Selinux grammar

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
Line 14: Line 14:
  
 
Any item in [ square brackets ] is an optional item. Items with a * after them
 
Any item in [ square brackets ] is an optional item. Items with a * after them
can be repeated zero or more times. Parenthesis are used to group items that can
+
can be repeated zero or more times. Items with a + after them can be repeated
 +
one or more times. Parenthesis are used to group items that can
 
be repeated.
 
be repeated.
  
 
A file must contain either a ''base_policy'' or a ''module_policy''.
 
A file must contain either a ''base_policy'' or a ''module_policy''.
  
''module_policy'' = '''module''' '''''<identifier>''''' '''''<version_identifier>''''' '';''  ''next''
+
''module_policy'' = '''module''' '''''<identifier>''''' '''''<version_identifier>''''' '';''  ''avrule_decl''+ user_def*

Revision as of 13:04, 17 October 2008

This is my attempt at documenting the policy grammar that is accepted by checkpolicy.

Comments start with a # character and continue to the end of the line.

Keywords can be in all uppercase or all lowercase.

Convention followed in this document: Italics are used for syntax categories. Items in bold are literal, they must appear in the policy file exactly as written. Items in bold italics are used for things that can be replaced by some user specified text. They will also be surrounded with < and > signs to make them clearly different from keywords.

Any item in [ square brackets ] is an optional item. Items with a * after them can be repeated zero or more times. Items with a + after them can be repeated one or more times. Parenthesis are used to group items that can be repeated.

A file must contain either a base_policy or a module_policy.

module_policy = module <identifier> <version_identifier> ; avrule_decl+ user_def*