File: test.cil.ref

package info (click to toggle)
kf6-syntax-highlighting 6.13.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 47,568 kB
  • sloc: xml: 197,750; cpp: 12,850; python: 3,023; sh: 955; perl: 546; ruby: 488; pascal: 393; javascript: 161; php: 150; jsp: 132; lisp: 131; haskell: 124; ada: 119; ansic: 107; makefile: 96; f90: 94; ml: 85; cobol: 81; yacc: 71; csh: 62; erlang: 54; sql: 51; java: 47; objc: 37; awk: 31; asm: 30; tcl: 29; fortran: 18; cs: 10
file content (161 lines) | stat: -rw-r--r-- 36,343 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
 
<Comment>;; SELinux CIL Policy Example</Comment><br/>
<Normal Text></Normal Text><br/>
<Comment>;; </Comment><Alert Level 3>NOTE</Alert Level 3><Comment>: This file is not functional, but</Comment><br/>
<Comment>;; is designed to test syntax highlighting.</Comment><br/>
<Normal Text></Normal Text><br/>
<Comment>; Brackets colors</Comment><br/>
<Brackets Level 1>(</Brackets Level 1><Brackets Level 2>(</Brackets Level 2><Brackets Level 3>(</Brackets Level 3><Brackets Level 4>(</Brackets Level 4><Brackets Level 5>(</Brackets Level 5><Brackets Level 6>(</Brackets Level 6><Brackets Level 1>(</Brackets Level 1><Brackets Level 2>(</Brackets Level 2><Brackets Level 3>(</Brackets Level 3><Brackets Level 4>(</Brackets Level 4><Brackets Level 5>(</Brackets Level 5><Brackets Level 6>(</Brackets Level 6><Brackets Level 1>(</Brackets Level 1><Normal Text> </Normal Text><Brackets Level 1>)</Brackets Level 1><Brackets Level 6>)</Brackets Level 6><Brackets Level 5>)</Brackets Level 5><Brackets Level 4>)</Brackets Level 4><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><Brackets Level 6>)</Brackets Level 6><Brackets Level 5>)</Brackets Level 5><Brackets Level 4>)</Brackets Level 4><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><Normal Text> </Normal Text><Error>))</Error><br/>
<Normal Text></Normal Text><br/>
<Comment>; Statements</Comment><br/>
<Brackets Level 1>(</Brackets Level 1><Policy Config. Statements>policycap</Policy Config. Statements><Normal Text> </Normal Text><Policy Capability>open_perms</Policy Capability><Brackets Level 1>)</Brackets Level 1><Normal Text>  </Normal Text><Comment>; Policy config. statement</Comment><br/>
<Brackets Level 1>(</Brackets Level 1><Policy Config. Statements>mls</Policy Config. Statements><Normal Text> </Normal Text><Booleans>true</Booleans><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Policy Config. Statements>handleunknown</Policy Config. Statements><Normal Text> </Normal Text><Access Keys>allow</Access Keys><Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text></Normal Text><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>sid</Type Statements><Normal Text> kernel</Normal Text><Brackets Level 1>)</Brackets Level 1><Normal Text>  </Normal Text><Comment>; Declaration type statement</Comment><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>classpermissionset</Statements><Normal Text> char_w </Normal Text><Brackets Level 2>(</Brackets Level 2><Normal Text>char </Normal Text><Brackets Level 3>(</Brackets Level 3><AV Permissions>write</AV Permissions><Normal Text> </Normal Text><AV Permissions>setattr</AV Permissions><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><Normal Text>  </Normal Text><Comment>; Other statements</Comment><br/>
<Normal Text></Normal Text><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>user</Type Statements><Normal Text> user</Normal Text><Brackets Level 1>)</Brackets Level 1><Normal Text> </Normal Text><Comment>; Declare identifier 'user' of user type</Comment><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>role</Type Statements><Normal Text> role</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>type</Type Statements><Normal Text> type</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Access Keys>allow</Access Keys><Normal Text> allow</Normal Text><Brackets Level 1>)</Brackets Level 1><Normal Text> </Normal Text><Brackets Level 1>(</Brackets Level 1><Booleans>true</Booleans><Normal Text> </Normal Text><Booleans>true</Booleans><Brackets Level 1>)</Brackets Level 1><Normal Text> </Normal Text><Brackets Level 1>(</Brackets Level 1><Statements>in</Statements><Normal Text> in</Normal Text><Brackets Level 1>)</Brackets Level 1><Normal Text> </Normal Text><Brackets Level 1>(</Brackets Level 1><Expression Keys>xor</Expression Keys><Normal Text> xor</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text></Normal Text><br/>
