tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_external_selinux/secilc/docs/cil_constraint_statements.md

330 lines
12 KiB
Markdown
Raw Normal View History

secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 21:13:27 +01:00
Constraint Statements
=====================
constrain
---------
Enable constraints to be placed on the specified permissions of the object class based on the source and target security context components.
**Statement definition:**
Revert "Revert "Merge remote-tracking branch 'aosp/upstream-mast..." Revert^2 "Use cil_write_build_ast" bde09de39feec91cf8220f0f798a6e52154d69e9 Change-Id: I3ab19bda9c1968409ad5a4f4d0866649036c683c
2021-10-27 06:50:56 +02:00
```secil
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 21:13:27 +01:00
(constrain classpermissionset_id ... expression | expr ...)
Revert "Revert "Merge remote-tracking branch 'aosp/upstream-mast..." Revert^2 "Use cil_write_build_ast" bde09de39feec91cf8220f0f798a6e52154d69e9 Change-Id: I3ab19bda9c1968409ad5a4f4d0866649036c683c
2021-10-27 06:50:56 +02:00
```
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 21:13:27 +01:00
**Where:**
<table>
<colgroup>
<col width="27%" />
<col width="72%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><code>constrain</code></p></td>
<td align="left"><p>The <code>constrain</code> keyword.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code>classpermissionset_id</code></p></td>
<td align="left"><p>A single named or anonymous <code>classpermissionset</code> or a single set of <code>classmap</code>/<code>classmapping</code> identifiers.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><code>expression</code></p></td>
<td align="left"><p>There must be one constraint <code>expression</code> or one or more <code>expr</code>'s. The expression consists of an operator and two operands as follows:</p>
<p><code> (op u1 u2)</code></p>
<p><code> (role_op r1 r2)</code></p>
<p><code> (op t1 t2)</code></p>
Revert "Revert "Merge remote-tracking branch 'aosp/upstream-mast..." Revert^2 "Use cil_write_build_ast" bde09de39feec91cf8220f0f798a6e52154d69e9 Change-Id: I3ab19bda9c1968409ad5a4f4d0866649036c683c
2021-10-27 06:50:56 +02:00
<p><code> (op u1 user_id | (user_id ...))</code></p>
<p><code> (op u2 user_id | (user_id ...))</code></p>
<p><code> (op r1 role_id | (role_id ...))</code></p>
<p><code> (op r2 role_id | (role_id ...))</code></p>
<p><code> (op t1 type_id | (type_id ...))</code></p>
<p><code> (op t2 type_id | (type_id ...))</code></p>
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 21:13:27 +01:00
<p>where:</p>
<p><code> u1, r1, t1 = Source context: user, role or type</code></p>
<p><code> u2, r2, t2 = Target context: user, role or type</code></p>
<p>and:</p>
<p><code> op : eq neq</code></p>
<p><code> role_op : eq neq dom domby incomp</code></p>
<p><code> user_id : A single user or userattribute identifier.</code></p>
<p><code> role_id : A single role or roleattribute identifier.</code></p>
<p><code> type_id : A single type, typealias or typeattribute identifier.</code></p></td>
</tr>
<tr class="even">
<td align="left"><p><code>expr</code></p></td>
<td align="left"><p>Zero or more <code>expr</code>'s, the valid operators and syntax are:</p>
<p><code> (and expression expression)</code></p>
<p><code> (or expression expression)</code></p>
<p><code> (not expression)</code></p></td>
</tr>
</tbody>
</table>
**Examples:**
Two constrain statements are shown with their equivalent kernel policy language statements:
Revert "Revert "Merge remote-tracking branch 'aosp/upstream-mast..." Revert^2 "Use cil_write_build_ast" bde09de39feec91cf8220f0f798a6e52154d69e9 Change-Id: I3ab19bda9c1968409ad5a4f4d0866649036c683c
2021-10-27 06:50:56 +02:00
```secil
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 21:13:27 +01:00
;; constrain { file } { write }
;; (( t1 == unconfined.process ) and ( t2 == unconfined.object ) or ( r1 eq r2 ));
(constrain (file (write))
(or
(and
(eq t1 unconfined.process)
(eq t2 unconfined.object)
)
(eq r1 r2)
)
)
;; constrain { file } { read }
;; (not( t1 == unconfined.process ) and ( t2 == unconfined.object ) or ( r1 eq r2 ));
(constrain (file (read))
(not
(or
(and
(eq t1 unconfined.process)
(eq t2 unconfined.object)
)
(eq r1 r2)
)
)
)
Revert "Revert "Merge remote-tracking branch 'aosp/upstream-mast..." Revert^2 "Use cil_write_build_ast" bde09de39feec91cf8220f0f798a6e52154d69e9 Change-Id: I3ab19bda9c1968409ad5a4f4d0866649036c683c
2021-10-27 06:50:56 +02:00
```
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 21:13:27 +01:00
validatetrans
-------------
The [`validatetrans`](cil_constraint_statements.md#validatetrans) statement is only used for `file` related object classes where it is used to control the ability to change the objects security context based on old, new and the current process security context.
