#line 1 "../flask/security_classes"
# Copyright (c) 1999 The University of Utah and the Flux Group.
# All rights reserved.
# 
# Contributed by the Computer Security Research division,
# INFOSEC Research and Technology Office, NSA.
# 
# This file is part of the Flux OSKit.  The OSKit is free software, also known
# as "open source;" you can redistribute it and/or modify it under the terms
# of the GNU General Public License (GPL), version 2, as published by the Free
# Software Foundation (FSF).  To explore alternate licensing terms, contact
# the University of Utah at csl-dist@cs.utah.edu or +1-801-585-3271.
# 
# The OSKit is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GPL for more details.  You should have
# received a copy of the GPL along with the OSKit; see the file COPYING.  If
# not, write to the FSF, 59 Temple Place #330, Boston, MA 02111-1307, USA.

#
# Define the security object classes 
#
class subject
class avc
class security
class memory
class process
class system

# file-related classes
class filesystem
class file
class dir
class fd
class lnk_file
class chr_file
class blk_file
class sock_file
class fifo_file
class pipe

# network-related classes
class packet
class node
class netif
class rttab
class rtsock
class keytab
class keysock
class in_stream_sock
class in_dgram_sock
class in_raw_sock
class in_icmp_sock
class in_igmp_sock
class in_rsvp_sock
class in_ipip_sock

#line 1 "../flask/initial_sids"
# Copyright (c) 1999 The University of Utah and the Flux group.
# All rights reserved.
# 
# Contributed by the Computer Security Research division,
# INFOSEC Research and Technology Office, NSA.
# 
# This file is part of the Flux OSKit.  The OSKit is free software, also known
# as "open source;" you can redistribute it and/or modify it under the terms
# of the GNU General Public License (GPL), version 2, as published by the Free
# Software Foundation (FSF).  To explore alternate licensing terms, contact
# the University of Utah at csl-dist@cs.utah.edu or +1-801-585-3271.
# 
# The OSKit is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GPL for more details.  You should have
# received a copy of the GPL along with the OSKit; see the file COPYING.  If
# not, write to the FSF, 59 Temple Place #330, Boston, MA 02111-1307, USA.

#
# Define initial security identifiers 
#

sid kernel
sid security
sid unlabeled
sid fs
sid file
sid file_labels
sid init
sid proc

#line 1 "../flask/access_vectors"
# Copyright (c) 1999 The University of Utah and the Flux Group.
# All rights reserved.
# 
# Contributed by the Computer Security Research division,
# INFOSEC Research and Technology Office, NSA.
# 
# This file is part of the Flux OSKit.  The OSKit is free software, also known
# as "open source;" you can redistribute it and/or modify it under the terms
# of the GNU General Public License (GPL), version 2, as published by the Free
# Software Foundation (FSF).  To explore alternate licensing terms, contact
# the University of Utah at csl-dist@cs.utah.edu or +1-801-585-3271.
# 
# The OSKit is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GPL for more details.  You should have
# received a copy of the GPL along with the OSKit; see the file COPYING.  If
# not, write to the FSF, 59 Temple Place #330, Boston, MA 02111-1307, USA.

#
# Define common prefixes for access vectors
#
# common common_name { permission_name ... }


#
# Define a common prefix for file access vectors.
#

common file
{
	read
	write
	create
	append
	execute
	access
	getattr
	setattr
	unlink
	link
	rename
	lock
	sync
	pathconf
	relabelfrom
	relabelto
	transition
}


#
# Define a common prefix for socket access vectors.
#

common socket
{
	receive
	send
	create
	getlocal
	setlocal
	getremote
	setremote
	getopt
	setopt
	tcp_setopt
	udp_setopt
	ip_setopt
	disable_send
	disable_receive
	send_associate
	recvfrom_associate
	recv_associate
	port_associate
}	


