| # Use `default_*` statements to change all components, computation should be: |
| # (source_u:source_r:source_t:s0:c0-s2:c0.c1, target_u:target_r:target_t:s1:c0-s1:c0.c1) -> |
| # target_u:source_r:source_t:s1:c0-s1:c0.c1 |
| |
| type source_t; |
| type target_t; |
| |
| role source_r; |
| role source_r types { source_t target_t }; |
| |
| role target_r; |
| role target_r types { target_t }; |
| |
| user source_u roles { source_r object_r } level s0 range s0 - s2:c0.c2; |
| # Note: `source_r` needed for computed context to be valid. |
| user target_u roles { target_r source_r } level s0 range s0 - s2:c0.c2; |
| |
| default_user file target; |
| default_role file source; |
| default_type file source; |
| default_range file target low-high; |
| |
| default_user process target; |
| default_role process source; |
| default_type process source; |
| default_range process target low-high; |