<Comment>; List of permissions</Comment><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>class</Type Statements><Normal Text> security </Normal Text><Brackets Level 2>(</Brackets Level 2><AV Permissions>compute_av</AV Permissions><Normal Text> </Normal Text><AV Permissions>compute_create</AV Permissions><Normal Text> </Normal Text><AV Permissions>compute_member</AV Permissions><Normal Text> </Normal Text><AV Permissions>check_context</AV Permissions><Normal Text> </Normal Text><AV Permissions>load_policy</AV Permissions><Normal Text> </Normal Text><AV Permissions>compute_relabel</AV Permissions><Normal Text> </Normal Text><AV Permissions>compute_user</AV Permissions><Normal Text> </Normal Text><AV Permissions>setenforce</AV Permissions><Normal Text> </Normal Text><AV Permissions>setbool</AV Permissions><Normal Text> </Normal Text><AV Permissions>setsecparam</AV Permissions><Normal Text> </Normal Text><AV Permissions>setcheckreqprot</AV Permissions><Normal Text> </Normal Text><AV Permissions>read_policy</AV Permissions><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text></Normal Text><br/>
<Comment>; Highlighting permissions only if there is not a statement keyword</Comment><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>class</Type Statements><Normal Text> binder </Normal Text><Brackets Level 2>(</Brackets Level 2><AV Permissions>impersonate</AV Permissions><Normal Text> </Normal Text><AV Permissions>call</AV Permissions><Normal Text> </Normal Text><AV Permissions>set_context_mgr</AV Permissions><Normal Text> </Normal Text><AV Permissions>transfer</AV Permissions><Normal Text> </Normal Text><AV Permissions>receive</AV Permissions><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>class</Type Statements><Normal Text> binder </Normal Text><Brackets Level 2>(</Brackets Level 2><Statements>classcommon</Statements><Normal Text> impersonate call set_context_mgr transfer receive</Normal Text><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><AV Permissions>impersonate</AV Permissions><Normal Text> </Normal Text><AV Permissions>call</AV Permissions><Normal Text> </Normal Text><AV Permissions>set_context_mgr</AV Permissions><Normal Text> </Normal Text><AV Permissions>transfer</AV Permissions><Normal Text> </Normal Text><AV Permissions>receive</AV Permissions><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>tunableif</Statements><Normal Text> impersonate call set_context_mgr transfer receive</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text></Normal Text><br/>
<Comment>; This is allowed by the CIL compiler</Comment><br/>
<Brackets Level 1>(</Brackets Level 1><Normal Text> </Normal Text><Type Statements>typeattribute</Type Statements><Comment>;comment</Comment><br/>
<Normal Text>	all_fs_type_except_usermodehelper_and_proc_security</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Comment>;comment</Comment><br/>
<Normal Text>	</Normal Text><Type Statements>typeattribute</Type Statements><Normal Text> all_fs_type_except_usermodehelper_and_proc_security</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Normal Text>  </Normal Text><Comment>;comment</Comment><br/>
<Normal Text> </Normal Text><Comment>;more comments</Comment><br/>
<Normal Text>	</Normal Text><Type Statements>typeattribute</Type Statements><Normal Text> all_fs_type_except_usermodehelper_and_proc_security</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text>	</Normal Text><br/>
<Comment>; Paths</Comment><br/>
<Brackets Level 1>(</Brackets Level 1><Booleans>true</Booleans><Normal Text> </Normal Text><Booleans>true</Booleans><Normal Text> </Normal Text><Path>/true</Path><Normal Text> </Normal Text><Booleans>true</Booleans><Normal Text> </Normal Text><Path>/true/true/</Path><Normal Text> </Normal Text><Booleans>true</Booleans><Normal Text> </Normal Text><Booleans>true</Booleans><Path>/true</Path><Normal Text> </Normal Text><Text Quoted>"true"</Text Quoted><Brackets Level 1>)</Brackets Level 1><br/>
