Home | History | Annotate | Download | only in test 
      1 ;; Minimum stuff
      2 (class CLASS (PERM))
      3 (classorder (CLASS))
      4 (sid SID)
      5 (sidorder (SID))
      6 (user USER)
      7 (role ROLE)
      8 (type TYPE)
      9 (category CAT)
     10 (categoryorder (CAT))
     11 (sensitivity SENS)
     12 (sensitivityorder (SENS))
     13 (sensitivitycategory SENS (CAT))
     14 (allow TYPE self (CLASS (PERM)))
     15 (roletype ROLE TYPE)
     16 (userrole USER ROLE)
     17 (userlevel USER (SENS))
     18 (userrange USER ((SENS)(SENS (CAT))))
     19 (sidcontext SID (USER ROLE TYPE ((SENS)(SENS))))
     20 ;; Extra stuff
     21 (common COMMON (PERM1 PERM2 PERM3 PERM4))
     22 (classcommon CLASS COMMON)
     23 
     24 
     25 ;; Tests 1 and 2 show that the order of inheritance matters
     26 ;; 
     27 (block b1
     28   (type ta))
     29 
     30 (block b1a
     31   (block b1
     32     (type tb)))
     33 
     34 (block b1b
     35   (blockinherit b1)   ;; Results in b1b.ta
     36   (blockinherit b1a))
     37 
     38 
     39 (block b2
     40   (type ta))
     41 
     42 (block b2a
     43   (block b2
     44     (type tb)))
     45 
     46 (block b2b
     47   (blockinherit b2a)
     48   (blockinherit b2))
     49 
     50 
     51 ;; All of these work
     52 (block b3a
     53   (type t3a)
     54   (block b
     55     (type t)
     56     (allow t3a t (CLASS (PERM)))
     57   )
     58 )
     59 
     60 (block b3b
     61   (blockinherit b3a)
     62 )
     63 
     64 (block b3c
     65   (blockinherit b3a.b)
     66 )
     67 
     68 (block b3d
     69   (type t3a)
     70   (blockinherit b3a)
     71 )
     72 
     73 (block b3e
     74   (type t3a)
     75   (blockinherit b3a.b)
     76 )
     77 
     78 
     79 ;; Since block is abstract, allow rule will not be in policy
     80 (type t4)
     81 (block b4
     82   (blockabstract b4)
     83   (allow t4 self (CLASS (PERM)))
     84 )
     85 
     86 
     87 ;; Inherting the abstract block causes the allow rule to be in the policy
     88 (type t5)
     89 (block b5
     90   (blockabstract b5)
     91   (allow t5 self (CLASS (PERM)))
     92 )
     93 (blockinherit b5)
     94 
     95 
     96 ;; A sub-block can be inherited out of an abstract block
     97 (type t6)
     98 (block b6
     99   (blockabstract b6)
    100   (allow t6 self (CLASS (PERM1)))
    101   (block b
    102     (blockabstract b)
    103     (allow t6 self (CLASS (PERM)))
    104   )
    105 )
    106 (blockinherit b6.b)
    107 
    108 ;;
    109 ;; Expected:
    110 ;;
    111 ;; Types:
    112 ;;   b1.ta, b1a.b1.tb, b1b.b1.tb, b1b.ta
    113 ;;   b2.ta, b2a.b2.tb, b2b.b2.tb, b2b.ta
    114 ;;   b3a.b.t, b3a.t3a, b3b.b.t, b3b.t3a, b3c.t, b3d.b.t, b3d.t3a, b3e.t, b3e.t3a
    115 ;;   t4
    116 ;;   t5
    117 ;;   t6
    118 ;;
    119 ;; Allow rules:
    120 ;;   allow b3a.t3a b3a.b.t : CLASS { PERM };
    121 ;;   allow b3a.t3a b3c.t : CLASS { PERM };
    122 ;;   allow b3b.t3a b3b.b.t : CLASS { PERM };
    123 ;;   allow b3d.t3a b3d.b.t : CLASS { PERM };
    124 ;;   allow b3e.t3a b3e.t : CLASS { PERM };
    125 ;;   allow t5 t5 : CLASS { PERM };
    126 ;;   allow t6 t6 : CLASS { PERM };