vasilito/RedBear-OS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
923091b4ab810215cdf43e7bbde4e10608962e7e
RedBear-OS/local/recipes/kde/kf6-syntaxhighlighting/source/autotests/html/test.cil.dark.html
T

169 lines
35 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>test.cil</title>
<meta name="generator" content="KF5::SyntaxHighlighting - Definition (SELinux CIL Policy) - Theme (Breeze Dark)"/>
</head><body style="background-color:#232629;color:#cfcfc2"><pre>
<span style="color:#7a7c7d">;; SELinux CIL Policy Example</span>
<span style="color:#7a7c7d">;; </span><span style="color:#81ca2d;background-color:#4d1f24;font-weight:bold">NOTE</span><span style="color:#7a7c7d">: This file is not functional, but</span>
<span style="color:#7a7c7d">;; is designed to test syntax highlighting.</span>
<span style="color:#7a7c7d">; Brackets colors</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#ff8800;font-weight:bold">(</span><span style="color:#888800;font-weight:bold">(</span><span style="color:#009400;font-weight:bold">(</span><span style="color:#3689e6;font-weight:bold">(</span><span style="color:#a56de2;font-weight:bold">(</span><span style="color:#c6262e;font-weight:bold">(</span><span style="color:#ff8800;font-weight:bold">(</span><span style="color:#888800;font-weight:bold">(</span><span style="color:#009400;font-weight:bold">(</span><span style="color:#3689e6;font-weight:bold">(</span><span style="color:#a56de2;font-weight:bold">(</span><span style="color:#c6262e;font-weight:bold">(</span> <span style="color:#c6262e;font-weight:bold">)</span><span style="color:#a56de2;font-weight:bold">)</span><span style="color:#3689e6;font-weight:bold">)</span><span style="color:#009400;font-weight:bold">)</span><span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span><span style="color:#a56de2;font-weight:bold">)</span><span style="color:#3689e6;font-weight:bold">)</span><span style="color:#009400;font-weight:bold">)</span><span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span> <span style="color:#da4453;text-decoration:underline">))</span>
<span style="color:#7a7c7d">; Statements</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#27ae60;font-weight:bold">policycap</span> <span style="color:#27ae60">open_perms</span><span style="color:#c6262e;font-weight:bold">)</span> <span style="color:#7a7c7d">; Policy config. statement</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#27ae60;font-weight:bold">mls</span> <span style="color:#0099ff;font-weight:bold">true</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#27ae60;font-weight:bold">handleunknown</span> <span style="color:#da4453;font-weight:bold">allow</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">sid</span> kernel<span style="color:#c6262e;font-weight:bold">)</span> <span style="color:#7a7c7d">; Declaration type statement</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">classpermissionset</span> char_w <span style="color:#ff8800;font-weight:bold">(</span>char <span style="color:#888800;font-weight:bold">(</span><span style="color:#da4453">write</span> <span style="color:#da4453">setattr</span><span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span> <span style="color:#7a7c7d">; Other statements</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">user</span> user<span style="color:#c6262e;font-weight:bold">)</span> <span style="color:#7a7c7d">; Declare identifier 'user' of user type</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">role</span> role<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">type</span> type<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#da4453;font-weight:bold">allow</span> allow<span style="color:#c6262e;font-weight:bold">)</span> <span style="color:#c6262e;font-weight:bold">(</span><span style="color:#0099ff;font-weight:bold">true</span> <span style="color:#0099ff;font-weight:bold">true</span><span style="color:#c6262e;font-weight:bold">)</span> <span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">in</span> in<span style="color:#c6262e;font-weight:bold">)</span> <span style="color:#c6262e;font-weight:bold">(</span><span style="color:#27aeae;font-weight:bold">xor</span> xor<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#7a7c7d">; List of permissions</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">class</span> security <span style="color:#ff8800;font-weight:bold">(</span><span style="color:#da4453">compute_av</span> <span style="color:#da4453">compute_create</span> <span style="color:#da4453">compute_member</span> <span style="color:#da4453">check_context</span> <span style="color:#da4453">load_policy</span> <span style="color:#da4453">compute_relabel</span> <span style="color:#da4453">compute_user</span> <span