16cd6a6acSopenharmony_ci(class CLASS (PERM))
26cd6a6acSopenharmony_ci(classorder (CLASS))
36cd6a6acSopenharmony_ci(sid SID)
46cd6a6acSopenharmony_ci(sidorder (SID))
56cd6a6acSopenharmony_ci(user USER)
66cd6a6acSopenharmony_ci(role ROLE)
76cd6a6acSopenharmony_ci(type TYPE)
86cd6a6acSopenharmony_ci(category CAT)
96cd6a6acSopenharmony_ci(categoryorder (CAT))
106cd6a6acSopenharmony_ci(sensitivity SENS)
116cd6a6acSopenharmony_ci(sensitivityorder (SENS))
126cd6a6acSopenharmony_ci(sensitivitycategory SENS (CAT))
136cd6a6acSopenharmony_ci(allow TYPE self (CLASS (PERM)))
146cd6a6acSopenharmony_ci(roletype ROLE TYPE)
156cd6a6acSopenharmony_ci(userrole USER ROLE)
166cd6a6acSopenharmony_ci(userlevel USER (SENS))
176cd6a6acSopenharmony_ci(userrange USER ((SENS)(SENS (CAT))))
186cd6a6acSopenharmony_ci(sidcontext SID (USER ROLE TYPE ((SENS)(SENS))))
196cd6a6acSopenharmony_ci
206cd6a6acSopenharmony_ci(class c1 (p1a p1b p1c))
216cd6a6acSopenharmony_ci(class c2 (p2a p2b p2c))
226cd6a6acSopenharmony_ci(class c3 (p3a p3b p3c))
236cd6a6acSopenharmony_ci
246cd6a6acSopenharmony_ci(classorder (CLASS c1 c2 c3))
256cd6a6acSopenharmony_ci
266cd6a6acSopenharmony_ci(classpermission cp1)
276cd6a6acSopenharmony_ci(classpermissionset cp1 (c1 (p1a p1b)))
286cd6a6acSopenharmony_ci(classpermissionset cp1 (c2 (p2a)))
296cd6a6acSopenharmony_ci
306cd6a6acSopenharmony_ci(classmap cm1 (mp1))
316cd6a6acSopenharmony_ci(classmapping cm1 mp1
326cd6a6acSopenharmony_ci	      (c1 (p1a)))
336cd6a6acSopenharmony_ci
346cd6a6acSopenharmony_ci(boolean b_b1 false)
356cd6a6acSopenharmony_ci(boolean b_b2 false)
366cd6a6acSopenharmony_ci(boolean b_b3 false)
376cd6a6acSopenharmony_ci
386cd6a6acSopenharmony_ci
396cd6a6acSopenharmony_ci(type b_ta)
406cd6a6acSopenharmony_ci(type b_tb)
416cd6a6acSopenharmony_ci(type b_tc)
426cd6a6acSopenharmony_ci(type b_td)
436cd6a6acSopenharmony_ci
446cd6a6acSopenharmony_ci
456cd6a6acSopenharmony_ci;; All of these rules should pass the bounds check
466cd6a6acSopenharmony_ci(type b_t1)
476cd6a6acSopenharmony_ci(type b_t1_c)
486cd6a6acSopenharmony_ci(typebounds b_t1 b_t1_c)
496cd6a6acSopenharmony_ci
506cd6a6acSopenharmony_ci(allow b_t1 self (CLASS (PERM)))
516cd6a6acSopenharmony_ci(allow b_t1_c self (CLASS (PERM)))
526cd6a6acSopenharmony_ci(allow b_t1 b_ta (CLASS (PERM)))
536cd6a6acSopenharmony_ci(allow b_t1_c b_ta (CLASS (PERM)))
