New upstream version 3.1
Laurent Bigonville
3 years ago
6 | 6 |
docs/html
|
7 | 7 |
docs/pdf
|
8 | 8 |
docs/tmp
|
|
9 |
opt-actual.bin
|
|
10 |
opt-actual.cil
|
12 | 12 |
SECILC_MANPAGE = secilc.8
|
13 | 13 |
SECIL2CONF_MANPAGE = secil2conf.8
|
14 | 14 |
XMLTO = xmlto
|
|
15 |
DIFF = diff
|
|
16 |
|
|
17 |
CHECKPOLICY = checkpolicy
|
|
18 |
POL_VERS = $(shell $(CHECKPOLICY) -V | cut -f 1 -d ' ')
|
15 | 19 |
|
16 | 20 |
CFLAGS ?= -Wall -Wshadow -Wextra -Wundef -Wmissing-format-attribute -Wcast-align -Wstrict-prototypes -Wpointer-arith -Wunused
|
17 | 21 |
|
|
25 | 29 |
|
26 | 30 |
test: $(SECILC)
|
27 | 31 |
./$(SECILC) test/policy.cil
|
|
32 |
./$(SECILC) -c $(POL_VERS) -O -M 1 -f /dev/null -o opt-actual.bin test/opt-input.cil
|
|
33 |
$(CHECKPOLICY) -b -C -M -o opt-actual.cil opt-actual.bin >/dev/null
|
|
34 |
$(DIFF) test/opt-expected.cil opt-actual.cil
|
28 | 35 |
|
29 | 36 |
$(SECIL2CONF): $(SECIL2CONF_OBJS)
|
30 | 37 |
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ $(LDLIBS)
|
|
57 | 64 |
rm -f file_contexts
|
58 | 65 |
rm -f $(SECILC_MANPAGE)
|
59 | 66 |
rm -f $(SECIL2CONF_MANPAGE)
|
|
67 |
rm -f opt-actual.cil
|
|
68 |
rm -f opt-actual.bin
|
60 | 69 |
$(MAKE) -C docs clean
|
61 | 70 |
|
62 | 71 |
relabel:
|
0 | |
CWD ?= $(shell pwd)
|
1 | |
HTMLDIR ?= $(CWD)/html
|
2 | |
PDFDIR ?= $(CWD)/pdf
|
3 | |
TMPDIR ?= $(CWD)/tmp
|
4 | |
TESTDIR ?= $(CWD)/../test
|
|
0 |
CWD = $(shell pwd)
|
|
1 |
HTMLDIR = $(CWD)/html
|
|
2 |
PDFDIR = $(CWD)/pdf
|
|
3 |
TMPDIR = $(CWD)/tmp
|
|
4 |
TESTDIR = $(CWD)/../test
|
5 | 5 |
|
6 | 6 |
# All the markdown files that make up the guide:
|
7 | 7 |
FILE_LIST ?= cil_introduction.md \
|
|
0 |
(handleunknown deny)
|
|
1 |
(class cl01 (p01a p01b p11a p11b))
|
|
2 |
(classorder (cl01))
|
|
3 |
(sid kernel)
|
|
4 |
(sidorder (kernel))
|
|
5 |
(mls true)
|
|
6 |
(sensitivity s01)
|
|
7 |
(sensitivityorder (s01))
|
|
8 |
(category c01)
|
|
9 |
(categoryorder (c01))
|
|
10 |
(sensitivitycategory s01 (c01))
|
|
11 |
(typeattribute at01)
|
|
12 |
(typeattribute at02)
|
|
13 |
(boolean b01 false)
|
|
14 |
(type tp01)
|
|
15 |
(type tp02)
|
|
16 |
(type tp04)
|
|
17 |
(type tpr1)
|
|
18 |
(type tpr2)
|
|
19 |
(type tpr3)
|
|
20 |
(type tpr4)
|
|
21 |
(type tpr5)
|
|
22 |
(typeattributeset at01 (tp01))
|
|
23 |
(typeattributeset at02 (tp01 tp02))
|
|
24 |
(allow at02 tpr1 (cl01 (p01a p01b p11a)))
|
|
25 |
(allow at02 tpr3 (cl01 (p01a p01b p11a)))
|
|
26 |
(allow tp01 at01 (cl01 (p11b)))
|
|
27 |
(allow tp01 self (cl01 (p01a p01b p11a)))
|
|
28 |
(allow tp01 tpr1 (cl01 (p11b)))
|
|
29 |
(dontaudit at02 tpr2 (cl01 (p01a p01b p11a)))
|
|
30 |
(dontaudit at02 tpr4 (cl01 (p01a p01b p11a)))
|
|
31 |
(dontaudit tp01 tpr2 (cl01 (p11b)))
|
|
32 |
(booleanif b01
|
|
33 |
(true
|
|
34 |
(allow tp01 tpr3 (cl01 (p11b)))
|
|
35 |
(allow tp01 tpr5 (cl01 (p01a p01b p11a p11b)))
|
|
36 |
(allow tp02 tpr5 (cl01 (p01a p11a)))
|
|
37 |
(dontaudit tp01 tpr4 (cl01 (p11b)))
