| # handle_unknown deny |
| class process |
| class file |
| class blk_file |
| class chr_file |
| class lnk_file |
| class fifo_file |
| class sock_file |
| sid kernel |
| sid security |
| sid unlabeled |
| sid fs |
| sid file |
| sid file_labels |
| sid init |
| sid any_socket |
| sid port |
| sid netif |
| sid netmsg |
| sid node |
| sid igmp_packet |
| sid icmp_socket |
| sid tcp_socket |
| sid sysctl_modprobe |
| sid sysctl |
| sid sysctl_fs |
| sid sysctl_kernel |
| sid sysctl_net |
| sid sysctl_net_unix |
| sid sysctl_vm |
| sid sysctl_dev |
| sid kmod |
| sid policy |
| sid scmp_packet |
| sid devnull |
| common file { create open } |
| class process { fork transition getsched setsched getpgid setpgid sigchld sigkill sigstop signal ptrace } |
| class file inherits file { execute_no_trans entrypoint } |
| sensitivity s0; |
| dominance { s0 } |
| category c0; |
| level s0:c0; |
| mlsconstrain process { fork } l1 == l2; |
| type exec_no_trans_source_t; |
| type exec_transition_denied_target_t; |
| type exec_transition_source_t; |
| type exec_transition_target_t; |
| type executable_file_no_trans_t; |
| type executable_file_trans_no_entrypoint_t; |
| type executable_file_trans_t; |
| type fork_no_t; |
| type fork_yes_t; |
| type kernel_t; |
| type unlabeled_t; |
| type test_valid_t; |
| type test_different_valid_t; |
| type test_getpgid_no_t; |
| type test_getpgid_target_t; |
| type test_getpgid_yes_t; |
| type test_getsched_no_t; |
| type test_getsched_target_t; |
| type test_getsched_yes_t; |
| type test_kill_sigchld_t; |
| type test_kill_sigkill_t; |
| type test_kill_signal_t; |
| type test_kill_sigstop_t; |
| type test_kill_target_t; |
| type test_ptrace_traced_t; |
| type test_ptrace_tracer_no_t; |
| type test_ptrace_tracer_yes_t; |
| type test_setpgid_no_t; |
| type test_setpgid_target_t; |
| type test_setpgid_yes_t; |
| type test_setsched_no_t; |
| type test_setsched_target_t; |
| type test_setsched_yes_t; |
| allow exec_no_trans_source_t executable_file_no_trans_t:file { execute_no_trans }; |
| allow exec_transition_denied_target_t executable_file_trans_t:file { entrypoint }; |
| allow exec_transition_source_t exec_transition_target_t:process { transition }; |
| allow exec_transition_target_t executable_file_trans_t:file { entrypoint }; |
| allow fork_yes_t self:process { fork }; |
| allow test_getpgid_yes_t test_getpgid_target_t:process { getpgid }; |
| allow test_getsched_yes_t test_getsched_target_t:process { getsched }; |
| allow test_kill_sigchld_t test_kill_target_t:process { sigchld }; |
| allow test_kill_sigkill_t test_kill_target_t:process { sigkill }; |
| allow test_kill_signal_t test_kill_target_t:process { signal }; |
| allow test_kill_sigstop_t test_kill_target_t:process { sigstop }; |
| allow test_ptrace_tracer_yes_t test_ptrace_traced_t:process { ptrace }; |
| allow test_setpgid_yes_t test_setpgid_target_t:process { setpgid }; |
| allow test_setsched_yes_t test_setsched_target_t:process { setsched }; |
| user u roles object_r level s0 range s0 - s0:c0; |
| sid kernel u:object_r:kernel_t:s0 - s0 |
| sid unlabeled u:object_r:unlabeled_t:s0 |