546cd6a6acSopenharmony_ci(allow b_ta b_t1 (CLASS (PERM)))
556cd6a6acSopenharmony_ci(allow b_ta b_t1_c (CLASS (PERM)))
566cd6a6acSopenharmony_ci
576cd6a6acSopenharmony_ci(booleanif b_b1
586cd6a6acSopenharmony_ci  (false
596cd6a6acSopenharmony_ci    (allow b_t1 b_tb (CLASS (PERM)))
606cd6a6acSopenharmony_ci    (allow b_t1_c b_tb (CLASS (PERM)))
616cd6a6acSopenharmony_ci    (allow b_tb b_t1 (CLASS (PERM)))
626cd6a6acSopenharmony_ci    (allow b_tb b_t1_c (CLASS (PERM)))))
636cd6a6acSopenharmony_ci
646cd6a6acSopenharmony_ci(allow b_t1 b_tc (CLASS (PERM)))
656cd6a6acSopenharmony_ci(allow b_tc b_t1 (CLASS (PERM)))
666cd6a6acSopenharmony_ci(booleanif b_b2
676cd6a6acSopenharmony_ci  (false
686cd6a6acSopenharmony_ci    (allow b_t1_c b_tc (CLASS (PERM)))
696cd6a6acSopenharmony_ci    (allow b_tc b_t1_c (CLASS (PERM)))))
706cd6a6acSopenharmony_ci
716cd6a6acSopenharmony_ci(allow b_t1_c b_td (CLASS (PERM)))
726cd6a6acSopenharmony_ci(allow b_td b_t1_c (CLASS (PERM)))
736cd6a6acSopenharmony_ci(booleanif b_b3
746cd6a6acSopenharmony_ci  (true
756cd6a6acSopenharmony_ci    (allow b_t1 b_td (CLASS (PERM)))
766cd6a6acSopenharmony_ci    (allow b_td b_t1 (CLASS (PERM))))
776cd6a6acSopenharmony_ci  (false
786cd6a6acSopenharmony_ci    (allow b_t1 b_td (CLASS (PERM)))
796cd6a6acSopenharmony_ci    (allow b_td b_t1 (CLASS (PERM)))))
806cd6a6acSopenharmony_ci
816cd6a6acSopenharmony_ci
826cd6a6acSopenharmony_ci;; All of these rules should pass the bounds check
836cd6a6acSopenharmony_ci(type b_t2)
846cd6a6acSopenharmony_ci(type b_t2_c)
856cd6a6acSopenharmony_ci(typebounds b_t2 b_t2_c)
866cd6a6acSopenharmony_ci(typeattribute b_a2)
876cd6a6acSopenharmony_ci(typeattribute b_a2_c)
886cd6a6acSopenharmony_ci(typeattributeset b_a2 b_t2)
896cd6a6acSopenharmony_ci(typeattributeset b_a2_c b_t2_c)
906cd6a6acSopenharmony_ci
916cd6a6acSopenharmony_ci(allow b_a2 self (CLASS (PERM)))
926cd6a6acSopenharmony_ci(allow b_a2_c self (CLASS (PERM)))
936cd6a6acSopenharmony_ci(allow b_a2 b_ta (CLASS (PERM)))
946cd6a6acSopenharmony_ci(allow b_a2_c b_ta (CLASS (PERM)))
956cd6a6acSopenharmony_ci(allow b_ta b_a2 (CLASS (PERM)))
966cd6a6acSopenharmony_ci(allow b_ta b_a2_c (CLASS (PERM)))
976cd6a6acSopenharmony_ci
986cd6a6acSopenharmony_ci(booleanif b_b1
996cd6a6acSopenharmony_ci  (false
1006cd6a6acSopenharmony_ci    (allow b_a2 b_tb (CLASS (PERM)))
