Warning, /frameworks/syntax-highlighting/autotests/input/test.te is written in an unsupported language. File is not indexed. 

0001 # Sample SELinux Policy
0002 
0003 ## <summary>
0004 ##  Sample SELinux Policy
0005 ## </summary>
0006 ## <desc>
0007 ## <p>
0008 ##  This module is not functional,
0009 ##  but only to test the syntax highlighting.
0010 ## </p>
0011 ## </desc>
0012 ## <required val="true">
0013 ##  Depended on by other required modules.
0014 ## </required>
0015 
0016 policycap open_perms;
0017 module myapp 1.0;
0018 
0019 require {
0020         type httpd_t;
0021         type httpd_sys_content_t;
0022         type initrc_t;
0023         class sock_file write;
0024         class unix_stream_socket connectto;
0025 }
0026 
0027 allow httpd_t httpd_sys_content_t:sock_file write;
0028 allow httpd_t initrc_t:unix_stream_socket connectto;
0029 
0030 # Refpolicy
0031 tunable_policy(`allow_execmem',`
0032         /usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0,a,b);
0033 ')
0034 # M4 Macros
0035 regexp(`GNUs not Unix', `\w\(\w+\)$', `*** \& *** \1 ***')
0036 ifdef(`distro_ubuntu',`
0037         unconfined_domain(chkpwd_t)
0038 ')
0039 
0040 dominance { gen_dominance(0,decr($1)) };
0041 neverallow user=_isolated domain=((?!isolated_app).)*
0042 
0043 allow consoletype_t self:capability { sys_admin sys_tty_config };
0044 allow consoletype_t self:msg { send receive };
0045 
0046 # sample for administrative user
0047 user jadmin roles { staff_r sysadm_r };
0048 # sample for regular user
0049 user jdoe roles { user_r };
0050 
0051 default_user process source;
0052 default_range process source low;
0053 default_range name GLBLUB;
0054 
0055 sid devnull;
0056 sid sysctl;
0057 
0058 common file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton };
0059 class dir inherits file { add_name remove_name reparent search rmdir open audit_access execmod };
0060 class class;
0061 
0062 sensitivity s0 alias sens0;
0063 category c0 alias cat0;
0064 
0065 mlsconstrain dir { search read ioctl lock }
0066         (( h1 dom h2 ) or ( t1 == mcsreadall ) or
0067         (( t1 != mcs_constrained_type ) and (t2 == domain)));
0068 
0069 attribute_role dpkg_roles;
0070 roleattribute system_r dpkg_roles;
0071 
0072 role system_r types system_t;
0073 role_transition hello init_script_file_type system_r;
0074 
0075 level s0:c0;
0076 user user_u roles role_r level s1:c1 range s1:c1 - s2:c2;
0077 range_transition initrc_t auditd_exec_t:process s15:c0.c255 - s20;
0078 range_transition source target:class s1 - s2 dsd;
0079 range_transition source target:class s1 ;
0080 
0081 attribute filesystem_type;
0082 type dhcp_etc_t;
0083 typealias dhcp_etc_t ALIAS { etc_dhcp_t etc_dhcpc_t etc_dhcpd_t };
0084 
0085 bool le_boolean true;
0086 TUNABLE allow_java_execstack false;
0087 
0088 type_transition root_xdrawable_t input_xevent_t:x_event root_input_xevent_t;
0089 AUDITALLOW xserver_t { root_xdrawable_t x_domain }:x_drawable send;
0090 
0091 optional {
0092         neverallow untrusted_app *:{ netlink_route_socket netlink_selinux_socket } ioctl;
0093         neverallowxperm shell domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
0094 };
0095 
0096 if le_boolean {
0097         DONTAUDIT untrusted_app asec_public_file:file { execute execmod };
0098 } else {
0099         ALLOW untrusted_app perfprofd_data_file:file r_file_perms;
0100         allow untrusted_app perfprofd_data_file:dir r_dir_perms;
0101 };
0102 
0103 sid devnull system_u:object_r:null_device_t:s0
0104 genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)
0105 genfscon rootfs / gen_context(system_u:object_r:root_t,s0)
0106 
0107 genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
0108 genfscon selinuxfs / u:object_r:selinuxfs:s0
0109 fs_use_trans devtmpfs system_u:object_r:device_t:s0;
0110 fs_use_task pipefs u:object_r:pipefs:s0;
0111 fs_use_xattr xfs u:object_r:labeledfs:s0;
0112 fs_use_xattr btrfs u:object_r:labeledfs:s0;
0113 
0114 portcon tcp 80 u:object_r:http_port:s0;
0115 portcon udp 1024-65535 gen_context(system_u:object_r:unreserved_port_t, s0);
0116 netifcon $2 gen_context(system_u:object_r:$1,$3) gen_context(system_u:object_r:unlabeled_t,$3);
0117 
0118 nodecon 2001:0DB8:AC10:FE01:: 2001:0DE0:DA88:2222:: system_u:object_r:hello_t:s0;
0119 nodecon ipv4 127.0.0.2 255.255.255.255 system_u:object_r:node_t:s0;
0120 
0121 #line 118
0122 
0123 # Regular Expressions
0124 regexp(`Hello(!|\^\^)+', `
0125         ^\s*(?<hello>\.)
0126         (
0127                 hello[^\s\x12/][1-9]*|  # Hello
0128                 bye
0129         )\s*$
0130 ') 
0131 "aa/aa(?=sdf sdf)ds(aa aa)df[^ a]"
0132 "open
0133 "text\"aaa
0134 "filename\s\w\%(?=aa)aa"
0135 "/path\s\w(?=aa)aa"
0136 
0137 u:role:type:sen:cat:other
0138 u:role:type:sen:cat - sen:cat:other
0139 u:role:type:s0.s1:c0 , c1 - s2.s3:c2.c3,c4:other
0140 u:role:type:s0,other