1 <?xml version="1.0" encoding="UTF-8"?>
2 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">
3 <xs:element name="policy-set">
6 <xs:element minOccurs="0" ref="target"/>
7 <xs:choice minOccurs="0" maxOccurs="unbounded">
8 <xs:element ref="policy-set"/>
9 <xs:element ref="policy"/>
12 <xs:attributeGroup ref="policy-set.attlist"/>
15 <xs:attributeGroup name="policy-set.attlist">
16 <xs:attribute name="combine" default="deny-overrides">
18 <xs:restriction base="xs:token">
19 <xs:enumeration value="deny-overrides"/>
20 <xs:enumeration value="permit-overrides"/>
21 <xs:enumeration value="first-matching-target"/>
25 <xs:attribute name="id"/>
27 <xs:element name="policy">
30 <xs:element minOccurs="0" ref="target"/>
31 <xs:element minOccurs="0" maxOccurs="unbounded" ref="rule"/>
33 <xs:attributeGroup ref="policy.attlist"/>
36 <xs:attributeGroup name="policy.attlist">
37 <xs:attribute name="combine" default="deny-overrides">
39 <xs:restriction base="xs:token">
40 <xs:enumeration value="deny-overrides"/>
41 <xs:enumeration value="permit-overrides"/>
42 <xs:enumeration value="first-applicable"/>
46 <xs:attribute name="description"/>
47 <xs:attribute name="id"/>
49 <xs:element name="rule">
52 <xs:element minOccurs="0" ref="condition"/>
54 <xs:attributeGroup ref="rule.attlist"/>
57 <xs:attributeGroup name="rule.attlist">
58 <xs:attribute name="effect" default="permit">
60 <xs:restriction base="xs:token">
61 <xs:enumeration value="permit"/>
62 <xs:enumeration value="prompt-blanket"/>
63 <xs:enumeration value="prompt-session"/>
64 <xs:enumeration value="prompt-oneshot"/>
65 <xs:enumeration value="deny"/>
70 <xs:element name="target">
73 <xs:element maxOccurs="unbounded" ref="subject"/>
77 <xs:element name="subject">
80 <xs:element maxOccurs="unbounded" ref="subject-match"/>
84 <xs:element name="condition">
86 <xs:choice maxOccurs="unbounded">
87 <xs:element ref="condition"/>
88 <xs:element ref="subject-match"/>
89 <xs:element ref="resource-match"/>
90 <xs:element ref="environment-match"/>
92 <xs:attributeGroup ref="condition.attlist"/>
95 <xs:attributeGroup name="condition.attlist">
96 <xs:attribute name="combine" default="and">
98 <xs:restriction base="xs:token">
99 <xs:enumeration value="and"/>
100 <xs:enumeration value="or"/>
105 <xs:attributeGroup name="match-attrs">
106 <xs:attribute name="attr" use="required"/>
107 <xs:attribute name="match"/>
108 <xs:attribute name="func" default="glob">
110 <xs:restriction base="xs:token">
111 <xs:enumeration value="equal"/>
112 <xs:enumeration value="glob"/>
113 <xs:enumeration value="regexp"/>
118 <xs:element name="subject-match">
119 <xs:complexType mixed="true">
120 <xs:attributeGroup ref="subject-match.attlist"/>
123 <xs:attributeGroup name="subject-match.attlist">
124 <xs:attributeGroup ref="match-attrs"/>
126 <xs:complexType name="match-model" mixed="true">
127 <xs:choice minOccurs="0" maxOccurs="unbounded">
128 <xs:element ref="subject-attr"/>
129 <xs:element ref="resource-attr"/>
130 <xs:element ref="environment-attr"/>
133 <xs:element name="resource-match">
136 <xs:extension base="match-model">
137 <xs:attributeGroup ref="resource-match.attlist"/>
142 <xs:attributeGroup name="resource-match.attlist">
143 <xs:attributeGroup ref="match-attrs"/>
145 <xs:element name="environment-match">
148 <xs:extension base="match-model">
149 <xs:attributeGroup ref="environment-match.attlist"/>
154 <xs:attributeGroup name="environment-match.attlist">
155 <xs:attributeGroup ref="match-attrs"/>
157 <xs:attributeGroup name="attr-attrs">
158 <xs:attribute name="attr" use="required"/>
160 <xs:element name="subject-attr">
162 <xs:attributeGroup ref="subject-attr.attlist"/>
165 <xs:attributeGroup name="subject-attr.attlist">
166 <xs:attributeGroup ref="attr-attrs"/>
168 <xs:element name="resource-attr">
170 <xs:attributeGroup ref="resource-attr.attlist"/>
173 <xs:attributeGroup name="resource-attr.attlist">
174 <xs:attributeGroup ref="attr-attrs"/>
176 <xs:element name="environment-attr">
178 <xs:attributeGroup ref="environment-attr.attlist"/>
181 <xs:attributeGroup name="environment-attr.attlist">
182 <xs:attributeGroup ref="attr-attrs"/>