**Statement definition:**
Revert "Revert "Merge remote-tracking branch 'aosp/upstream-mast..." Revert^2 "Use cil_write_build_ast" bde09de39feec91cf8220f0f798a6e52154d69e9 Change-Id: I3ab19bda9c1968409ad5a4f4d0866649036c683c
2021-10-27 06:50:56 +02:00
```secil
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 21:13:27 +01:00
(validatetrans class_id expression | expr ...)
Revert "Revert "Merge remote-tracking branch 'aosp/upstream-mast..." Revert^2 "Use cil_write_build_ast" bde09de39feec91cf8220f0f798a6e52154d69e9 Change-Id: I3ab19bda9c1968409ad5a4f4d0866649036c683c
2021-10-27 06:50:56 +02:00
```
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 21:13:27 +01:00
**Where:**
<table>
<colgroup>
<col width="25%" />
<col width="75%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><code>validatetrans</code></p></td>
<td align="left"><p>The <code>validatetrans</code> keyword.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code>class_id</code></p></td>
<td align="left"><p>A single previously declared <code>class</code> or <code>classmap</code> identifier.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><code>expression</code></p></td>
<td align="left"><p>There must be one constraint <code>expression</code> or one or more <code>expr</code>'s. The expression consists of an operator and two operands as follows:</p>
<p><code> (op u1 u2)</code></p>
<p><code> (role_op r1 r2)</code></p>
<p><code> (op t1 t2)</code></p>
<p><code> (op u1 user_id)</code></p>
<p><code> (op u2 user_id)</code></p>
<p><code> (op u3 user_id)</code></p>
<p><code> (op r1 role_id)</code></p>
<p><code> (op r2 role_id)</code></p>
<p><code> (op r3 role_id)</code></p>
<p><code> (op t1 type_id)</code></p>
<p><code> (op t2 type_id)</code></p>
<p><code> (op t3 type_id)</code></p>
<p>where:</p>
<p><code> u1, r1, t1 = Old context: user, role or type</code></p>
<p><code> u2, r2, t2 = New context: user, role or type</code></p>
<p><code> u3, r3, t3 = Process context: user, role or type</code></p>
<p>and:</p>
<p><code> op : eq neq</code></p>
<p><code> role_op : eq neq dom domby incomp</code></p>
<p><code> user_id : A single user or userattribute identifier.</code></p>
<p><code> role_id : A single role or roleattribute identifier.</code></p>
<p><code> type_id : A single type, typealias or typeattribute identifier.</code></p></td>
</tr>
<tr class="even">
<td align="left"><p><code>expr</code></p></td>
<td align="left"><p>Zero or more <code>expr</code>'s, the valid operators and syntax are:</p>
<p><code> (and expression expression)</code></p>
<p><code> (or expression expression)</code></p>
<p><code> (not expression)</code></p></td>
</tr>
</tbody>
</table>
**Example:**
A validate transition statement with the equivalent kernel policy language statement:
Revert "Revert "Merge remote-tracking branch 'aosp/upstream-mast..." Revert^2 "Use cil_write_build_ast" bde09de39feec91cf8220f0f798a6e52154d69e9 Change-Id: I3ab19bda9c1968409ad5a4f4d0866649036c683c
2021-10-27 06:50:56 +02:00
```secil
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 21:13:27 +01:00
; validatetrans { file } ( t1 == unconfined.process );
(validatetrans file (eq t1 unconfined.process))
Revert "Revert "Merge remote-tracking branch 'aosp/upstream-mast..." Revert^2 "Use cil_write_build_ast" bde09de39feec91cf8220f0f798a6e52154d69e9 Change-Id: I3ab19bda9c1968409ad5a4f4d0866649036c683c
2021-10-27 06:50:56 +02:00
```
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 21:13:27 +01:00
mlsconstrain
------------
Enable MLS constraints to be placed on the specified permissions of the object class based on the source and target security context components.
