16cd6a6acSopenharmony_ci;; Minimum stuff
26cd6a6acSopenharmony_ci(class CLASS (PERM))
36cd6a6acSopenharmony_ci(classorder (CLASS))
46cd6a6acSopenharmony_ci(sid SID)
56cd6a6acSopenharmony_ci(sidorder (SID))
66cd6a6acSopenharmony_ci(user USER)
76cd6a6acSopenharmony_ci(role ROLE)
86cd6a6acSopenharmony_ci(type TYPE)
96cd6a6acSopenharmony_ci(category CAT)
106cd6a6acSopenharmony_ci(categoryorder (CAT))
116cd6a6acSopenharmony_ci(sensitivity SENS)
126cd6a6acSopenharmony_ci(sensitivityorder (SENS))
136cd6a6acSopenharmony_ci(sensitivitycategory SENS (CAT))
146cd6a6acSopenharmony_ci(allow TYPE self (CLASS (PERM)))
156cd6a6acSopenharmony_ci(roletype ROLE TYPE)
166cd6a6acSopenharmony_ci(userrole USER ROLE)
176cd6a6acSopenharmony_ci(userlevel USER (SENS))
186cd6a6acSopenharmony_ci(userrange USER ((SENS)(SENS (CAT))))
196cd6a6acSopenharmony_ci(sidcontext SID (USER ROLE TYPE ((SENS)(SENS))))
206cd6a6acSopenharmony_ci;; Extra stuff
216cd6a6acSopenharmony_ci(common COMMON (PERM1 PERM2 PERM3 PERM4))
226cd6a6acSopenharmony_ci(classcommon CLASS COMMON)
236cd6a6acSopenharmony_ci
246cd6a6acSopenharmony_ci
256cd6a6acSopenharmony_ci;; Tests 1 and 2 show that the order of inheritance matters
266cd6a6acSopenharmony_ci;; 
276cd6a6acSopenharmony_ci(block b1
286cd6a6acSopenharmony_ci  (type ta))
296cd6a6acSopenharmony_ci
306cd6a6acSopenharmony_ci(block b1a
316cd6a6acSopenharmony_ci  (block b1
326cd6a6acSopenharmony_ci    (type tb)))
336cd6a6acSopenharmony_ci
346cd6a6acSopenharmony_ci(block b1b
356cd6a6acSopenharmony_ci  (blockinherit b1)   ;; Results in b1b.ta
366cd6a6acSopenharmony_ci  (blockinherit b1a))
376cd6a6acSopenharmony_ci
386cd6a6acSopenharmony_ci
396cd6a6acSopenharmony_ci(block b2
406cd6a6acSopenharmony_ci  (type ta))
416cd6a6acSopenharmony_ci
426cd6a6acSopenharmony_ci(block b2a
436cd6a6acSopenharmony_ci  (block b2
446cd6a6acSopenharmony_ci    (type tb)))
456cd6a6acSopenharmony_ci
466cd6a6acSopenharmony_ci(block b2b
476cd6a6acSopenharmony_ci  (blockinherit b2a)
486cd6a6acSopenharmony_ci  (blockinherit b2))
496cd6a6acSopenharmony_ci
506cd6a6acSopenharmony_ci
516cd6a6acSopenharmony_ci;; All of these work
526cd6a6acSopenharmony_ci(block b3a
536cd6a6acSopenharmony_ci  (type t3a)
546cd6a6acSopenharmony_ci  (block b
556cd6a6acSopenharmony_ci    (type t)
566cd6a6acSopenharmony_ci    (allow t3a t (CLASS (PERM)))
576cd6a6acSopenharmony_ci  )
586cd6a6acSopenharmony_ci)
596cd6a6acSopenharmony_ci
606cd6a6acSopenharmony_ci(block b3b
616cd6a6acSopenharmony_ci  (blockinherit b3a)
626cd6a6acSopenharmony_ci)
636cd6a6acSopenharmony_ci
646cd6a6acSopenharmony_ci(block b3c
656cd6a6acSopenharmony_ci  (blockinherit b3a.b)
666cd6a6acSopenharmony_ci)
676cd6a6acSopenharmony_ci
