module.conf - Android社区 - https://www.androidos.net.cn/

module my_module 1.0;

require { 
	bool allow_ypbind, secure_mode, allow_execstack;
	type system_t, sysadm_t;
	class file {read write};
	attribute attr_check_base_2, attr_check_base_3;
	attribute attr_check_base_optional_2;
}

bool module_1_bool true;

if (module_1_bool && allow_ypbind && secure_mode && allow_execstack) {
	allow system_t sysadm_t : file { read write };
}

optional {
	bool module_1_bool_2 false;
	require {
		bool optional_bool_1, optional_bool_2;
		class file { execute ioctl };
	}
	if (optional_bool_1 && optional_bool_2 || module_1_bool_2) {
		allow system_t sysadm_t : file {execute ioctl};
	}
}
# Type - attribute mapping test
type module_t;
attribute attr_check_mod_1;
attribute attr_check_mod_2;
attribute attr_check_mod_3;
attribute attr_check_mod_4;
attribute attr_check_mod_5;
attribute attr_check_mod_6;
attribute attr_check_mod_7;
attribute attr_check_mod_8;
attribute attr_check_mod_9;
attribute attr_check_mod_10;
attribute attr_check_mod_11;
optional {
	require {
		type base_t;
	}
	attribute attr_check_mod_optional_1;
	attribute attr_check_mod_optional_2;
	attribute attr_check_mod_optional_3;
	attribute attr_check_mod_optional_4;
	attribute attr_check_mod_optional_5;
	attribute attr_check_mod_optional_6;
	attribute attr_check_mod_optional_7;
}
optional {
	require {
		type does_not_exist_t;
	}
	attribute attr_check_mod_optional_disabled_4;
	attribute attr_check_mod_optional_disabled_7;
}
type attr_check_base_2_1_t, attr_check_base_2;
type attr_check_base_2_2_t;
typeattribute attr_check_base_2_2_t attr_check_base_2;
type attr_check_base_3_3_t, attr_check_base_3;
type attr_check_base_3_4_t;
typeattribute attr_check_base_3_4_t attr_check_base_3;
optional {
	require {
		attribute attr_check_base_5;
	}
	type attr_check_base_5_1_t, attr_check_base_5;
	type attr_check_base_5_2_t;
	typeattribute attr_check_base_5_2_t attr_check_base_5;
}
optional {
	require {
		attribute attr_check_base_6;
	}
	type attr_check_base_6_3_t, attr_check_base_6;
	type attr_check_base_6_4_t;
	typeattribute attr_check_base_6_4_t attr_check_base_6;
}
optional {
	require {
		type does_not_exist_t;
		attribute attr_check_base_8;
	}
	type attr_check_base_8_1_t, attr_check_base_8;
	type attr_check_base_8_2_t;
	typeattribute attr_check_base_8_2_t attr_check_base_8;
}
optional {
	require {
		type does_not_exist_t;
		attribute attr_check_base_9;
	}
	type attr_check_base_9_3_t, attr_check_base_9;
	type attr_check_base_9_4_t;
	typeattribute attr_check_base_9_4_t attr_check_base_9;
}
optional {
	require {
		type does_not_exist_t;
		attribute attr_check_base_10;
	}
	type attr_check_base_10_3_t, attr_check_base_10;
	type attr_check_base_10_4_t;
	typeattribute attr_check_base_10_4_t attr_check_base_10;
}
optional {
	require {
		attribute attr_check_base_11;
	}
	type attr_check_base_11_3_t, attr_check_base_11;
	type attr_check_base_11_4_t;
	typeattribute attr_check_base_11_4_t attr_check_base_11;
}
type attr_check_base_optional_2_1_t, attr_check_base_optional_2;
type attr_check_base_optional_2_2_t;
typeattribute attr_check_base_optional_2_2_t attr_check_base_optional_2;
