1 ;; Minimum stuff 2 (class CLASS (PERM)) 3 (classorder (CLASS)) 4 (sid SID) 5 (sidorder (SID)) 6 (user USER) 7 (role ROLE) 8 (type TYPE) 9 (category CAT) 10 (categoryorder (CAT)) 11 (sensitivity SENS) 12 (sensitivityorder (SENS)) 13 (sensitivitycategory SENS (CAT)) 14 (allow TYPE self (CLASS (PERM))) 15 (roletype ROLE TYPE) 16 (userrole USER ROLE) 17 (userlevel USER (SENS)) 18 (userrange USER ((SENS)(SENS (CAT)))) 19 (sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) 20 ;; Extra stuff 21 (common COMMON (PERM1 PERM2 PERM3 PERM4)) 22 (classcommon CLASS COMMON) 23 24 25 ;; Check resolution failure handling for optionals 26 (type t1) 27 (optional o1 28 (allow t1 self (CLASS (PERM))) ;; Should not appear in policy 29 (allow UNKNOWN self (CLASS (PERM))) 30 ) 31 32 33 ;; These should not cause an error 34 (block b2a 35 (type t2) 36 (allow t2 self (CLASS (PERM1))) 37 ) 38 39 (block b2b 40 (optional o2b 41 (type t2) 42 (allow t2 DNE (CLASS (PERM))) 43 ) 44 (blockinherit b2a) 45 ) 46 47 (block b2c 48 (optional o2c 49 (type t2) 50 (allow t2 self (CLASS (PERM))) 51 ) 52 (blockinherit b2a) 53 ) 54 55 56 ;; This is not allowed 57 ;;(block b3 58 ;; (optional o3 59 ;; (type t3) 60 ;; (allow t3 DNE (CLASS (PERM))) 61 ;; ) 62 ;; (type t3) 63 ;; (allow t3 self (CLASS (PERM1))) 64 ;;) 65 66 67 ;; 68 ;; Expected: 69 ;; 70 ;; Types: 71 ;; t1 72 ;; b2a.t2, b2b.t2, b2c.t2 73 ;; 74 ;; Allow rules: 75 ;; allow b2a.t2 b2a.t2 : CLASS { PERM1 }; 76 ;; allow b2b.t2 b2b.t2 : CLASS { PERM1 }; 77 ;; allow b2c.t2 b2c.t2 : CLASS { PERM PERM1 }; 78 79
