| (class CLASS (PERM)) |
| (classorder (CLASS)) |
| (sid SID) |
| (sidorder (SID)) |
| (user USER) |
| (role ROLE) |
| (type TYPE) |
| (category CAT) |
| (categoryorder (CAT)) |
| (sensitivity SENS) |
| (sensitivityorder (SENS)) |
| (sensitivitycategory SENS (CAT)) |
| (allow TYPE self (CLASS (PERM))) |
| (roletype ROLE TYPE) |
| (userrole USER ROLE) |
| (userlevel USER (SENS)) |
| (userrange USER ((SENS)(SENS (CAT)))) |
| (sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) |
| |
| (class c1 (p1a p1b p1c)) |
| (class c2 (p2a p2b p2c)) |
| (class c3 (p3a p3b p3c)) |
| |
| (classorder (CLASS c1 c2 c3)) |
| |
| (classpermission cp1) |
| (classpermissionset cp1 (c1 (p1a p1b))) |
| (classpermissionset cp1 (c2 (p2a))) |
| |
| (classmap cm1 (mp1)) |
| (classmapping cm1 mp1 |
| (c1 (p1a))) |
| |
| (type t1) |
| (type t2) |
| (type t3) |
| (type t4) |
| (type t5) |
| (type t6) |
| (type t7) |
| |
| (typeattribute a1) |
| (typeattribute a2) |
| (typeattribute a3) |
| (typeattribute a4) |
| (typeattribute a5) |
| (typeattribute a6) |
| |
| (typeattributeset a1 (t1 t2 t3 t4 t5)) |
| (typeattributeset a2 (t1 t2)) |
| (typeattributeset a3 (t3 t4)) |
| (typeattributeset a4 (t2 t3)) |
| (typeattributeset a5 (t5 t6)) |
| (typeattributeset a6 (t6 t7)) |
| |
| (neverallow t1 t2 (c1 (p1a p1b))) |
| (allow t1 t2 (c1 (p1a))) |
| |
| (neverallow t3 t4 (cm1 (mp1))) |
| (allow t3 t4 (c1 (p1a))) |
| |
| (neverallow t5 t6 cp1) |
| (allow t5 t6 (c1 (p1b))) |
| (allow t5 t6 (c2 (p2a))) |
| |
| (neverallow a1 self (CLASS (PERM))) |
| (allow t1 t1 (CLASS (PERM))) |
| (allow t2 self (CLASS (PERM))) |
| (allow a3 self (CLASS (PERM))) |
| (allow a2 a4 (CLASS (PERM))) |
| |
| (neverallow a5 a6 (CLASS (PERM))) |
| (allow t5 t7 (CLASS (PERM))) |
| (allow t6 self (CLASS (PERM))) |
| |
| ;; Should not call these violations |
| (allow a1 self (c1 (p1a))) |
| (allow a2 a3 (CLASS (PERM))) |
| (allow t5 t6 (c2 (p2b))) |