optional {
	require {
		attribute attr_check_base_optional_5;
	}
	type attr_check_base_optional_5_1_t, attr_check_base_optional_5;
	type attr_check_base_optional_5_2_t;
	typeattribute attr_check_base_optional_5_2_t attr_check_base_optional_5;
}
#optional {
#	require {
#		attribute attr_check_base_optional_6;
#	}
#	type attr_check_base_optional_6_3_t, attr_check_base_optional_6;
#	type attr_check_base_optional_6_4_t;
#	typeattribute attr_check_base_optional_6_4_t attr_check_base_optional_6;
#}
optional {
	require {
		type does_not_exist_t;
		attribute attr_check_base_optional_8;
	}
	type attr_check_base_optional_8_1_t, attr_check_base_optional_8;
	type attr_check_base_optional_8_2_t;
	typeattribute attr_check_base_optional_8_2_t attr_check_base_optional_8;
}
type attr_check_mod_2_1_t, attr_check_mod_2;
type attr_check_mod_2_2_t;
typeattribute attr_check_mod_2_2_t attr_check_mod_2;
optional {
	require {
		attribute attr_check_mod_5;
	}
	type attr_check_mod_5_1_t, attr_check_mod_5;
	type attr_check_mod_5_2_t;
	typeattribute attr_check_mod_5_2_t attr_check_mod_5;
}
optional {
	require {
		attribute attr_check_mod_6;
	}
	type attr_check_mod_6_3_t, attr_check_mod_6;
	type attr_check_mod_6_4_t;
	typeattribute attr_check_mod_6_4_t attr_check_mod_6;
}
optional {
	require {
		type does_not_exist_t;
	}
	type attr_check_mod_8_1_t, attr_check_mod_8;
	type attr_check_mod_8_2_t;
	typeattribute attr_check_mod_8_2_t attr_check_mod_8;
}
optional {
	require {
		type does_not_exist_t;
	}
	type attr_check_mod_9_3_t, attr_check_mod_9;
	type attr_check_mod_9_4_t;
	typeattribute attr_check_mod_9_4_t attr_check_mod_9;
}
optional {
	require {
		type does_not_exist_t;
	}
	type attr_check_mod_10_3_t, attr_check_mod_10;
	type attr_check_mod_10_4_t;
	typeattribute attr_check_mod_10_4_t attr_check_mod_10;
}
optional {
	require {
		type base_t;
	}
	type attr_check_mod_11_3_t, attr_check_mod_11;
	type attr_check_mod_11_4_t;
	typeattribute attr_check_mod_11_4_t attr_check_mod_11;
}
#optional {
#	require {
#		attribute attr_check_mod_optional_5;
#	}
#	type attr_check_mod_optional_5_1_t, attr_check_mod_optional_5;
#	type attr_check_mod_optional_5_2_t;
#	typeattribute attr_check_mod_optional_5_2_t attr_check_mod_optional_5;
#}
#optional {
#	require {
#		attribute attr_check_mod_optional_6;
#	}
#	type attr_check_mod_optional_6_3_t, attr_check_mod_optional_6;
#	type attr_check_mod_optional_6_4_t;
#	typeattribute attr_check_mod_optional_6_4_t attr_check_mod_optional_6;
#}
optional {
	require {
		attribute attr_check_base_optional_disabled_5;
	}
	type attr_check_base_optional_disabled_5_1_t, attr_check_base_optional_disabled_5;
	type attr_check_base_optional_disabled_5_2_t;
	typeattribute attr_check_base_optional_disabled_5_2_t attr_check_base_optional_disabled_5;
}
optional {
	require {
		type does_not_exist_t;
		attribute attr_check_base_optional_disabled_8;
	}
	type attr_check_base_optional_disabled_8_1_t, attr_check_base_optional_disabled_8;
	type attr_check_base_optional_disabled_8_2_t;
	typeattribute attr_check_base_optional_disabled_8_2_t attr_check_base_optional_disabled_8;
}