<Comment>; Global namespace</Comment><br/>
<Brackets Level 1>(</Brackets Level 1><Booleans>true</Booleans><Normal Text> </Normal Text><Booleans>true</Booleans><Normal Text> .true </Normal Text><Booleans>true</Booleans><Normal Text> true.true </Normal Text><Booleans>true</Booleans><Normal Text> .true.true true.true.true</Normal Text><br/>
<Normal Text>	.</Normal Text><Booleans>true</Booleans><Normal Text>. </Normal Text><Booleans>true</Booleans><Normal Text>. </Normal Text><Booleans>true</Booleans><Normal Text>.</Normal Text><Booleans>true</Booleans><Normal Text>. </Normal Text><Comment>; invalid</Comment><br/>
<Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text></Normal Text><br/>
<Comment>; Keywords in some rules</Comment><br/>
<Normal Text></Normal Text><br/>
<Comment>; filecon</Comment><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>filecon</Statements><Normal Text> </Normal Text><Text Quoted>"/system/bin/run-as"</Text Quoted><Normal Text> </Normal Text><Types>file</Types><Normal Text> runas_exec_context</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>filecon</Statements><Normal Text> </Normal Text><Text Quoted>"/dev/socket/wpa_wlan</Text Quoted><RegExp Brackets>[</RegExp Brackets><RegExp Brackets Content>0-9</RegExp Brackets Content><RegExp Brackets>]</RegExp Brackets><Text Quoted>"</Text Quoted><Normal Text> </Normal Text><Types>any</Types><Normal Text> </Normal Text><File Contexts>u</File Contexts><Normal Text>:</Normal Text><File Contexts>object_r</File Contexts><Normal Text>:</Normal Text><File Contexts (Type Enforcement)>wpa.socket</File Contexts (Type Enforcement)><Normal Text>:</Normal Text><File Contexts>s0</File Contexts><Normal Text>-</Normal Text><File Contexts>s0</File Contexts><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>filecon</Statements><Normal Text> </Normal Text><Text Quoted>"/data/local/mine"</Text Quoted><Normal Text> </Normal Text><Types>dir</Types><Normal Text> </Normal Text><Brackets Level 2>()</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>classcommon</Statements><Normal Text> file any dir</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Normal Text>file any dir</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Comment>; portcon</Comment><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>portcon</Statements><Normal Text> </Normal Text><Types>sctp</Types><Normal Text> </Normal Text><Number>3333</Number><Normal Text> </Normal Text><Brackets Level 2>(</Brackets Level 2><Normal Text>unconfined.user </Normal Text><Other Keywords>object_r</Other Keywords><Normal Text> unconfined.object levelrange_1</Normal Text><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>portcon</Statements><Normal Text> </Normal Text><Types>udp</Types><Normal Text> </Normal Text><Number>4444</Number><Normal Text> </Normal Text><Brackets Level 2>(</Brackets Level 2><Normal Text>unconfined.user </Normal Text><Other Keywords>object_r</Other Keywords><Normal Text> unconfined.object </Normal Text><Brackets Level 3>(</Brackets Level 3><Brackets Level 4>(</Brackets Level 4><Normal Text>s0</Normal Text><Brackets Level 4>)</Brackets Level 4><Normal Text> level_2</Normal Text><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>defaultrole</Statements><Normal Text> tcp udp</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Normal Text>tcp udp</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Comment>; fsuse</Comment><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>fsuse</Statements><Normal Text> </Normal Text><Types>xattr</Types><Normal Text> </Normal Text><Filesystem>ext4</Filesystem><Normal Text> file.labeledfs_context</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>fsuse</Statements><Normal Text> </Normal Text><Types>task</Types><Normal Text> </Normal Text><Filesystem>pipefs</Filesystem><Normal Text> file.pipefs_context</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>fsuse</Statements><Normal Text> </Normal Text><Types>trans</Types><Normal Text> </Normal Text><Filesystem>tmpfs</Filesystem><Normal Text> file.tmpfs_context</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>typemember</Statements><Normal Text> xattr task trans</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Normal Text>xattr task trans</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text></Normal Text><br/>