style="color:#da4453">setenforce</span> <span style="color:#da4453">setbool</span> <span style="color:#da4453">setsecparam</span> <span style="color:#da4453">setcheckreqprot</span> <span style="color:#da4453">read_policy</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#7a7c7d">; Highlighting permissions only if there is not a statement keyword</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">class</span> binder <span style="color:#ff8800;font-weight:bold">(</span><span style="color:#da4453">impersonate</span> <span style="color:#da4453">call</span> <span style="color:#da4453">set_context_mgr</span> <span style="color:#da4453">transfer</span> <span style="color:#da4453">receive</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">class</span> binder <span style="color:#ff8800;font-weight:bold">(</span><span style="font-weight:bold">classcommon</span> impersonate call set_context_mgr transfer receive<span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#da4453">impersonate</span> <span style="color:#da4453">call</span> <span style="color:#da4453">set_context_mgr</span> <span style="color:#da4453">transfer</span> <span style="color:#da4453">receive</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">tunableif</span> impersonate call set_context_mgr transfer receive<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#7a7c7d">; This is allowed by the CIL compiler</span>
<span style="color:#c6262e;font-weight:bold">(</span> <span style="color:#8e44ad;font-weight:bold">typeattribute</span><span style="color:#7a7c7d">;comment</span>
all_fs_type_except_usermodehelper_and_proc_security<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#7a7c7d">;comment</span>
<span style="color:#8e44ad;font-weight:bold">typeattribute</span> all_fs_type_except_usermodehelper_and_proc_security<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span> <span style="color:#7a7c7d">;comment</span>
<span style="color:#7a7c7d">;more comments</span>
<span style="color:#8e44ad;font-weight:bold">typeattribute</span> all_fs_type_except_usermodehelper_and_proc_security<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#7a7c7d">; Paths</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#0099ff;font-weight:bold">true</span> <span style="color:#0099ff;font-weight:bold">true</span> /true <span style="color:#0099ff;font-weight:bold">true</span> /true/true/ <span style="color:#0099ff;font-weight:bold">true</span> <span style="color:#0099ff;font-weight:bold">true</span>/true <span style="color:#f44f4f">"true"</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#7a7c7d">; Global namespace</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#0099ff;font-weight:bold">true</span> <span style="color:#0099ff;font-weight:bold">true</span> .true <span style="color:#0099ff;font-weight:bold">true</span> true.true <span style="color:#0099ff;font-weight:bold">true</span> .true.true true.true.true
.<span style="color:#0099ff;font-weight:bold">true</span>. <span style="color:#0099ff;font-weight:bold">true</span>. <span style="color:#0099ff;font-weight:bold">true</span>.<span style="color:#0099ff;font-weight:bold">true</span>. <span style="color:#7a7c7d">; invalid</span>
<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#7a7c7d">; Keywords in some rules</span>
<span style="color:#7a7c7d">; filecon</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">filecon</span> <span style="color:#f44f4f">"/system/bin/run-as"</span> <span style="color:#2980b9">file</span> runas_exec_context<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">filecon</span> <span style="color:#f44f4f">"/dev/socket/wpa_wlan</span><span style="color:#da4453">[</span><span style="color:#da4453">0-9</span><span style="color:#da4453">]</span><span style="color:#f44f4f">"</span> <span style="color:#2980b9">any</span> <span style="color:#da4453">u</span>:<span style="color:#da4453">object_r</span>:<span style="color:#c45b00">wpa.socket</span>:<span style="color:#da4453">s0</span>-<span style="color:#da4453">s0</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">filecon</span> <span style="color:#f44f4f">"/data/local/mine"</span> <span style="color:#2980b9">dir</span> <span style="color:#ff8800;font-weight:bold">()</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">classcommon</span> file any dir<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span>file any dir<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#7a7c7d">; portcon</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">portcon</span> <span style="color:#2980b9">sctp</span> <span style="color:#f67400">3333</span> <span style="color:#ff8800;font-weight:bold">(</span>unconfined.user <span style="font-style:italic">object_r</span> unconfined.object