Home | History | Annotate | Download | only in test-expander 
      1 module my_module 1.0;
      2 
      3 require { 
      4 	bool allow_ypbind, secure_mode, allow_execstack;
      5 	type system_t, sysadm_t;
      6 	class file {read write};
      7 	attribute attr_check_base_2, attr_check_base_3;
      8 	attribute attr_check_base_optional_2;
      9 }
     10 
     11 bool module_1_bool true;
     12 
     13 if (module_1_bool && allow_ypbind && secure_mode && allow_execstack) {
     14 	allow system_t sysadm_t : file { read write };
     15 }
     16 
     17 optional {
     18 	bool module_1_bool_2 false;
     19 	require {
     20 		bool optional_bool_1, optional_bool_2;
     21 		class file { execute ioctl };
     22 	}
     23 	if (optional_bool_1 && optional_bool_2 || module_1_bool_2) {
     24 		allow system_t sysadm_t : file {execute ioctl};
     25 	}
     26 }
     27 # Type - attribute mapping test
     28 type module_t;
     29 attribute attr_check_mod_1;
     30 attribute attr_check_mod_2;
     31 attribute attr_check_mod_3;
     32 attribute attr_check_mod_4;
     33 attribute attr_check_mod_5;
     34 attribute attr_check_mod_6;
     35 attribute attr_check_mod_7;
     36 attribute attr_check_mod_8;
     37 attribute attr_check_mod_9;
     38 attribute attr_check_mod_10;
     39 attribute attr_check_mod_11;
     40 optional {
     41 	require {
     42 		type base_t;
     43 	}
     44 	attribute attr_check_mod_optional_1;
     45 	attribute attr_check_mod_optional_2;
     46 	attribute attr_check_mod_optional_3;
     47 	attribute attr_check_mod_optional_4;
     48 	attribute attr_check_mod_optional_5;
     49 	attribute attr_check_mod_optional_6;
     50 	attribute attr_check_mod_optional_7;
     51 }
     52 optional {
     53 	require {
     54 		type does_not_exist_t;
     55 	}
     56 	attribute attr_check_mod_optional_disabled_4;
     57 	attribute attr_check_mod_optional_disabled_7;
     58 }
     59 type attr_check_base_2_1_t, attr_check_base_2;
     60 type attr_check_base_2_2_t;
     61 typeattribute attr_check_base_2_2_t attr_check_base_2;
     62 type attr_check_base_3_3_t, attr_check_base_3;
     63 type attr_check_base_3_4_t;
     64 typeattribute attr_check_base_3_4_t attr_check_base_3;
     65 optional {
     66 	require {
     67 		attribute attr_check_base_5;
     68 	}
     69 	type attr_check_base_5_1_t, attr_check_base_5;
     70 	type attr_check_base_5_2_t;
     71 	typeattribute attr_check_base_5_2_t attr_check_base_5;
     72 }
     73 optional {
     74 	require {
     75 		attribute attr_check_base_6;
     76 	}
     77 	type attr_check_base_6_3_t, attr_check_base_6;
     78 	type attr_check_base_6_4_t;
     79 	typeattribute attr_check_base_6_4_t attr_check_base_6;
     80 }
     81 optional {
     82 	require {
     83 		type does_not_exist_t;
     84 		attribute attr_check_base_8;
     85 	}
     86 	type attr_check_base_8_1_t, attr_check_base_8;
     87 	type attr_check_base_8_2_t;
     88 	typeattribute attr_check_base_8_2_t attr_check_base_8;
     89 }
     90 optional {
     91 	require {
     92 		type does_not_exist_t;
     93 		attribute attr_check_base_9;
     94 	}
     95 	type attr_check_base_9_3_t, attr_check_base_9;
     96 	type attr_check_base_9_4_t;
     97 	typeattribute attr_check_base_9_4_t attr_check_base_9;
     98 }
     99 optional {
    100 	require {
    101 		type does_not_exist_t;
    102 		attribute attr_check_base_10;
    103 	}
    104 	type attr_check_base_10_3_t, attr_check_base_10;
    105 	type attr_check_base_10_4_t;
    106 	typeattribute attr_check_base_10_4_t attr_check_base_10;
    107 }
    108 optional {
    109 	require {
    110 		attribute attr_check_base_11;
    111 	}
    112 	type attr_check_base_11_3_t, attr_check_base_11;
    113 	type attr_check_base_11_4_t;
    114 	typeattribute attr_check_base_11_4_t attr_check_base_11;
    115 }
    116 type attr_check_base_optional_2_1_t, attr_check_base_optional_2;
    117 type attr_check_base_optional_2_2_t;
