Add tests for using "this" in a full context

data/expected_cil/filecon.cil

@@ -148,6 +148,7 @@
 (filecon "/bin/some_bin" file (system_u object_r foo ((s0) (s0))))
 (filecon "/bin/some_bin2" file (system_u object_r foo ((s0) (s0))))
 (filecon "/bin/some_bin3" file (system_u object_r foo ((s0) (s0))))
+(filecon "/bin/some_bin4" file (system_u object_r foo ((s0) (s0))))
 (filecon "/dev/sda1" block (system_u object_r foo ((s0) (s0))))
 (filecon "/dev/tty.*" char (system_u object_r foo ((s0) (s0))))
 (filecon "/etc" any (system_u object_r foo ((s0) (s0))))

data/expected_cil/fs_context.cil

@@ -144,6 +144,7 @@
 (typeattributeset resource (unlabeled_sid))
 (allow domain foo (file (read)))
 (fsuse xattr ext3 (system_u object_r foo ((s0) (s0))))
+(fsuse xattr hugetblfs (system_u object_r foo ((s0) (s0))))
 (fsuse task sockfs (system_u object_r foo ((s0) (s0))))
 (fsuse trans tmpfs (system_u object_r foo ((s0) (s0))))
 (genfscon cgroup "/" (system_u object_r foo ((s0) (s0))))

data/expected_cil/initial_context.cil

@@ -136,6 +136,9 @@
 (type kernel_sid)
 (roletype system_r kernel_sid)
 (typeattributeset domain (kernel_sid))
+(type other_con)
+(roletype object_r other_con)
+(typeattributeset resource (other_con))
 (type security_con)
 (roletype object_r security_con)
 (typeattributeset resource (security_con))
@@ -154,8 +157,10 @@
 (allow some_dom unlabeled_con (file (read)))
 (sid "kernel")
 (sidcontext "kernel" (system_u object_r kernel_con ((s0) (s0))))
+(sid "other")
+(sidcontext "other" (system_u object_r other_con ((s0) (s0))))
 (sid "security")
 (sidcontext "security" (system_u object_r security_con ((s0) (s0))))
 (sid "unlabeled")
 (sidcontext "unlabeled" (system_u object_r unlabeled_con ((s0) (s0))))
-(sidorder ("kernel" "security" "unlabeled"))
+(sidorder ("kernel" "other" "security" "unlabeled"))

data/expected_cil/networking_rules.cil

@@ -149,6 +149,7 @@
 (portcon tcp 22 (system_u object_r my_port ((s0) (s0))))
 (portcon tcp 1234 (system_u object_r my_port ((s0) (s0))))
 (portcon tcp (5000 5010) (system_u object_r my_port ((s0) (s0))))
+(portcon tcp 9999 (system_u object_r my_port ((s0) (s0))))
 (portcon udp 1235 (system_u object_r my_port ((s0) (s0))))
 (portcon dccp 1337 (system_u object_r my_port ((s0) (s0))))
 (portcon sctp 43 (system_u object_r my_port ((s0) (s0))))

data/policies/filecon.cas

@@ -9,6 +9,7 @@ resource foo {
 	file_context("/bin/some_bin", [file], system_u:object_r:foo:s0);
 	file_context("/bin/some_bin2", [file], system_u:object_r:foo:s0-s0);
 	file_context("/bin/some_bin3", [file], system_u:object_r:foo:s0-s0:c0.c255);
+	file_context("/bin/some_bin4", [file], system_u:object_r:this:s0);
 	file_context("HOME_ROOT", dir, this);
 	// Policies must include at least one av rule
 	allow(domain, foo, file, [read]);

data/policies/fs_context.cas

@@ -3,6 +3,7 @@ resource foo {
     fs_context("sockfs", task, this);
     fs_context("tmpfs", trans, this);
     fs_context("tmpfs", trans, this);
+    fs_context("hugetblfs", xattr, system_u:object_r:this);
 
     fs_context("proc", genfscon, this, "/");
     fs_context("proc", genfscon, this, "/");

data/policies/initial_context.cas

@@ -10,6 +10,10 @@ resource security_con {
         initial_context("security", this);
 }
 
+resource other_con {
+	initial_context("other", system_u:object_r:this);
+}
+
 domain some_dom {
 	allow(this, unlabeled_con, file, read);
 }

data/policies/networking_rules.cas

@@ -7,6 +7,7 @@ resource my_port {
 	portcon("tcp", ssh_port, this);
 	portcon("dccp", 1337, this);
 	portcon("sctp", 43, this);
+	portcon("tcp", 9999, system_u:object_r:this);
 }
 
 domain foo {

src/test.rs

@@ -239,7 +239,7 @@ fn filecon_test() {
             "(filecon \"/bin\" dir (",
             "(filecon \"/etc\" any (",
         ],
-        &[],
+        &["this"],
         0,
     );
 }