1016cd6a6acSopenharmony_ci    (allow b_a2_c b_tb (CLASS (PERM)))
1026cd6a6acSopenharmony_ci    (allow b_tb b_a2 (CLASS (PERM)))
1036cd6a6acSopenharmony_ci    (allow b_tb b_a2_c (CLASS (PERM)))))
1046cd6a6acSopenharmony_ci
1056cd6a6acSopenharmony_ci(allow b_a2 b_tc (CLASS (PERM)))
1066cd6a6acSopenharmony_ci(allow b_tc b_a2 (CLASS (PERM)))
1076cd6a6acSopenharmony_ci(booleanif b_b2
1086cd6a6acSopenharmony_ci  (false
1096cd6a6acSopenharmony_ci    (allow b_a2_c b_tc (CLASS (PERM)))
1106cd6a6acSopenharmony_ci    (allow b_tc b_a2_c (CLASS (PERM)))))
1116cd6a6acSopenharmony_ci
1126cd6a6acSopenharmony_ci(allow b_a2_c b_td (CLASS (PERM)))
1136cd6a6acSopenharmony_ci(allow b_td b_a2_c (CLASS (PERM)))
1146cd6a6acSopenharmony_ci(booleanif b_b3
1156cd6a6acSopenharmony_ci  (true
1166cd6a6acSopenharmony_ci    (allow b_a2 b_td (CLASS (PERM)))
1176cd6a6acSopenharmony_ci    (allow b_td b_a2 (CLASS (PERM))))
1186cd6a6acSopenharmony_ci  (false
1196cd6a6acSopenharmony_ci    (allow b_a2 b_td (CLASS (PERM)))
1206cd6a6acSopenharmony_ci    (allow b_td b_a2 (CLASS (PERM)))))
1216cd6a6acSopenharmony_ci
1226cd6a6acSopenharmony_ci
1236cd6a6acSopenharmony_ci;; All of these rules should fail the bounds check
1246cd6a6acSopenharmony_ci(type b_t3)
1256cd6a6acSopenharmony_ci(type b_t3_c)
1266cd6a6acSopenharmony_ci(typebounds b_t3 b_t3_c)
1276cd6a6acSopenharmony_ci
1286cd6a6acSopenharmony_ci(allow b_t3 self (CLASS (PERM)))
1296cd6a6acSopenharmony_ci(allow b_t3_c self (c1 (p1a)))
1306cd6a6acSopenharmony_ci(allow b_t3 b_ta (CLASS (PERM)))
1316cd6a6acSopenharmony_ci(allow b_t3_c b_ta (c1 (p1a)))
1326cd6a6acSopenharmony_ci(allow b_ta b_t3 (CLASS (PERM)))
1336cd6a6acSopenharmony_ci(allow b_ta b_t3_c (c1 (p1a)))
1346cd6a6acSopenharmony_ci
1356cd6a6acSopenharmony_ci(booleanif b_b1
1366cd6a6acSopenharmony_ci  (false
1376cd6a6acSopenharmony_ci    (allow b_t3_c b_tb (c1 (p1a)))
1386cd6a6acSopenharmony_ci    (allow b_tb b_t3_c (c1 (p1a)))))
1396cd6a6acSopenharmony_ci
1406cd6a6acSopenharmony_ci(booleanif b_b2
1416cd6a6acSopenharmony_ci  (true
1426cd6a6acSopenharmony_ci    (allow b_t3_c b_tc (c1 (p1a)))
1436cd6a6acSopenharmony_ci    (allow b_tc b_t3_c (c1 (p1a))))
1446cd6a6acSopenharmony_ci  (false
1456cd6a6acSopenharmony_ci    (allow b_t3 b_tc (c1 (p1a)))
1466cd6a6acSopenharmony_ci    (allow b_tc b_t3 (c1 (p1a)))))
1476cd6a6acSopenharmony_ci
1486cd6a6acSopenharmony_ci(allow b_t3_c b_td (c1 (p1a)))