<Brackets Level 1>(</Brackets Level 1><Access Keys>allow</Access Keys><Normal Text> unconfined.process </Normal Text><Special Keys>self</Special Keys><Normal Text> </Normal Text><Brackets Level 2>(</Brackets Level 2><Normal Text>file </Normal Text><Brackets Level 3>(</Brackets Level 3><AV Permissions>read</AV Permissions><Normal Text> </Normal Text><AV Permissions>write</AV Permissions><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Access Keys>allow</Access Keys><Normal Text> process httpd.object </Normal Text><Brackets Level 2>(</Brackets Level 2><Normal Text>file </Normal Text><Brackets Level 3>(</Brackets Level 3><AV Permissions>read</AV Permissions><Normal Text> </Normal Text><AV Permissions>write</AV Permissions><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text></Normal Text><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>defaultrange</Statements><Normal Text> db_table </Normal Text><Other Keywords>glblub</Other Keywords><Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text></Normal Text><br/>
<Comment>; Paths</Comment><br/>
<Text Quoted>"/system/</Text Quoted><RegExp Brackets>(</RegExp Brackets><RegExp Brackets Content>foo</RegExp Brackets Content><Special Char of Brackets>|</Special Char of Brackets><RegExp Brackets Content>bar</RegExp Brackets Content><RegExp Brackets>)</RegExp Brackets><Text Quoted>/</Text Quoted><RegExp Brackets>[</RegExp Brackets><Special Char of Brackets>^</Special Char of Brackets><RegExp Brackets Content>/</RegExp Brackets Content><RegExp Brackets>]</RegExp Brackets><Special Char>*</Special Char><Text Quoted>/</Text Quoted><RegExp Brackets>(</RegExp Brackets><RegExp Brackets Content>hi</RegExp Brackets Content><RegExp Brackets>){</RegExp Brackets><RegExp Brackets Content>2</RegExp Brackets Content><Special Char of Brackets>,</Special Char of Brackets><RegExp Brackets Content>6</RegExp Brackets Content><RegExp Brackets>}(</RegExp Brackets><Special Char>.*</Special Char><RegExp Brackets>)</RegExp Brackets><Special Char>?</Special Char><Text Quoted>"</Text Quoted><br/>
<Text Quoted>"/pa</Text Quoted><Escape Char>\12</Escape Char><Text Quoted>th</Text Quoted><Special Char>.*</Special Char><Text Quoted>a</Text Quoted><Special Char>+</Special Char><Text Quoted>b</Text Quoted><Special Char>?</Special Char><Text Quoted>"</Text Quoted><br/>
<Path>/usr/hi</Path><Escape Char>\"</Escape Char><Path>esc</Path><Escape Char>\032</Escape Char><Path>esc</Path><Escape Char>\*</Escape Char><Path>3es</Path><RegExp Brackets>{</RegExp Brackets><RegExp Brackets Content>2</RegExp Brackets Content><Special Char of Brackets>,</Special Char of Brackets><RegExp Brackets Content>2</RegExp Brackets Content><RegExp Brackets>}</RegExp Brackets><Path>ds</Path><br/>
<Text Quoted>"/data/</Text Quoted><RegExp Brackets>(</RegExp Brackets><RegExp Brackets Content>ope</RegExp Brackets Content><Open RegExp Brackets>n</Open RegExp Brackets><RegExp Brackets Content> </RegExp Brackets Content><Text Quoted>"</Text Quoted><br/>
<Text Quoted>"/data/</Text Quoted><RegExp Brackets>[</RegExp Brackets><RegExp Brackets Content>ope</RegExp Brackets Content><Open RegExp Brackets>n</Open RegExp Brackets><RegExp Brackets Content> </RegExp Brackets Content><Text Quoted>"</Text Quoted><br/>
<Normal Text></Normal Text><br/>
<Normal Text></Normal Text><br/>
<Comment>; Some rules</Comment><br/>
<Normal Text></Normal Text><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>call</Statements><Normal Text> macro1</Normal Text><Brackets Level 2>(</Brackets Level 2><Text Quoted>"__kmsg__"</Text Quoted><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>macro</Type Statements><Normal Text> macro1 </Normal Text><Brackets Level 2>(</Brackets Level 2><Brackets Level 3>(</Brackets Level 3><Type Name Statements>string</Type Name Statements><Normal Text> ARG1</Normal Text><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><br/>
