2015-12-15 20:13:27 +00:00
|
|
|
CIL (Common Intermediate Language)
|
|
|
|
===============
|
|
|
|
## Table of Contents
|
|
|
|
|
|
|
|
* [Introduction](cil_introduction.md#Introduction)
|
|
|
|
* [Design Philosophy](cil_introduction.md#design-philosophy)
|
|
|
|
* [Goals and Primary Features](cil_introduction.md#goals-and-primary-features)
|
|
|
|
* [Design Overview](cil_introduction.md#design-overview)
|
|
|
|
|
|
|
|
* [CIL Information](cil_reference_guide.md#cil-information)
|
|
|
|
* [Declarations](cil_reference_guide.md#declarations)
|
|
|
|
* [Definitions](cil_reference_guide.md#definitions)
|
|
|
|
* [Symbol Character Set](cil_reference_guide.md#symbol-character-set)
|
|
|
|
* [String Character Set](cil_reference_guide.md#string-character-set)
|
|
|
|
* [Comments](cil_reference_guide.md#comments)
|
|
|
|
* [Namespaces](cil_reference_guide.md#namespaces)
|
|
|
|
* [Global Namespace](cil_reference_guide.md#global-namespace)
|
|
|
|
* [Expressions](cil_reference_guide.md#expressions)
|
|
|
|
* [Name String](cil_reference_guide.md#name-string)
|
|
|
|
* [self](cil_reference_guide.md#self)
|
|
|
|
* [Example CIL Policy](../test/policy.cil)
|
|
|
|
|
|
|
|
* [Access Vector Rules](cil_access_vector_rules.md#access-vector-rules)
|
|
|
|
* [allow](cil_access_vector_rules.md#allow)
|
|
|
|
* [auditallow](cil_access_vector_rules.md#auditallow)
|
|
|
|
* [dontaudit](cil_access_vector_rules.md#dontaudit)
|
|
|
|
* [neverallow](cil_access_vector_rules.md#neverallow)
|
|
|
|
* [allowx](cil_access_vector_rules.md#allowx)
|
|
|
|
* [auditallowx](cil_access_vector_rules.md#auditallowx)
|
|
|
|
* [dontauditx](cil_access_vector_rules.md#dontauditx)
|
|
|
|
* [neverallowx](cil_access_vector_rules.md#neverallowx)
|
|
|
|
|
|
|
|
* [Call / Macro Statements](cil_call_macro_statements.md#call--macro-statements)
|
|
|
|
* [call](cil_call_macro_statements.md#call)
|
|
|
|
* [macro](cil_call_macro_statements.md#macro)
|
|
|
|
|
|
|
|
* [Class and Permission Statements](cil_class_and_permission_statements.md#class-and-permission-statements)
|
|
|
|
* [common](cil_class_and_permission_statements.md#common)
|
|
|
|
* [classcommon](cil_class_and_permission_statements.md#classcommon)
|
|
|
|
* [class](cil_class_and_permission_statements.md#class)
|
|
|
|
* [classorder](cil_class_and_permission_statements.md#classorder)
|
|
|
|
* [classpermission](cil_class_and_permission_statements.md#classpermission)
|
|
|
|
* [classpermissionset](cil_class_and_permission_statements.md#classpermissionset)
|
|
|
|
* [classmap](cil_class_and_permission_statements.md#classmap)
|
|
|
|
* [classmapping](cil_class_and_permission_statements.md#classmapping)
|
|
|
|
* [permissionx](cil_class_and_permission_statements.md#permissionx)
|
|
|
|
|
|
|
|
* [Conditional Statements](cil_conditional_statements.md#conditional-statements)
|
|
|
|
* [boolean](cil_conditional_statements.md#boolean)
|
|
|
|
* [booleanif](cil_conditional_statements.md#booleanif)
|
|
|
|
* [tunable](cil_conditional_statements.md#tunable)
|
|
|
|
* [tunableif](cil_conditional_statements.md#tunableif)
|
|
|
|
|
|
|
|
