src/starnix/lib/selinux/testdata/micro_policies/hooks_tests_policy.conf - fuchsia - Git at Google

 # handle_unknown deny
 class process
 class file
 class blk_file
 class chr_file
 class lnk_file
 class fifo_file
 class sock_file
 sid kernel
 sid security
 sid unlabeled
 sid fs
 sid file
 sid file_labels
 sid init
 sid any_socket
 sid port
 sid netif
 sid netmsg
 sid node
 sid igmp_packet
 sid icmp_socket
 sid tcp_socket
 sid sysctl_modprobe
 sid sysctl
 sid sysctl_fs
 sid sysctl_kernel
 sid sysctl_net
 sid sysctl_net_unix
 sid sysctl_vm
 sid sysctl_dev
 sid kmod
 sid policy
 sid scmp_packet
 sid devnull
 common file { create open }
 class process { fork transition getsched setsched getpgid setpgid sigchld sigkill sigstop signal ptrace }
 class file inherits file { execute_no_trans }
 sensitivity s0;
 dominance { s0 }
 category c0;
 level s0:c0;
 mlsconstrain process { fork } l1 == l2;
 type exec_no_trans_source_t;
 type exec_transition_source_t;
 type exec_transition_target_t;
 type executable_file_no_trans_t;
 type executable_file_trans_t;
 type fork_no_t;
 type fork_yes_t;
 type kernel_t;
 type unlabeled_t;
 type test_valid_t;
 type test_different_valid_t;
 type test_getpgid_no_t;
 type test_getpgid_target_t;
 type test_getpgid_yes_t;
 type test_getsched_no_t;
 type test_getsched_target_t;
 type test_getsched_yes_t;
 type test_kill_sigchld_t;
 type test_kill_sigkill_t;
 type test_kill_signal_t;
 type test_kill_sigstop_t;
 type test_kill_target_t;
 type test_ptrace_traced_t;
 type test_ptrace_tracer_no_t;
 type test_ptrace_tracer_yes_t;
 type test_setpgid_no_t;
 type test_setpgid_target_t;
 type test_setpgid_yes_t;
 type test_setsched_no_t;
 type test_setsched_target_t;
 type test_setsched_yes_t;
 allow exec_no_trans_source_t executable_file_no_trans_t:file { execute_no_trans };
 allow exec_transition_source_t exec_transition_target_t:process { transition };
 allow fork_yes_t self:process { fork };
 allow test_getpgid_yes_t test_getpgid_target_t:process { getpgid };
 allow test_getsched_yes_t test_getsched_target_t:process { getsched };
 allow test_kill_sigchld_t test_kill_target_t:process { sigchld };
 allow test_kill_sigkill_t test_kill_target_t:process { sigkill };
 allow test_kill_signal_t test_kill_target_t:process { signal };
 allow test_kill_sigstop_t test_kill_target_t:process { sigstop };
 allow test_ptrace_tracer_yes_t test_ptrace_traced_t:process { ptrace };
 allow test_setpgid_yes_t test_setpgid_target_t:process { setpgid };
 allow test_setsched_yes_t test_setsched_target_t:process { setsched };
 user u roles object_r level s0 range s0 - s0:c0;
 sid kernel u:object_r:kernel_t:s0 - s0
 sid unlabeled u:object_r:unlabeled_t:s0
	# handle_unknown deny
	class process
	class file
	class blk_file
	class chr_file
	class lnk_file
	class fifo_file
	class sock_file
	sid kernel
	sid security
	sid unlabeled
	sid fs
	sid file
	sid file_labels
	sid init
	sid any_socket
	sid port
	sid netif
	sid netmsg
	sid node
	sid igmp_packet
	sid icmp_socket
	sid tcp_socket
	sid sysctl_modprobe
	sid sysctl
	sid sysctl_fs
	sid sysctl_kernel
	sid sysctl_net
	sid sysctl_net_unix
	sid sysctl_vm
	sid sysctl_dev
	sid kmod
	sid policy
	sid scmp_packet
	sid devnull
	common file { create open }
	class process { fork transition getsched setsched getpgid setpgid sigchld sigkill sigstop signal ptrace }
	class file inherits file { execute_no_trans }
	sensitivity s0;
	dominance { s0 }
	category c0;
	level s0:c0;
	mlsconstrain process { fork } l1 == l2;
	type exec_no_trans_source_t;
	type exec_transition_source_t;
	type exec_transition_target_t;
	type executable_file_no_trans_t;
	type executable_file_trans_t;
	type fork_no_t;
	type fork_yes_t;
	type kernel_t;
	type unlabeled_t;
	type test_valid_t;
	type test_different_valid_t;
	type test_getpgid_no_t;
	type test_getpgid_target_t;
	type test_getpgid_yes_t;
	type test_getsched_no_t;
	type test_getsched_target_t;
	type test_getsched_yes_t;
	type test_kill_sigchld_t;
	type test_kill_sigkill_t;
	type test_kill_signal_t;
	type test_kill_sigstop_t;
	type test_kill_target_t;
	type test_ptrace_traced_t;
	type test_ptrace_tracer_no_t;
	type test_ptrace_tracer_yes_t;
	type test_setpgid_no_t;
	type test_setpgid_target_t;
	type test_setpgid_yes_t;
	type test_setsched_no_t;
	type test_setsched_target_t;
	type test_setsched_yes_t;
	allow exec_no_trans_source_t executable_file_no_trans_t:file { execute_no_trans };
	allow exec_transition_source_t exec_transition_target_t:process { transition };
	allow fork_yes_t self:process { fork };
	allow test_getpgid_yes_t test_getpgid_target_t:process { getpgid };
	allow test_getsched_yes_t test_getsched_target_t:process { getsched };
	allow test_kill_sigchld_t test_kill_target_t:process { sigchld };
	allow test_kill_sigkill_t test_kill_target_t:process { sigkill };
	allow test_kill_signal_t test_kill_target_t:process { signal };
	allow test_kill_sigstop_t test_kill_target_t:process { sigstop };
	allow test_ptrace_tracer_yes_t test_ptrace_traced_t:process { ptrace };
	allow test_setpgid_yes_t test_setpgid_target_t:process { setpgid };
	allow test_setsched_yes_t test_setsched_target_t:process { setsched };
	user u roles object_r level s0 range s0 - s0:c0;
	sid kernel u:object_r:kernel_t:s0 - s0
	sid unlabeled u:object_r:unlabeled_t:s0