You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
229 lines
6.1 KiB
229 lines
6.1 KiB
module my_module 1.0;
|
|
|
|
require {
|
|
bool allow_ypbind, secure_mode, allow_execstack;
|
|
type system_t, sysadm_t;
|
|
class file {read write};
|
|
attribute attr_check_base_2, attr_check_base_3;
|
|
attribute attr_check_base_optional_2;
|
|
}
|
|
|
|
bool module_1_bool true;
|
|
|
|
if (module_1_bool && allow_ypbind && secure_mode && allow_execstack) {
|
|
allow system_t sysadm_t : file { read write };
|
|
}
|
|
|
|
optional {
|
|
bool module_1_bool_2 false;
|
|
require {
|
|
bool optional_bool_1, optional_bool_2;
|
|
class file { execute ioctl };
|
|
}
|
|
if (optional_bool_1 && optional_bool_2 || module_1_bool_2) {
|
|
allow system_t sysadm_t : file {execute ioctl};
|
|
}
|
|
}
|
|
# Type - attribute mapping test
|
|
type module_t;
|
|
attribute attr_check_mod_1;
|
|
attribute attr_check_mod_2;
|
|
attribute attr_check_mod_3;
|
|
attribute attr_check_mod_4;
|
|
attribute attr_check_mod_5;
|
|
attribute attr_check_mod_6;
|
|
attribute attr_check_mod_7;
|
|
attribute attr_check_mod_8;
|
|
attribute attr_check_mod_9;
|
|
attribute attr_check_mod_10;
|
|
attribute attr_check_mod_11;
|
|
optional {
|
|
require {
|
|
type base_t;
|
|
}
|
|
attribute attr_check_mod_optional_1;
|
|
attribute attr_check_mod_optional_2;
|
|
attribute attr_check_mod_optional_3;
|
|
attribute attr_check_mod_optional_4;
|
|
attribute attr_check_mod_optional_5;
|
|
attribute attr_check_mod_optional_6;
|
|
attribute attr_check_mod_optional_7;
|
|
}
|
|
optional {
|
|
require {
|
|
type does_not_exist_t;
|
|
}
|
|
attribute attr_check_mod_optional_disabled_4;
|
|
attribute attr_check_mod_optional_disabled_7;
|
|
}
|
|
type attr_check_base_2_1_t, attr_check_base_2;
|
|
type attr_check_base_2_2_t;
|
|
typeattribute attr_check_base_2_2_t attr_check_base_2;
|
|
type attr_check_base_3_3_t, attr_check_base_3;
|
|
type attr_check_base_3_4_t;
|
|
typeattribute attr_check_base_3_4_t attr_check_base_3;
|
|
optional {
|
|
require {
|
|
attribute attr_check_base_5;
|
|
}
|
|
type attr_check_base_5_1_t, attr_check_base_5;
|
|
type attr_check_base_5_2_t;
|
|
typeattribute attr_check_base_5_2_t attr_check_base_5;
|
|
}
|
|
optional {
|
|
require {
|
|
attribute attr_check_base_6;
|
|
}
|
|
type attr_check_base_6_3_t, attr_check_base_6;
|
|
type attr_check_base_6_4_t;
|
|
typeattribute attr_check_base_6_4_t attr_check_base_6;
|
|
}
|
|
optional {
|
|
require {
|
|
type does_not_exist_t;
|
|
attribute attr_check_base_8;
|
|
}
|
|
type attr_check_base_8_1_t, attr_check_base_8;
|
|
type attr_check_base_8_2_t;
|
|
typeattribute attr_check_base_8_2_t attr_check_base_8;
|
|
}
|
|
optional {
|
|
require {
|
|
type does_not_exist_t;
|
|
attribute attr_check_base_9;
|
|
}
|
|
type attr_check_base_9_3_t, attr_check_base_9;
|
|
type attr_check_base_9_4_t;
|
|
typeattribute attr_check_base_9_4_t attr_check_base_9;
|
|
}
|
|
optional {
|
|
require {
|
|
type does_not_exist_t;
|
|
attribute attr_check_base_10;
|
|
}
|
|
type attr_check_base_10_3_t, attr_check_base_10;
|
|
type attr_check_base_10_4_t;
|
|
typeattribute attr_check_base_10_4_t attr_check_base_10;
|
|
}
|
|
optional {
|
|
require {
|
|
attribute attr_check_base_11;
|
|
}
|
|
type attr_check_base_11_3_t, attr_check_base_11;
|
|
type attr_check_base_11_4_t;
|
|
typeattribute attr_check_base_11_4_t attr_check_base_11;
|
|
}
|
|
type attr_check_base_optional_2_1_t, attr_check_base_optional_2;
|
|
type attr_check_base_optional_2_2_t;
|
|