1496cd6a6acSopenharmony_ci(allow b_td b_t3_c (c1 (p1a)))
1506cd6a6acSopenharmony_ci(booleanif b_b3
1516cd6a6acSopenharmony_ci  (false
1526cd6a6acSopenharmony_ci    (allow b_t3 b_td (c1 (p1a)))
1536cd6a6acSopenharmony_ci    (allow b_td b_t3 (c1 (p1a)))))
1546cd6a6acSopenharmony_ci
1556cd6a6acSopenharmony_ci
1566cd6a6acSopenharmony_ci;; All of these rules should fail the bounds check
1576cd6a6acSopenharmony_ci(type b_t4)
1586cd6a6acSopenharmony_ci(type b_t4_c)
1596cd6a6acSopenharmony_ci(typebounds b_t4 b_t4_c)
1606cd6a6acSopenharmony_ci(typeattribute b_a4)
1616cd6a6acSopenharmony_ci(typeattribute b_a4_c)
1626cd6a6acSopenharmony_ci(typeattributeset b_a4 b_t4)
1636cd6a6acSopenharmony_ci(typeattributeset b_a4_c b_t4_c)
1646cd6a6acSopenharmony_ci
1656cd6a6acSopenharmony_ci(allow b_a4 self (CLASS (PERM)))
1666cd6a6acSopenharmony_ci(allow b_a4_c self (c1 (p1a)))
1676cd6a6acSopenharmony_ci(allow b_a4 b_ta (CLASS (PERM)))
1686cd6a6acSopenharmony_ci(allow b_a4_c b_ta (c1 (p1a)))
1696cd6a6acSopenharmony_ci(allow b_ta b_a4 (CLASS (PERM)))
1706cd6a6acSopenharmony_ci(allow b_ta b_a4_c (c1 (p1a)))
1716cd6a6acSopenharmony_ci
1726cd6a6acSopenharmony_ci(booleanif b_b1
1736cd6a6acSopenharmony_ci  (false
1746cd6a6acSopenharmony_ci    (allow b_a4_c b_tb (c1 (p1a)))
1756cd6a6acSopenharmony_ci    (allow b_tb b_a4_c (c1 (p1a)))))
1766cd6a6acSopenharmony_ci
1776cd6a6acSopenharmony_ci(booleanif b_b2
1786cd6a6acSopenharmony_ci  (true
1796cd6a6acSopenharmony_ci    (allow b_a4_c b_tc (c1 (p1a)))
1806cd6a6acSopenharmony_ci    (allow b_tc b_a4_c (c1 (p1a))))
1816cd6a6acSopenharmony_ci  (false
1826cd6a6acSopenharmony_ci    (allow b_a4 b_tc (c1 (p1a)))
1836cd6a6acSopenharmony_ci    (allow b_tc b_a4 (c1 (p1a)))))
1846cd6a6acSopenharmony_ci
1856cd6a6acSopenharmony_ci(allow b_a4_c b_td (c1 (p1a)))
1866cd6a6acSopenharmony_ci(allow b_td b_a4_c (c1 (p1a)))
1876cd6a6acSopenharmony_ci(booleanif b_b3
1886cd6a6acSopenharmony_ci  (false
1896cd6a6acSopenharmony_ci    (allow b_a4 b_td (c1 (p1a)))
1906cd6a6acSopenharmony_ci    (allow b_td b_a4 (c1 (p1a)))))
1916cd6a6acSopenharmony_ci
1926cd6a6acSopenharmony_ci
1936cd6a6acSopenharmony_ci;; Marked rules should fail, all others should pass
1946cd6a6acSopenharmony_ci(type b_t5)
1956cd6a6acSopenharmony_ci(type b_t5_c)
1966cd6a6acSopenharmony_ci(typebounds b_t5 b_t5_c)
1976cd6a6acSopenharmony_ci
