1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
<Comment># Sample SELinux Policy</Comment><br/>
<Normal Text></Normal Text><br/>
<Documentation>## </Documentation><Doc. Element Tag><summary></Doc. Element Tag><br/>
<Documentation>## Sample SELinux Policy</Documentation><br/>
<Documentation>## </Documentation><Doc. Element Tag></summary></Doc. Element Tag><br/>
<Documentation>## </Documentation><Doc. Element Tag><desc></Doc. Element Tag><br/>
<Documentation>## </Documentation><Doc. Element Tag><p></Doc. Element Tag><br/>
<Documentation>## This module is not functional,</Documentation><br/>
<Documentation>## but only to test the syntax highlighting.</Documentation><br/>
<Documentation>## </Documentation><Doc. Element Tag></p></Doc. Element Tag><br/>
<Documentation>## </Documentation><Doc. Element Tag></desc></Doc. Element Tag><br/>
<Documentation>## </Documentation><Doc. Element Tag><required</Doc. Element Tag><Doc. Attribute> val</Doc. Attribute><Documentation>=</Documentation><Doc. Value>"true"</Doc. Value><Doc. Element Tag>></Doc. Element Tag><br/>
<Documentation>## Depended on by other required modules.</Documentation><br/>
<Documentation>## </Documentation><Doc. Element Tag></required></Doc. Element Tag><br/>
<Normal Text></Normal Text><br/>
<Policy Config. Statements>policycap</Policy Config. Statements><Normal Text> </Normal Text><Policy Capability>open_perms</Policy Capability><Symbol>;</Symbol><br/>
<Statements>module</Statements><Normal Text> myapp </Normal Text><Number>1.0</Number><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Statements>require</Statements><Normal Text> </Normal Text><Operator>{</Operator><br/>
<Normal Text> </Normal Text><Statements>type</Statements><Normal Text> httpd_t</Normal Text><Symbol>;</Symbol><br/>
<Normal Text> </Normal Text><Statements>type</Statements><Normal Text> httpd_sys_content_t</Normal Text><Symbol>;</Symbol><br/>
<Normal Text> </Normal Text><Statements>type</Statements><Normal Text> initrc_t</Normal Text><Symbol>;</Symbol><br/>
<Normal Text> </Normal Text><Statements>class</Statements><Normal Text> sock_file </Normal Text><AV Permissions>write</AV Permissions><Symbol>;</Symbol><br/>
<Normal Text> </Normal Text><Statements>class</Statements><Normal Text> unix_stream_socket </Normal Text><AV Permissions>connectto</AV Permissions><Symbol>;</Symbol><br/>
<Operator>}</Operator><br/>
<Normal Text></Normal Text><br/>
<Access Keys>allow</Access Keys><Normal Text> httpd_t httpd_sys_content_t</Normal Text><Symbol>:</Symbol><Class>sock_file</Class><Normal Text> </Normal Text><AV Permissions>write</AV Permissions><Symbol>;</Symbol><br/>
<Access Keys>allow</Access Keys><Normal Text> httpd_t initrc_t</Normal Text><Symbol>:</Symbol><Class>unix_stream_socket</Class><Normal Text> </Normal Text><AV Permissions>connectto</AV Permissions><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Comment># Refpolicy</Comment><br/>
<Refpolicy Keywords>tunable_policy</Refpolicy Keywords><Normal Text>(</Normal Text><Text Quoted>`allow_execmem'</Text Quoted><Symbol>,</Symbol><Default M4 Quote>`</Default M4 Quote><br/>
<Normal Text> </Normal Text><Path>/usr/share/holas</Path><RegExp Brackets>(</RegExp Brackets><RegExp Brackets Content>/</RegExp Brackets Content><Special Char>.*</Special Char><RegExp Brackets>)</RegExp Brackets><Special Char>?</Special Char><Reserved Keywords> --</Reserved Keywords><Normal Text> </Normal Text><Refpolicy Keywords>gen_context</Refpolicy Keywords><Normal Text>(</Normal Text><File Contexts>system_u</File Contexts><Symbol>:</Symbol><File Contexts>object_r</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>holas_t</File Contexts (Type Enforcement)><Symbol>,</Symbol><File Contexts>s0</File Contexts><Symbol>,</Symbol><File Contexts>a</File Contexts><Symbol>,</Symbol><File Contexts>b</File Contexts><Normal Text>)</Normal Text><Symbol>;</Symbol><br/>