<Normal Text>    </Normal Text><Brackets Level 2>(</Brackets Level 2><Statements>typetransition</Statements><Normal Text> audit.process device.device chr_file ARG1 device.klog_device</Normal Text><Brackets Level 2>)</Brackets Level 2><br/>
<Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text></Normal Text><br/>
<Brackets Level 1>(</Brackets Level 1><Access Keys>allow</Access Keys><Normal Text> unconfined.process </Normal Text><Special Keys>self</Special Keys><Normal Text> </Normal Text><Brackets Level 2>(</Brackets Level 2><Normal Text>file </Normal Text><Brackets Level 3>(</Brackets Level 3><AV Permissions>read</AV Permissions><Normal Text> </Normal Text><AV Permissions>write</AV Permissions><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Access Keys>auditallow</Access Keys><Normal Text> release_app.process secmark_demo.browser_packet </Normal Text><Brackets Level 2>(</Brackets Level 2><Normal Text>packet </Normal Text><Brackets Level 3>(</Brackets Level 3><AV Permissions>send</AV Permissions><Normal Text> </Normal Text><AV Permissions>recv</AV Permissions><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Access Keys>allowx</Access Keys><Normal Text> type_1 type_2 </Normal Text><Brackets Level 2>(</Brackets Level 2><Type Name Statements>ioctl</Type Name Statements><Normal Text> tcp_socket </Normal Text><Brackets Level 3>(</Brackets Level 3><Expression Keys>range</Expression Keys><Normal Text> </Normal Text><Hexadecimal>0x2000</Hexadecimal><Normal Text> </Normal Text><Hexadecimal>0x20FF</Hexadecimal><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>permissionx</Statements><Normal Text> ioctl_nodebug </Normal Text><Brackets Level 2>(</Brackets Level 2><Type Name Statements>ioctl</Type Name Statements><Normal Text> udp_socket </Normal Text><Brackets Level 3>(</Brackets Level 3><Expression Keys>not</Expression Keys><Normal Text> </Normal Text><Brackets Level 4>(</Brackets Level 4><Expression Keys>range</Expression Keys><Normal Text> </Normal Text><Hexadecimal>0x4000</Hexadecimal><Normal Text> </Normal Text><Hexadecimal>0x4010</Hexadecimal><Brackets Level 4>)</Brackets Level 4><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Access Keys>allowx</Access Keys><Normal Text> type_3 type_4 ioctl_nodebug</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Access Keys>dontauditx</Access Keys><Normal Text> type_1 type_2 </Normal Text><Brackets Level 2>(</Brackets Level 2><Type Name Statements>ioctl</Type Name Statements><Normal Text> tcp_socket </Normal Text><Brackets Level 3>(</Brackets Level 3><Expression Keys>range</Expression Keys><Normal Text> </Normal Text><Hexadecimal>0x3000</Hexadecimal><Normal Text> </Normal Text><Hexadecimal>0x30FF</Hexadecimal><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text></Normal Text><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>class</Type Statements><Normal Text> property_service </Normal Text><Brackets Level 2>(</Brackets Level 2><Android AV Permissions>set</Android AV Permissions><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>block</Type Statements><Normal Text> av_rules</Normal Text><br/>
<Normal Text>    </Normal Text><Brackets Level 2>(</Brackets Level 2><Type Statements>type</Type Statements><Normal Text> type_1</Normal Text><Brackets Level 2>)</Brackets Level 2><br/>
<Normal Text>    </Normal Text><Brackets Level 2>(</Brackets Level 2><Type Statements>type</Type Statements><Normal Text> type_2</Normal Text><Brackets Level 2>)</Brackets Level 2><br/>
<Normal Text>    </Normal Text><Brackets Level 2>(</Brackets Level 2><Type Statements>typeattribute</Type Statements><Normal Text> all_types</Normal Text><Brackets Level 2>)</Brackets Level 2><br/>
<Normal Text>    </Normal Text><Brackets Level 2>(</Brackets Level 2><Statements>typeattributeset</Statements><Normal Text> all_types </Normal Text><Brackets Level 3>(</Brackets Level 3><Brackets Level 4>(</Brackets Level 4><Expression Keys>all</Expression Keys><Brackets Level 4>)</Brackets Level 4><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><br/>
<Normal Text></Normal Text><br/>
