1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
|
class infoflow
class infoflow2
class infoflow3
class file
class process
sid kernel
sid security
common infoflow
{
low_w
med_w
hi_w
low_r
med_r
hi_r
}
class infoflow
inherits infoflow
class infoflow2
inherits infoflow
{
super
}
class infoflow3
{
null
}
class file
{
execute
entrypoint
}
class process
{
transition
}
sensitivity low_s;
sensitivity medium_s alias med;
sensitivity high_s;
dominance { low_s med high_s }
category here;
category there;
category elsewhere alias lost;
#level decl
level low_s:here.there;
level med:here, elsewhere;
level high_s:here.lost;
#some constraints
mlsconstrain infoflow hi_r ((l1 dom l2) or (t1 == mls_exempt));
attribute mls_exempt;
type system;
role system;
role system types system;
################################################################################
# Note: these tests should be to determine if the graph
# is being constructed correctly. It is assumed that the
# graph algorithms being used are correct, as they are
# unit tested by the NetworkX project itself.
#
#
# Max steps for all flows: 6
#
# Graph if min weight is 8
#
#
# 4 -> 6 -> 7 d1 <-> d2
# ^
# 1 -> 2-/
#
# 3 5 -> 8 <-> 9
#
# Graph if min weight is 3
#
#
# 4 -> 6 -> 7 d1 <-> d2
# ^ |
# 1 -> 2-/ |
# \ v
# -> 3 5 -> 8 <-> 9
#
# Graph if min weight is 1
#
#
# 4 -> 6 -> 7 d1 <-> d2
# ^ |
# 1 -> 2-/ |
# \ v
# -> 3 -> 5 -> 8 <-> 9
#
#
#
attribute allnodes;
type node1, allnodes;
type node2, allnodes;
type node3, allnodes;
type node4, allnodes;
type node5, allnodes;
type node6, allnodes;
type node7, allnodes;
type node8, allnodes;
type node9, allnodes;
# no infoflow
allow allnodes allnodes:infoflow3 null;
# 1->2 (10, 5)
allow node1 node2:infoflow med_w;
allow node2 node1:infoflow hi_r;
# 1->3 (5, 1)
allow node3 node1:infoflow { low_r med_r };
# 2->4 (10)
allow node2 node4:infoflow hi_w;
# 3->5 (1)
allow node5 node3:infoflow low_r;
# 4->6 (10)
allow node4 node6:infoflow2 hi_w;
# 6->5 (5)
allow node5 node6:infoflow med_r;
# 6->7 (10)
allow node6 node7:infoflow hi_w;
# 5->8 (10)
allow node5 node8:infoflow2 hi_w;
# 8 <-> 9 (10)
allow node8 node9:infoflow2 super;
# disconnected from the main graph
# for testing the handling of no
# paths.
type disconnected1;
type disconnected2;
allow disconnected1 disconnected2:infoflow2 super;
# not an infoflow:
type disconnected3;
auditallow node1 disconnected3:infoflow hi_w;
# infoflow loop that should be ignored:
allow disconnected3 self:infoflow hi_w;
################################################################################
#users
user system roles system level med range low_s - high_s:here.lost;
#normal constraints
constrain infoflow hi_w (u1 == u2);
#isids
sid kernel system:system:system:medium_s:here
sid security system:system:system:high_s:lost
#fs_use
fs_use_trans devpts system:object_r:system:low_s;
fs_use_xattr ext3 system:object_r:system:low_s;
fs_use_task pipefs system:object_r:system:low_s;
#genfscon
genfscon proc / system:object_r:system:med
genfscon proc /sys system:object_r:system:low_s
genfscon selinuxfs / system:object_r:system:high_s:here.there
portcon tcp 80 system:object_r:system:low_s
netifcon eth0 system:object_r:system:low_s system:object_r:system:low_s
nodecon 127.0.0.1 255.255.255.255 system:object_r:system:low_s:here
nodecon ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system:object_r:system:low_s:here
|