<Default M4 Quote>'</Default M4 Quote><Normal Text>)</Normal Text><br/>
<Comment># M4 Macros</Comment><br/>
<M4 Built-in Keywords>regexp</M4 Built-in Keywords><Normal Text>(</Normal Text><Text Quoted>`GNUs not Unix'</Text Quoted><Normal Text>, </Normal Text><Default M4 Quote>`</Default M4 Quote><Escape Char>\w\(\w</Escape Char><Special Char>+</Special Char><Escape Char>\)</Escape Char><Special Char>$</Special Char><Default M4 Quote>'</Default M4 Quote><Normal Text>, </Normal Text><Default M4 Quote>`</Default M4 Quote><Special Char>***</Special Char><Normal Text> </Normal Text><Escape Char>\&</Escape Char><Normal Text> </Normal Text><Special Char>***</Special Char><Normal Text> </Normal Text><Escape Char>\1</Escape Char><Normal Text> </Normal Text><Special Char>***</Special Char><Default M4 Quote>'</Default M4 Quote><Normal Text>)</Normal Text><br/>
<M4 Built-in Keywords>ifdef</M4 Built-in Keywords><Normal Text>(</Normal Text><Text Quoted>`distro_ubuntu'</Text Quoted><Symbol>,</Symbol><Default M4 Quote>`</Default M4 Quote><br/>
<Normal Text> </Normal Text><Function>unconfined_domain</Function><Normal Text>(chkpwd_t)</Normal Text><br/>
<Default M4 Quote>'</Default M4 Quote><Normal Text>)</Normal Text><br/>
<Normal Text></Normal Text><br/>
<Statements>dominance</Statements><Normal Text> </Normal Text><Operator>{</Operator><Normal Text> </Normal Text><Function>gen_dominance</Function><Normal Text>(</Normal Text><Number>0</Number><Symbol>,</Symbol><M4 Built-in Keywords>decr</M4 Built-in Keywords><Normal Text>(</Normal Text><M4 Special Arguments>$1</M4 Special Arguments><Normal Text>)) </Normal Text><Operator>}</Operator><Symbol>;</Symbol><br/>
<Access Keys>neverallow</Access Keys><Normal Text> </Normal Text><Input Selector>user</Input Selector><Symbol>=</Symbol><Normal Text>_isolated </Normal Text><Input Selector>domain</Input Selector><Symbol>=</Symbol><RegExp Brackets>((</RegExp Brackets><Special Char of Brackets>?!</Special Char of Brackets><RegExp Brackets Content>isolated_app</RegExp Brackets Content><RegExp Brackets>)</RegExp Brackets><Special Char>.</Special Char><RegExp Brackets>)</RegExp Brackets><Special Char>*</Special Char><br/>
<Normal Text></Normal Text><br/>
<Access Keys>allow</Access Keys><Normal Text> consoletype_t </Normal Text><Special Keys>self</Special Keys><Symbol>:</Symbol><Class>capability</Class><Normal Text> </Normal Text><Operator>{</Operator><Normal Text> </Normal Text><AV Permissions>sys_admin</AV Permissions><Normal Text> </Normal Text><AV Permissions>sys_tty_config</AV Permissions><Normal Text> </Normal Text><Operator>}</Operator><Symbol>;</Symbol><br/>
<Access Keys>allow</Access Keys><Normal Text> consoletype_t </Normal Text><Special Keys>self</Special Keys><Symbol>:</Symbol><Class>msg</Class><Normal Text> </Normal Text><Operator>{</Operator><Normal Text> </Normal Text><AV Permissions>send</AV Permissions><Normal Text> </Normal Text><AV Permissions>receive</AV Permissions><Normal Text> </Normal Text><Operator>}</Operator><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Comment># sample for administrative user</Comment><br/>
<Statements>user</Statements><Normal Text> jadmin </Normal Text><Statements>roles</Statements><Normal Text> </Normal Text><Operator>{</Operator><Normal Text> staff_r sysadm_r </Normal Text><Operator>}</Operator><Symbol>;</Symbol><br/>