typeattribute attr_check_base_optional_2_2_t attr_check_base_optional_2;
|
|
optional {
|
|
require {
|
|
attribute attr_check_base_optional_5;
|
|
}
|
|
type attr_check_base_optional_5_1_t, attr_check_base_optional_5;
|
|
type attr_check_base_optional_5_2_t;
|
|
typeattribute attr_check_base_optional_5_2_t attr_check_base_optional_5;
|
|
}
|
|
#optional {
|
|
# require {
|
|
# attribute attr_check_base_optional_6;
|
|
# }
|
|
# type attr_check_base_optional_6_3_t, attr_check_base_optional_6;
|
|
# type attr_check_base_optional_6_4_t;
|
|
# typeattribute attr_check_base_optional_6_4_t attr_check_base_optional_6;
|
|
#}
|
|
optional {
|
|
require {
|
|
type does_not_exist_t;
|
|
attribute attr_check_base_optional_8;
|
|
}
|
|
type attr_check_base_optional_8_1_t, attr_check_base_optional_8;
|
|
type attr_check_base_optional_8_2_t;
|
|
typeattribute attr_check_base_optional_8_2_t attr_check_base_optional_8;
|
|
}
|
|
type attr_check_mod_2_1_t, attr_check_mod_2;
|
|
type attr_check_mod_2_2_t;
|
|
typeattribute attr_check_mod_2_2_t attr_check_mod_2;
|
|
optional {
|
|
require {
|
|
attribute attr_check_mod_5;
|
|
}
|
|
type attr_check_mod_5_1_t, attr_check_mod_5;
|
|
type attr_check_mod_5_2_t;
|
|
typeattribute attr_check_mod_5_2_t attr_check_mod_5;
|
|
}
|
|
optional {
|
|
require {
|
|
attribute attr_check_mod_6;
|
|
}
|
|
type attr_check_mod_6_3_t, attr_check_mod_6;
|
|
type attr_check_mod_6_4_t;
|
|
typeattribute attr_check_mod_6_4_t attr_check_mod_6;
|
|
}
|
|
optional {
|
|
require {
|
|
type does_not_exist_t;
|
|
}
|
|
type attr_check_mod_8_1_t, attr_check_mod_8;
|
|
type attr_check_mod_8_2_t;
|
|
typeattribute attr_check_mod_8_2_t attr_check_mod_8;
|
|
}
|
|
optional {
|
|
require {
|
|
type does_not_exist_t;
|
|
}
|
|
type attr_check_mod_9_3_t, attr_check_mod_9;
|
|
type attr_check_mod_9_4_t;
|
|
typeattribute attr_check_mod_9_4_t attr_check_mod_9;
|
|
}
|
|
optional {
|
|
require {
|
|
type does_not_exist_t;
|
|
}
|
|
type attr_check_mod_10_3_t, attr_check_mod_10;
|
|
type attr_check_mod_10_4_t;
|
|
typeattribute attr_check_mod_10_4_t attr_check_mod_10;
|
|
}
|
|
optional {
|
|
require {
|
|
type base_t;
|
|
}
|
|
type attr_check_mod_11_3_t, attr_check_mod_11;
|
|
type attr_check_mod_11_4_t;
|
|
typeattribute attr_check_mod_11_4_t attr_check_mod_11;
|
|
}
|
|
#optional {
|
|
# require {
|
|
# attribute attr_check_mod_optional_5;
|
|
# }
|
|
# type attr_check_mod_optional_5_1_t, attr_check_mod_optional_5;
|
|
# type attr_check_mod_optional_5_2_t;
|
|
# typeattribute attr_check_mod_optional_5_2_t attr_check_mod_optional_5;
|
|
#}
|
|
#optional {
|
|
# require {
|
|
# attribute attr_check_mod_optional_6;
|
|
# }
|
|
# type attr_check_mod_optional_6_3_t, attr_check_mod_optional_6;
|
|
# type attr_check_mod_optional_6_4_t;
|
|
# typeattribute attr_check_mod_optional_6_4_t attr_check_mod_optional_6;
|
|
#}
|
|
optional {
|
|
require {
|
|
attribute attr_check_base_optional_disabled_5;
|
|
}
|
|
type attr_check_base_optional_disabled_5_1_t, attr_check_base_optional_disabled_5;
|
|
type attr_check_base_optional_disabled_5_2_t;
|
|
typeattribute attr_check_base_optional_disabled_5_2_t attr_check_base_optional_disabled_5;
|
|
}
|
|
optional {
|
|
require {
|
|
type does_not_exist_t;
|
|
attribute attr_check_base_optional_disabled_8;
|
|
}
|
|
type attr_check_base_optional_disabled_8_1_t, attr_check_base_optional_disabled_8;
|
|
type attr_check_base_optional_disabled_8_2_t;
|
|
typeattribute attr_check_base_optional_disabled_8_2_t attr_check_base_optional_disabled_8;
|
|
}
|
|
|