**Statement definition:**
Revert "Revert "Merge remote-tracking branch 'aosp/upstream-mast..." Revert^2 "Use cil_write_build_ast" bde09de39feec91cf8220f0f798a6e52154d69e9 Change-Id: I3ab19bda9c1968409ad5a4f4d0866649036c683c
2021-10-27 06:50:56 +02:00
```secil
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 21:13:27 +01:00
(mlsconstrain classpermissionset_id ... expression | expr ...)
Revert "Revert "Merge remote-tracking branch 'aosp/upstream-mast..." Revert^2 "Use cil_write_build_ast" bde09de39feec91cf8220f0f798a6e52154d69e9 Change-Id: I3ab19bda9c1968409ad5a4f4d0866649036c683c
2021-10-27 06:50:56 +02:00
```
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 21:13:27 +01:00
**Where:**
<table>
<colgroup>
<col width="27%" />
<col width="72%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><code>mlsconstrain</code></p></td>
<td align="left"><p>The <code>mlsconstrain</code> keyword.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code>classpermissionset_id</code></p></td>
<td align="left"><p>A single named or anonymous <code>classpermissionset</code> or a single set of <code>classmap</code>/<code>classmapping</code> identifiers.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><code>expression</code></p></td>
<td align="left"><p>There must be one constraint <code>expression</code> or one or more <code>expr</code>'s. The expression consists of an operator and two operands as follows:</p>
<p><code> (op u1 u2)</code></p>
<p><code> (mls_role_op r1 r2)</code></p>
<p><code> (op t1 t2)</code></p>
<p><code> (mls_role_op l1 l2)</code></p>
<p><code> (mls_role_op l1 h2)</code></p>
<p><code> (mls_role_op h1 l2)</code></p>
<p><code> (mls_role_op h1 h2)</code></p>
<p><code> (mls_role_op l1 h1)</code></p>
<p><code> (mls_role_op l2 h2)</code></p>
<p><code> (op u1 user_id)</code></p>
<p><code> (op u2 user_id)</code></p>
<p><code> (op r1 role_id)</code></p>
<p><code> (op r2 role_id)</code></p>
<p><code> (op t1 type_id)</code></p>
<p><code> (op t2 type_id)</code></p>
<p>where:</p>
<p><code> u1, r1, t1, l1, h1 = Source context: user, role, type, low level or high level</code></p>
<p><code> u2, r2, t2, l2, h2 = Target context: user, role, type, low level or high level</code></p>
<p>and:</p>
<p><code> op : eq neq</code></p>
<p><code> mls_role_op : eq neq dom domby incomp</code></p>
<p><code> user_id : A single user or userattribute identifier.</code></p>
<p><code> role_id : A single role or roleattribute identifier.</code></p>
<p><code> type_id : A single type, typealias or typeattribute identifier.</code></p></td>
</tr>
<tr class="even">
<td align="left"><p><code>expr</code></p></td>
<td align="left"><p>Zero or more <code>expr</code>'s, the valid operators and syntax are:</p>
<p><code> (and expression expression)</code></p>
<p><code> (or expression expression)</code></p>
<p><code> (not expression)</code></p></td>
</tr>
</tbody>
</table>
**Example:**
An MLS constrain statement with the equivalent kernel policy language statement:
Revert "Revert "Merge remote-tracking branch 'aosp/upstream-mast..." Revert^2 "Use cil_write_build_ast" bde09de39feec91cf8220f0f798a6e52154d69e9 Change-Id: I3ab19bda9c1968409ad5a4f4d0866649036c683c
2021-10-27 06:50:56 +02:00
```secil
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 21:13:27 +01:00
;; mlsconstrain { file } { open }
;; (( l1 eq l2 ) and ( u1 == u2 ) or ( r1 != r2 ));
(mlsconstrain (file (open))
(or
(and
(eq l1 l2)
(eq u1 u2)
)
(neq r1 r2)
)
)
Revert "Revert "Merge remote-tracking branch 'aosp/upstream-mast..." Revert^2 "Use cil_write_build_ast" bde09de39feec91cf8220f0f798a6e52154d69e9 Change-Id: I3ab19bda9c1968409ad5a4f4d0866649036c683c
2021-10-27 06:50:56 +02:00
```
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 21:13:27 +01:00
mlsvalidatetrans
----------------
The [`mlsvalidatetrans`](cil_constraint_statements.md#mlsvalidatetrans) statement is only used for `file` related object classes where it is used to control the ability to change the objects security context based on old, new and the current process security context.
