16cd6a6acSopenharmony_ci(class CLASS (PERM)) 26cd6a6acSopenharmony_ci(classorder (CLASS)) 36cd6a6acSopenharmony_ci(sid SID) 46cd6a6acSopenharmony_ci(sidorder (SID)) 56cd6a6acSopenharmony_ci(user USER) 66cd6a6acSopenharmony_ci(role ROLE) 76cd6a6acSopenharmony_ci(type TYPE) 86cd6a6acSopenharmony_ci(category CAT) 96cd6a6acSopenharmony_ci(categoryorder (CAT)) 106cd6a6acSopenharmony_ci(sensitivity SENS) 116cd6a6acSopenharmony_ci(sensitivityorder (SENS)) 126cd6a6acSopenharmony_ci(sensitivitycategory SENS (CAT)) 136cd6a6acSopenharmony_ci(allow TYPE self (CLASS (PERM))) 146cd6a6acSopenharmony_ci(roletype ROLE TYPE) 156cd6a6acSopenharmony_ci(userrole USER ROLE) 166cd6a6acSopenharmony_ci(userlevel USER (SENS)) 176cd6a6acSopenharmony_ci(userrange USER ((SENS)(SENS (CAT)))) 186cd6a6acSopenharmony_ci(sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) 196cd6a6acSopenharmony_ci 206cd6a6acSopenharmony_ci(class c1 (p1a p1b p1c)) 216cd6a6acSopenharmony_ci(class c2 (p2a p2b p2c)) 226cd6a6acSopenharmony_ci(class c3 (p3a p3b p3c)) 236cd6a6acSopenharmony_ci 246cd6a6acSopenharmony_ci(classorder (CLASS c1 c2 c3)) 256cd6a6acSopenharmony_ci 266cd6a6acSopenharmony_ci(classpermission cp1) 276cd6a6acSopenharmony_ci(classpermissionset cp1 (c1 (p1a p1b))) 286cd6a6acSopenharmony_ci(classpermissionset cp1 (c2 (p2a))) 296cd6a6acSopenharmony_ci 306cd6a6acSopenharmony_ci(classmap cm1 (mp1)) 316cd6a6acSopenharmony_ci(classmapping cm1 mp1 326cd6a6acSopenharmony_ci (c1 (p1a))) 336cd6a6acSopenharmony_ci 346cd6a6acSopenharmony_ci(boolean b_b1 false) 356cd6a6acSopenharmony_ci(boolean b_b2 false) 366cd6a6acSopenharmony_ci(boolean b_b3 false) 376cd6a6acSopenharmony_ci 386cd6a6acSopenharmony_ci 396cd6a6acSopenharmony_ci(type b_ta) 406cd6a6acSopenharmony_ci(type b_tb) 416cd6a6acSopenharmony_ci(type b_tc) 426cd6a6acSopenharmony_ci(type b_td) 436cd6a6acSopenharmony_ci 446cd6a6acSopenharmony_ci 456cd6a6acSopenharmony_ci;; All of these rules should pass the bounds check 466cd6a6acSopenharmony_ci(type b_t1) 476cd6a6acSopenharmony_ci(type b_t1_c) 486cd6a6acSopenharmony_ci(typebounds b_t1 b_t1_c) 496cd6a6acSopenharmony_ci 506cd6a6acSopenharmony_ci(allow b_t1 self (CLASS (PERM))) 516cd6a6acSopenharmony_ci(allow b_t1_c self (CLASS (PERM))) 526cd6a6acSopenharmony_ci(allow b_t1 b_ta (CLASS (PERM))) 536cd6a6acSopenharmony_ci(allow b_t1_c b_ta (CLASS (PERM))) 546cd6a6acSopenharmony_ci(allow b_ta b_t1 (CLASS (PERM))) 556cd6a6acSopenharmony_ci(allow b_ta b_t1_c (CLASS (PERM))) 566cd6a6acSopenharmony_ci 576cd6a6acSopenharmony_ci(booleanif b_b1 586cd6a6acSopenharmony_ci (false 596cd6a6acSopenharmony_ci (allow b_t1 b_tb (CLASS (PERM))) 606cd6a6acSopenharmony_ci (allow b_t1_c b_tb (CLASS (PERM))) 616cd6a6acSopenharmony_ci (allow b_tb b_t1 (CLASS (PERM))) 626cd6a6acSopenharmony_ci (allow b_tb b_t1_c (CLASS (PERM))))) 636cd6a6acSopenharmony_ci 646cd6a6acSopenharmony_ci(allow b_t1 b_tc (CLASS (PERM))) 