<Comment># sample for regular user</Comment><br/>
<Statements>user</Statements><Normal Text> jdoe </Normal Text><Statements>roles</Statements><Normal Text> </Normal Text><Operator>{</Operator><Normal Text> user_r </Normal Text><Operator>}</Operator><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Statements>default_user</Statements><Normal Text> process </Normal Text><Reserved Keywords>source</Reserved Keywords><Symbol>;</Symbol><br/>
<Statements>default_range</Statements><Normal Text> process </Normal Text><Reserved Keywords>source</Reserved Keywords><Normal Text> </Normal Text><Range>low</Range><Symbol>;</Symbol><br/>
<Statements>default_range</Statements><Normal Text> name </Normal Text><Range>GLBLUB</Range><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Statements>sid</Statements><Normal Text> devnull</Normal Text><Symbol>;</Symbol><br/>
<Statements>sid</Statements><Normal Text> sysctl</Normal Text><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Statements>common</Statements><Normal Text> file </Normal Text><Operator>{</Operator><Normal Text> </Normal Text><AV Permissions>ioctl</AV Permissions><Normal Text> </Normal Text><AV Permissions>read</AV Permissions><Normal Text> </Normal Text><AV Permissions>write</AV Permissions><Normal Text> </Normal Text><AV Permissions>create</AV Permissions><Normal Text> </Normal Text><AV Permissions>getattr</AV Permissions><Normal Text> </Normal Text><AV Permissions>setattr</AV Permissions><Normal Text> </Normal Text><AV Permissions>lock</AV Permissions><Normal Text> </Normal Text><AV Permissions>relabelfrom</AV Permissions><Normal Text> </Normal Text><AV Permissions>relabelto</AV Permissions><Normal Text> </Normal Text><AV Permissions>append</AV Permissions><Normal Text> </Normal Text><AV Permissions>map</AV Permissions><Normal Text> </Normal Text><AV Permissions>unlink</AV Permissions><Normal Text> </Normal Text><AV Permissions>link</AV Permissions><Normal Text> </Normal Text><AV Permissions>rename</AV Permissions><Normal Text> </Normal Text><AV Permissions>execute</AV Permissions><Normal Text> </Normal Text><AV Permissions>swapon</AV Permissions><Normal Text> </Normal Text><AV Permissions>quotaon</AV Permissions><Normal Text> </Normal Text><AV Permissions>mounton</AV Permissions><Normal Text> </Normal Text><Operator>}</Operator><Symbol>;</Symbol><br/>
<Statements>class</Statements><Normal Text> dir </Normal Text><Statements>inherits</Statements><Normal Text> file </Normal Text><Operator>{</Operator><Normal Text> </Normal Text><AV Permissions>add_name</AV Permissions><Normal Text> </Normal Text><AV Permissions>remove_name</AV Permissions><Normal Text> </Normal Text><AV Permissions>reparent</AV Permissions><Normal Text> </Normal Text><AV Permissions>search</AV Permissions><Normal Text> </Normal Text><AV Permissions>rmdir</AV Permissions><Normal Text> </Normal Text><AV Permissions>open</AV Permissions><Normal Text> </Normal Text><AV Permissions>audit_access</AV Permissions><Normal Text> </Normal Text><AV Permissions>execmod</AV Permissions><Normal Text> </Normal Text><Operator>}</Operator><Symbol>;</Symbol><br/>
<Statements>class</Statements><Normal Text> class</Normal Text><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Statements>sensitivity</Statements><Normal Text> s0 </Normal Text><Statements>alias</Statements><Normal Text> sens0</Normal Text><Symbol>;</Symbol><br/>
