# Copyright (c) 1999 The University of Utah and the Flux Group.
# All rights reserved.
# 
# Contributed by the Computer Security Research division,
# INFOSEC Research and Technology Office, NSA.
# 
# This file is part of the Flux OSKit.  The OSKit is free software, also known
# as "open source;" you can redistribute it and/or modify it under the terms
# of the GNU General Public License (GPL), version 2, as published by the Free
# Software Foundation (FSF).  To explore alternate licensing terms, contact
# the University of Utah at csl-dist@cs.utah.edu or +1-801-585-3271.
# 
# The OSKit is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GPL for more details.  You should have
# received a copy of the GPL along with the OSKit; see the file COPYING.  If
# not, write to the FSF, 59 Temple Place #330, Boston, MA 02111-1307, USA.

#
# Define the set of allowed types for each role.
#
# role rolename types type_set ;

role system_r types { kernel_t security_t file_labels_t proc_t };
role startup_r types { init_t login_t };
role admin_r types { admin_t user_t };
role user_r types { user_t unlabeled_t file_t fs_t public_t private_t }; 
role office_chief_r types user_t;
role technical_director_r types user_t;
role division_chief_r types user_t;
role division_td_r types user_t;
role branch_chief_r types user_t;
role branch_td_r types user_t;
role branch_employee_r types user_t;


#
# Define the role dominance.
#

dominance {
 role office_chief_r {
	role division_td_r ;
	role division_chief_r {
		role branch_chief_r {
			role branch_employee_r ;
		}
		role branch_td_r ;
	}
 }
 role technical_director_r;
}