普通文本 | 229行 | 6.05 KB

module my_module 1.0;

require { 
	bool allow_ypbind, secure_mode, allow_execstack;
	type system_t, sysadm_t;
	class file {read write};
	attribute attr_check_base_2, attr_check_base_3;
	attribute attr_check_base_optional_2;
}

bool module_1_bool true;

if (module_1_bool && allow_ypbind && secure_mode && allow_execstack) {
	allow system_t sysadm_t : file { read write };
}

optional {
	bool module_1_bool_2 false;
	require {
		bool optional_bool_1, optional_bool_2;
		class file { execute ioctl };
	}
	if (optional_bool_1 && optional_bool_2 || module_1_bool_2) {
		allow system_t sysadm_t : file {execute ioctl};
	}
}
# Type - attribute mapping test
type module_t;
attribute attr_check_mod_1;
attribute attr_check_mod_2;
attribute attr_check_mod_3;
attribute attr_check_mod_4;
attribute attr_check_mod_5;
attribute attr_check_mod_6;
attribute attr_check_mod_7;
attribute attr_check_mod_8;
attribute attr_check_mod_9;
attribute attr_check_mod_10;
attribute attr_check_mod_11;
optional {
	require {
		type base_t;
	}
	attribute attr_check_mod_optional_1;
	attribute attr_check_mod_optional_2;
	attribute attr_check_mod_optional_3;
	attribute attr_check_mod_optional_4;
	attribute attr_check_mod_optional_5;
	attribute attr_check_mod_optional_6;
	attribute attr_check_mod_optional_7;
}
optional {
	require {
		type does_not_exist_t;
	}
	attribute attr_check_mod_optional_disabled_4;
	attribute attr_check_mod_optional_disabled_7;
}
type attr_check_base_2_1_t, attr_check_base_2;
type attr_check_base_2_2_t;
typeattribute attr_check_base_2_2_t attr_check_base_2;
type attr_check_base_3_3_t, attr_check_base_3;
type attr_check_base_3_4_t;
typeattribute attr_check_base_3_4_t attr_check_base_3;
optional {
	require {
		attribute attr_check_base_5;
	}
	type attr_check_base_5_1_t, attr_check_base_5;
	type attr_check_base_5_2_t;
	typeattribute attr_check_base_5_2_t attr_check_base_5;
}
optional {
	require {
		attribute attr_check_base_6;
	}
	type attr_check_base_6_3_t, attr_check_base_6;
	type attr_check_base_6_4_t;
	typeattribute attr_check_base_6_4_t attr_check_base_6;
}
optional {
	require {
		type does_not_exist_t;
		attribute attr_check_base_8;
	}
	type attr_check_base_8_1_t, attr_check_base_8;
	type attr_check_base_8_2_t;
	typeattribute attr_check_base_8_2_t attr_check_base_8;
}
optional {
	require {
		type does_not_exist_t;
		attribute attr_check_base_9;
	}
	type attr_check_base_9_3_t, attr_check_base_9;
	type attr_check_base_9_4_t;
	typeattribute attr_check_base_9_4_t attr_check_base_9;
}
optional {
	require {
		type does_not_exist_t;
		attribute attr_check_base_10;
	}
	type attr_check_base_10_3_t, attr_check_base_10;
	type attr_check_base_10_4_t;
	typeattribute attr_check_base_10_4_t attr_check_base_10;
}
optional {
	require {
		attribute attr_check_base_11;
	}
	type attr_check_base_11_3_t, attr_check_base_11;
	type attr_check_base_11_4_t;
	typeattribute attr_check_base_11_4_t attr_check_base_11;
}
type attr_check_base_optional_2_1_t, attr_check_base_optional_2;
type attr_check_base_optional_2_2_t;
typeattribute attr_check_base_optional_2_2_t attr_check_base_optional_2;
