11 files changed, 44 insertions, 1 deletions

diff --git a/tests/policies/test-cond/refpolicy-base.conf b/tests/policies/test-cond/refpolicy-base.conf
index 60da11a..1c1ef9a 100644
--- a/tests/policies/test-cond/refpolicy-base.conf
+++ b/tests/policies/test-cond/refpolicy-base.conf
@@ -1393,6 +1393,7 @@ role system_r;
 role sysadm_r;
 role staff_r;
 role user_r;
+role secadm_r;
 	typeattribute kernel_t domain;
 	allow kernel_t self:dir { read getattr lock search ioctl };
 	allow kernel_t self:lnk_file { read getattr lock ioctl };
diff --git a/tests/policies/test-deps/base-metreq.conf b/tests/policies/test-deps/base-metreq.conf
index 9b7ade5..bfb4c56 100644
--- a/tests/policies/test-deps/base-metreq.conf
+++ b/tests/policies/test-deps/base-metreq.conf
@@ -426,15 +426,19 @@ attribute files;
 
 type net_foo_t, foo;
 type sys_foo_t, foo, system;
+role system_r;
 role system_r types sys_foo_t;
 
 type user_t, domain;
+role user_r;
 role user_r types user_t;
 
 type sysadm_t, domain, system;
+role sysadm_r;
 role sysadm_r types sysadm_t;
 
 type system_t, domain, system, foo;
+role system_r;
 role system_r types { system_t sys_foo_t };
 
 type file_t;
diff --git a/tests/policies/test-deps/base-notmetreq.conf b/tests/policies/test-deps/base-notmetreq.conf
index cf6aa0a..f2630e7 100644
--- a/tests/policies/test-deps/base-notmetreq.conf
+++ b/tests/policies/test-deps/base-notmetreq.conf
@@ -421,15 +421,19 @@ attribute files;
 
 type net_foo_t, foo;
 type sys_foo_t, foo, system;
+role system_r;
 role system_r types sys_foo_t;
 
 type user_t, domain;
+role user_r;
 role user_r types user_t;
 
 type sysadm_t, domain, system;
+role sysadm_r;
 role sysadm_r types sysadm_t;
 
 type system_t, domain, system, foo;
+role system_r;
 role system_r types { system_t sys_foo_t };
 
 type file_t;
diff --git a/tests/policies/test-expander/alias-base.conf b/tests/policies/test-expander/alias-base.conf
index f3d0a6c..4ed46d2 100644
--- a/tests/policies/test-expander/alias-base.conf
+++ b/tests/policies/test-expander/alias-base.conf
@@ -440,6 +440,9 @@ optional {
 type fs_t;
 type system_t;
 type user_t;
+role system_r;
+role user_r;
+role sysadm_r;
 role system_r types system_t;
 role user_r types user_t;
 role sysadm_r types system_t;
diff --git a/tests/policies/test-expander/base-base-only.conf b/tests/policies/test-expander/base-base-only.conf
index 80b87cc..4eae73e 100644
--- a/tests/policies/test-expander/base-base-only.conf
+++ b/tests/policies/test-expander/base-base-only.conf
@@ -34,6 +34,7 @@ mlsconstrain file { read }
 
 attribute myattr;
 type mytype_t;
+role myrole_r;
 role myrole_r types mytype_t;
 bool mybool true;
 gen_user(myuser_u,, myrole_r, s0, s0 - s0:c0)
diff --git a/tests/policies/test-expander/role-base.conf b/tests/policies/test-expander/role-base.conf
index 219987c..b43389f 100644
--- a/tests/policies/test-expander/role-base.conf
+++ b/tests/policies/test-expander/role-base.conf
@@ -415,12 +415,16 @@ mlsconstrain file { write setattr append unlink link rename ioctl lock execute r
 
 # Role mapping test
 type role_check_1_1_t;
+role role_check_1;
 role role_check_1 types role_check_1_1_t;
 
 ########
 type fs_t;
 type system_t;
 type user_t;
+role system_r;
+role user_r;
+role sysadm_r;
 role system_r types system_t;
 role user_r types user_t;
 role sysadm_r types system_t;
diff --git a/tests/policies/test-expander/small-base.conf b/tests/policies/test-expander/small-base.conf
index 6f45a28..7c5d77a 100644
--- a/tests/policies/test-expander/small-base.conf
+++ b/tests/policies/test-expander/small-base.conf
@@ -467,12 +467,15 @@ optional {
 
 type net_foo_t, foo;
 type sys_foo_t, foo, system;
+role system_r;
 role system_r types sys_foo_t;
 
 type user_t, domain;
+role user_r;
 role user_r types user_t;
 
 type sysadm_t, domain, system;
+role sysadm_r;
 role sysadm_r types sysadm_t;
 
 type system_t, domain, system, foo;
diff --git a/tests/policies/test-expander/user-base.conf b/tests/policies/test-expander/user-base.conf
index 660152e..b60672f 100644
--- a/tests/policies/test-expander/user-base.conf
+++ b/tests/policies/test-expander/user-base.conf
@@ -416,6 +416,8 @@ mlsconstrain file { write setattr append unlink link rename ioctl lock execute r
 # User mapping test
 type user_check_1_1_t;
 type user_check_1_2_t;
+role user_check_1_1_r;
+role user_check_1_2_r;
 role user_check_1_1_r types user_check_1_1_t;
 role user_check_1_2_r types user_check_1_2_t;
 