656cd6a6acSopenharmony_ci(allow b_tc b_t1 (CLASS (PERM))) 666cd6a6acSopenharmony_ci(booleanif b_b2 676cd6a6acSopenharmony_ci (false 686cd6a6acSopenharmony_ci (allow b_t1_c b_tc (CLASS (PERM))) 696cd6a6acSopenharmony_ci (allow b_tc b_t1_c (CLASS (PERM))))) 706cd6a6acSopenharmony_ci 716cd6a6acSopenharmony_ci(allow b_t1_c b_td (CLASS (PERM))) 726cd6a6acSopenharmony_ci(allow b_td b_t1_c (CLASS (PERM))) 736cd6a6acSopenharmony_ci(booleanif b_b3 746cd6a6acSopenharmony_ci (true 756cd6a6acSopenharmony_ci (allow b_t1 b_td (CLASS (PERM))) 766cd6a6acSopenharmony_ci (allow b_td b_t1 (CLASS (PERM)))) 776cd6a6acSopenharmony_ci (false 786cd6a6acSopenharmony_ci (allow b_t1 b_td (CLASS (PERM))) 796cd6a6acSopenharmony_ci (allow b_td b_t1 (CLASS (PERM))))) 806cd6a6acSopenharmony_ci 816cd6a6acSopenharmony_ci 826cd6a6acSopenharmony_ci;; All of these rules should pass the bounds check 836cd6a6acSopenharmony_ci(type b_t2) 846cd6a6acSopenharmony_ci(type b_t2_c) 856cd6a6acSopenharmony_ci(typebounds b_t2 b_t2_c) 866cd6a6acSopenharmony_ci(typeattribute b_a2) 876cd6a6acSopenharmony_ci(typeattribute b_a2_c) 886cd6a6acSopenharmony_ci(typeattributeset b_a2 b_t2) 896cd6a6acSopenharmony_ci(typeattributeset b_a2_c b_t2_c) 906cd6a6acSopenharmony_ci 916cd6a6acSopenharmony_ci(allow b_a2 self (CLASS (PERM))) 926cd6a6acSopenharmony_ci(allow b_a2_c self (CLASS (PERM))) 936cd6a6acSopenharmony_ci(allow b_a2 b_ta (CLASS (PERM))) 946cd6a6acSopenharmony_ci(allow b_a2_c b_ta (CLASS (PERM))) 956cd6a6acSopenharmony_ci(allow b_ta b_a2 (CLASS (PERM))) 966cd6a6acSopenharmony_ci(allow b_ta b_a2_c (CLASS (PERM))) 976cd6a6acSopenharmony_ci 986cd6a6acSopenharmony_ci(booleanif b_b1 996cd6a6acSopenharmony_ci (false 1006cd6a6acSopenharmony_ci (allow b_a2 b_tb (CLASS (PERM))) 1016cd6a6acSopenharmony_ci (allow b_a2_c b_tb (CLASS (PERM))) 1026cd6a6acSopenharmony_ci (allow b_tb b_a2 (CLASS (PERM))) 1036cd6a6acSopenharmony_ci (allow b_tb b_a2_c (CLASS (PERM))))) 1046cd6a6acSopenharmony_ci 1056cd6a6acSopenharmony_ci(allow b_a2 b_tc (CLASS (PERM))) 1066cd6a6acSopenharmony_ci(allow b_tc b_a2 (CLASS (PERM))) 1076cd6a6acSopenharmony_ci(booleanif b_b2 1086cd6a6acSopenharmony_ci (false 1096cd6a6acSopenharmony_ci (allow b_a2_c b_tc (CLASS (PERM))) 1106cd6a6acSopenharmony_ci (allow b_tc b_a2_c (CLASS (PERM))))) 1116cd6a6acSopenharmony_ci 1126cd6a6acSopenharmony_ci(allow b_a2_c b_td (CLASS (PERM))) 1136cd6a6acSopenharmony_ci(allow b_td b_a2_c (CLASS (PERM))) 1146cd6a6acSopenharmony_ci(booleanif b_b3 1156cd6a6acSopenharmony_ci (true 1166cd6a6acSopenharmony_ci (allow b_a2 b_td (CLASS (PERM))) 1176cd6a6acSopenharmony_ci (allow b_td b_a2 (CLASS (PERM)))) 1186cd6a6acSopenharmony_ci (false 1196cd6a6acSopenharmony_ci (allow b_a2 b_td (CLASS (PERM))) 1206cd6a6acSopenharmony_ci (allow b_td b_a2 (CLASS (PERM))))) 1216cd6a6acSopenharmony_ci 1226cd6a6acSopenharmony_ci 1236cd6a6acSopenharmony_ci;; All of these rules should fail the bounds check 