<Statements>category</Statements><Normal Text> c0 </Normal Text><Statements>alias</Statements><Normal Text> cat0</Normal Text><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Statements>mlsconstrain</Statements><Normal Text> dir </Normal Text><Operator>{</Operator><Normal Text> </Normal Text><AV Permissions>search</AV Permissions><Normal Text> </Normal Text><AV Permissions>read</AV Permissions><Normal Text> </Normal Text><AV Permissions>ioctl</AV Permissions><Normal Text> </Normal Text><AV Permissions>lock</AV Permissions><Normal Text> </Normal Text><Operator>}</Operator><br/>
<Normal Text> (( </Normal Text><Special Keys>h1</Special Keys><Normal Text> </Normal Text><Expression Keys>dom</Expression Keys><Normal Text> </Normal Text><Special Keys>h2</Special Keys><Normal Text> ) </Normal Text><Expression Keys>or</Expression Keys><Normal Text> ( </Normal Text><Special Keys>t1</Special Keys><Normal Text> </Normal Text><Boolean Operators>==</Boolean Operators><Normal Text> mcsreadall ) </Normal Text><Expression Keys>or</Expression Keys><br/>
<Normal Text> (( </Normal Text><Special Keys>t1</Special Keys><Normal Text> </Normal Text><Boolean Operators>!=</Boolean Operators><Normal Text> mcs_constrained_type ) </Normal Text><Expression Keys>and</Expression Keys><Normal Text> (</Normal Text><Special Keys>t2</Special Keys><Normal Text> </Normal Text><Boolean Operators>==</Boolean Operators><Normal Text> domain)))</Normal Text><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Statements>attribute_role</Statements><Normal Text> dpkg_roles</Normal Text><Symbol>;</Symbol><br/>
<Statements>roleattribute</Statements><Normal Text> system_r dpkg_roles</Normal Text><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Statements>role</Statements><Normal Text> system_r </Normal Text><Statements>types</Statements><Normal Text> system_t</Normal Text><Symbol>;</Symbol><br/>
<Statements>role_transition</Statements><Normal Text> hello init_script_file_type system_r</Normal Text><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Statements>level</Statements><Normal Text> </Normal Text><MLS/MCS Level/Range>s0</MLS/MCS Level/Range><Symbol>:</Symbol><MLS/MCS Level/Range>c0</MLS/MCS Level/Range><Symbol>;</Symbol><br/>
<Statements>user</Statements><Normal Text> user_u </Normal Text><Statements>roles</Statements><Normal Text> role_r </Normal Text><Statements>level</Statements><Normal Text> </Normal Text><MLS/MCS Level/Range>s1</MLS/MCS Level/Range><Symbol>:</Symbol><MLS/MCS Level/Range>c1</MLS/MCS Level/Range><Normal Text> </Normal Text><Statements>range</Statements><Normal Text> </Normal Text><MLS/MCS Level/Range>s1</MLS/MCS Level/Range><Symbol>:</Symbol><MLS/MCS Level/Range>c1</MLS/MCS Level/Range><Symbol> - </Symbol><MLS/MCS Level/Range>s2</MLS/MCS Level/Range><Symbol>:</Symbol><MLS/MCS Level/Range>c2</MLS/MCS Level/Range><Symbol>;</Symbol><br/>
<Statements>range_transition</Statements><Normal Text> initrc_t auditd_exec_t</Normal Text><Symbol>:</Symbol><Class>process</Class><Normal Text> </Normal Text><MLS/MCS Level/Range>s15</MLS/MCS Level/Range><Symbol>:</Symbol><MLS/MCS Level/Range>c0</MLS/MCS Level/Range><Symbol>.</Symbol><MLS/MCS Level/Range>c255</MLS/MCS Level/Range><Symbol> - </Symbol><MLS/MCS Level/Range>s20</MLS/MCS Level/Range><Symbol>;</Symbol><br/>
<Statements>range_transition</Statements><Normal Text> source target</Normal Text><Symbol>:</Symbol><Class>class</Class><Normal Text> </Normal Text><MLS/MCS Level/Range>s1</MLS/MCS Level/Range><Symbol> - </Symbol><MLS/MCS Level/Range>s2</MLS/MCS Level/Range><Normal Text> dsd</Normal Text><Symbol>;</Symbol><br/>
<Statements>range_transition</Statements><Normal Text> source target</Normal Text><Symbol>:</Symbol><Class>class</Class><Normal Text> </Normal Text><MLS/MCS Level/Range>s1</MLS/MCS Level/Range><Normal Text> </Normal Text><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Statements>attribute</Statements><Normal Text> filesystem_type</Normal Text><Symbol>;</Symbol><br/>
