selinux/secilc
James Carter 4878981229 libsepol/secilc/docs: Update the CIL documentation
Update the CIL documentation for the in-statement processing and
duplicate macro and block declarations with block inheritance.

Duplicate macro and block declarations are allowed if they occur as
the result of block inheritance. Document the fact that inherited
macros are overridden by any macros already declared in a
namespace and that declaring a block in a namespace that will
inherit a block with the same name can be used to allow in-statements
to be used on the block.

The new in-statement syntax still supports the old syntax but adds
the ability to specify whether the in-statement should be resolved
before or after block inheritance is resolved.

Signed-off-by: James Carter <jwcart2@gmail.com>
2021-09-07 10:28:46 -04:00
..
docs libsepol/secilc/docs: Update the CIL documentation 2021-09-07 10:28:46 -04:00
test secilc/test: Add test for anonymous args 2021-06-22 09:33:28 -04:00
.gitignore secilc: Create the new program called secil2tree to write out CIL AST 2021-04-21 21:45:31 +02:00
COPYING Fix many misspellings 2019-09-18 22:47:35 +02:00
Makefile secilc: Create the new program called secil2tree to write out CIL AST 2021-04-21 21:45:31 +02:00
README secilc: update dependency information and man page creation 2016-01-08 09:38:40 -05:00
secil2conf.8.xml libsepol/cil: Add support for using qualified names to secil2conf 2021-07-03 16:00:30 +02:00
secil2conf.c secilc: fix memory leaks in secilc2conf 2021-07-19 10:42:45 -04:00
secil2tree.8.xml libsepol/cil: Add support for using qualified names to secil2tree 2021-07-03 16:00:30 +02:00
secil2tree.c libsepol/cil: Add support for using qualified names to secil2tree 2021-07-03 16:00:30 +02:00
secilc.8.xml secilc: Add support for using qualified names to secilc 2021-07-03 16:00:30 +02:00
secilc.c secilc: fix memory leaks in secilc 2021-07-19 10:42:45 -04:00
VERSION Update VERSIONs to 3.2 for release. 2021-03-04 16:42:59 +01:00

SELinux Common Intermediate Language (CIL) Compiler

INTRODUCTION

	The SELinux CIL Compiler is a compiler that converts the CIL language as
	described on the CIL design wiki into a kernel binary policy file.
	Please see the CIL Design Wiki at:
	http://github.com/SELinuxProject/cil/wiki/
	for more information about the goals and features on the CIL language.

DEPENDENCIES

	gcc >= 4.5.1
	libsepol >= 2.5


BUILD STEPS

	Run "make" with one of the following targets:

	make
		Build the CIL compiler (secilc).

	make test
		Pass a sample policy to test with the compiler.

	make install
		Install the secilc compiler and man page to disk.

	make clean
		Remove temporary build files.

	make man
		Build the secilc man page.

	make bare
		Remove temporary build files and compile binaries.


USAGE

	Execute 'secilc' with any number of CIL files as arguments. A binary policy and
	file_contexts file will be created.

	Use the '--help' option for more details.


DOCUMENTATION

	There is a github markdown CIL Reference Guide in the docs directory. To
	view the table of contents, see README.md in the docs directory.

	To convert the github markdown content to HTML and PDF, change to the docs
	directory and run:
		make

	The documents will be located in the docs/html and docs/pdf directories.

	To build the html and pdf, the pandoc package is required.

KNOWN ISSUES

	- Blocks inside of macros causes undefined behavior

	- Policy must be well formed. For example, invalid usage of
	  sensitivities/categories/levels may create an unloaded binary

	- Recursive limits are not handled