    118 typeattribute attr_check_base_optional_2_2_t attr_check_base_optional_2;
    119 optional {
    120 	require {
    121 		attribute attr_check_base_optional_5;
    122 	}
    123 	type attr_check_base_optional_5_1_t, attr_check_base_optional_5;
    124 	type attr_check_base_optional_5_2_t;
    125 	typeattribute attr_check_base_optional_5_2_t attr_check_base_optional_5;
    126 }
    127 #optional {
    128 #	require {
    129 #		attribute attr_check_base_optional_6;
    130 #	}
    131 #	type attr_check_base_optional_6_3_t, attr_check_base_optional_6;
    132 #	type attr_check_base_optional_6_4_t;
    133 #	typeattribute attr_check_base_optional_6_4_t attr_check_base_optional_6;
    134 #}
    135 optional {
    136 	require {
    137 		type does_not_exist_t;
    138 		attribute attr_check_base_optional_8;
    139 	}
    140 	type attr_check_base_optional_8_1_t, attr_check_base_optional_8;
    141 	type attr_check_base_optional_8_2_t;
    142 	typeattribute attr_check_base_optional_8_2_t attr_check_base_optional_8;
    143 }
    144 type attr_check_mod_2_1_t, attr_check_mod_2;
    145 type attr_check_mod_2_2_t;
    146 typeattribute attr_check_mod_2_2_t attr_check_mod_2;
    147 optional {
    148 	require {
    149 		attribute attr_check_mod_5;
    150 	}
    151 	type attr_check_mod_5_1_t, attr_check_mod_5;
    152 	type attr_check_mod_5_2_t;
    153 	typeattribute attr_check_mod_5_2_t attr_check_mod_5;
    154 }
    155 optional {
    156 	require {
    157 		attribute attr_check_mod_6;
    158 	}
    159 	type attr_check_mod_6_3_t, attr_check_mod_6;
    160 	type attr_check_mod_6_4_t;
    161 	typeattribute attr_check_mod_6_4_t attr_check_mod_6;
    162 }
    163 optional {
    164 	require {
    165 		type does_not_exist_t;
    166 	}
    167 	type attr_check_mod_8_1_t, attr_check_mod_8;
    168 	type attr_check_mod_8_2_t;
    169 	typeattribute attr_check_mod_8_2_t attr_check_mod_8;
    170 }
    171 optional {
    172 	require {
    173 		type does_not_exist_t;
    174 	}
    175 	type attr_check_mod_9_3_t, attr_check_mod_9;
    176 	type attr_check_mod_9_4_t;
    177 	typeattribute attr_check_mod_9_4_t attr_check_mod_9;
    178 }
    179 optional {
    180 	require {
    181 		type does_not_exist_t;
    182 	}
    183 	type attr_check_mod_10_3_t, attr_check_mod_10;
    184 	type attr_check_mod_10_4_t;
    185 	typeattribute attr_check_mod_10_4_t attr_check_mod_10;
    186 }
    187 optional {
    188 	require {
    189 		type base_t;
    190 	}
    191 	type attr_check_mod_11_3_t, attr_check_mod_11;
    192 	type attr_check_mod_11_4_t;
    193 	typeattribute attr_check_mod_11_4_t attr_check_mod_11;
    194 }
    195 #optional {
    196 #	require {
    197 #		attribute attr_check_mod_optional_5;
    198 #	}
    199 #	type attr_check_mod_optional_5_1_t, attr_check_mod_optional_5;
    200 #	type attr_check_mod_optional_5_2_t;
    201 #	typeattribute attr_check_mod_optional_5_2_t attr_check_mod_optional_5;
    202 #}
    203 #optional {
    204 #	require {
    205 #		attribute attr_check_mod_optional_6;
    206 #	}
    207 #	type attr_check_mod_optional_6_3_t, attr_check_mod_optional_6;
    208 #	type attr_check_mod_optional_6_4_t;
    209 #	typeattribute attr_check_mod_optional_6_4_t attr_check_mod_optional_6;
    210 #}
    211 optional {
    212 	require {
    213 		attribute attr_check_base_optional_disabled_5;
    214 	}
    215 	type attr_check_base_optional_disabled_5_1_t, attr_check_base_optional_disabled_5;
    216 	type attr_check_base_optional_disabled_5_2_t;
    217 	typeattribute attr_check_base_optional_disabled_5_2_t attr_check_base_optional_disabled_5;
    218 }
    219 optional {
    220 	require {
    221 		type does_not_exist_t;
    222 		attribute attr_check_base_optional_disabled_8;
    223 	}
    224 	type attr_check_base_optional_disabled_8_1_t, attr_check_base_optional_disabled_8;
    225 	type attr_check_base_optional_disabled_8_2_t;
    226 	typeattribute attr_check_base_optional_disabled_8_2_t attr_check_base_optional_disabled_8;
    227 }
    228 
    229