16cd6a6acSopenharmony_ci;; Minimum stuff 26cd6a6acSopenharmony_ci(class CLASS (PERM)) 36cd6a6acSopenharmony_ci(classorder (CLASS)) 46cd6a6acSopenharmony_ci(sid SID) 56cd6a6acSopenharmony_ci(sidorder (SID)) 66cd6a6acSopenharmony_ci(user USER) 76cd6a6acSopenharmony_ci(role ROLE) 86cd6a6acSopenharmony_ci(type TYPE) 96cd6a6acSopenharmony_ci(category CAT) 106cd6a6acSopenharmony_ci(categoryorder (CAT)) 116cd6a6acSopenharmony_ci(sensitivity SENS) 126cd6a6acSopenharmony_ci(sensitivityorder (SENS)) 136cd6a6acSopenharmony_ci(sensitivitycategory SENS (CAT)) 146cd6a6acSopenharmony_ci(allow TYPE self (CLASS (PERM))) 156cd6a6acSopenharmony_ci(roletype ROLE TYPE) 166cd6a6acSopenharmony_ci(userrole USER ROLE) 176cd6a6acSopenharmony_ci(userlevel USER (SENS)) 186cd6a6acSopenharmony_ci(userrange USER ((SENS)(SENS (CAT)))) 196cd6a6acSopenharmony_ci(sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) 206cd6a6acSopenharmony_ci;; Extra stuff 216cd6a6acSopenharmony_ci(common COMMON (PERM1 PERM2 PERM3 PERM4)) 226cd6a6acSopenharmony_ci(classcommon CLASS COMMON) 236cd6a6acSopenharmony_ci 246cd6a6acSopenharmony_ci 256cd6a6acSopenharmony_ci;; Check that "in" statements work in blocks 266cd6a6acSopenharmony_ci(block b1 276cd6a6acSopenharmony_ci (type t1a) 286cd6a6acSopenharmony_ci (allow t1b self (CLASS (PERM1))) 296cd6a6acSopenharmony_ci) 306cd6a6acSopenharmony_ci 316cd6a6acSopenharmony_ci(in b1 326cd6a6acSopenharmony_ci (type t1b) 336cd6a6acSopenharmony_ci (allow t1a self (CLASS (PERM1))) 346cd6a6acSopenharmony_ci) 356cd6a6acSopenharmony_ci 366cd6a6acSopenharmony_ci(in b1 376cd6a6acSopenharmony_ci (allow t1a self (CLASS (PERM2))) 386cd6a6acSopenharmony_ci (allow b1.t1a self (CLASS (PERM3))) 396cd6a6acSopenharmony_ci (allow .b1.t1a self (CLASS (PERM4))) 406cd6a6acSopenharmony_ci 416cd6a6acSopenharmony_ci (allow t1b self (CLASS (PERM2))) 426cd6a6acSopenharmony_ci (allow b1.t1b self (CLASS (PERM3))) 436cd6a6acSopenharmony_ci (allow .b1.t1b self (CLASS (PERM4))) 446cd6a6acSopenharmony_ci) 456cd6a6acSopenharmony_ci 466cd6a6acSopenharmony_ci 476cd6a6acSopenharmony_ci;; Check that "in" statements work in optionals 486cd6a6acSopenharmony_ci(optional option2 496cd6a6acSopenharmony_ci (type t2a) 506cd6a6acSopenharmony_ci (allow t2b self (CLASS (PERM1))) 516cd6a6acSopenharmony_ci) 526cd6a6acSopenharmony_ci 536cd6a6acSopenharmony_ci(in option2 546cd6a6acSopenharmony_ci (type t2b) 556cd6a6acSopenharmony_ci (allow t2a self (CLASS (PERM1))) 566cd6a6acSopenharmony_ci) 576cd6a6acSopenharmony_ci 586cd6a6acSopenharmony_ci(in option2 596cd6a6acSopenharmony_ci (allow t2a self (CLASS (PERM2))) 606cd6a6acSopenharmony_ci (allow t2b self (CLASS (PERM2))) 616cd6a6acSopenharmony_ci) 626cd6a6acSopenharmony_ci 636cd6a6acSopenharmony_ci(allow t2a self (CLASS (PERM3))) 646cd6a6acSopenharmony_ci(allow t2b self (CLASS (PERM3))) 656cd6a6acSopenharmony_ci 666cd6a6acSopenharmony_ci 676cd6a6acSopenharmony_ci;; Check that "in" statements work in macros 686cd6a6acSopenharmony_ci(type t3a) 696cd6a6acSopenharmony_ci(type t3b) 706cd6a6acSopenharmony_ci(macro m3 ((type