Warning, /frameworks/syntax-highlighting/autotests/folding/test.te.fold is written in an unsupported language. File is not indexed.
0001 # Sample SELinux Policy 0002 0003 ## <beginfold id='1'><summary</beginfold id='1'>> 0004 ## Sample SELinux Policy 0005 ## <endfold id='1'></summary></endfold id='1'> 0006 ## <beginfold id='1'><desc</beginfold id='1'>> 0007 ## <beginfold id='1'><p</beginfold id='1'>> 0008 ## This module is not functional, 0009 ## but only to test the syntax highlighting. 0010 ## <endfold id='1'></p></endfold id='1'> 0011 ## <endfold id='1'></desc></endfold id='1'> 0012 ## <beginfold id='1'><required</beginfold id='1'> val="true"> 0013 ## Depended on by other required modules. 0014 ## <endfold id='1'></required></endfold id='1'> 0015 0016 policycap open_perms; 0017 module myapp 1.0; 0018 0019 require <beginfold id='2'>{</beginfold id='2'> 0020 type httpd_t; 0021 type httpd_sys_content_t; 0022 type initrc_t; 0023 class sock_file write; 0024 class unix_stream_socket connectto; 0025 <endfold id='2'>}</endfold id='2'> 0026 0027 allow httpd_t httpd_sys_content_t:sock_file write; 0028 allow httpd_t initrc_t:unix_stream_socket connectto; 0029 0030 # Refpolicy 0031 tunable_policy<beginfold id='3'>(</beginfold id='3'>`allow_execmem',` 0032 /usr/share/holas(/.*)? -- gen_context<beginfold id='3'>(</beginfold id='3'>system_u:object_r:holas_t,s0,a,b<endfold id='3'>)</endfold id='3'>; 0033 '<endfold id='3'>)</endfold id='3'> 0034 # M4 Macros 0035 regexp<beginfold id='3'>(</beginfold id='3'>`GNUs not Unix', `\w\(\w+\)$', `*** \& *** \1 ***'<endfold id='3'>)</endfold id='3'> 0036 ifdef<beginfold id='3'>(</beginfold id='3'>`distro_ubuntu',` 0037 unconfined_domain<beginfold id='3'>(</beginfold id='3'>chkpwd_t<endfold id='3'>)</endfold id='3'> 0038 '<endfold id='3'>)</endfold id='3'> 0039 0040 dominance <beginfold id='2'>{</beginfold id='2'> gen_dominance<beginfold id='3'>(</beginfold id='3'>0,decr<beginfold id='3'>(</beginfold id='3'>$1<endfold id='3'>)</endfold id='3'><endfold id='3'>)</endfold id='3'> <endfold id='2'>}</endfold id='2'>; 0041 neverallow user=_isolated domain=((?!isolated_app).)* 0042 0043 allow consoletype_t self:capability <beginfold id='2'>{</beginfold id='2'> sys_admin sys_tty_config <endfold id='2'>}</endfold id='2'>; 0044 allow consoletype_t self:msg <beginfold id='2'>{</beginfold id='2'> send receive <endfold id='2'>}</endfold id='2'>; 0045 0046 # sample for administrative user 0047 user jadmin roles <beginfold id='2'>{</beginfold id='2'> staff_r sysadm_r <endfold id='2'>}</endfold id='2'>; 0048 # sample for regular user 0049 user jdoe roles <beginfold id='2'>{</beginfold id='2'> user_r <endfold id='2'>}</endfold id='2'>; 0050 0051 default_user process source; 0052 default_range process source low; 0053 default_range name GLBLUB; 0054 0055 sid devnull; 0056 sid sysctl; 0057 0058 common file <beginfold id='2'>{</beginfold id='2'> ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton <endfold id='2'>}</endfold id='2'>; 0059 class dir inherits file <beginfold id='2'>{</beginfold id='2'> add_name remove_name reparent search rmdir open audit_access execmod <endfold id='2'>}</endfold id='2'>; 0060 class class; 0061 0062 sensitivity s0 alias sens0; 0063 category c0 alias cat0; 0064 0065 mlsconstrain dir <beginfold id='2'>{</beginfold id='2'> search read ioctl lock <endfold id='2'>}</endfold id='2'> 0066 <beginfold id='3'>(</beginfold id='3'><beginfold id='3'>(</beginfold id='3'> h1 dom h2 <endfold id='3'>)</endfold id='3'> or <beginfold id='3'>(</beginfold id='3'> t1 == mcsreadall <endfold id='3'>)</endfold id='3'> or 0067 <beginfold id='3'>(</beginfold id='3'><beginfold id='3'>(</beginfold id='3'> t1 != mcs_constrained_type <endfold id='3'>)</endfold id='3'> and <beginfold