|
|
38 |
)
|
|
39 |
(false
|
|
40 |
(allow at02 tpr5 (cl01 (p01a p01b p11a)))
|
|
41 |
)
|
|
42 |
)
|
|
43 |
(role object_r)
|
|
44 |
(role rl01)
|
|
45 |
(roletype rl01 tp01)
|
|
46 |
(roletype object_r tp01)
|
|
47 |
(roletype object_r tp02)
|
|
48 |
(roletype object_r tp04)
|
|
49 |
(roletype object_r tpr1)
|
|
50 |
(roletype object_r tpr2)
|
|
51 |
(roletype object_r tpr3)
|
|
52 |
(roletype object_r tpr4)
|
|
53 |
(roletype object_r tpr5)
|
|
54 |
(user us01)
|
|
55 |
(userrole us01 object_r)
|
|
56 |
(userrole us01 rl01)
|
|
57 |
(userlevel us01 (s01))
|
|
58 |
(userrange us01 ((s01) (s01)))
|
|
59 |
(sidcontext kernel (us01 rl01 tp01 ((s01) (s01))))
|
|
0 |
(handleunknown deny)
|
|
1 |
(class cl01 (p01a p01b p11a p11b))
|
|
2 |
(classorder (cl01))
|
|
3 |
(sid kernel)
|
|
4 |
(sidorder (kernel))
|
|
5 |
(mls true)
|
|
6 |
(sensitivity s01)
|
|
7 |
(sensitivityorder (s01))
|
|
8 |
(category c01)
|
|
9 |
(categoryorder (c01))
|
|
10 |
(sensitivitycategory s01 (c01))
|
|
11 |
(typeattribute at01)
|
|
12 |
(typeattribute at02)
|
|
13 |
(boolean b01 false)
|
|
14 |
(type tp01)
|
|
15 |
(type tp02)
|
|
16 |
(type tp04)
|
|
17 |
(type tpr1)
|
|
18 |
(type tpr2)
|
|
19 |
(type tpr3)
|
|
20 |
(type tpr4)
|
|
21 |
(type tpr5)
|
|
22 |
(typeattributeset at01 (tp01))
|
|
23 |
(typeattributeset at02 (tp01 tp02))
|
|
24 |
(allow at02 tpr1 (cl01 (p11a p01a p01b)))
|
|
25 |
(allow at02 tpr3 (cl01 (p11a p01a p01b)))
|
|
26 |
(allow tp01 at01 (cl01 (p11b)))
|
|
27 |
(allow tp01 self (cl01 (p11a p01a)))
|
|
28 |
(allow tp01 tp01 (cl01 (p01b)))
|
|
29 |
(allow tp01 tpr1 (cl01 (p11a p11b p01a p01b)))
|
|
30 |
(allow tp02 tpr1 (cl01 (p11a p01a)))
|
|
31 |
(dontaudit at02 tpr2 (cl01 (p11a p01a p01b)))
|
|
32 |
(dontaudit at02 tpr4 (cl01 (p11a p01a p01b)))
|
|
33 |
(dontaudit tp01 tpr2 (cl01 (p11a p11b p01a p01b)))
|
|
34 |
(dontaudit tp02 tpr2 (cl01 (p11a p01a)))
|
|
35 |
(booleanif (b01)
|
|
36 |
(true
|
|
37 |
(allow tp01 tpr3 (cl01 (p11a p11b p01a p01b)))
|
|
38 |
(allow tp01 tpr5 (cl01 (p11a p11b p01a p01b)))
|
|
39 |
(allow tp02 tpr3 (cl01 (p11a p01a)))
|
|
40 |
(allow tp02 tpr5 (cl01 (p11a p01a)))
|
|
41 |
(dontaudit tp01 tpr4 (cl01 (p11a p11b p01a p01b)))
|
|
42 |
(dontaudit tp02 tpr4 (cl01 (p11a p01a)))
|
|
43 |
)
|
|
44 |
(false
|
|
45 |
(allow at02 tpr5 (cl01 (p11a p01a p01b)))
|
|
46 |
)
|
|
47 |
)
|
|
48 |
(role object_r)
|
|
49 |
(role rl01)
|
|
50 |
(roletype rl01 tp01)
|
|
51 |
(roletype object_r tp01)
|
|
52 |
(roletype object_r tp02)
|
|
53 |
(roletype object_r tp04)
|
|
54 |
(roletype object_r tpr1)
|
|
55 |
(roletype object_r tpr2)
|
|
56 |
(roletype object_r tpr3)
|
|
57 |
(roletype object_r tpr4)
|
|
58 |
(roletype object_r tpr5)
|
|
59 |
(user us01)
|
|
60 |
(userrole us01 object_r)
|
|
61 |
(userrole us01 rl01)
|
|
62 |
(userlevel us01 (s01))
|
|
63 |
(userrange us01 ((s01) (s01)))
|
|
64 |
(sidcontext kernel (us01 rl01 tp01 ((s01) (s01))))
|