optional {
	require {
		attribute attr_check_base_optional_5;
	}
	type attr_check_base_optional_5_1_t, attr_check_base_optional_5;
	type attr_check_base_optional_5_2_t;
	typeattribute attr_check_base_optional_5_2_t attr_check_base_optional_5;
}
#optional {
#	require {
#		attribute attr_check_base_optional_6;
#	}
#	type attr_check_base_optional_6_3_t, attr_check_base_optional_6;
#	type attr_check_base_optional_6_4_t;
#	typeattribute attr_check_base_optional_6_4_t attr_check_base_optional_6;
#}
optional {
	require {
		type does_not_exist_t;
		attribute attr_check_base_optional_8;
	}
	type attr_check_base_optional_8_1_t, attr_check_base_optional_8;
	type attr_check_base_optional_8_2_t;
	typeattribute attr_check_base_optional_8_2_t attr_check_base_optional_8;
}
type attr_check_mod_2_1_t, attr_check_mod_2;
type attr_check_mod_2_2_t;
typeattribute attr_check_mod_2_2_t attr_check_mod_2;
optional {
	require {
		attribute attr_check_mod_5;
	}
	type attr_check_mod_5_1_t, attr_check_mod_5;
	type attr_check_mod_5_2_t;
	typeattribute attr_check_mod_5_2_t attr_check_mod_5;
}
optional {
	require {
		attribute attr_check_mod_6;
	}
	type attr_check_mod_6_3_t, attr_check_mod_6;
	type attr_check_mod_6_4_t;
	typeattribute attr_check_mod_6_4_t attr_check_mod_6;
}
optional {
	require {
		type does_not_exist_t;
	}
	type attr_check_mod_8_1_t, attr_check_mod_8;
	type attr_check_mod_8_2_t;
	typeattribute attr_check_mod_8_2_t attr_check_mod_8;
}
optional {
	require {
		type does_not_exist_t;
	}
	type attr_check_mod_9_3_t, attr_check_mod_9;
	type attr_check_mod_9_4_t;
	typeattribute attr_check_mod_9_4_t attr_check_mod_9;
}
optional {
	require {
		type does_not_exist_t;
	}
	type attr_check_mod_10_3_t, attr_check_mod_10;
	type attr_check_mod_10_4_t;
	typeattribute attr_check_mod_10_4_t attr_check_mod_10;
}
optional {
	require {
		type base_t;
	}
	type attr_check_mod_11_3_t, attr_check_mod_11;
	type attr_check_mod_11_4_t;
	typeattribute attr_check_mod_11_4_t attr_check_mod_11;
}
#optional {
#	require {
#		attribute attr_check_mod_optional_5;
#	}
#	type attr_check_mod_optional_5_1_t, attr_check_mod_optional_5;
#	type attr_check_mod_optional_5_2_t;
#	typeattribute attr_check_mod_optional_5_2_t attr_check_mod_optional_5;
#}
#optional {
#	require {
#		attribute attr_check_mod_optional_6;
#	}
#	type attr_check_mod_optional_6_3_t, attr_check_mod_optional_6;
#	type attr_check_mod_optional_6_4_t;
#	typeattribute attr_check_mod_optional_6_4_t attr_check_mod_optional_6;
#}
optional {
	require {
		attribute attr_check_base_optional_disabled_5;
	}
	type attr_check_base_optional_disabled_5_1_t, attr_check_base_optional_disabled_5;
	type attr_check_base_optional_disabled_5_2_t;
	typeattribute attr_check_base_optional_disabled_5_2_t attr_check_base_optional_disabled_5;
}
optional {
	require {
		type does_not_exist_t;
		attribute attr_check_base_optional_disabled_8;
	}
	type attr_check_base_optional_disabled_8_1_t, attr_check_base_optional_disabled_8;
	type attr_check_base_optional_disabled_8_2_t;
	typeattribute attr_check_base_optional_disabled_8_2_t attr_check_base_optional_disabled_8;
}

登录后可以享受更多权益