allow t8a self (CLASS (PERM1))) 136 ) 137 ;;(allow o8a.t8a self (CLASS (PERM))) ;; Bad name 138 (macro m8 ((type t)) 139 (allow t self (CLASS (PERM1))) 140 ) 141 ;;(allow m8.t self (CLASS (PERM))) ;; Bad name 142 ) 143 144 145 ;; 146 ;; Expected: 147 ;; 148 ;; Types: 149 ;; t0 150 ;; b1a.t1a, b1a.b1b.t1b 151 ;; t2 152 ;; b3.t3 153 ;; b4.b4b.t4 154 ;; b5a.t5a, b5c.t5a 155 ;; b6a.t6a 156 ;; b7.t, b7.b7a.t, b7.b7a.b7b.t 157 ;; b8.t8a 158 ;; 159 ;; Allow rules: 160 ;; allow t0 t0 : CLASS { PERM1 PERM2 }; 161 ;; allow b1a.b1b.t1b b1a.b1b.t1b : CLASS { PERM PERM1 PERM2 PERM3 PERM4 }; 162 ;; allow b1a.t1a b1a.t1a : CLASS { PERM PERM1 PERM2 PERM3 PERM4 }; 163 ;; allow t2 t2 : CLASS { PERM }; 164 ;; allow b3.t3 b3.t3 : CLASS { PERM }; 165 ;; allow b4.b4b.t4 b4.b4b.t4 : CLASS { PERM }; 166 ;; allow b5a.t5a b5a.t5a : CLASS { PERM1 }; 167 ;; allow b5c.t5a b5c.t5a : CLASS { PERM1 PERM2 }; 168 ;; allow b6a.t6a b6a.t6a : CLASS { PERM1 }; 169 ;; allow b7.b7a.b7b.t b7.b7a.b7b.t : CLASS { PERM PERM3 }; 170 ;; allow b7.b7a.t b7.b7a.t : CLASS { PERM2 }; 171 ;; allow b7.t b7.t : CLASS { PERM1 }; 172 ;; allow b8.t8a b8.t8a : CLASS { PERM1 }; 173
