/* 
 * Copyright (C) 1999, 2000, 2001  Network Associates, Incorporated (NAI)
 * All rights reserved.
 *
 * This file is part of the NAI Generic Software Wrappers Toolkit
 * (GSWTK).  See ftp://ftp.tislabs.com/pub/wrappers/ for the latest
 * distribution.
 *
 * The GSWTK is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2, or (at your option)
 * any later version.
 *
 * The GSWTK is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this software; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 * 02111-1307, USA. 
 *
 * $Id: sample_input,v 1.4 2001/04/05 18:41:47 stevek Exp $
 *
 */
/*
 * Napload test file.
 */

subject_policy man { network allow (12.27.34.5, (udp, 12, 23), (tcp, 80, 88));};

subject_policy one { syscall allow fork; };

subject_policy two { syscall deny fork; };

subject_policy three { syscall deny exit, fork, read, write, open, close, wait4, link, unlink, chdir, fchdir, mknod, chmod, chown, break, getfsstat, getpid, mount, unmount, setuid, getuid, geteuid, ptrace, recvmsg, sendmsg, recvfrom, accept, getpeername, getsockname, access, chflags, fchflags, sync, kill, getppid, dup, pipe, getegid, profil, ktrace, sigaction, getgid, sigprocmask, getlogin, setlogin, acct, sigpending, sigaltstack, ioctl, reboot, revoke, symlink, readlink, execve, umask, chroot, msync, vfork, sbrk, sstk, vadvise, munmap, mprotect, madvise, mincore, getgroups, setgroups, getpgrp, setpgid, setitimer, swapon, getitimer, getdtablesize, dup2, fcntl, select, fsync, setpriority, socket, connect, getpriority, sigreturn, bind, setsockopt, listen, sigsuspend, gettimeofday, getrusage, getsockopt, readv, writev, settimeofday, fchown, fchmod, setreuid, setregid, rename, flock, mkfifo, sendto, shutdown, socketpair, mkdir, rmdir, utimes, adjtime, setsid, quotactl, nfssvc, statfs, fstatfs, getfh, getdomainname, setdomainname, uname, sysarch, rtprio, semsys, msgsys, shmsys, ntp_adjtime, setgid, setegid, seteuid, lfs_bmapv, lfs_markv, lfs_segclean, lfs_segwait, stat, fstat, lstat, pathconf, fpathconf, getrlimit, setrlimit, getdirentries, mmap, __syscall, lseek, truncate, ftruncate, __sysctl, mlock, munlock, utrace, __semctl, semget, semop, semconfig, msgctl, msgget, msgsnd, msgrcv, shmat, shmctl, shmdt, shmget, minherit, rfork, issetugid, lchown ; };

subject_policy gee { syscall allow access;
			file deny rw 	homedir{george} /blah >
					homedir{badger}/fun; };

subject_policy wiz { file deny rwx /bin/foo > /usr/local/flat; 
			file allow rx /home ; syscall deny fork, chdir ; };

invoke AAA { A if (user bill, sally) };

invoke BBB { A if (user bill, sally) && (user fred) };

invoke CCC { A if (exec /bin/foo > /local) };

invoke DDD { A if (exec /bin/foo > /local) && (user fred, bill, sally) };

