module my_module 1.0; require { bool allow_ypbind, secure_mode, allow_execstack; type system_t, sysadm_t; class file {read write}; attribute attr_check_base_2, attr_check_base_3; attribute attr_check_base_optional_2; } bool module_1_bool true; if (module_1_bool && allow_ypbind && secure_mode && allow_execstack) { allow system_t sysadm_t : file { read write }; } optional { bool module_1_bool_2 false; require { bool optional_bool_1, optional_bool_2; class file { execute ioctl }; } if (optional_bool_1 && optional_bool_2 || module_1_bool_2) { allow system_t sysadm_t : file {execute ioctl}; } } # Type - attribute mapping test type module_t; attribute attr_check_mod_1; attribute attr_check_mod_2; attribute attr_check_mod_3; attribute attr_check_mod_4; attribute attr_check_mod_5; attribute attr_check_mod_6; attribute attr_check_mod_7; attribute attr_check_mod_8; attribute attr_check_mod_9; attribute attr_check_mod_10; attribute attr_check_mod_11; optional { require { type base_t; } attribute attr_check_mod_optional_1; attribute attr_check_mod_optional_2; attribute attr_check_mod_optional_3; attribute attr_check_mod_optional_4; attribute attr_check_mod_optional_5; attribute attr_check_mod_optional_6; attribute attr_check_mod_optional_7; } optional { require { type does_not_exist_t; } attribute attr_check_mod_optional_disabled_4; attribute attr_check_mod_optional_disabled_7; } type attr_check_base_2_1_t, attr_check_base_2; type attr_check_base_2_2_t; typeattribute attr_check_base_2_2_t attr_check_base_2; type attr_check_base_3_3_t, attr_check_base_3; type attr_check_base_3_4_t; typeattribute attr_check_base_3_4_t attr_check_base_3; optional { require { attribute attr_check_base_5; } type attr_check_base_5_1_t, attr_check_base_5; type attr_check_base_5_2_t; typeattribute attr_check_base_5_2_t attr_check_base_5; } optional { require { attribute attr_check_base_6; } type attr_check_base_6_3_t, attr_check_base_6; type attr_check_base_6_4_t; typeattribute attr_check_base_6_4_t attr_check_base_6; } optional { require { type does_not_exist_t; attribute attr_check_base_8; } type attr_check_base_8_1_t, attr_check_base_8; type attr_check_base_8_2_t; typeattribute attr_check_base_8_2_t attr_check_base_8; } optional { require { type does_not_exist_t; attribute attr_check_base_9; } type attr_check_base_9_3_t, attr_check_base_9; type attr_check_base_9_4_t; typeattribute attr_check_base_9_4_t attr_check_base_9; } optional { require { type does_not_exist_t; attribute attr_check_base_10; } type attr_check_base_10_3_t, attr_check_base_10; type attr_check_base_10_4_t; typeattribute attr_check_base_10_4_t attr_check_base_10; } optional { require { attribute attr_check_base_11; } type attr_check_base_11_3_t, attr_check_base_11; type attr_check_base_11_4_t; typeattribute attr_check_base_11_4_t attr_check_base_11; } type attr_check_base_optional_2_1_t, attr_check_base_optional_2; type attr_check_base_optional_2_2_t; typeattribute attr_check_base_optional_2_2_t attr_check_base_optional_2; optional { require { attribute attr_check_base_optional_5; } type attr_check_base_optional_5_1_t, attr_check_base_optional_5; type attr_check_base_optional_5_2_t; typeattribute attr_check_base_optional_5_2_t attr_check_base_optional_5; } #optional { # require { # attribute attr_check_base_optional_6; # } # type attr_check_base_optional_6_3_t, attr_check_base_optional_6; # type attr_check_base_optional_6_4_t; # typeattribute attr_check_base_optional_6_4_t attr_check_base_optional_6; #} optional { require { type does_not_exist_t; attribute attr_check_base_optional_8; } type attr_check_base_optional_8_1_t, attr_check_base_optional_8; type attr_check_base_optional_8_2_t; typeattribute attr_check_base_optional_8_2_t attr_check_base_optional_8; } type attr_check_mod_2_1_t, attr_check_mod_2; type attr_check_mod_2_2_t; typeattribute attr_check_mod_2_2_t attr_check_mod_2; optional { require { attribute attr_check_mod_5; } type attr_check_mod_5_1_t, attr_check_mod_5; type attr_check_mod_5_2_t; typeattribute attr_check_mod_5_2_t attr_check_mod_5; } optional { require { attribute attr_check_mod_6; } type attr_check_mod_6_3_t, attr_check_mod_6; type attr_check_mod_6_4_t; typeattribute attr_check_mod_6_4_t attr_check_mod_6; } optional { require { type does_not_exist_t; } type attr_check_mod_8_1_t, attr_check_mod_8; type attr_check_mod_8_2_t; typeattribute attr_check_mod_8_2_t attr_check_mod_8; } optional { require { type does_not_exist_t; } type attr_check_mod_9_3_t, attr_check_mod_9; type attr_check_mod_9_4_t; typeattribute attr_check_mod_9_4_t attr_check_mod_9; } optional { require { type does_not_exist_t; } type attr_check_mod_10_3_t, attr_check_mod_10; type attr_check_mod_10_4_t; typeattribute attr_check_mod_10_4_t attr_check_mod_10; } optional { require { type base_t; } type attr_check_mod_11_3_t, attr_check_mod_11; type attr_check_mod_11_4_t; typeattribute attr_check_mod_11_4_t attr_check_mod_11; } #optional { # require { # attribute attr_check_mod_optional_5; # } # type attr_check_mod_optional_5_1_t, attr_check_mod_optional_5; # type attr_check_mod_optional_5_2_t; # typeattribute attr_check_mod_optional_5_2_t attr_check_mod_optional_5; #} #optional { # require { # attribute attr_check_mod_optional_6; # } # type attr_check_mod_optional_6_3_t, attr_check_mod_optional_6; # type attr_check_mod_optional_6_4_t; # typeattribute attr_check_mod_optional_6_4_t attr_check_mod_optional_6; #} optional { require { attribute attr_check_base_optional_disabled_5; } type attr_check_base_optional_disabled_5_1_t, attr_check_base_optional_disabled_5; type attr_check_base_optional_disabled_5_2_t; typeattribute attr_check_base_optional_disabled_5_2_t attr_check_base_optional_disabled_5; } optional { require { type does_not_exist_t; attribute attr_check_base_optional_disabled_8; } type attr_check_base_optional_disabled_8_1_t, attr_check_base_optional_disabled_8; type attr_check_base_optional_disabled_8_2_t; typeattribute attr_check_base_optional_disabled_8_2_t attr_check_base_optional_disabled_8; }