@@ -423,6 +425,9 @@ role user_check_1_2_r types user_check_1_2_t;
 type fs_t;
 type system_t;
 type user_t;
+role system_r;
+role user_r;
+role sysadm_r;
 role system_r types system_t;
 role user_r types user_t;
 role sysadm_r types system_t;
diff --git a/tests/policies/test-linker/module1.conf b/tests/policies/test-linker/module1.conf
index 7cfb6cb..2d5fc31 100644
--- a/tests/policies/test-linker/module1.conf
+++ b/tests/policies/test-linker/module1.conf
@@ -19,6 +19,7 @@ type g_m1_type_2;
 typeattribute g_m1_type_2 g_m1_attr_1;
 
 #add role in module test
+role g_m1_role_1;
 role g_m1_role_1 types g_m1_type_1;
 
 # test for attr declared in base, added to in module
@@ -38,12 +39,15 @@ attribute g_m1_attr_2;
 
 #add type to base role test
 role g_b_role_2 types g_m1_type_1;
+role g_b_role_3;
 role g_b_role_3 types g_m1_type_2;
 
 #add type to base optional role test
+role o1_b_role_2;
 role o1_b_role_2 types g_m1_type_1;
 
 #optional base role w/ adds in 2 modules
+role o4_b_role_1;
 role o4_b_role_1 types g_m1_type_2;
 
 # attr a added to in base optional, declared/added to in module, added to in other module
@@ -78,6 +82,7 @@ optional {
 	type o1_m1_type_2, o1_m1_attr_1;
 	
 	type o1_m1_type_1;
+	role o1_m1_role_1;
 	role o1_m1_role_1 types o1_m1_type_1;
 
 	type o1_m1_type_3;
@@ -101,6 +106,7 @@ optional {
 	
 	type tag_o2_m1;
 
+	role g_b_role_4;
 	role g_b_role_4 types g_m1_type_2;
 }
 
@@ -112,6 +118,7 @@ optional {
 	type tag_o3_m1;
 
 	type o3_m1_type_1;	
+	role o3_b_role_1;
         role o3_b_role_1 types o3_m1_type_1;
 
 	type o3_m1_type_2, g_b_attr_6;
diff --git a/tests/policies/test-linker/module2.conf b/tests/policies/test-linker/module2.conf
index 3820cb7..7a31109 100644
--- a/tests/policies/test-linker/module2.conf
+++ b/tests/policies/test-linker/module2.conf
@@ -12,6 +12,7 @@ require {
 type tag_g_m2;
 
 type g_m2_type_1;
+role g_m2_role_1;
 role g_m2_role_1 types g_m2_type_1;
 
 type g_m2_type_4, g_b_attr_5;
@@ -19,9 +20,11 @@ type g_m2_type_5, g_b_attr_6;
 
 #add types to role declared in base test
 type g_m2_type_2;
+role g_b_role_3;
 role g_b_role_3 types g_m2_type_2;
 
 #optional base role w/ adds in 2 modules
+role o4_b_role_1;
 role o4_b_role_1 types g_m2_type_1;
 
 # attr a added to in base optional, declared/added to in module, added to in other module
@@ -45,6 +48,7 @@ optional {
 	type tag_o1_m2;
 
 	type o1_m2_type_1;
+	role o1_m2_role_1;
 	role o1_m2_role_1 types o1_m2_type_1;
 }
 
diff --git a/tests/policies/test-linker/small-base.conf b/tests/policies/test-linker/small-base.conf
index 2f166c9..3a66f91 100644
--- a/tests/policies/test-linker/small-base.conf
+++ b/tests/policies/test-linker/small-base.conf
@@ -435,6 +435,10 @@ type g_b_type_1, g_b_attr_1;
 type g_b_type_2, g_b_attr_2;
 type g_b_type_3;
 
+role g_b_role_1;
+role g_b_role_2;
+role g_b_role_3;
+role g_b_role_4;
 role g_b_role_1 types g_b_type_1;
 role g_b_role_2 types g_b_type_2;
 role g_b_role_3 types g_b_type_2;
@@ -464,8 +468,9 @@ optional {
 	attribute o1_b_attr_1;
 	type o1_b_type_1, o1_b_attr_1;
 	bool o1_b_bool_1 true;
+	role o1_b_role_1;
 	role o1_b_role_1 types o1_b_type_1;
-
+	role o1_b_role_2;
 	role o1_b_role_2 types o1_b_type_1;
 
 	attribute o1_b_attr_2;
@@ -501,6 +506,7 @@ optional {
 	type o3_b_type_1;
 	bool o3_b_bool_1 true;
 
+	role o3_b_role_1;
 	role o3_b_role_1 types o3_b_type_1;
 
 	allow g_b_type_1 invalid_type : sem { create destroy };
@@ -519,6 +525,7 @@ optional {
 
 	attribute o4_b_attr_1;
 
+	role o4_b_role_1;
 	role o4_b_role_1 types g_m1_type_1;
 
 	# test for attr declared in module optional, added to in base optional