1246cd6a6acSopenharmony_ci(type b_t3) 1256cd6a6acSopenharmony_ci(type b_t3_c) 1266cd6a6acSopenharmony_ci(typebounds b_t3 b_t3_c) 1276cd6a6acSopenharmony_ci 1286cd6a6acSopenharmony_ci(allow b_t3 self (CLASS (PERM))) 1296cd6a6acSopenharmony_ci(allow b_t3_c self (c1 (p1a))) 1306cd6a6acSopenharmony_ci(allow b_t3 b_ta (CLASS (PERM))) 1316cd6a6acSopenharmony_ci(allow b_t3_c b_ta (c1 (p1a))) 1326cd6a6acSopenharmony_ci(allow b_ta b_t3 (CLASS (PERM))) 1336cd6a6acSopenharmony_ci(allow b_ta b_t3_c (c1 (p1a))) 1346cd6a6acSopenharmony_ci 1356cd6a6acSopenharmony_ci(booleanif b_b1 1366cd6a6acSopenharmony_ci (false 1376cd6a6acSopenharmony_ci (allow b_t3_c b_tb (c1 (p1a))) 1386cd6a6acSopenharmony_ci (allow b_tb b_t3_c (c1 (p1a))))) 1396cd6a6acSopenharmony_ci 1406cd6a6acSopenharmony_ci(booleanif b_b2 1416cd6a6acSopenharmony_ci (true 1426cd6a6acSopenharmony_ci (allow b_t3_c b_tc (c1 (p1a))) 1436cd6a6acSopenharmony_ci (allow b_tc b_t3_c (c1 (p1a)))) 1446cd6a6acSopenharmony_ci (false 1456cd6a6acSopenharmony_ci (allow b_t3 b_tc (c1 (p1a))) 1466cd6a6acSopenharmony_ci (allow b_tc b_t3 (c1 (p1a))))) 1476cd6a6acSopenharmony_ci 1486cd6a6acSopenharmony_ci(allow b_t3_c b_td (c1 (p1a))) 1496cd6a6acSopenharmony_ci(allow b_td b_t3_c (c1 (p1a))) 1506cd6a6acSopenharmony_ci(booleanif b_b3 1516cd6a6acSopenharmony_ci (false 1526cd6a6acSopenharmony_ci (allow b_t3 b_td (c1 (p1a))) 1536cd6a6acSopenharmony_ci (allow b_td b_t3 (c1 (p1a))))) 1546cd6a6acSopenharmony_ci 1556cd6a6acSopenharmony_ci 1566cd6a6acSopenharmony_ci;; All of these rules should fail the bounds check 1576cd6a6acSopenharmony_ci(type b_t4) 1586cd6a6acSopenharmony_ci(type b_t4_c) 1596cd6a6acSopenharmony_ci(typebounds b_t4 b_t4_c) 1606cd6a6acSopenharmony_ci(typeattribute b_a4) 1616cd6a6acSopenharmony_ci(typeattribute b_a4_c) 1626cd6a6acSopenharmony_ci(typeattributeset b_a4 b_t4) 1636cd6a6acSopenharmony_ci(typeattributeset b_a4_c b_t4_c) 1646cd6a6acSopenharmony_ci 1656cd6a6acSopenharmony_ci(allow b_a4 self (CLASS (PERM))) 1666cd6a6acSopenharmony_ci(allow b_a4_c self (c1 (p1a))) 1676cd6a6acSopenharmony_ci(allow b_a4 b_ta (CLASS (PERM))) 1686cd6a6acSopenharmony_ci(allow b_a4_c b_ta (c1 (p1a))) 1696cd6a6acSopenharmony_ci(allow b_ta b_a4 (CLASS (PERM))) 1706cd6a6acSopenharmony_ci(allow b_ta b_a4_c (c1 (p1a))) 1716cd6a6acSopenharmony_ci 1726cd6a6acSopenharmony_ci(booleanif b_b1 1736cd6a6acSopenharmony_ci (false 1746cd6a6acSopenharmony_ci (allow b_a4_c b_tb (c1 (p1a))) 1756cd6a6acSopenharmony_ci (allow b_tb b_a4_c (c1 (p1a))))) 1766cd6a6acSopenharmony_ci 1776cd6a6acSopenharmony_ci(booleanif b_b2 1786cd6a6acSopenharmony_ci (true 1796cd6a6acSopenharmony_ci (allow b_a4_c b_tc (c1 (p1a))) 1806cd6a6acSopenharmony_ci (allow b_tc b_a4_c (c1 (p1a)))) 1816cd6a6acSopenharmony_ci (false 1826cd6a6acSopenharmony_ci (allow b_a4 b_tc (c1 (p1a))) 1836cd6a6acSopenharmony_ci (allow b_tc b_a4 (c1 (p1a))))) 1846cd6a6acSopenharmony_ci 1856cd6a6acSopenharmony_ci(allow