#
# Define the access vectors.
#
# class class_name [ inherits common_name ] { permission_name ... }

#
# Define the access vector interpretation for file-related objects.
#

class filesystem
{
	mount
	remount
	unmount
	getattr
	sync
	lookupi
	relabelfrom
	relabelto
	transition
	associate
}

class dir
inherits file
{
	add_name
	remove_name
	reparent
	search
	rmdir
	mounton
	mountassociate
}

class file
inherits file

class lnk_file
inherits file

class chr_file
inherits file

class blk_file
inherits file

class sock_file
inherits file

class fifo_file
inherits file

class pipe
inherits file


class fd
{
	create
	getattr
	setattr
	inherit
}


#
# Define the access vector interpretation for network-related objects.
#

class node 
{
	tcp_receive_node
	tcp_send_node
	udp_receive_node
	udp_send_node
	receive_node
	send_node
}

class netif
{
	getattr
	setattr
	tcp_receive_netif 
	tcp_send_netif
	udp_receive_netif 
	udp_send_netif
	receive_netif 
	send_netif
}

class rttab
{
	observe 
	modify
}

class rtsock
inherits socket

class in_stream_sock
inherits socket
{
	listen
	accept
	accept_associate
	client_associate
        server_associate
}


class in_dgram_sock
inherits socket


class in_raw_sock
inherits socket

class in_icmp_sock
inherits socket

class in_igmp_sock
inherits socket

class in_rsvp_sock
inherits socket

class in_ipip_sock
inherits socket


#
# Define the access vector interpretation for process-related objects
#

class process
{
	execute
	fork
	wait
	transition
	sigstop
	sigkill
	signal
}


#
# Define the access vector interpretation for the security server. 
#

class security
{
	compute_av
	notify_perm
	transition_sid
	member_sid
	sid_to_context
	context_to_sid
	load_extension
	load_policy
	register_avc
}


#
# Define the access vector interpretation for system operations.
#

class system
{
	reboot
}


#
# Define the access vector interpretation for subjects.
#
 
class subject
{ 
        read
        write
        execute
        create_object
        specify_client
        specify_server
        connect
        call
        send
        thread_scheduler
        task_keeper
        map
}
 

#
# Define the access vector interpretation for the AVC.
# 

class avc
{
        grant 
        try_revoke
        revoke 
        reset  
        set_auditallow
        set_auditdeny
}


# 
# Define the access vector interpretation for mempools and segments.
#

class memory
{
        segment_create
        segment_destroy
        segment_map
        segment_getsize
        segment_setsize
        segment_createcopy
        mempool_create
        mempool_destroy
        mempool_addsubpool
        mempool_addsegment
        mempool_gettickets
        mempool_settickets
        segment_associate
        subpool_associate
}

#line 1 "../security/policydb/mls"
# Copyright (c) 1999 The University of Utah and the Flux Group.
# All rights reserved.
# 
# Contributed by the Computer Security Research division,
# INFOSEC Research and Technology Office, NSA.
# 
# This file is part of the Flux OSKit.  The OSKit is free software, also known
# as "open source;" you can redistribute it and/or modify it under the terms
# of the GNU General Public License (GPL), version 2, as published by the Free
# Software Foundation (FSF).  To explore alternate licensing terms, contact
# the University of Utah at csl-dist@cs.utah.edu or +1-801-585-3271.
# 
# The OSKit is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GPL for more details.  You should have
# received a copy of the GPL along with the OSKit; see the file COPYING.  If
# not, write to the FSF, 59 Temple Place #330, Boston, MA 02111-1307, USA.

