# Copyright (c) 1999 The University of Utah and the Flux Group.
# All rights reserved.
# 
# Contributed by the Computer Security Research division,
# INFOSEC Research and Technology Office, NSA.
# 
# This file is part of the Flux OSKit.  The OSKit is free software, also known
# as "open source;" you can redistribute it and/or modify it under the terms
# of the GNU General Public License (GPL), version 2, as published by the Free
# Software Foundation (FSF).  To explore alternate licensing terms, contact
# the University of Utah at csl-dist@cs.utah.edu or +1-801-585-3271.
# 
# The OSKit is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GPL for more details.  You should have
# received a copy of the GPL along with the OSKit; see the file COPYING.  If
# not, write to the FSF, 59 Temple Place #330, Boston, MA 02111-1307, USA.

# Define domains/types 
#
# Domains are not distinguished from types, except through the
# actual type enforcement tables (i.e. a type that can be
# associated with a process is also a domain).
# 
# type typename ; 
# type typename alias alias_set ;

type kernel_t;
type security_t;
type unlabeled_t;
type fs_t;
type file_t;
type file_labels_t;
type init_t;
type proc_t;
type daemon_t;
type login_t;
type user_t alias { application_t untrusted_t };
type public_t;
type private_t;
type admin_t;
type tmp_t;


# Define the type transitions 
#
# type_transition process_type old_object_type : new_object_class new_object_type ;
#
# A type transition specifies a default rule for determining:
# (1) the type of a process transformed by execve, based on
#     the type of the invoking process and the type of the file.
#     If no transition is explicitly specified, then the default
#     rule is to use the type of the invoking process for the transformed
#     process.		
#
# (2) the type of a newly created file, based on the type of
#     of the creating process and the type of the parent directory.
#     If no transition is explicitly specified, then the default rule
#     is to use the type of the parent directory for the newly created
#     file.	
#
# The default rules may be overridden by clients via the _secure interfaces.

type_transition init_t daemon_t:process daemon_t;
type_transition init_t login_t:process  login_t;
type_transition login_t file_t:process  user_t;


#
# Define the default behavior for permissions that are not
# explicitly specified in the type enforcement tables.
#
# The default for allow may be one of:
# 1) 'none' - Deny all permissions.
# 2) 'all' -  Grant all permission.
# 3) 'self' - Grant all permissions within a type, but deny
#	all permissions between types.
#
# For auditallow, auditdeny and notify, the defaults mean:
# 1) 'none' - Audit/notify no permissions.
# 2) 'all' -  Audit/notify all permissions.
# 3) 'self' - Audit/notify all permissions between types, but no
#		permissions within a type.

default allow self;
default auditallow none;
default auditdeny all;
default notify none;


#
# Define m4 macros for the type enforcement tables
#

define(`file_class_set', `{ file lnk_file sock_file fifo_file chr_file blk_file }')

define(`all_subject_file_perms', `{ create read write append execute access getattr setattr unlink link rename sync relabelfrom relabelto }')

define(`all_subject_dir_perms', `{ create read access getattr setattr rename sync relabelfrom relabelto add_name remove_name reparent search rmdir mounton }')

define(`all_fs_perms', `{ associate mount remount unmount getattr sync relabelfrom relabelto }')

define(`all_subject_fs_perms', `{ mount remount unmount getattr sync relabelfrom relabelto }')

define(`all_subject_pipe_perms', `{ read write getattr }')

define(`all_subject_fd_perms', `{ getattr setattr inherit }')


#
# Define the type enforcement tables
#
# allow domain type:class_set perm_set ;
# auditallow domain type:class_set perm_set ;
# auditdeny domain type:class_set perm_set ;
# notify domain type:class_set perm_set ;


#
# Allow files with the default file type to be in 
# filesystems with the default file system type.
#
allow file_t fs_t:filesystem associate;


#
# Allow other types of directories to be mounted on 
# directories with the default file type.
#
allow unlabeled_t file_t:dir mountassociate;
allow proc_t file_t:dir mountassociate;


#
# Allow kernel_t to do things.
#
allow kernel_t init_t:process { transition wait } ;
allow kernel_t file_labels_t:file_class_set all_subject_file_perms;
allow kernel_t file_labels_t:dir all_subject_dir_perms;
allow kernel_t file_t:dir all_subject_dir_perms;
allow kernel_t file_t:file_class_set all_subject_file_perms;
allow kernel_t unlabeled_t:dir all_subject_dir_perms;
allow kernel_t unlabeled_t:file_class_set all_subject_file_perms;