1986cd6a6acSopenharmony_ci(allow b_t5 b_ta cp1)
1996cd6a6acSopenharmony_ci(allow b_t5_c b_ta (c1 (p1a)))
2006cd6a6acSopenharmony_ci(allow b_t5_c b_ta (c2 (p2a)))
2016cd6a6acSopenharmony_ci(allow b_t5_c b_ta (c2 (p2b))) ;; Fail
2026cd6a6acSopenharmony_ci(allow b_t5_c b_ta (c3 (p3a))) ;; Fail
2036cd6a6acSopenharmony_ci
2046cd6a6acSopenharmony_ci(allow b_t5 b_tb (c1 (p1a p1b)))
2056cd6a6acSopenharmony_ci(allow b_t5 b_tb (c2 (p2a)))
2066cd6a6acSopenharmony_ci(allow b_t5_c b_tb cp1)
2076cd6a6acSopenharmony_ci
2086cd6a6acSopenharmony_ci(allow b_t5 b_tc (cm1 (mp1)))
2096cd6a6acSopenharmony_ci(allow b_t5_c b_tc (c1 (p1a)))
2106cd6a6acSopenharmony_ci(allow b_t5_c b_tc (c1 (p1b))) ;; Fail
2116cd6a6acSopenharmony_ci(allow b_t5_c b_tc (c2 (p2a))) ;; Fail
2126cd6a6acSopenharmony_ci
2136cd6a6acSopenharmony_ci(allow b_t5 b_tc (c1 (p1a)))
2146cd6a6acSopenharmony_ci(allow b_t5_c b_tc (cm1 (mp1)))
2156cd6a6acSopenharmony_ci
2166cd6a6acSopenharmony_ci
2176cd6a6acSopenharmony_ci;; Marked rules should fail, all others should pass
2186cd6a6acSopenharmony_ci(type b_t6a)
2196cd6a6acSopenharmony_ci(type b_t6a_c)
2206cd6a6acSopenharmony_ci(type b_t6b)
2216cd6a6acSopenharmony_ci(type b_t6b_c)
2226cd6a6acSopenharmony_ci(typebounds b_t6a b_t6a_c)
2236cd6a6acSopenharmony_ci(typebounds b_t6b b_t6b_c)
2246cd6a6acSopenharmony_ci
2256cd6a6acSopenharmony_ci(allow b_t6a b_t6b (CLASS (PERM)))
2266cd6a6acSopenharmony_ci(allow b_t6a_c b_t6b_c (CLASS (PERM)))
2276cd6a6acSopenharmony_ci
2286cd6a6acSopenharmony_ci;; Needs: (allow b_t6a b_t6b (c1 (p1a)))
2296cd6a6acSopenharmony_ci(allow b_t6a_c b_t6b (c1 (p1a))) ;; Fail
2306cd6a6acSopenharmony_ci(allow b_t6a_c b_t6b_c (c1 (p1a))) ;; Fail
2316cd6a6acSopenharmony_ci
2326cd6a6acSopenharmony_ci;; Needs: (allow b_t6a b_t6b (c2 (p2a)))
2336cd6a6acSopenharmony_ci(allow b_t6a b_t6b_c (c2 (p2a))) ;; Fail
2346cd6a6acSopenharmony_ci(allow b_t6a_c b_t6b (c2 (p2a))) ;; Fail
2356cd6a6acSopenharmony_ci(allow b_t6a_c b_t6b_c (c2 (p2a)))
2366cd6a6acSopenharmony_ci
2376cd6a6acSopenharmony_ci;; Needs: (allow b_t6a b_t6b (c3 (p3c)))
2386cd6a6acSopenharmony_ci(allow b_t6a b_t6b (c3 (p3a p3b)))
2396cd6a6acSopenharmony_ci(allow b_t6a b_t6b_c (c3 (p3b p3c))) ;; Fail
2406cd6a6acSopenharmony_ci(allow b_t6a_c b_t6b (c3 (p3a p3c))) ;; Fail
2416cd6a6acSopenharmony_ci(allow b_t6a_c b_t6b_c (c3 (p3a p3b p3c))) ;; Fail
242