# Define sensitivities 
#
# Each sensitivity has a name and zero or more aliases.

sensitivity unclassified alias u;
sensitivity confidential alias c;
sensitivity secret alias s;
sensitivity top_secret alias ts;

# Define the ordering of the sensitivity levels (least to greatest)
dominance { u c s ts }

# Define the categories
#
# Each category has a name and zero or more aliases.
#

category nocon;
category noforn;
category nato;
category usuk;

# Identify which categories may be associated with which sensitivities
#
# Each MLS level specifies a sensitivity and zero or more categories which may
# be associated with that sensitivity.

level u; 
level c;
level s:nocon, noforn;
level ts:nocon, noforn, nato, usuk;

#
# Map each permission to a set of MLS base permissions.
#

common file
{
	read		:	read
	write		:	write
	create		:	write
	append		:	write
	execute		:	read
	access		:	read
	getattr		:	read
	setattr		:	write
	unlink		:	write
	link		:	write
	rename		:	write
	lock		:	write
	sync		: 	write
	pathconf	:	none
	relabelfrom	:	{ read write }
	relabelto	:	write
	transition	:	write
}

common socket
{
	receive		:	read
	send		:	write
	create		:	write
	getlocal	:	read
	setlocal	:	write
	getremote	:	read
	setremote	:	write
	getopt		:	read
	setopt		:	write
	tcp_setopt	:	write
	udp_setopt	:	write
	ip_setopt	:	write
	disable_send	:	write
	disable_receive	:	write
	send_associate	:	{ read write }
	recvfrom_associate :	{ read write }
	recv_associate	:	{ read write }
	port_associate	:	{ read write }
}	

class filesystem
{
	mount		:	none
	remount		:	none
	unmount		:	none
	getattr		:	none
	sync		: 	none
	lookupi		:	none
	relabelfrom	:	none
	relabelto	:	none
	transition	:	none
	associate	:	{ readby writeby }
}

class dir
{
	add_name	:	write	
	remove_name	:	write
	reparent	:	write
	search		:	read
	rmdir		:	{ read write }
	mounton		:	{ read write }
	mountassociate	:	{ read write }
}

class file
class lnk_file
class chr_file
class blk_file
class sock_file
class fifo_file
class pipe

class fd
{
	create		:	write
	getattr		:	read
	setattr		:	write
	inherit		: 	read
}

class process
{
	execute		: 	read
	fork		:	{ read write }
	wait		:	read
	transition	:	write
	sigkill		:	write
	sigstop		:	write
	signal		:	write
}

class node 
{
	tcp_receive_node :	{ read write }
	tcp_send_node	:	{ read write }
	udp_receive_node :	{ read write }
	udp_send_node	:	{ read write }
	receive_node	:	{ read write }
	send_node	:	{ read write }
}

class netif
{
	getattr		:	read
	setattr		:	write
	tcp_receive_netif :	{ read write }
	tcp_send_netif	:	{ read write }
	udp_receive_netif :	{ read write }
	udp_send_netif	:	{ read write }
	receive_netif 	:	{ read write }
	send_netif	:	{ read write }
}

class rttab
{
	observe 	:	read
	modify		:	write
}

class rtsock

class in_stream_sock
{
	listen		:	write
	accept		:	read
	accept_associate :	{ read write }
	client_associate :	{ read write }
        server_associate :	{ read write }
}

class in_dgram_sock
class in_raw_sock
class in_icmp_sock
class in_igmp_sock
class in_rsvp_sock
class in_ipip_sock

class security
{
	compute_av		:	none
	notify_perm		:	none
	transition_sid		:	none
	member_sid		:	none
	sid_to_context		:	none
	context_to_sid		:	none
	load_extension		:	none
	load_policy		:	none
	register_avc		:	none
}

class system
{
	reboot			: 	{ read write }
}

class subject
{
        read			:	read	
        write			:	write
        execute			:	read
        create_object		: 	write
        specify_client		:	{ read write }
        specify_server		:	{ read write }
        connect			:	{ readby writeby }
        call			:	{ readby writeby }
        send 			:	readby 
        thread_scheduler	:	{ readby writeby }
        task_keeper		:	{ readby writeby }
        map			:	{ readby writeby }
}

class avc
{
        grant			:	none
        try_revoke		:	none
        revoke			:	none
        reset			:	none
        set_auditallow		:	none
        set_auditdeny		:	none
}

class memory
{
        segment_create		:	write
        segment_destroy		:	write
        segment_map		:	read
        segment_getsize		:	read
        segment_setsize		:	write
        segment_createcopy	:	{ read write }
        mempool_create 		:	write
        mempool_destroy		:	write
        mempool_addsubpool	:	readby
        mempool_addsegment	:	readby
        mempool_gettickets	:	read
        mempool_settickets	:	write
        segment_associate	:	{ readby writeby }
        subpool_associate	:	{ readby writeby }
}