<Normal Text>    </Normal Text><Brackets Level 2>(</Brackets Level 2><Access Keys>neverallow</Access Keys><Normal Text> type_2 all_types </Normal Text><Brackets Level 3>(</Brackets Level 3><Normal Text>property_service </Normal Text><Brackets Level 4>(</Brackets Level 4><Android AV Permissions>set</Android AV Permissions><Brackets Level 4>)</Brackets Level 4><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><br/>
<Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>macro</Type Statements><Normal Text> binder_call </Normal Text><Brackets Level 2>(</Brackets Level 2><Brackets Level 3>(</Brackets Level 3><Type Statements>type</Type Statements><Normal Text> ARG1</Normal Text><Brackets Level 3>)</Brackets Level 3><Normal Text> </Normal Text><Brackets Level 3>(</Brackets Level 3><Type Statements>type</Type Statements><Normal Text> ARG2</Normal Text><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><br/>
<Normal Text>    </Normal Text><Brackets Level 2>(</Brackets Level 2><Access Keys>allow</Access Keys><Normal Text> ARG1 ARG2 </Normal Text><Brackets Level 3>(</Brackets Level 3><Normal Text>binder </Normal Text><Brackets Level 4>(</Brackets Level 4><AV Permissions>transfer</AV Permissions><Normal Text> </Normal Text><AV Permissions>call</AV Permissions><Brackets Level 4>)</Brackets Level 4><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><br/>
<Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>ipaddr</Type Statements><Normal Text> netmask_1 </Normal Text><IP Address>255.255.255.0</IP Address><Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text></Normal Text><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>class</Type Statements><Normal Text> dir</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>class</Type Statements><Normal Text> foo</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>class</Type Statements><Normal Text> bar</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>class</Type Statements><Normal Text> baz</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>classorder</Statements><Normal Text> </Normal Text><Brackets Level 2>(</Brackets Level 2><Normal Text>dir foo</Normal Text><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>classorder</Statements><Normal Text> </Normal Text><Brackets Level 2>(</Brackets Level 2><Type Name Statements>unordered</Type Name Statements><Normal Text> bar foo baz</Normal Text><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text></Normal Text><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>classpermission</Type Statements><Normal Text> zygote_2</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>classpermissionset</Statements><Normal Text> zygote_2 </Normal Text><Brackets Level 2>(</Brackets Level 2><Normal Text>zygote</Normal Text><br/>
<Normal Text>    </Normal Text><Brackets Level 3>(</Brackets Level 3><Expression Keys>and</Expression Keys><br/>
<Normal Text>        </Normal Text><Brackets Level 4>(</Brackets Level 4><Expression Keys>all</Expression Keys><Brackets Level 4>)</Brackets Level 4><br/>
<Normal Text>        </Normal Text><Brackets Level 4>(</Brackets Level 4><Expression Keys>not</Expression Keys><Normal Text> </Normal Text><Brackets Level 5>(</Brackets Level 5><Normal Text>specifyinvokewith specifyseinfo</Normal Text><Brackets Level 5>)</Brackets Level 5><Brackets Level 4>)</Brackets Level 4><br/>
<Normal Text>    </Normal Text><Brackets Level 3>)</Brackets Level 3><br/>
<Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text></Normal Text><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>permissionx</Statements><Normal Text> ioctl_3 </Normal Text><Brackets Level 2>(</Brackets Level 2><Type Name Statements>ioctl</Type Name Statements><Normal Text> tcp_socket </Normal Text><Brackets Level 3>(</Brackets Level 3><Expression Keys>and</Expression Keys><Normal Text> </Normal Text><Brackets Level 4>(</Brackets Level 4><Expression Keys>range</Expression Keys><Normal Text> </Normal Text><Hexadecimal>0x8000</Hexadecimal><Normal Text> </Normal Text><Hexadecimal>0x90FF</Hexadecimal><Brackets Level 4>)</Brackets Level 4><Normal Text> </Normal Text><Brackets Level 4>(</Brackets Level 4><Expression Keys>not</Expression Keys><Normal Text> </Normal Text><Brackets Level 5>(</Brackets Level 5><Expression Keys>range</Expression Keys><Normal Text> </Normal