#
# Allow init_t to do things.
#
allow init_t kernel_t:system reboot;

allow init_t file_t:process execute;

allow init_t unlabeled_t:process execute;

allow init_t login_t:process { transition wait } ;

allow init_t user_t:process { transition wait } ;

allow init_t public_t:process { transition wait } ;

allow init_t private_t:process { transition wait } ;

allow init_t fs_t:filesystem all_fs_perms;

allow init_t unlabeled_t:filesystem all_subject_fs_perms;

allow init_t file_labels_t:dir { read search getattr };

allow init_t file_labels_t:file { read getattr };

allow init_t file_t:dir all_subject_dir_perms;

allow init_t file_t:file_class_set all_subject_file_perms;

allow init_t unlabeled_t:dir all_subject_dir_perms;

allow init_t unlabeled_t:file_class_set all_subject_file_perms;

allow init_t proc_t:filesystem all_fs_perms;

allow init_t proc_t:dir all_subject_dir_perms;

allow init_t proc_t:file_class_set all_subject_file_perms;

allow init_t kernel_t:dir all_subject_dir_perms;

allow init_t kernel_t:file all_subject_file_perms;

allow init_t kernel_t:fd all_subject_fd_perms;


#
# Allow login_t to do things.
#
allow login_t user_t:process { transition wait } ;

allow login_t public_t:process { transition wait } ;

allow login_t private_t:process { transition wait } ;

allow login_t fs_t:filesystem all_fs_perms;

allow login_t unlabeled_t:filesystem all_subject_fs_perms;

allow login_t file_t:dir all_subject_dir_perms;

allow login_t file_t:file_class_set all_subject_file_perms;

allow login_t unlabeled_t:dir all_subject_dir_perms;

allow login_t unlabeled_t:file_class_set all_subject_file_perms;

allow login_t proc_t:filesystem all_fs_perms;

allow login_t proc_t:dir all_subject_dir_perms;

allow login_t proc_t:file_class_set all_subject_file_perms;

allow login_t init_t:fd all_subject_fd_perms;


#
# Allow user_t to do things.
#
allow user_t file_t:process execute;

allow user_t unlabeled_t:process execute;

allow user_t fs_t:filesystem all_fs_perms;

allow user_t unlabeled_t:filesystem all_subject_fs_perms;

allow user_t file_t:dir all_subject_dir_perms;

allow user_t file_t:file_class_set all_subject_file_perms;

allow user_t unlabeled_t:dir all_subject_dir_perms;

allow user_t unlabeled_t:file_class_set all_subject_file_perms;

allow user_t proc_t:filesystem all_fs_perms;

allow user_t proc_t:dir all_subject_dir_perms;

allow user_t proc_t:file_class_set all_subject_file_perms;

allow user_t login_t:fd all_subject_fd_perms;

allow user_t init_t:fd all_subject_fd_perms;


#
# Allow public_t to do things.
#
allow public_t file_t:process execute;

allow public_t unlabeled_t:process execute;

allow public_t fs_t:filesystem all_fs_perms;

allow public_t unlabeled_t:filesystem all_subject_fs_perms;

allow public_t file_t:dir all_subject_dir_perms;

allow public_t file_t:file_class_set all_subject_file_perms;

allow public_t unlabeled_t:dir all_subject_dir_perms;

allow public_t unlabeled_t:file_class_set all_subject_file_perms;

allow public_t proc_t:filesystem all_fs_perms;

allow public_t proc_t:dir all_subject_dir_perms;

allow public_t proc_t:file_class_set all_subject_file_perms;

allow public_t login_t:fd all_subject_fd_perms;

allow public_t init_t:fd all_subject_fd_perms;

allow public_t private_t:file { relabelto transition };


#
# Allow private_t to do things.
#
allow private_t file_t:process execute;

allow private_t unlabeled_t:process execute;

allow private_t fs_t:filesystem all_fs_perms;

allow private_t unlabeled_t:filesystem all_subject_fs_perms;

allow private_t file_t:dir all_subject_dir_perms;

allow private_t file_t:file_class_set all_subject_file_perms;

allow private_t unlabeled_t:dir all_subject_dir_perms;

allow private_t unlabeled_t:file_class_set all_subject_file_perms;

allow private_t proc_t:filesystem all_fs_perms;

allow private_t proc_t:dir all_subject_dir_perms;

allow private_t proc_t:file_class_set all_subject_file_perms;

allow private_t login_t:fd all_subject_fd_perms;

allow private_t init_t:fd all_subject_fd_perms;
