selinux-refpolicy/doc/policy.dtd
Christian Göttsche f3b0b0837f policy.dtd: more strict bool/tunable and infoflow validation
Booleans and tunables must have a value of true or false and infoflow
needs to be of type read, write, none or both with a weight of 1 to 10.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2022-03-22 19:06:37 +01:00

45 lines
1.4 KiB
DTD

<!ENTITY % inline.class "pre|p|ul|ol|li">
<!ELEMENT policy (layer+,(tunable|bool)*)>
<!ELEMENT layer (summary,module+)>
<!ATTLIST layer
name CDATA #REQUIRED>
<!ELEMENT module (summary,desc?,required?,(interface|template)*,(bool|tunable)*)>
<!ATTLIST module
name CDATA #REQUIRED
filename CDATA #REQUIRED>
<!ELEMENT required (#PCDATA)>
<!ATTLIST required
val (true|false) "false">
<!ELEMENT tunable (desc)>
<!ATTLIST tunable
name CDATA #REQUIRED
dftval (true|false) #REQUIRED>
<!ELEMENT bool (desc)>
<!ATTLIST bool
name CDATA #REQUIRED
dftval (true|false) #REQUIRED>
<!ELEMENT summary (#PCDATA)>
<!ELEMENT interface (summary,desc?,param+,infoflow?,(rolebase|rolecap)?)>
<!ATTLIST interface name CDATA #REQUIRED lineno CDATA #REQUIRED>
<!ELEMENT template (summary,desc?,param+,(rolebase|rolecap)?)>
<!ATTLIST template name CDATA #REQUIRED lineno CDATA #REQUIRED>
<!ELEMENT desc (#PCDATA|%inline.class;)*>
<!ELEMENT param (summary)>
<!ATTLIST param
name CDATA #REQUIRED
optional (true|false) "false"
unused (true|false) "false">
<!ELEMENT infoflow EMPTY>
<!ATTLIST infoflow
type (read|write|none|both) #REQUIRED
weight (1|2|3|4|5|6|7|8|9|10) #IMPLIED>
<!ELEMENT rolebase EMPTY>
<!ELEMENT rolecap EMPTY>
<!ATTLIST pre caption CDATA #IMPLIED>
<!ELEMENT p (#PCDATA|%inline.class;)*>
<!ELEMENT ul (li+)>
<!ELEMENT ol (li+)>
<!ELEMENT li (#PCDATA|%inline.class;)*>