1 2 class testing 3 class fooclass 4 5 sid test_sid 6 #end 7 8 #sid decl 9 sid security 10 11 12 class testing 13 { 14 read 15 open 16 close 17 write 18 exec 19 } 20 class fooclass 21 { 22 read 23 open 24 close 25 write 26 exec 27 } 28 #end 29 30 #attribs 31 32 attribute attrs; 33 #end 34 35 36 type foo_t, attrs; 37 type typea_t; 38 type typeb_t; 39 type typec_t; 40 #end 41 42 43 bool foo_b true; 44 bool baz_b false; 45 #end 46 47 48 role foo_r types foo_t; 49 role rolea_r; 50 role roleb_r; 51 #end 52 53 #role decl 54 55 56 allow typea_t typeb_t : testing write; 57 allow typea_t typeb_t : testing {open close}; 58 type_transition typea_t typeb_t : testing typec_t; 59 #end 60 61 #audit rules 62 #dontaudit {kernel} unknown : dir search; 63 64 65 allow rolea_r roleb_r; 66 #end 67 68 #rbac stuff 69 #allow system {guest local_user}; 70 #allow local_user guest; 71 72 73 user foo_u roles foo_r; 74 #end 75 76 sid test_sid foo_u:foo_r:foo_t 77