t)) 716cd6a6acSopenharmony_ci (allow t3a self (CLASS (PERM1))) 726cd6a6acSopenharmony_ci (allow t self (CLASS (PERM1))) 736cd6a6acSopenharmony_ci) 746cd6a6acSopenharmony_ci 756cd6a6acSopenharmony_ci(call m3 (t3b)) 766cd6a6acSopenharmony_ci 776cd6a6acSopenharmony_ci(in m3 786cd6a6acSopenharmony_ci (allow t3a self (CLASS (PERM2))) 796cd6a6acSopenharmony_ci) 806cd6a6acSopenharmony_ci 816cd6a6acSopenharmony_ci(in m3 826cd6a6acSopenharmony_ci (allow t self (CLASS (PERM3))) 836cd6a6acSopenharmony_ci) 846cd6a6acSopenharmony_ci 856cd6a6acSopenharmony_ci 866cd6a6acSopenharmony_ci;; Check "in" statements work for nested optionals 876cd6a6acSopenharmony_ci(optional o4a 886cd6a6acSopenharmony_ci (optional o4b 896cd6a6acSopenharmony_ci (type t4b) 906cd6a6acSopenharmony_ci (allow t4b self (CLASS (PERM1))) 916cd6a6acSopenharmony_ci ) 926cd6a6acSopenharmony_ci) 936cd6a6acSopenharmony_ci 946cd6a6acSopenharmony_ci(in o4a.o4b 956cd6a6acSopenharmony_ci (allow t4b self (CLASS (PERM2))) 966cd6a6acSopenharmony_ci) 976cd6a6acSopenharmony_ci 986cd6a6acSopenharmony_ci 996cd6a6acSopenharmony_ci;; Check "in: statements work for nested optionals and macros 1006cd6a6acSopenharmony_ci(macro m5 () 1016cd6a6acSopenharmony_ci (type t5a) 1026cd6a6acSopenharmony_ci (type t5b) 1036cd6a6acSopenharmony_ci (optional o5a 1046cd6a6acSopenharmony_ci (allow t5a self (CLASS (PERM1))) 1056cd6a6acSopenharmony_ci (optional o5b 1066cd6a6acSopenharmony_ci (allow t5b self (CLASS (PERM1))) 1076cd6a6acSopenharmony_ci ) 1086cd6a6acSopenharmony_ci ) 1096cd6a6acSopenharmony_ci) 1106cd6a6acSopenharmony_ci 1116cd6a6acSopenharmony_ci(call m5) 1126cd6a6acSopenharmony_ci 1136cd6a6acSopenharmony_ci(in m5.o5a 1146cd6a6acSopenharmony_ci (allow t5a self (CLASS (PERM2))) 1156cd6a6acSopenharmony_ci) 1166cd6a6acSopenharmony_ci 1176cd6a6acSopenharmony_ci(in m5.o5a.o5b 1186cd6a6acSopenharmony_ci (allow t5b self (CLASS (PERM2))) 1196cd6a6acSopenharmony_ci) 1206cd6a6acSopenharmony_ci 1216cd6a6acSopenharmony_ci 1226cd6a6acSopenharmony_ci;; 1236cd6a6acSopenharmony_ci;; Expected: 1246cd6a6acSopenharmony_ci;; 1256cd6a6acSopenharmony_ci;; Types: 1266cd6a6acSopenharmony_ci;; b1.t1a, b1.t1b 1276cd6a6acSopenharmony_ci;; t2a, t2b 1286cd6a6acSopenharmony_ci;; t3a, t3b 1296cd6a6acSopenharmony_ci;; t4b 1306cd6a6acSopenharmony_ci;; t5a, t5b 1316cd6a6acSopenharmony_ci;; 1326cd6a6acSopenharmony_ci;; Allow rules: 1336cd6a6acSopenharmony_ci;; allow b1.t1a b1.t1a : CLASS { PERM1 PERM2 PERM3 PERM4 }; 1346cd6a6acSopenharmony_ci;; allow b1.t1b b1.t1b : CLASS { PERM1 PERM2 PERM3 PERM4 }; 1356cd6a6acSopenharmony_ci;; allow t2a t2a : CLASS { PERM1 PERM2 PERM3 }; 1366cd6a6acSopenharmony_ci;; allow t2b t2b : CLASS { PERM1 PERM2 PERM3 }; 1376cd6a6acSopenharmony_ci;; allow t3a t3a : CLASS { PERM1 PERM2 }; 1386cd6a6acSopenharmony_ci;; allow t3b t3b : CLASS { PERM1 PERM3 }; 1396cd6a6acSopenharmony_ci;; allow t4b t4b : CLASS { PERM1 PERM2 }; 1406cd6a6acSopenharmony_ci;; allow t5a t5a : CLASS { PERM1 PERM2 }; 1416cd6a6acSopenharmony_ci;; allow t5b t5b : CLASS { PERM1 PERM2 }; 1426cd6a6acSopenharmony_ci 143