<Statements>type</Statements><Normal Text> dhcp_etc_t</Normal Text><Symbol>;</Symbol><br/>
<Statements>typealias</Statements><Normal Text> dhcp_etc_t </Normal Text><Statements>ALIAS</Statements><Normal Text> </Normal Text><Operator>{</Operator><Normal Text> etc_dhcp_t etc_dhcpc_t etc_dhcpd_t </Normal Text><Operator>}</Operator><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Statements>bool</Statements><Normal Text> le_boolean </Normal Text><Booleans>true</Booleans><Symbol>;</Symbol><br/>
<Statements>TUNABLE</Statements><Normal Text> allow_java_execstack </Normal Text><Booleans>false</Booleans><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Statements>type_transition</Statements><Normal Text> root_xdrawable_t input_xevent_t</Normal Text><Symbol>:</Symbol><Class>x_event</Class><Normal Text> root_input_xevent_t</Normal Text><Symbol>;</Symbol><br/>
<Access Keys>AUDITALLOW</Access Keys><Normal Text> xserver_t </Normal Text><Operator>{</Operator><Normal Text> root_xdrawable_t x_domain </Normal Text><Operator>}</Operator><Symbol>:</Symbol><Class>x_drawable</Class><Normal Text> </Normal Text><AV Permissions>send</AV Permissions><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Statements>optional</Statements><Normal Text> </Normal Text><Operator>{</Operator><br/>
<Normal Text> </Normal Text><Access Keys>neverallow</Access Keys><Normal Text> untrusted_app </Normal Text><Special Char>*</Special Char><Symbol>:</Symbol><Operator>{</Operator><Normal Text> netlink_route_socket netlink_selinux_socket </Normal Text><Operator>}</Operator><Normal Text> </Normal Text><AV Permissions>ioctl</AV Permissions><Symbol>;</Symbol><br/>
<Normal Text> </Normal Text><Access Keys>neverallowxperm</Access Keys><Normal Text> shell domain</Normal Text><Symbol>:</Symbol><Operator>{</Operator><Normal Text> rawip_socket tcp_socket udp_socket </Normal Text><Operator>}</Operator><Normal Text> </Normal Text><AV Permissions>ioctl</AV Permissions><Normal Text> priv_sock_ioctls</Normal Text><Symbol>;</Symbol><br/>
<Operator>}</Operator><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Statements>if</Statements><Normal Text> le_boolean </Normal Text><Operator>{</Operator><br/>
<Normal Text> </Normal Text><Access Keys>DONTAUDIT</Access Keys><Normal Text> untrusted_app asec_public_file</Normal Text><Symbol>:</Symbol><Class>file</Class><Normal Text> </Normal Text><Operator>{</Operator><Normal Text> </Normal Text><AV Permissions>execute</AV Permissions><Normal Text> </Normal Text><AV Permissions>execmod</AV Permissions><Normal Text> </Normal Text><Operator>}</Operator><Symbol>;</Symbol><br/>
<Operator>}</Operator><Normal Text> </Normal Text><Statements>else</Statements><Normal Text> </Normal Text><Operator>{</Operator><br/>
<Normal Text> </Normal Text><Access Keys>ALLOW</Access Keys><Normal Text> untrusted_app perfprofd_data_file</Normal Text><Symbol>:</Symbol><Class>file</Class><Normal Text> r_file_perms</Normal Text><Symbol>;</Symbol><br/>
<Normal Text> </Normal Text><Access Keys>allow</Access Keys><Normal Text> untrusted_app perfprofd_data_file</Normal Text><Symbol>:</Symbol><Class>dir</Class><Normal Text> r_dir_perms</Normal Text><Symbol>;</Symbol><br/>
<Operator>}</Operator><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Statements>sid</Statements><Normal Text> devnull </Normal Text><File Contexts>system_u</File Contexts><Symbol>:</Symbol><File Contexts>object_r</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>null_device_t</File Contexts (Type Enforcement)><Symbol>:</Symbol><File Contexts>s0</File Contexts><br/>
