16cd6a6acSopenharmony_ci;; Minimum stuff
26cd6a6acSopenharmony_ci(class CLASS (PERM))
36cd6a6acSopenharmony_ci(classorder (CLASS))
46cd6a6acSopenharmony_ci(sid SID)
56cd6a6acSopenharmony_ci(sidorder (SID))
66cd6a6acSopenharmony_ci(user USER)
76cd6a6acSopenharmony_ci(role ROLE)
86cd6a6acSopenharmony_ci(type TYPE)
96cd6a6acSopenharmony_ci(category CAT)
106cd6a6acSopenharmony_ci(categoryorder (CAT))
116cd6a6acSopenharmony_ci(sensitivity SENS)
126cd6a6acSopenharmony_ci(sensitivityorder (SENS))
136cd6a6acSopenharmony_ci(sensitivitycategory SENS (CAT))
146cd6a6acSopenharmony_ci(allow TYPE self (CLASS (PERM)))
156cd6a6acSopenharmony_ci(roletype ROLE TYPE)
166cd6a6acSopenharmony_ci(userrole USER ROLE)
176cd6a6acSopenharmony_ci(userlevel USER (SENS))
186cd6a6acSopenharmony_ci(userrange USER ((SENS)(SENS (CAT))))
196cd6a6acSopenharmony_ci(sidcontext SID (USER ROLE TYPE ((SENS)(SENS))))
206cd6a6acSopenharmony_ci;; Extra stuff
216cd6a6acSopenharmony_ci(common COMMON (PERM1 PERM2 PERM3 PERM4))
226cd6a6acSopenharmony_ci(classcommon CLASS COMMON)
236cd6a6acSopenharmony_ci
246cd6a6acSopenharmony_ci
256cd6a6acSopenharmony_ci;; Check resolution failure handling for optionals
266cd6a6acSopenharmony_ci(type t1)
276cd6a6acSopenharmony_ci(optional o1
286cd6a6acSopenharmony_ci  (allow t1 self (CLASS (PERM))) ;; Should not appear in policy
296cd6a6acSopenharmony_ci  (allow UNKNOWN self (CLASS (PERM)))
306cd6a6acSopenharmony_ci)
316cd6a6acSopenharmony_ci
326cd6a6acSopenharmony_ci
336cd6a6acSopenharmony_ci;; These should not cause an error
346cd6a6acSopenharmony_ci(block b2a
356cd6a6acSopenharmony_ci  (type t2)
366cd6a6acSopenharmony_ci  (allow t2 self (CLASS (PERM1)))
376cd6a6acSopenharmony_ci)
386cd6a6acSopenharmony_ci
396cd6a6acSopenharmony_ci(block b2b
406cd6a6acSopenharmony_ci  (optional o2b
416cd6a6acSopenharmony_ci    (type t2)
426cd6a6acSopenharmony_ci    (allow t2 DNE (CLASS (PERM)))
436cd6a6acSopenharmony_ci  )
446cd6a6acSopenharmony_ci  (blockinherit b2a)
456cd6a6acSopenharmony_ci)
466cd6a6acSopenharmony_ci
476cd6a6acSopenharmony_ci(block b2c
486cd6a6acSopenharmony_ci  (optional o2c
496cd6a6acSopenharmony_ci    (type t2)
506cd6a6acSopenharmony_ci    (allow t2 self (CLASS (PERM)))
516cd6a6acSopenharmony_ci  )
526cd6a6acSopenharmony_ci  (blockinherit b2a)
536cd6a6acSopenharmony_ci)
546cd6a6acSopenharmony_ci
556cd6a6acSopenharmony_ci
566cd6a6acSopenharmony_ci;; This is not allowed
576cd6a6acSopenharmony_ci;;(block b3
586cd6a6acSopenharmony_ci;;  (optional o3
596cd6a6acSopenharmony_ci;;    (type t3)
606cd6a6acSopenharmony_ci;;    (allow t3 DNE (CLASS (PERM)))
616cd6a6acSopenharmony_ci;;  )
626cd6a6acSopenharmony_ci;;  (type t3)
636cd6a6acSopenharmony_ci;;  (allow t3 self (CLASS (PERM1)))
646cd6a6acSopenharmony_ci;;)
656cd6a6acSopenharmony_ci
666cd6a6acSopenharmony_ci
676cd6a6acSopenharmony_ci;;
686cd6a6acSopenharmony_ci;; Expected:
696cd6a6acSopenharmony_ci;;
706cd6a6acSopenharmony_ci;; Types:
716cd6a6acSopenharmony_ci;;   t1
726cd6a6acSopenharmony_ci;;   b2a.t2, b2b.t2, b2c.t2
736cd6a6acSopenharmony_ci;;
746cd6a6acSopenharmony_ci;; Allow rules:
756cd6a6acSopenharmony_ci;;  allow b2a.t2 b2a.t2 : CLASS { PERM1 };
766cd6a6acSopenharmony_ci;;  allow b2b.t2 b2b.t2 : CLASS { PERM1 };
776cd6a6acSopenharmony_ci;;  allow b2c.t2 b2c.t2 : CLASS { PERM PERM1 };
786cd6a6acSopenharmony_ci
79