* [Constraint Statements](cil_constraint_statements.md#constraint-statements)
|
|
|
|
* [constrain](cil_constraint_statements.md#constrain)
|
|
|
|
* [validatetrans](cil_constraint_statements.md#validatetrans)
|
|
|
|
* [mlsconstrain](cil_constraint_statements.md#mlsconstrain)
|
|
|
|
* [mlsvalidatetrans](cil_constraint_statements.md#mlsvalidatetrans)
|
|
|
|
|
|
|
|
* [Container Statements](cil_container_statements.md#container-statements)
|
|
|
|
* [block](cil_container_statements.md#block)
|
|
|
|
* [blockabstract](cil_container_statements.md#blockabstract)
|
|
|
|
* [blockinherit](cil_container_statements.md#blockinherit)
|
|
|
|
* [optional](cil_container_statements.md#optional)
|
|
|
|
* [in](cil_container_statements.md#in)
|
|
|
|
|
|
|
|
* [Context Statement](cil_context_statement.md#context-statement)
|
|
|
|
* [context](cil_context_statement.md#context)
|
|
|
|
|
|
|
|
* [Default Object Statements](cil_default_object_statements.md#default-object-statements)
|
|
|
|
* [defaultuser](cil_default_object_statements.md#defaultuser)
|
|
|
|
* [defaultrole](cil_default_object_statements.md#defaultrole)
|
|
|
|
* [defaulttype](cil_default_object_statements.md#defaulttype)
|
|
|
|
* [defaultrange](cil_default_object_statements.md#defaultrange)
|
|
|
|
|
|
|
|
* [File Labeling Statements](cil_file_labeling_statements.md#file-labeling-statements)
|
|
|
|
* [filecon](cil_file_labeling_statements.md#filecon)
|
|
|
|
* [fsuse](cil_file_labeling_statements.md#fsuse)
|
|
|
|
* [genfscon](cil_file_labeling_statements.md#genfscon)
|
|
|
|
|
|
|
|
* [Multi-Level Security Labeling Statements](cil_mls_labeling_statements.md#multi-level-security-labeling-statements)
|
|
|
|
* [sensitivity](cil_mls_labeling_statements.md#sensitivity)
|
|
|
|
* [sensitivityalias](cil_mls_labeling_statements.md#sensitivityalias)
|
|
|
|
* [sensitivityaliasactual](cil_mls_labeling_statements.md#sensitivityaliasactual)
|
|
|
|
* [sensitivityorder](cil_mls_labeling_statements.md#sensitivityorder)
|
|
|
|
* [category](cil_mls_labeling_statements.md#category)
|
|
|
|
* [categoryalias](cil_mls_labeling_statements.md#categoryalias)
|
|
|
|
* [categoryaliasactual](cil_mls_labeling_statements.md#categoryaliasactual)
|
|
|
|
* [categoryorder](cil_mls_labeling_statements.md#categoryorder)
|
|
|
|
* [categoryset](cil_mls_labeling_statements.md#categoryset)
|
|
|
|
* [sensitivitycategory](cil_mls_labeling_statements.md#sensitivitycategory)
|
|
|
|
* [level](cil_mls_labeling_statements.md#level)
|
|
|
|
* [levelrange](cil_mls_labeling_statements.md#levelrange)
|
|
|
|
* [rangetransition](cil_mls_labeling_statements.md#rangetransition)
|
|
|
|
* [mlsconstrain](cil_mls_labeling_statements.md#mlsconstrain)
|
|
|
|
* [mlsvalidatetrans](cil_mls_labeling_statements.md#mlsvalidatetrans)
|
|
|
|
|
|
|
|
* [Network Labeling Statements](cil_network_labeling_statements.md#network-labeling-statements)
|
|
|
|
* [ipaddr](cil_network_labeling_statements.md#ipaddr)
|
|
|
|
* [netifcon](cil_network_labeling_statements.md#netifcon)
|
|
|
|
* [nodecon](cil_network_labeling_statements.md#nodecon)
|
|
|
|
* [portcon](cil_network_labeling_statements.md#portcon)