<Statements>genfscon</Statements><Normal Text> </Normal Text><Filesystem>sysfs</Filesystem><Normal Text> </Normal Text><Path>/devices/system/cpu/online</Path><Normal Text> </Normal Text><Refpolicy Keywords>gen_context</Refpolicy Keywords><Normal Text>(</Normal Text><File Contexts>system_u</File Contexts><Symbol>:</Symbol><File Contexts>object_r</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>cpu_online_t</File Contexts (Type Enforcement)><Symbol>,</Symbol><File Contexts>s0</File Contexts><Normal Text>)</Normal Text><br/>
<Statements>genfscon</Statements><Normal Text> </Normal Text><Filesystem>rootfs</Filesystem><Normal Text> </Normal Text><Path>/</Path><Normal Text> </Normal Text><Refpolicy Keywords>gen_context</Refpolicy Keywords><Normal Text>(</Normal Text><File Contexts>system_u</File Contexts><Symbol>:</Symbol><File Contexts>object_r</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>root_t</File Contexts (Type Enforcement)><Symbol>,</Symbol><File Contexts>s0</File Contexts><Normal Text>)</Normal Text><br/>
<Normal Text></Normal Text><br/>
<Statements>genfscon</Statements><Normal Text> </Normal Text><Filesystem>proc</Filesystem><Normal Text> </Normal Text><Path>/cpuinfo</Path><Normal Text> </Normal Text><File Contexts>u</File Contexts><Symbol>:</Symbol><File Contexts>object_r</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>proc_cpuinfo</File Contexts (Type Enforcement)><Symbol>:</Symbol><File Contexts>s0</File Contexts><br/>
<Statements>genfscon</Statements><Normal Text> </Normal Text><Filesystem>selinuxfs</Filesystem><Normal Text> </Normal Text><Path>/</Path><Normal Text> </Normal Text><File Contexts>u</File Contexts><Symbol>:</Symbol><File Contexts>object_r</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>selinuxfs</File Contexts (Type Enforcement)><Symbol>:</Symbol><File Contexts>s0</File Contexts><br/>
<Statements>fs_use_trans</Statements><Normal Text> </Normal Text><Filesystem>devtmpfs</Filesystem><Normal Text> </Normal Text><File Contexts>system_u</File Contexts><Symbol>:</Symbol><File Contexts>object_r</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>device_t</File Contexts (Type Enforcement)><Symbol>:</Symbol><File Contexts>s0</File Contexts><Symbol>;</Symbol><br/>
<Statements>fs_use_task</Statements><Normal Text> </Normal Text><Filesystem>pipefs</Filesystem><Normal Text> </Normal Text><File Contexts>u</File Contexts><Symbol>:</Symbol><File Contexts>object_r</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>pipefs</File Contexts (Type Enforcement)><Symbol>:</Symbol><File Contexts>s0</File Contexts><Symbol>;</Symbol><br/>
<Statements>fs_use_xattr</Statements><Normal Text> </Normal Text><Filesystem>xfs</Filesystem><Normal Text> </Normal Text><File Contexts>u</File Contexts><Symbol>:</Symbol><File Contexts>object_r</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>labeledfs</File Contexts (Type Enforcement)><Symbol>:</Symbol><File Contexts>s0</File Contexts><Symbol>;</Symbol><br/>
<Statements>fs_use_xattr</Statements><Normal Text> </Normal Text><Filesystem>btrfs</Filesystem><Normal Text> </Normal Text><File Contexts>u</File Contexts><Symbol>:</Symbol><File Contexts>object_r</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>labeledfs</File Contexts (Type Enforcement)><Symbol>:</Symbol><File Contexts>s0</File Contexts><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Statements>portcon</Statements><Normal Text> tcp </Normal Text><Number>80</Number><Normal Text> </Normal Text><File Contexts>u</File Contexts><Symbol>:</Symbol><File Contexts>object_r</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>http_port</File Contexts (Type Enforcement)><Symbol>:</Symbol><File Contexts>s0</File Contexts><Symbol>;</Symbol><br/>