#line 1 "../security/policydb/te"
# Copyright (c) 1999 The University of Utah and the Flux Group.
# All rights reserved.
# 
# Contributed by the Computer Security Research division,
# INFOSEC Research and Technology Office, NSA.
# 
# This file is part of the Flux OSKit.  The OSKit is free software, also known
# as "open source;" you can redistribute it and/or modify it under the terms
# of the GNU General Public License (GPL), version 2, as published by the Free
# Software Foundation (FSF).  To explore alternate licensing terms, contact
# the University of Utah at csl-dist@cs.utah.edu or +1-801-585-3271.
# 
# The OSKit is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GPL for more details.  You should have
# received a copy of the GPL along with the OSKit; see the file COPYING.  If
# not, write to the FSF, 59 Temple Place #330, Boston, MA 02111-1307, USA.

# Define domains/types 
#
# Domains are not distinguished from types, except through the
# actual type enforcement tables (i.e. a type that can be
# associated with a process is also a domain).
# 
# type typename ; 
# type typename alias alias_set ;

type kernel_t;
type security_t;
type unlabeled_t;
type fs_t;
type file_t;
type file_labels_t;
type init_t;
type proc_t;
type daemon_t;
type login_t;
type user_t alias { application_t untrusted_t };
type public_t;
type private_t;
type admin_t;
type tmp_t;


# Define the type transitions 
#
# type_transition process_type old_object_type : new_object_class new_object_type ;
#
# A type transition specifies a default rule for determining:
# (1) the type of a process transformed by execve, based on
#     the type of the invoking process and the type of the file.
#     If no transition is explicitly specified, then the default
#     rule is to use the type of the invoking process for the transformed
#     process.		
#
# (2) the type of a newly created file, based on the type of
#     of the creating process and the type of the parent directory.
#     If no transition is explicitly specified, then the default rule
#     is to use the type of the parent directory for the newly created
#     file.	
#
# The default rules may be overridden by clients via the _secure interfaces.

type_transition init_t daemon_t:process daemon_t;
type_transition init_t login_t:process  login_t;
type_transition login_t file_t:process  user_t;


#
# Define the default behavior for permissions that are not
# explicitly specified in the type enforcement tables.
#
# The default for allow may be one of:
# 1) 'none' - Deny all permissions.
# 2) 'all' -  Grant all permission.
# 3) 'self' - Grant all permissions within a type, but deny
#	all permissions between types.
#
# For auditallow, auditdeny and notify, the defaults mean:
# 1) 'none' - Audit/notify no permissions.
# 2) 'all' -  Audit/notify all permissions.
# 3) 'self' - Audit/notify all permissions between types, but no
#		permissions within a type.

default allow self;
default auditallow none;
default auditdeny all;
default notify none;


#
# Define m4 macros for the type enforcement tables
#
















#
# Define the type enforcement tables
#
# allow domain type:class_set perm_set ;
# auditallow domain type:class_set perm_set ;
# auditdeny domain type:class_set perm_set ;
# notify domain type:class_set perm_set ;


#
# Allow files with the default file type to be in 
# filesystems with the default file system type.
#
allow file_t fs_t:filesystem associate;


#
# Allow other types of directories to be mounted on 
# directories with the default file type.
#
allow unlabeled_t file_t:dir mountassociate;
allow proc_t file_t:dir mountassociate;