Text><Hexadecimal>0x8100</Hexadecimal><Normal Text> </Normal Text><Hexadecimal>0x82FF</Hexadecimal><Brackets Level 5>)</Brackets Level 5><Brackets Level 4>)</Brackets Level 4><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>boolean</Type Statements><Normal Text> disableAudioCapture </Normal Text><Booleans>false</Booleans><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>booleanif</Statements><Normal Text> </Normal Text><Brackets Level 2>(</Brackets Level 2><Expression Keys>and</Expression Keys><Normal Text> </Normal Text><Brackets Level 3>(</Brackets Level 3><Expression Keys>not</Expression Keys><Normal Text> disableAudio</Normal Text><Brackets Level 3>)</Brackets Level 3><Normal Text> </Normal Text><Brackets Level 3>(</Brackets Level 3><Expression Keys>not</Expression Keys><Normal Text> disableAudioCapture</Normal Text><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><br/>
<Normal Text>    </Normal Text><Brackets Level 2>(</Brackets Level 2><Booleans>true</Booleans><br/>
<Normal Text>        </Normal Text><Brackets Level 3>(</Brackets Level 3><Access Keys>allow</Access Keys><Normal Text> process mediaserver.audio_capture_device </Normal Text><Brackets Level 4>(</Brackets Level 4><Normal Text>chr_file_set </Normal Text><Brackets Level 5>(</Brackets Level 5><Normal Text>rw_file_perms</Normal Text><Brackets Level 5>)</Brackets Level 5><Brackets Level 4>)</Brackets Level 4><Brackets Level 3>)</Brackets Level 3><br/>
<Normal Text>    </Normal Text><Brackets Level 2>)</Brackets Level 2><br/>
<Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>tunable</Type Statements><Normal Text> range_trans_rule </Normal Text><Booleans>false</Booleans><Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text></Normal Text><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>block</Type Statements><Normal Text> init</Normal Text><br/>
<Normal Text>    </Normal Text><Brackets Level 2>(</Brackets Level 2><Type Statements>class</Type Statements><Normal Text> process </Normal Text><Brackets Level 3>(</Brackets Level 3><Normal Text>process</Normal Text><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><br/>
<Normal Text>    </Normal Text><Brackets Level 2>(</Brackets Level 2><Type Statements>type</Type Statements><Normal Text> process</Normal Text><Brackets Level 2>)</Brackets Level 2><br/>
<Normal Text>    </Normal Text><Brackets Level 2>(</Brackets Level 2><Statements>tunableif</Statements><Normal Text> range_trans_rule</Normal Text><br/>
<Normal Text>        </Normal Text><Brackets Level 3>(</Brackets Level 3><Booleans>true</Booleans><br/>
<Normal Text>            </Normal Text><Brackets Level 4>(</Brackets Level 4><Statements>rangetransition</Statements><Normal Text> process sshd.exec process low_high</Normal Text><Brackets Level 4>)</Brackets Level 4><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text></Normal Text><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>validatetrans</Statements><Normal Text> file </Normal Text><Brackets Level 2>(</Brackets Level 2><Expression Keys>eq</Expression Keys><Normal Text> </Normal Text><Other Keywords>t1</Other Keywords><Normal Text> unconfined.process</Normal Text><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>block</Type Statements><Normal Text> ext_gateway</Normal Text><br/>
<Normal Text>    </Normal Text><Brackets Level 2>(</Brackets Level 2><Type Statements>optional</Type Statements><Normal Text> move_file</Normal Text><br/>
<Normal Text>        </Normal Text><Brackets Level 3>(</Brackets Level 3><Statements>typetransition</Statements><Normal Text> process msg_filter.move_file.in_queue file msg_filter.move_file.in_file</Normal Text><Brackets Level 3>)</Brackets Level 3><br/>
<Normal Text>        </Normal Text><Brackets Level 3>(</Brackets Level 3><Access Keys>allow</Access Keys><Normal Text> process msg_filter.move_file.in_queue </Normal Text><Brackets Level 4>(</Brackets Level 4><Normal Text>dir </Normal Text><Brackets Level 5>(</Brackets Level 5><AV Permissions>read</AV Permissions><Normal Text> </Normal Text><AV Permissions>getattr</AV Permissions><Normal Text> </Normal Text><AV Permissions>write</AV Permissions><Normal Text> </Normal Text><AV Permissions>search</AV Permissions><Normal Text> </Normal Text><AV Permissions>add_name</AV Permissions><Brackets Level 5>)</Brackets Level 5><Brackets Level 4>)</Brackets Level 4><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text></Normal Text><br/>
