Selinux grammar

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
Line 20: Line 20:
 
A file must contain either a ''base_policy'' or a ''module_policy''.
 
A file must contain either a ''base_policy'' or a ''module_policy''.
  
''module_policy'' = '''module''' '''''<identifier>''''' '''''<version_identifier>''''' '';''  ''avrule_decl''+ user_def*
+
''module_policy'' = '''module''' '''''<identifier>''''' '''''<version_identifier>''''' ''';'''  ''avrule_decl''+ user_def*
  
 
''avrule_decl'' = ''rbac_decl'' | ''te_decl'' | ''cond_stmt_decl'' |  ''require_block'' | ''optional_block'' | ''';'''
 
''avrule_decl'' = ''rbac_decl'' | ''te_decl'' | ''cond_stmt_decl'' |  ''require_block'' | ''optional_block'' | ''';'''
 +
 +
''rbac_decl'' = ''role_type_def'' | ''role_dominance'' | ''role_trans_def'' | ''role_allow_def''

Revision as of 13:23, 17 October 2008

This is my attempt at documenting the policy grammar that is accepted by checkpolicy.

Comments start with a # character and continue to the end of the line.

Keywords can be in all uppercase or all lowercase.

Convention followed in this document: Italics are used for syntax categories. Items in bold are literal, they must appear in the policy file exactly as written. Items in bold italics are used for things that can be replaced by some user specified text. They will also be surrounded with < and > signs to make them clearly different from keywords.

Any item in [ square brackets ] is an optional item. Items with a * after them can be repeated zero or more times. Items with a + after them can be repeated one or more times. Parenthesis are used to group items that can be repeated. Vertical lines | are used to indicate alternatives.

A file must contain either a base_policy or a module_policy.

module_policy = module <identifier> <version_identifier> ; avrule_decl+ user_def*

avrule_decl = rbac_decl | te_decl | cond_stmt_decl | require_block | optional_block | ;

rbac_decl = role_type_def | role_dominance | role_trans_def | role_allow_def