#
# Allow kernel_t to do things.
#
allow kernel_t init_t:process { transition wait } ;
allow kernel_t file_labels_t:{ file lnk_file sock_file fifo_file chr_file blk_file } { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };
allow kernel_t file_labels_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };
allow kernel_t file_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };
allow kernel_t file_t:{ file lnk_file sock_file fifo_file chr_file blk_file } { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };
allow kernel_t unlabeled_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };
allow kernel_t unlabeled_t:{ file lnk_file sock_file fifo_file chr_file blk_file } { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };


#
# Allow init_t to do things.
#
allow init_t kernel_t:system reboot;

allow init_t file_t:process execute;

allow init_t unlabeled_t:process execute;

allow init_t login_t:process { transition wait } ;

allow init_t user_t:process { transition wait } ;

allow init_t public_t:process { transition wait } ;

allow init_t private_t:process { transition wait } ;

allow init_t fs_t:filesystem { associate mount remount unmount getattr sync relabelfrom relabelto };

allow init_t unlabeled_t:filesystem { mount remount unmount getattr sync relabelfrom relabelto };

allow init_t file_labels_t:dir { read search getattr };

allow init_t file_labels_t:file { read getattr };

allow init_t file_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };

allow init_t file_t:{ file lnk_file sock_file fifo_file chr_file blk_file } { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };

allow init_t unlabeled_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };

allow init_t unlabeled_t:{ file lnk_file sock_file fifo_file chr_file blk_file } { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };

allow init_t proc_t:filesystem { associate mount remount unmount getattr sync relabelfrom relabelto };

allow init_t proc_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };

allow init_t proc_t:{ file lnk_file sock_file fifo_file chr_file blk_file } { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };

allow init_t kernel_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };

allow init_t kernel_t:file { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };

allow init_t kernel_t:fd { getattr setattr inherit };


#
# Allow login_t to do things.
#
allow login_t user_t:process { transition wait } ;

allow login_t public_t:process { transition wait } ;

allow login_t private_t:process { transition wait } ;

allow login_t fs_t:filesystem { associate mount remount unmount getattr sync relabelfrom relabelto };

allow login_t unlabeled_t:filesystem { mount remount unmount getattr sync relabelfrom relabelto };

allow login_t file_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };

allow login_t file_t:{ file lnk_file sock_file fifo_file chr_file blk_file } { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };

allow login_t unlabeled_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };

allow login_t unlabeled_t:{ file lnk_file sock_file fifo_file chr_file blk_file } { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };

allow login_t proc_t:filesystem { associate mount remount unmount getattr sync relabelfrom relabelto };

allow login_t proc_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };

allow login_t proc_t:{ file lnk_file sock_file fifo_file chr_file blk_file } { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };

allow login_t init_t:fd { getattr setattr inherit };


#
# Allow user_t to do things.
#
allow user_t file_t:process execute;

allow user_t unlabeled_t:process execute;

allow user_t fs_t:filesystem { associate mount remount unmount getattr sync relabelfrom relabelto };

allow user_t unlabeled_t:filesystem { mount remount unmount getattr sync relabelfrom relabelto };

allow user_t file_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };

allow user_t file_t:{ file lnk_file sock_file fifo_file chr_file blk_file } { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };

allow user_t unlabeled_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };

allow user_t unlabeled_t:{ file lnk_file sock_file fifo_file chr_file blk_file } { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };

allow user_t proc_t:filesystem { associate mount remount unmount getattr sync relabelfrom relabelto };

allow user_t proc_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };

allow user_t proc_t:{ file lnk_file sock_file fifo_file chr_file blk_file } { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };

allow user_t login_t:fd { getattr setattr inherit };

allow user_t init_t:fd { getattr setattr inherit };