<Brackets Level 1>(</Brackets Level 1><Type Statements>context</Type Statements><Normal Text> runas_exec_context </Normal Text><Brackets Level 2>(</Brackets Level 2><Normal Text>u </Normal Text><Other Keywords>object_r</Other Keywords><Normal Text> exec low_low</Normal Text><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>filecon</Statements><Normal Text> </Normal Text><Text Quoted>"/system/bin/run-as"</Text Quoted><Normal Text> </Normal Text><Types>file</Types><Normal Text> runas_exec_context</Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text></Normal Text><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>in</Statements><Normal Text> file</Normal Text><br/>
<Normal Text>    </Normal Text><Brackets Level 2>(</Brackets Level 2><Statements>genfscon</Statements><Normal Text> </Normal Text><Filesystem>rootfs</Filesystem><Normal Text> </Normal Text><Path>/</Path><Normal Text> rootfs_context</Normal Text><Brackets Level 2>)</Brackets Level 2><br/>
<Normal Text>    </Normal Text><Brackets Level 2>(</Brackets Level 2><Statements>genfscon</Statements><Normal Text> </Normal Text><Filesystem>selinuxfs</Filesystem><Normal Text> </Normal Text><Path>/</Path><Normal Text> selinuxfs_context</Normal Text><Brackets Level 2>)</Brackets Level 2><br/>
<Brackets Level 1>)</Brackets Level 1><br/>
<Normal Text></Normal Text><br/>
<Comment>; ioctl & call: due to the way in which the highlighter treats the parenthesis blocks</Comment><br/>
<Comment>; (each level of different color), it is not possible to differentiate between statement and permission.</Comment><br/>
<Brackets Level 1>(</Brackets Level 1><Access Keys>allowx</Access Keys><Normal Text> x bin_t </Normal Text><Brackets Level 2>(</Brackets Level 2><Type Name Statements>ioctl</Type Name Statements><Normal Text> policy.file </Normal Text><Brackets Level 3>(</Brackets Level 3><Expression Keys>range</Expression Keys><Normal Text> </Normal Text><Hexadecimal>0x1000</Hexadecimal><Normal Text> </Normal Text><Hexadecimal>0x11FF</Hexadecimal><Brackets Level 3>)</Brackets Level 3><Brackets Level 2>)</Brackets Level 2><Brackets Level 1>)</Brackets Level 1><Normal Text> </Normal Text><Comment>; ioctl kind</Comment><br/>
<Brackets Level 1>(</Brackets Level 1><Type Name Statements>ioctl</Type Name Statements><Normal Text> </Normal Text><AV Permissions>read</AV Permissions><br/>
<Normal Text>    </Normal Text><Android AV Permissions>find</Android AV Permissions><Normal Text> </Normal Text><AV Permissions>connectto</AV Permissions><Brackets Level 1>)</Brackets Level 1><Normal Text> </Normal Text><Comment>; kind or permission?</Comment><br/>
<Brackets Level 1>(</Brackets Level 1><AV Permissions>ioctl</AV Permissions><Normal Text> </Normal Text><AV Permissions>read</AV Permissions><Normal Text> </Normal Text><Android AV Permissions>find</Android AV Permissions><Normal Text> </Normal Text><AV Permissions>connectto</AV Permissions><Brackets Level 1>)</Brackets Level 1><Normal Text> </Normal Text><Comment>; ioctl permission</Comment><br/>
<Brackets Level 1>(</Brackets Level 1><AV Permissions>ioctl</AV Permissions><Normal Text> </Normal Text><AV Permissions>read</AV Permissions><Normal Text>  </Normal Text><Brackets Level 1>)</Brackets Level 1><br/>
<Brackets Level 1>(</Brackets Level 1><Statements>call</Statements><Normal Text> </Normal Text><AV Permissions>ioctl</AV Permissions><Normal Text> </Normal Text><AV Permissions>read</AV Permissions><Normal Text> </Normal Text><Android AV Permissions>find</Android AV Permissions><Normal Text> </Normal Text><AV Permissions>connectto</AV Permissions><Brackets Level 1>)</Brackets Level 1><Normal Text> </Normal Text><Comment>; statement or permission?</Comment><br/>
<Brackets Level 1>(</Brackets Level 1><Normal Text> </Normal Text><AV Permissions>call</AV Permissions><Normal Text>  </Normal Text><Brackets Level 1>)</Brackets Level 1><Normal Text> </Normal Text><Comment>; call permission</Comment><br/>