b_a4_c b_td (c1 (p1a))) 1866cd6a6acSopenharmony_ci(allow b_td b_a4_c (c1 (p1a))) 1876cd6a6acSopenharmony_ci(booleanif b_b3 1886cd6a6acSopenharmony_ci (false 1896cd6a6acSopenharmony_ci (allow b_a4 b_td (c1 (p1a))) 1906cd6a6acSopenharmony_ci (allow b_td b_a4 (c1 (p1a))))) 1916cd6a6acSopenharmony_ci 1926cd6a6acSopenharmony_ci 1936cd6a6acSopenharmony_ci;; Marked rules should fail, all others should pass 1946cd6a6acSopenharmony_ci(type b_t5) 1956cd6a6acSopenharmony_ci(type b_t5_c) 1966cd6a6acSopenharmony_ci(typebounds b_t5 b_t5_c) 1976cd6a6acSopenharmony_ci 1986cd6a6acSopenharmony_ci(allow b_t5 b_ta cp1) 1996cd6a6acSopenharmony_ci(allow b_t5_c b_ta (c1 (p1a))) 2006cd6a6acSopenharmony_ci(allow b_t5_c b_ta (c2 (p2a))) 2016cd6a6acSopenharmony_ci(allow b_t5_c b_ta (c2 (p2b))) ;; Fail 2026cd6a6acSopenharmony_ci(allow b_t5_c b_ta (c3 (p3a))) ;; Fail 2036cd6a6acSopenharmony_ci 2046cd6a6acSopenharmony_ci(allow b_t5 b_tb (c1 (p1a p1b))) 2056cd6a6acSopenharmony_ci(allow b_t5 b_tb (c2 (p2a))) 2066cd6a6acSopenharmony_ci(allow b_t5_c b_tb cp1) 2076cd6a6acSopenharmony_ci 2086cd6a6acSopenharmony_ci(allow b_t5 b_tc (cm1 (mp1))) 2096cd6a6acSopenharmony_ci(allow b_t5_c b_tc (c1 (p1a))) 2106cd6a6acSopenharmony_ci(allow b_t5_c b_tc (c1 (p1b))) ;; Fail 2116cd6a6acSopenharmony_ci(allow b_t5_c b_tc (c2 (p2a))) ;; Fail 2126cd6a6acSopenharmony_ci 2136cd6a6acSopenharmony_ci(allow b_t5 b_tc (c1 (p1a))) 2146cd6a6acSopenharmony_ci(allow b_t5_c b_tc (cm1 (mp1))) 2156cd6a6acSopenharmony_ci 2166cd6a6acSopenharmony_ci 2176cd6a6acSopenharmony_ci;; Marked rules should fail, all others should pass 2186cd6a6acSopenharmony_ci(type b_t6a) 2196cd6a6acSopenharmony_ci(type b_t6a_c) 2206cd6a6acSopenharmony_ci(type b_t6b) 2216cd6a6acSopenharmony_ci(type b_t6b_c) 2226cd6a6acSopenharmony_ci(typebounds b_t6a b_t6a_c) 2236cd6a6acSopenharmony_ci(typebounds b_t6b b_t6b_c) 2246cd6a6acSopenharmony_ci 2256cd6a6acSopenharmony_ci(allow b_t6a b_t6b (CLASS (PERM))) 2266cd6a6acSopenharmony_ci(allow b_t6a_c b_t6b_c (CLASS (PERM))) 2276cd6a6acSopenharmony_ci 2286cd6a6acSopenharmony_ci;; Needs: (allow b_t6a b_t6b (c1 (p1a))) 2296cd6a6acSopenharmony_ci(allow b_t6a_c b_t6b (c1 (p1a))) ;; Fail 2306cd6a6acSopenharmony_ci(allow b_t6a_c b_t6b_c (c1 (p1a))) ;; Fail 2316cd6a6acSopenharmony_ci 2326cd6a6acSopenharmony_ci;; Needs: (allow b_t6a b_t6b (c2 (p2a))) 2336cd6a6acSopenharmony_ci(allow b_t6a b_t6b_c (c2 (p2a))) ;; Fail 2346cd6a6acSopenharmony_ci(allow b_t6a_c b_t6b (c2 (p2a))) ;; Fail 2356cd6a6acSopenharmony_ci(allow b_t6a_c b_t6b_c (c2 (p2a))) 2366cd6a6acSopenharmony_ci 2376cd6a6acSopenharmony_ci;; Needs: (allow b_t6a b_t6b (c3 (p3c))) 2386cd6a6acSopenharmony_ci(allow b_t6a b_t6b (c3 (p3a p3b))) 2396cd6a6acSopenharmony_ci(allow b_t6a b_t6b_c (c3 (p3b p3c))) ;; Fail 2406cd6a6acSopenharmony_ci(allow b_t6a_c b_t6b (c3 (p3a p3c))) ;; Fail 2416cd6a6acSopenharmony_ci(allow b_t6a_c b_t6b_c (c3 (p3a p3b p3c))) ;; Fail 242