id='3'>(</beginfold id='3'>t2 == domain<endfold id='3'>)</endfold id='3'><endfold id='3'>)</endfold id='3'><endfold id='3'>)</endfold id='3'>; 0068 0069 attribute_role dpkg_roles; 0070 roleattribute system_r dpkg_roles; 0071 0072 role system_r types system_t; 0073 role_transition hello init_script_file_type system_r; 0074 0075 level s0:c0; 0076 user user_u roles role_r level s1:c1 range s1:c1 - s2:c2; 0077 range_transition initrc_t auditd_exec_t:process s15:c0.c255 - s20; 0078 range_transition source target:class s1 - s2 dsd; 0079 range_transition source target:class s1 ; 0080 0081 attribute filesystem_type; 0082 type dhcp_etc_t; 0083 typealias dhcp_etc_t ALIAS <beginfold id='2'>{</beginfold id='2'> etc_dhcp_t etc_dhcpc_t etc_dhcpd_t <endfold id='2'>}</endfold id='2'>; 0084 0085 bool le_boolean true; 0086 TUNABLE allow_java_execstack false; 0087 0088 type_transition root_xdrawable_t input_xevent_t:x_event root_input_xevent_t; 0089 AUDITALLOW xserver_t <beginfold id='2'>{</beginfold id='2'> root_xdrawable_t x_domain <endfold id='2'>}</endfold id='2'>:x_drawable send; 0090 0091 optional <beginfold id='2'>{</beginfold id='2'> 0092 neverallow untrusted_app *:<beginfold id='2'>{</beginfold id='2'> netlink_route_socket netlink_selinux_socket <endfold id='2'>}</endfold id='2'> ioctl; 0093 neverallowxperm shell domain:<beginfold id='2'>{</beginfold id='2'> rawip_socket tcp_socket udp_socket <endfold id='2'>}</endfold id='2'> ioctl priv_sock_ioctls; 0094 <endfold id='2'>}</endfold id='2'>; 0095 0096 if le_boolean <beginfold id='2'>{</beginfold id='2'> 0097 DONTAUDIT untrusted_app asec_public_file:file <beginfold id='2'>{</beginfold id='2'> execute execmod <endfold id='2'>}</endfold id='2'>; 0098 <endfold id='2'>}</endfold id='2'> else <beginfold id='2'>{</beginfold id='2'> 0099 ALLOW untrusted_app perfprofd_data_file:file r_file_perms; 0100 allow untrusted_app perfprofd_data_file:dir r_dir_perms; 0101 <endfold id='2'>}</endfold id='2'>; 0102 0103 sid devnull system_u:object_r:null_device_t:s0 0104 genfscon sysfs /devices/system/cpu/online gen_context<beginfold id='3'>(</beginfold id='3'>system_u:object_r:cpu_online_t,s0<endfold id='3'>)</endfold id='3'> 0105 genfscon rootfs / gen_context<beginfold id='3'>(</beginfold id='3'>system_u:object_r:root_t,s0<endfold id='3'>)</endfold id='3'> 0106 0107 genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0 0108 genfscon selinuxfs / u:object_r:selinuxfs:s0 0109 fs_use_trans devtmpfs system_u:object_r:device_t:s0; 0110 fs_use_task pipefs u:object_r:pipefs:s0; 0111 fs_use_xattr xfs u:object_r:labeledfs:s0; 0112 fs_use_xattr btrfs u:object_r:labeledfs:s0; 0113 0114 portcon tcp 80 u:object_r:http_port:s0; 0115 portcon udp 1024-65535 gen_context<beginfold id='3'>(</beginfold id='3'>system_u:object_r:unreserved_port_t, s0<endfold id='3'>)</endfold id='3'>; 0116 netifcon $2 gen_context<beginfold id='3'>(</beginfold id='3'>system_u:object_r:$1,$3<endfold id='3'>)</endfold id='3'> gen_context<beginfold id='3'>(</beginfold id='3'>system_u:object_r:unlabeled_t,$3<endfold id='3'>)</endfold id='3'>; 0117 0118 nodecon 2001:0DB8:AC10:FE01:: 2001:0DE0:DA88:2222:: system_u:object_r:hello_t:s0; 0119 nodecon ipv4 127.0.0.2 255.255.255.255 system_u:object_r:node_t:s0; 0120 0121 #line 118 0122 0123 # Regular Expressions 0124 regexp<beginfold id='3'>(</beginfold id='3'>`Hello(!|\^\^)+', ` 0125 ^\s*(?<hello>\.) 0126 ( 0127 hello[^\s\x12/][1-9]*| # Hello 0128 bye 0129 )\s*$ 0130 '<endfold id='3'>)</endfold id='3'> 0131 "aa/aa(?=sdf sdf)ds(aa aa)df[^ a]" 0132 "open 0133 "text\"aaa 0134 "filename\s\w\%(?=aa)aa" 0135 "/path\s\w(?=aa)aa" 0136 0137 u:role:type:sen:cat:other 0138 u:role:type:sen:cat - sen:cat:other 0139 u:role:type:s0.s1:c0 , c1 - s2.s3:c2.c3,c4:other 0140 u:role:type:s0,other