levelrange_1<span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">portcon</span> <span style="color:#2980b9">udp</span> <span style="color:#f67400">4444</span> <span style="color:#ff8800;font-weight:bold">(</span>unconfined.user <span style="font-style:italic">object_r</span> unconfined.object <span style="color:#888800;font-weight:bold">(</span><span style="color:#009400;font-weight:bold">(</span>s0<span style="color:#009400;font-weight:bold">)</span> level_2<span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">defaultrole</span> tcp udp<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span>tcp udp<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#7a7c7d">; fsuse</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">fsuse</span> <span style="color:#2980b9">xattr</span> <span style="font-style:italic">ext4</span> file.labeledfs_context<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">fsuse</span> <span style="color:#2980b9">task</span> <span style="font-style:italic">pipefs</span> file.pipefs_context<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">fsuse</span> <span style="color:#2980b9">trans</span> <span style="font-style:italic">tmpfs</span> file.tmpfs_context<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">typemember</span> xattr task trans<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span>xattr task trans<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#da4453;font-weight:bold">allow</span> unconfined.process <span style="color:#27ae60">self</span> <span style="color:#ff8800;font-weight:bold">(</span>file <span style="color:#888800;font-weight:bold">(</span><span style="color:#da4453">read</span> <span style="color:#da4453">write</span><span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#da4453;font-weight:bold">allow</span> process httpd.object <span style="color:#ff8800;font-weight:bold">(</span>file <span style="color:#888800;font-weight:bold">(</span><span style="color:#da4453">read</span> <span style="color:#da4453">write</span><span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">defaultrange</span> db_table <span style="font-style:italic">glblub</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#7a7c7d">; Paths</span>
<span style="color:#f44f4f">"/system/</span><span style="color:#da4453">(</span><span style="color:#da4453">foo</span><span style="color:#3f8058">|</span><span style="color:#da4453">bar</span><span style="color:#da4453">)</span><span style="color:#f44f4f">/</span><span style="color:#da4453">[</span><span style="color:#3f8058">^</span><span style="color:#da4453">/</span><span style="color:#da4453">]</span><span style="color:#3daee9">*</span><span style="color:#f44f4f">/</span><span style="color:#da4453">(</span><span style="color:#da4453">hi</span><span style="color:#da4453">){</span><span style="color:#da4453">2</span><span style="color:#3f8058">,</span><span style="color:#da4453">6</span><span style="color:#da4453">}(</span><span style="color:#3daee9">.*</span><span style="color:#da4453">)</span><span style="color:#3daee9">?</span><span style="color:#f44f4f">"</span>
<span style="color:#f44f4f">"/pa</span><span style="color:#3daee9">\12</span><span style="color:#f44f4f">th</span><span style="color:#3daee9">.*</span><span style="color:#f44f4f">a</span><span style="color:#3daee9">+</span><span style="color:#f44f4f">b</span><span style="color:#3daee9">?</span><span style="color:#f44f4f">"</span>
/usr/hi<span style="color:#3daee9">\"</span>esc<span style="color:#3daee9">\032</span>esc<span style="color:#3daee9">\*</span>3es<span style="color:#da4453">{</span><span style="color:#da4453">2</span><span style="color:#3f8058">,</span><span style="color:#da4453">2</span><span style="color:#da4453">}</span>ds
<span style="color:#f44f4f">"/data/</span><span style="color:#da4453">(</span><span style="color:#da4453">ope</span><span style="color:#da4453;text-decoration:underline">n</span><span style="color:#da4453"> </span><span style="color:#f44f4f">"</span>
<span style="color:#f44f4f">"/data/</span><span style="color:#da4453">[</span><span style="color:#da4453">ope</span><span style="color:#da4453;text-decoration:underline">n</span><span style="color:#da4453"> </span><span style="color:#f44f4f">"</span>
<span style="color:#7a7c7d">; Some rules</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">call</span> macro1<span style="color:#ff8800;font-weight:bold">(</span><span style="color:#f44f4f">"__kmsg__"</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">macro</span> macro1 <span style="color:#ff8800;font-weight:bold">(</span><span style="color:#888800;font-weight:bold">(</span><span style="color:#2980b9;font-weight:bold">string</span> ARG1<span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span>