|
|
|
|
|
|
|
|
* [Policy Configuration Statements](cil_policy_config_statements.md#policy-configuration-statements)
|
|
|
|
* [mls](cil_policy_config_statements.md#mls)
|
|
|
|
* [handleunknown](cil_policy_config_statements.md#handleunknown)
|
|
|
|
* [policycap](cil_policy_config_statements.md#policycap)
|
|
|
|
|
|
|
|
* [Role Statements](cil_role_statements.md#role-statements)
|
|
|
|
* [role](cil_role_statements.md#role)
|
|
|
|
* [roletype](cil_role_statements.md#roletype)
|
|
|
|
* [roleattribute](cil_role_statements.md#roleattribute)
|
|
|
|
* [roleattributeset](cil_role_statements.md#roleattributeset)
|
|
|
|
* [roleallow](cil_role_statements.md#roleallow)
|
|
|
|
* [roletransition](cil_role_statements.md#roletransition)
|
|
|
|
* [rolebounds](cil_role_statements.md#rolebounds)
|
|
|
|
|
|
|
|
* [SID Statements](cil_sid_statements.md#sid-statements)
|
|
|
|
* [sid](cil_sid_statements.md#sid)
|
|
|
|
* [sidorder](cil_sid_statements.md#sidorder)
|
|
|
|
* [sidcontext](cil_sid_statements.md#sidcontext)
|
|
|
|
|
|
|
|
* [Type Statements](cil_type_statements.md#type-statements)
|
|
|
|
* [type](cil_type_statements.md#type)
|
|
|
|
* [typealias](cil_type_statements.md#typealias)
|
|
|
|
* [typealiasactual](cil_type_statements.md#typealiasactual)
|
|
|
|
* [typeattribute](cil_type_statements.md#typeattribute)
|
|
|
|
* [typeattributeset](cil_type_statements.md#typeattributeset)
|
|
|
|
* [typebounds](cil_type_statements.md#typebounds)
|
|
|
|
* [typechange](cil_type_statements.md#typechange)
|
|
|
|
* [typemember](cil_type_statements.md#typemember)
|
|
|
|
* [typetransition](cil_type_statements.md#typetransition)
|
|
|
|
* [typepermissive](cil_type_statements.md#typepermissive)
|
|
|
|
|
|
|
|
* [User Statements](cil_user_statements.md#user-statements)
|
|
|
|
* [user](cil_user_statements.md#user)
|
|
|
|
* [userrole](cil_user_statements.md#userrole)
|
|
|
|
* [userattribute](cil_user_statements.md#userattribute)
|
|
|
|
* [userattributeset](cil_user_statements.md#userattributeset)
|
|
|
|
* [userlevel](cil_user_statements.md#userlevel)
|
|
|
|
* [userrange](cil_user_statements.md#userrange)
|
|
|
|
* [userbounds](cil_user_statements.md#userbounds)
|
|
|
|
* [userprefix](cil_user_statements.md#userprefix)
|
|
|
|
* [selinuxuser](cil_user_statements.md#selinuxuser)
|
|
|
|
* [selinuxuserdefault](cil_user_statements.md#selinuxuserdefault)
|
|
|
|
|
2017-06-12 08:31:40 +00:00
|
|
|
* [Infiniband Statements](cil_infiniband_statements.md#infiniband-statements)
|
|
|
|
* [ibpkeycon](cil_infiniband_statements.md#ibpkeycon)
|
|
|
|
* [ibendportcon](cil_infiniband_statements.md#ibendportcon)
|
|
|
|
|
2015-12-15 20:13:27 +00:00
|
|
|
* [Xen Statements](cil_xen_statements.md#xen-statements)
|
|
|
|
* [iomemcon](cil_xen_statements.md#iomemcon)
|
|
|
|
* [ioportcon](cil_xen_statements.md#ioportcon)
|
|
|
|
* [pcidevicecon](cil_xen_statements.md#pcidevicecon)
|
|
|
|
* [pirqcon](cil_xen_statements.md#pirqcon)
|
|
|
|
* [devicetreecon](cil_xen_statements.md#devicetreecon)
|
|
|
|
|
|
|
|
* [Example Policy](../test/policy.cil#example-policy)
|