#
# Allow public_t to do things.
#
allow public_t file_t:process execute;

allow public_t unlabeled_t:process execute;

allow public_t fs_t:filesystem { associate mount remount unmount getattr sync relabelfrom relabelto };

allow public_t unlabeled_t:filesystem { mount remount unmount getattr sync relabelfrom relabelto };

allow public_t file_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };

allow public_t file_t:{ file lnk_file sock_file fifo_file chr_file blk_file } { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };

allow public_t unlabeled_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };

allow public_t unlabeled_t:{ file lnk_file sock_file fifo_file chr_file blk_file } { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };

allow public_t proc_t:filesystem { associate mount remount unmount getattr sync relabelfrom relabelto };

allow public_t proc_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };

allow public_t proc_t:{ file lnk_file sock_file fifo_file chr_file blk_file } { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };

allow public_t login_t:fd { getattr setattr inherit };

allow public_t init_t:fd { getattr setattr inherit };

allow public_t private_t:file { relabelto transition };


#
# Allow private_t to do things.
#
allow private_t file_t:process execute;

allow private_t unlabeled_t:process execute;

allow private_t fs_t:filesystem { associate mount remount unmount getattr sync relabelfrom relabelto };

allow private_t unlabeled_t:filesystem { mount remount unmount getattr sync relabelfrom relabelto };

allow private_t file_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };

allow private_t file_t:{ file lnk_file sock_file fifo_file chr_file blk_file } { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };

allow private_t unlabeled_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };

allow private_t unlabeled_t:{ file lnk_file sock_file fifo_file chr_file blk_file } { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };

allow private_t proc_t:filesystem { associate mount remount unmount getattr sync relabelfrom relabelto };

allow private_t proc_t:dir { create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton };

allow private_t proc_t:{ file lnk_file sock_file fifo_file chr_file blk_file } { create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto };

allow private_t login_t:fd { getattr setattr inherit };

allow private_t init_t:fd { getattr setattr inherit };
#line 1 "../security/policydb/rbac"
# Copyright (c) 1999 The University of Utah and the Flux Group.
# All rights reserved.
# 
# Contributed by the Computer Security Research division,
# INFOSEC Research and Technology Office, NSA.
# 
# This file is part of the Flux OSKit.  The OSKit is free software, also known
# as "open source;" you can redistribute it and/or modify it under the terms
# of the GNU General Public License (GPL), version 2, as published by the Free
# Software Foundation (FSF).  To explore alternate licensing terms, contact
# the University of Utah at csl-dist@cs.utah.edu or +1-801-585-3271.
# 
# The OSKit is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GPL for more details.  You should have
# received a copy of the GPL along with the OSKit; see the file COPYING.  If
# not, write to the FSF, 59 Temple Place #330, Boston, MA 02111-1307, USA.

#
# Define the set of allowed types for each role.
#
# role rolename types type_set ;

role system_r types { kernel_t security_t file_labels_t proc_t };
role startup_r types { init_t login_t };
role admin_r types { admin_t user_t };
role user_r types { user_t unlabeled_t file_t fs_t public_t private_t }; 
role office_chief_r types user_t;
role technical_director_r types user_t;
role division_chief_r types user_t;
role division_td_r types user_t;
role branch_chief_r types user_t;
role branch_td_r types user_t;
role branch_employee_r types user_t;


#
# Define the role dominance.
#

dominance {
 role office_chief_r {
	role division_td_r ;
	role division_chief_r {
		role branch_chief_r {
			role branch_employee_r ;
		}
		role branch_td_r ;
	}
 }
 role technical_director_r;
}





#line 1 "../security/policydb/constraints"
# Copyright (c) 1999 The University of Utah and the Flux Group.
# All rights reserved.
# 
# Contributed by the Computer Security Research division,
# INFOSEC Research and Technology Office, NSA.
# 
# This file is part of the Flux OSKit.  The OSKit is free software, also known
# as "open source;" you can redistribute it and/or modify it under the terms
# of the GNU General Public License (GPL), version 2, as published by the Free
# Software Foundation (FSF).  To explore alternate licensing terms, contact
# the University of Utah at csl-dist@cs.utah.edu or +1-801-585-3271.
# 
# The OSKit is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GPL for more details.  You should have
# received a copy of the GPL along with the OSKit; see the file COPYING.  If
# not, write to the FSF, 59 Temple Place #330, Boston, MA 02111-1307, USA.

