mirror of
https://github.com/SELinuxProject/selinux
synced 2025-01-05 04:59:42 +00:00
71dd7b7133
Resolves https://github.com/SELinuxProject/cil/issues/3 An 'unordered' keyword provides the ability to append classes to the current list of ordered classes. This allows users to not need knowledge of existing classes when creating a class and fixes dependencies on classes when removing a module. This enables userspace object managers with custom objects to be modularized. If a class is declared in both an unordered and ordered statement, then the ordered statement will supercede the unordered declaration. Example usage: ; Appends new_class to the existing list of classes (class new_class ()) (classorder (unordered new_class)) Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov> |
||
---|---|---|
.. | ||
docs | ||
test | ||
.gitignore | ||
Android.mk | ||
ChangeLog | ||
COPYING | ||
Makefile | ||
README | ||
secilc.8.xml | ||
secilc.c | ||
VERSION |
SELinux Common Intermediate Language (CIL) Compiler INTRODUCTION The SELinux CIL Compiler is a compiler that converts the CIL language as described on the CIL design wiki into a kernel binary policy file. Please see the CIL Design Wiki at: http://github.com/SELinuxProject/cil/wiki/ for more information about the goals and features on the CIL language. DEPENDENCIES gcc >= 4.5.1 libsepol >= 2.4 BUILD STEPS Run "make" with one of the following targets: make Build the CIL compiler (secilc). make test Pass a sample policy to test with the compiler. make install Install the secilc compiler and man page to disk. make clean Remove temporary build files. make man Build the secilc man page. make bare Remove temporary build files and compile binaries. USAGE Execute 'secilc' with any number of CIL files as arguments. A binary policy and file_contexts file will be created. Use the '--help' option for more details. DOCUMENTATION There is a Docbook CIL Reference Guide in the docs directory, to build this in HTML and PDF format change to the docs directory and run: make html pdf There is also an secilc man page that can be built with: make man The documents will be located in the docs/html, docs/pdf and docs/man8 directories. To build the html and manpage the xmlto package is required. To build the pdf document the xmlto and dblatex packages are required. KNOWN ISSUES - Blocks inside of macros causes undefined behavior - Policy must be well formed. For example, invalid usage of sensitivities/categories/levels may create an unloaded binary - Recursive limits are not handled