686cd6a6acSopenharmony_ci(block b3d
696cd6a6acSopenharmony_ci  (type t3a)
706cd6a6acSopenharmony_ci  (blockinherit b3a)
716cd6a6acSopenharmony_ci)
726cd6a6acSopenharmony_ci
736cd6a6acSopenharmony_ci(block b3e
746cd6a6acSopenharmony_ci  (type t3a)
756cd6a6acSopenharmony_ci  (blockinherit b3a.b)
766cd6a6acSopenharmony_ci)
776cd6a6acSopenharmony_ci
786cd6a6acSopenharmony_ci
796cd6a6acSopenharmony_ci;; Since block is abstract, allow rule will not be in policy
806cd6a6acSopenharmony_ci(type t4)
816cd6a6acSopenharmony_ci(block b4
826cd6a6acSopenharmony_ci  (blockabstract b4)
836cd6a6acSopenharmony_ci  (allow t4 self (CLASS (PERM)))
846cd6a6acSopenharmony_ci)
856cd6a6acSopenharmony_ci
866cd6a6acSopenharmony_ci
876cd6a6acSopenharmony_ci;; Inheriting the abstract block causes the allow rule to be in the policy
886cd6a6acSopenharmony_ci(type t5)
896cd6a6acSopenharmony_ci(block b5
906cd6a6acSopenharmony_ci  (blockabstract b5)
916cd6a6acSopenharmony_ci  (allow t5 self (CLASS (PERM)))
926cd6a6acSopenharmony_ci)
936cd6a6acSopenharmony_ci(blockinherit b5)
946cd6a6acSopenharmony_ci
956cd6a6acSopenharmony_ci
966cd6a6acSopenharmony_ci;; A sub-block can be inherited out of an abstract block
976cd6a6acSopenharmony_ci(type t6)
986cd6a6acSopenharmony_ci(block b6
996cd6a6acSopenharmony_ci  (blockabstract b6)
1006cd6a6acSopenharmony_ci  (allow t6 self (CLASS (PERM1)))
1016cd6a6acSopenharmony_ci  (block b
1026cd6a6acSopenharmony_ci    (blockabstract b)
1036cd6a6acSopenharmony_ci    (allow t6 self (CLASS (PERM)))
1046cd6a6acSopenharmony_ci  )
1056cd6a6acSopenharmony_ci)
1066cd6a6acSopenharmony_ci(blockinherit b6.b)
1076cd6a6acSopenharmony_ci
1086cd6a6acSopenharmony_ci;;
1096cd6a6acSopenharmony_ci;; Expected:
1106cd6a6acSopenharmony_ci;;
1116cd6a6acSopenharmony_ci;; Types:
1126cd6a6acSopenharmony_ci;;   b1.ta, b1a.b1.tb, b1b.b1.tb, b1b.ta
1136cd6a6acSopenharmony_ci;;   b2.ta, b2a.b2.tb, b2b.b2.tb, b2b.ta
1146cd6a6acSopenharmony_ci;;   b3a.b.t, b3a.t3a, b3b.b.t, b3b.t3a, b3c.t, b3d.b.t, b3d.t3a, b3e.t, b3e.t3a
1156cd6a6acSopenharmony_ci;;   t4
1166cd6a6acSopenharmony_ci;;   t5
1176cd6a6acSopenharmony_ci;;   t6
1186cd6a6acSopenharmony_ci;;
1196cd6a6acSopenharmony_ci;; Allow rules:
1206cd6a6acSopenharmony_ci;;   allow b3a.t3a b3a.b.t : CLASS { PERM };
1216cd6a6acSopenharmony_ci;;   allow b3a.t3a b3c.t : CLASS { PERM };
1226cd6a6acSopenharmony_ci;;   allow b3b.t3a b3b.b.t : CLASS { PERM };
1236cd6a6acSopenharmony_ci;;   allow b3d.t3a b3d.b.t : CLASS { PERM };
1246cd6a6acSopenharmony_ci;;   allow b3e.t3a b3e.t : CLASS { PERM };
1256cd6a6acSopenharmony_ci;;   allow t5 t5 : CLASS { PERM };
1266cd6a6acSopenharmony_ci;;   allow t6 t6 : CLASS { PERM };