<Statements>portcon</Statements><Normal Text> udp </Normal Text><Number>1024</Number><Symbol>-</Symbol><Number>65535</Number><Normal Text> </Normal Text><Refpolicy Keywords>gen_context</Refpolicy Keywords><Normal Text>(</Normal Text><File Contexts>system_u</File Contexts><Symbol>:</Symbol><File Contexts>object_r</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>unreserved_port_t</File Contexts (Type Enforcement)><Symbol>,</Symbol><File Contexts> s0</File Contexts><Normal Text>)</Normal Text><Symbol>;</Symbol><br/>
<Statements>netifcon</Statements><Normal Text> </Normal Text><M4 Special Arguments>$2</M4 Special Arguments><Normal Text> </Normal Text><Refpolicy Keywords>gen_context</Refpolicy Keywords><Normal Text>(</Normal Text><File Contexts>system_u</File Contexts><Symbol>:</Symbol><File Contexts>object_r</File Contexts><Symbol>:</Symbol><M4 Special Arguments>$1</M4 Special Arguments><Symbol>,</Symbol><M4 Special Arguments>$3</M4 Special Arguments><Normal Text>) </Normal Text><Refpolicy Keywords>gen_context</Refpolicy Keywords><Normal Text>(</Normal Text><File Contexts>system_u</File Contexts><Symbol>:</Symbol><File Contexts>object_r</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>unlabeled_t</File Contexts (Type Enforcement)><Symbol>,</Symbol><M4 Special Arguments>$3</M4 Special Arguments><Normal Text>)</Normal Text><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<Statements>nodecon</Statements><Normal Text> </Normal Text><IP Address>2001:0DB8:AC10:FE01::</IP Address><Normal Text> </Normal Text><IP Address>2001:0DE0:DA88:2222::</IP Address><Normal Text> </Normal Text><File Contexts>system_u</File Contexts><Symbol>:</Symbol><File Contexts>object_r</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>hello_t</File Contexts (Type Enforcement)><Symbol>:</Symbol><File Contexts>s0</File Contexts><Symbol>;</Symbol><br/>
<Statements>nodecon</Statements><Normal Text> ipv4 </Normal Text><IP Address>127.0.0.2</IP Address><Normal Text> </Normal Text><IP Address>255.255.255.255</IP Address><Normal Text> </Normal Text><File Contexts>system_u</File Contexts><Symbol>:</Symbol><File Contexts>object_r</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>node_t</File Contexts (Type Enforcement)><Symbol>:</Symbol><File Contexts>s0</File Contexts><Symbol>;</Symbol><br/>
<Normal Text></Normal Text><br/>
<M4 Preprocessor>#line 118</M4 Preprocessor><br/>
<Normal Text></Normal Text><br/>
<Comment># Regular Expressions</Comment><br/>
<M4 Built-in Keywords>regexp</M4 Built-in Keywords><Normal Text>(</Normal Text><Default M4 Quote>`</Default M4 Quote><Normal Text>Hello</Normal Text><RegExp Brackets>(</RegExp Brackets><RegExp Brackets Content>!</RegExp Brackets Content><Special Char of Brackets>|</Special Char of Brackets><Escape Char>\^\^</Escape Char><RegExp Brackets>)</RegExp Brackets><Special Char>+</Special Char><Default M4 Quote>'</Default M4 Quote><Normal Text>, </Normal Text><Default M4 Quote>`</Default M4 Quote><br/>
<Normal Text> </Normal Text><Special Char>^</Special Char><Escape Char>\s</Escape Char><Special Char>*</Special Char><RegExp Brackets>(</RegExp Brackets><Special Char of Brackets>?<hello></Special Char of Brackets><Escape Char>\.</Escape Char><RegExp Brackets>)</RegExp Brackets><br/>
<Normal Text> </Normal Text><RegExp Brackets>(</RegExp Brackets><br/>