<span style="color:#ff8800;font-weight:bold">(</span><span style="font-weight:bold">typetransition</span> audit.process device.device chr_file ARG1 device.klog_device<span style="color:#ff8800;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#da4453;font-weight:bold">allow</span> unconfined.process <span style="color:#27ae60">self</span> <span style="color:#ff8800;font-weight:bold">(</span>file <span style="color:#888800;font-weight:bold">(</span><span style="color:#da4453">read</span> <span style="color:#da4453">write</span><span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#da4453;font-weight:bold">auditallow</span> release_app.process secmark_demo.browser_packet <span style="color:#ff8800;font-weight:bold">(</span>packet <span style="color:#888800;font-weight:bold">(</span><span style="color:#da4453">send</span> <span style="color:#da4453">recv</span><span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#da4453;font-weight:bold">allowx</span> type_1 type_2 <span style="color:#ff8800;font-weight:bold">(</span><span style="color:#2980b9;font-weight:bold">ioctl</span> tcp_socket <span style="color:#888800;font-weight:bold">(</span><span style="color:#27aeae;font-weight:bold">range</span> <span style="color:#f67400">0x2000</span> <span style="color:#f67400">0x20FF</span><span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">permissionx</span> ioctl_nodebug <span style="color:#ff8800;font-weight:bold">(</span><span style="color:#2980b9;font-weight:bold">ioctl</span> udp_socket <span style="color:#888800;font-weight:bold">(</span><span style="color:#27aeae;font-weight:bold">not</span> <span style="color:#009400;font-weight:bold">(</span><span style="color:#27aeae;font-weight:bold">range</span> <span style="color:#f67400">0x4000</span> <span style="color:#f67400">0x4010</span><span style="color:#009400;font-weight:bold">)</span><span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#da4453;font-weight:bold">allowx</span> type_3 type_4 ioctl_nodebug<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#da4453;font-weight:bold">dontauditx</span> type_1 type_2 <span style="color:#ff8800;font-weight:bold">(</span><span style="color:#2980b9;font-weight:bold">ioctl</span> tcp_socket <span style="color:#888800;font-weight:bold">(</span><span style="color:#27aeae;font-weight:bold">range</span> <span style="color:#f67400">0x3000</span> <span style="color:#f67400">0x30FF</span><span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">class</span> property_service <span style="color:#ff8800;font-weight:bold">(</span><span style="color:#da4453;font-style:italic">set</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">block</span> av_rules
<span style="color:#ff8800;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">type</span> type_1<span style="color:#ff8800;font-weight:bold">)</span>
<span style="color:#ff8800;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">type</span> type_2<span style="color:#ff8800;font-weight:bold">)</span>
<span style="color:#ff8800;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">typeattribute</span> all_types<span style="color:#ff8800;font-weight:bold">)</span>
<span style="color:#ff8800;font-weight:bold">(</span><span style="font-weight:bold">typeattributeset</span> all_types <span style="color:#888800;font-weight:bold">(</span><span style="color:#009400;font-weight:bold">(</span><span style="color:#27aeae;font-weight:bold">all</span><span style="color:#009400;font-weight:bold">)</span><span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span>
<span style="color:#ff8800;font-weight:bold">(</span><span style="color:#da4453;font-weight:bold">neverallow</span> type_2 all_types <span style="color:#888800;font-weight:bold">(</span>property_service <span style="color:#009400;font-weight:bold">(</span><span style="color:#da4453;font-style:italic">set</span><span style="color:#009400;font-weight:bold">)</span><span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">macro</span> binder_call <span style="color:#ff8800;font-weight:bold">(</span><span style="color:#888800;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">type</span> ARG1<span style="color:#888800;font-weight:bold">)</span> <span style="color:#888800;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">type</span> ARG2<span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span>