**Statement definition:**
Revert "Revert "Merge remote-tracking branch 'aosp/upstream-mast..." Revert^2 "Use cil_write_build_ast" bde09de39feec91cf8220f0f798a6e52154d69e9 Change-Id: I3ab19bda9c1968409ad5a4f4d0866649036c683c
2021-10-27 06:50:56 +02:00
```secil
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 21:13:27 +01:00
(mlsvalidatetrans class_id expression | expr ...)
Revert "Revert "Merge remote-tracking branch 'aosp/upstream-mast..." Revert^2 "Use cil_write_build_ast" bde09de39feec91cf8220f0f798a6e52154d69e9 Change-Id: I3ab19bda9c1968409ad5a4f4d0866649036c683c
2021-10-27 06:50:56 +02:00
```
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 21:13:27 +01:00
**Where:**
<table>
<colgroup>
<col width="25%" />
<col width="75%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><code>mlsvalidatetrans</code></p></td>
<td align="left"><p>The <code>mlsvalidatetrans</code> keyword.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code>class_id</code></p></td>
<td align="left"><p>A single previously declared <code>class</code> or <code>classmap</code> identifier.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><code>expression</code></p></td>
<td align="left"><p>There must be one constraint <code>expression</code> or one or more <code>expr</code>'s. The expression consists of an operator and two operands as follows:</p>
<p><code> (op u1 u2)</code></p>
<p><code> (mls_role_op r1 r2)</code></p>
<p><code> (op t1 t2)</code></p>
<p><code> (mls_role_op l1 l2)</code></p>
<p><code> (mls_role_op l1 h2)</code></p>
<p><code> (mls_role_op h1 l2)</code></p>
<p><code> (mls_role_op h1 h2)</code></p>
<p><code> (mls_role_op l1 h1)</code></p>
<p><code> (mls_role_op l2 h2)</code></p>
<p><code> (op u1 user_id)</code></p>
<p><code> (op u2 user_id)</code></p>
<p><code> (op u3 user_id)</code></p>
<p><code> (op r1 role_id)</code></p>
<p><code> (op r2 role_id)</code></p>
<p><code> (op r3 role_id)</code></p>
<p><code> (op t1 type_id)</code></p>
<p><code> (op t2 type_id)</code></p>
<p><code> (op t3 type_id)</code></p>
<p>where:</p>
<p><code> u1, r1, t1, l1, h1 = Source context: user, role, type, low level or high level</code></p>
<p><code> u2, r2, t2, l2, h2 = Target context: user, role, type, low level or high level</code></p>
<p><code> u3, r3, t3 = Process context: user, role or type</code></p>
<p>and:</p>
<p><code> op : eq neq</code></p>
<p><code> mls_role_op : eq neq dom domby incomp</code></p>
<p><code> user_id : A single user or userattribute identifier.</code></p>
<p><code> role_id : A single role or roleattribute identifier.</code></p>
<p><code> type_id : A single type, typealias or typeattribute identifier.</code></p></td>
</tr>
<tr class="even">
<td align="left"><p><code>expr</code></p></td>
<td align="left"><p>Zero or more <code>expr</code>'s, the valid operators and syntax are:</p>
<p><code> (and expression expression)</code></p>
<p><code> (or expression expression)</code></p>
<p><code> (not expression)</code></p></td>
</tr>
</tbody>
</table>
**Example:**
An MLS validate transition statement with the equivalent kernel policy language statement:
Revert "Revert "Merge remote-tracking branch 'aosp/upstream-mast..." Revert^2 "Use cil_write_build_ast" bde09de39feec91cf8220f0f798a6e52154d69e9 Change-Id: I3ab19bda9c1968409ad5a4f4d0866649036c683c
2021-10-27 06:50:56 +02:00
```secil
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 21:13:27 +01:00
;; mlsvalidatetrans { file } ( l1 domby h2 );
(mlsvalidatetrans file (domby l1 h2))
Revert "Revert "Merge remote-tracking branch 'aosp/upstream-mast..." Revert^2 "Use cil_write_build_ast" bde09de39feec91cf8220f0f798a6e52154d69e9 Change-Id: I3ab19bda9c1968409ad5a4f4d0866649036c683c
2021-10-27 06:50:56 +02:00
```
Reference in a new issue Copy permalink