<RegExp Brackets Content> hello</RegExp Brackets Content><RegExp Brackets>[</RegExp Brackets><Special Char of Brackets>^</Special Char of Brackets><Escape Char>\s\x12</Escape Char><RegExp Brackets Content>/</RegExp Brackets Content><RegExp Brackets>][</RegExp Brackets><RegExp Brackets Content>1-9</RegExp Brackets Content><RegExp Brackets>]</RegExp Brackets><Special Char>*</Special Char><Special Char of Brackets>|</Special Char of Brackets><RegExp Brackets Content> </RegExp Brackets Content><Comment> # Hello</Comment><br/>
<RegExp Brackets Content> bye</RegExp Brackets Content><br/>
<RegExp Brackets Content> </RegExp Brackets Content><RegExp Brackets>)</RegExp Brackets><Escape Char>\s</Escape Char><Special Char>*$</Special Char><br/>
<Default M4 Quote>'</Default M4 Quote><Normal Text>) </Normal Text><br/>
<Text Quoted>"aa/aa</Text Quoted><RegExp Brackets>(</RegExp Brackets><Special Char of Brackets>?=</Special Char of Brackets><RegExp Brackets Content>sdf sdf</RegExp Brackets Content><RegExp Brackets>)</RegExp Brackets><Text Quoted>ds</Text Quoted><RegExp Brackets>(</RegExp Brackets><RegExp Brackets Content>aa aa</RegExp Brackets Content><RegExp Brackets>)</RegExp Brackets><Text Quoted>df</Text Quoted><RegExp Brackets>[</RegExp Brackets><Special Char of Brackets>^</Special Char of Brackets><RegExp Brackets Content> a</RegExp Brackets Content><RegExp Brackets>]</RegExp Brackets><Text Quoted>"</Text Quoted><br/>
<Text Quoted>"ope</Text Quoted><Text Quoted Open>n</Text Quoted Open><br/>
<Text Quoted>"text\"</Text Quoted><Normal Text>aaa</Normal Text><br/>
<Text Quoted>"filename\s\w\%(?=aa)aa"</Text Quoted><br/>
<Text Quoted>"/path</Text Quoted><Escape Char>\s\w</Escape Char><RegExp Brackets>(</RegExp Brackets><Special Char of Brackets>?=</Special Char of Brackets><RegExp Brackets Content>aa</RegExp Brackets Content><RegExp Brackets>)</RegExp Brackets><Text Quoted>aa"</Text Quoted><br/>
<Normal Text></Normal Text><br/>
<File Contexts>u</File Contexts><Symbol>:</Symbol><File Contexts>role</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>type</File Contexts (Type Enforcement)><Symbol>:</Symbol><File Contexts>sen</File Contexts><Symbol>:</Symbol><File Contexts>cat</File Contexts><Symbol>:</Symbol><Normal Text>other</Normal Text><br/>
<File Contexts>u</File Contexts><Symbol>:</Symbol><File Contexts>role</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>type</File Contexts (Type Enforcement)><Symbol>:</Symbol><File Contexts>sen</File Contexts><Symbol>:</Symbol><File Contexts>cat</File Contexts><Symbol> - </Symbol><File Contexts>sen</File Contexts><Symbol>:</Symbol><File Contexts>cat</File Contexts><Symbol>:</Symbol><Normal Text>other</Normal Text><br/>
<File Contexts>u</File Contexts><Symbol>:</Symbol><File Contexts>role</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>type</File Contexts (Type Enforcement)><Symbol>:</Symbol><File Contexts>s0</File Contexts><Symbol>.</Symbol><File Contexts>s1</File Contexts><Symbol>:</Symbol><File Contexts>c0</File Contexts><Symbol> , </Symbol><File Contexts>c1</File Contexts><Symbol> - </Symbol><File Contexts>s2</File Contexts><Symbol>.</Symbol><File Contexts>s3</File Contexts><Symbol>:</Symbol><File Contexts>c2</File Contexts><Symbol>.</Symbol><File Contexts>c3</File Contexts><Symbol>,</Symbol><File Contexts>c4</File Contexts><Symbol>:</Symbol><Normal Text>other</Normal Text><br/>
<File Contexts>u</File Contexts><Symbol>:</Symbol><File Contexts>role</File Contexts><Symbol>:</Symbol><File Contexts (Type Enforcement)>type</File Contexts (Type Enforcement)><Symbol>:</Symbol><File Contexts>s0</File Contexts><Symbol>,</Symbol><Normal Text>other</Normal Text><br/>
|