<span style="color:#ff8800;font-weight:bold">(</span><span style="color:#da4453;font-weight:bold">allow</span> ARG1 ARG2 <span style="color:#888800;font-weight:bold">(</span>binder <span style="color:#009400;font-weight:bold">(</span><span style="color:#da4453">transfer</span> <span style="color:#da4453">call</span><span style="color:#009400;font-weight:bold">)</span><span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">ipaddr</span> netmask_1 <span style="color:#f67400">255.255.255.0</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">class</span> dir<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">class</span> foo<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">class</span> bar<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">class</span> baz<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">classorder</span> <span style="color:#ff8800;font-weight:bold">(</span>dir foo<span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">classorder</span> <span style="color:#ff8800;font-weight:bold">(</span><span style="color:#2980b9;font-weight:bold">unordered</span> bar foo baz<span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">classpermission</span> zygote_2<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">classpermissionset</span> zygote_2 <span style="color:#ff8800;font-weight:bold">(</span>zygote
<span style="color:#888800;font-weight:bold">(</span><span style="color:#27aeae;font-weight:bold">and</span>
<span style="color:#009400;font-weight:bold">(</span><span style="color:#27aeae;font-weight:bold">all</span><span style="color:#009400;font-weight:bold">)</span>
<span style="color:#009400;font-weight:bold">(</span><span style="color:#27aeae;font-weight:bold">not</span> <span style="color:#3689e6;font-weight:bold">(</span>specifyinvokewith specifyseinfo<span style="color:#3689e6;font-weight:bold">)</span><span style="color:#009400;font-weight:bold">)</span>
<span style="color:#888800;font-weight:bold">)</span>
<span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">permissionx</span> ioctl_3 <span style="color:#ff8800;font-weight:bold">(</span><span style="color:#2980b9;font-weight:bold">ioctl</span> tcp_socket <span style="color:#888800;font-weight:bold">(</span><span style="color:#27aeae;font-weight:bold">and</span> <span style="color:#009400;font-weight:bold">(</span><span style="color:#27aeae;font-weight:bold">range</span> <span style="color:#f67400">0x8000</span> <span style="color:#f67400">0x90FF</span><span style="color:#009400;font-weight:bold">)</span> <span style="color:#009400;font-weight:bold">(</span><span style="color:#27aeae;font-weight:bold">not</span> <span style="color:#3689e6;font-weight:bold">(</span><span style="color:#27aeae;font-weight:bold">range</span> <span style="color:#f67400">0x8100</span> <span style="color:#f67400">0x82FF</span><span style="color:#3689e6;font-weight:bold">)</span><span style="color:#009400;font-weight:bold">)</span><span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">boolean</span> disableAudioCapture <span style="color:#0099ff;font-weight:bold">false</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">booleanif</span> <span style="color:#ff8800;font-weight:bold">(</span><span style="color:#27aeae;font-weight:bold">and</span> <span style="color:#888800;font-weight:bold">(</span><span style="color:#27aeae;font-weight:bold">not</span> disableAudio<span style="color:#888800;font-weight:bold">)</span> <span style="color:#888800;font-weight:bold">(</span><span style="color:#27aeae;font-weight:bold">not</span> disableAudioCapture<span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span>
<span style="color:#ff8800;font-weight:bold">(</span><span style="color:#0099ff;font-weight:bold">true</span>
<span style="color:#888800;font-weight:bold">(</span><span style="color:#da4453;font-weight:bold">allow</span> process mediaserver.audio_capture_device <span style="color:#009400;font-weight:bold">(</span>chr_file_set <span style="color:#3689e6;font-weight:bold">(</span>rw_file_perms<span style="color:#3689e6;font-weight:bold">)</span><span style="color:#009400;font-weight:bold">)</span><span style="color:#888800;font-weight:bold">)</span>
<span style="color:#ff8800;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">tunable</span> range_trans_rule <span style="color:#0099ff;font-weight:bold">false</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">block</span> init
<span style="color:#ff8800;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">class</span> process <span style="color:#888800;font-weight:bold">(</span>process<span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span>
<span style="color:#ff8800;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">type</span> process<span style="color:#ff8800;font-weight:bold">)</span>
<span style="color:#ff8800;font-weight:bold">(</span><span style="font-weight:bold">tunableif</span> range_trans_rule
<span style="color:#888800;font-weight:bold">(</span><span style="color:#0099ff;font-weight:bold">true</span>
