selinux/secilc/README
Yuli Khodorkovskiy 36f62b78f1 libsepol: Move secilc out of libsepol
Since the secilc compiler is independent of libsepol, move secilc out of
libsepol. Linke secilc dynamically rather than statically with libsepol.

- Move secilc source, test policies, docs, and secilc manpage to secilc
  directory.
- Remove unneeded Makefile from libsepol/cil. To build secilc, run make
  in the secilc directory.
- Add target to install the secilc binary to /usr/bin/.
- Create an Android makefile for secilc and move secilc out of libsepol
  Android makefile.
- Add cil_set_mls to libsepol public API as it is needed by secilc.
- Remove policy.conf from testing since it is no longer used.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-03-31 12:31:38 -04:00

72 lines
1.6 KiB
Plaintext

SELinux Common Intermediate Language (CIL) Compiler
INTRODUCTION
The SELinux CIL Compiler is a compiler that converts the CIL language as
described on the CIL design wiki into a kernel binary policy file.
Please see the CIL Design Wiki at:
http://github.com/SELinuxProject/cil/wiki/
for more information about the goals and features on the CIL language.
DEPENDENCIES
gcc >= 4.5.1
libsepol >= 2.4
BUILD STEPS
Run "make" with one of the following targets:
make
Build the CIL compiler (secilc).
make test
Pass a sample policy to test with the compiler.
make install
Install the secilc compiler and man page to disk.
make clean
Remove temporary build files.
make man
Build the secilc man page.
make bare
Remove temporary build files and compile binaries.
USAGE
Execute 'secilc' with any number of CIL files as arguments. A binary policy and
file_contexts file will be created.
Use the '--help' option for more details.
DOCUMENTATION
There is a Docbook CIL Reference Guide in the docs directory, to build
this in HTML and PDF format change to the docs directory and run:
make html pdf
There is also an secilc man page that can be built with:
make man
The documents will be located in the docs/html, docs/pdf and docs/man8
directories.
To build the html and manpage the xmlto package is required.
To build the pdf document the xmlto and dblatex packages are required.
KNOWN ISSUES
- Blocks inside of macros causes undefined behavior
- Policy must be well formed. For example, invalid usage of
sensitivities/categories/levels may create an unloaded binary
- Recursive limits are not handled