057d72af2d
Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2.9 KiB
SID Statements
sid
Declares a new SID identifier in the current namespace.
Statement definition:
(sid sid_id)
Where:
|
The |
|
The |
Examples:
These examples show three sid declarations:
(sid kernel)
(sid security)
(sid igmp_packet)
sidorder
Defines the order of sid's. This is a mandatory statement when SIDs are defined. Multiple sidorder statements declared in the policy will form an ordered list.
Statement definition:
(sidorder (sid_id ...))
Where:
|
The |
|
One or more |
Example:
This will produce an ordered list of "kernel security unlabeled"
(sid kernel)
(sid security)
(sid unlabeled)
(sidorder (kernel security))
(sidorder (security unlabeled))
sidcontext
Associates an SELinux security context to a previously declared sid identifier.
Statement definition:
(sidcontext sid_id context_id)
Where:
|
The |
|
A single previously declared |
|
A previously declared |
Examples:
This shows two named security context examples plus an anonymous context:
; Two named context:
(sid kernel)
(context kernel_context (u r process low_low))
(sidcontext kernel kernel_context)
(sid security)
(context security_context (u object_r process low_low))
(sidcontext security security_context)
; An anonymous context:
(sid unlabeled)
(sidcontext unlabeled (u object_r ((s0) (s0))))