<span style="color:#009400;font-weight:bold">(</span><span style="font-weight:bold">rangetransition</span> process sshd.exec process low_high<span style="color:#009400;font-weight:bold">)</span><span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">validatetrans</span> file <span style="color:#ff8800;font-weight:bold">(</span><span style="color:#27aeae;font-weight:bold">eq</span> <span style="font-style:italic">t1</span> unconfined.process<span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">block</span> ext_gateway
<span style="color:#ff8800;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">optional</span> move_file
<span style="color:#888800;font-weight:bold">(</span><span style="font-weight:bold">typetransition</span> process msg_filter.move_file.in_queue file msg_filter.move_file.in_file<span style="color:#888800;font-weight:bold">)</span>
<span style="color:#888800;font-weight:bold">(</span><span style="color:#da4453;font-weight:bold">allow</span> process msg_filter.move_file.in_queue <span style="color:#009400;font-weight:bold">(</span>dir <span style="color:#3689e6;font-weight:bold">(</span><span style="color:#da4453">read</span> <span style="color:#da4453">getattr</span> <span style="color:#da4453">write</span> <span style="color:#da4453">search</span> <span style="color:#da4453">add_name</span><span style="color:#3689e6;font-weight:bold">)</span><span style="color:#009400;font-weight:bold">)</span><span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#8e44ad;font-weight:bold">context</span> runas_exec_context <span style="color:#ff8800;font-weight:bold">(</span>u <span style="font-style:italic">object_r</span> exec low_low<span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">filecon</span> <span style="color:#f44f4f">"/system/bin/run-as"</span> <span style="color:#2980b9">file</span> runas_exec_context<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">in</span> file
<span style="color:#ff8800;font-weight:bold">(</span><span style="font-weight:bold">genfscon</span> <span style="font-style:italic">rootfs</span> / rootfs_context<span style="color:#ff8800;font-weight:bold">)</span>
<span style="color:#ff8800;font-weight:bold">(</span><span style="font-weight:bold">genfscon</span> <span style="font-style:italic">selinuxfs</span> / selinuxfs_context<span style="color:#ff8800;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#7a7c7d">; ioctl &amp; call: due to the way in which the highlighter treats the parenthesis blocks</span>
<span style="color:#7a7c7d">; (each level of different color), it is not possible to differentiate between statement and permission.</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#da4453;font-weight:bold">allowx</span> x bin_t <span style="color:#ff8800;font-weight:bold">(</span><span style="color:#2980b9;font-weight:bold">ioctl</span> policy.file <span style="color:#888800;font-weight:bold">(</span><span style="color:#27aeae;font-weight:bold">range</span> <span style="color:#f67400">0x1000</span> <span style="color:#f67400">0x11FF</span><span style="color:#888800;font-weight:bold">)</span><span style="color:#ff8800;font-weight:bold">)</span><span style="color:#c6262e;font-weight:bold">)</span> <span style="color:#7a7c7d">; ioctl kind</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#2980b9;font-weight:bold">ioctl</span> <span style="color:#da4453">read</span>
<span style="color:#da4453;font-style:italic">find</span> <span style="color:#da4453">connectto</span><span style="color:#c6262e;font-weight:bold">)</span> <span style="color:#7a7c7d">; kind or permission?</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#da4453">ioctl</span> <span style="color:#da4453">read</span> <span style="color:#da4453;font-style:italic">find</span> <span style="color:#da4453">connectto</span><span style="color:#c6262e;font-weight:bold">)</span> <span style="color:#7a7c7d">; ioctl permission</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="color:#da4453">ioctl</span> <span style="color:#da4453">read</span> <span style="color:#c6262e;font-weight:bold">)</span>
<span style="color:#c6262e;font-weight:bold">(</span><span style="font-weight:bold">call</span> <span style="color:#da4453">ioctl</span> <span style="color:#da4453">read</span> <span style="color:#da4453;font-style:italic">find</span> <span style="color:#da4453">connectto</span><span style="color:#c6262e;font-weight:bold">)</span> <span style="color:#7a7c7d">; statement or permission?</span>
<span style="color:#c6262e;font-weight:bold">(</span> <span style="color:#da4453">call</span> <span style="color:#c6262e;font-weight:bold">)</span> <span style="color:#7a7c7d">; call permission</span>
</pre></body></html>
Reference in New Issue View Git Blame Copy Permalink