#
# Define m4 macros for the constraints
#





#
# Define the constraints
#
# constrain class_set perm_set expression ;
#
# expression : ( expression ) 
#	     | expression and expression
#	     | expression or expression
#	     | not expression
#	     | sameuser
#	     | source role rolename(s)
#	     | target role rolename(s)
#	     | role role_relationship
#	     | source type typename(s)
#	     | target type typename(s)
#
# role_relationship : dom | domby | eq | incomp

#
# Restrict the ability to transition to other user identities
# to a few privileged types.
#
constrain process transition ( sameuser or source type { kernel_t init_t login_t } );


#
# Restrict the ability to assign other user identities to objects
# and the ability to change the label of objects which have
# different user identities to a few privileged types.  
#

constrain { file lnk_file sock_file fifo_file chr_file blk_file } { create relabelto relabelfrom } ( sameuser or source type { init_t } );

constrain dir { create relabelto relabelfrom } ( sameuser or source type { init_t } );

constrain fd { create } ( sameuser or source type { init_t } );

constrain filesystem { relabelto relabelfrom } ( sameuser or source type { init_t } );
#line 1 "../security/policydb/users"
# Copyright (c) 1999 The University of Utah and the Flux Group.
# All rights reserved.
# 
# Contributed by the Computer Security Research division,
# INFOSEC Research and Technology Office, NSA.
# 
# This file is part of the Flux OSKit.  The OSKit is free software, also known
# as "open source;" you can redistribute it and/or modify it under the terms
# of the GNU General Public License (GPL), version 2, as published by the Free
# Software Foundation (FSF).  To explore alternate licensing terms, contact
# the University of Utah at csl-dist@cs.utah.edu or +1-801-585-3271.
# 
# The OSKit is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GPL for more details.  You should have
# received a copy of the GPL along with the OSKit; see the file COPYING.  If
# not, write to the FSF, 59 Temple Place #330, Boston, MA 02111-1307, USA.

#
# Define the set of allowed roles and MLS ranges for each user
#
# user username roles role_set ranges range_set ;

user nobody roles { system_r user_r } ranges u-ts;

user root roles { startup_r admin_r user_r } ranges u-ts;

user pal roles { user_r branch_employee_r } ranges u-ts;

user sds roles { user_r branch_employee_r } ranges u-ts;

user rct roles { user_r branch_employee_r } ranges u-ts;
#line 1 "../security/policydb/initial_sid_contexts"
# Copyright (c) 1999 The University of Utah and the Flux Group.
# All rights reserved.
# 
# Contributed by the Computer Security Research division,
# INFOSEC Research and Technology Office, NSA.
# 
# This file is part of the Flux OSKit.  The OSKit is free software, also known
# as "open source;" you can redistribute it and/or modify it under the terms
# of the GNU General Public License (GPL), version 2, as published by the Free
# Software Foundation (FSF).  To explore alternate licensing terms, contact
# the University of Utah at csl-dist@cs.utah.edu or +1-801-585-3271.
# 
# The OSKit is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GPL for more details.  You should have
# received a copy of the GPL along with the OSKit; see the file COPYING.  If
# not, write to the FSF, 59 Temple Place #330, Boston, MA 02111-1307, USA.

# FLASK

# Define the security context for each initial SID

sid kernel	nobody:system_r:kernel_t:u
sid security	nobody:system_r:security_t:u
sid unlabeled	nobody:user_r:unlabeled_t:u
sid fs		nobody:user_r:fs_t:u-ts
sid file	nobody:user_r:file_t:u
sid file_labels	nobody:system_r:file_labels_t:u
sid init	root:startup_r:init_t:u
sid proc	nobody:system_r:proc_t:u

# FLASK
