Re: [SELinux-notebook PATCH v3] type_statements: document expandattribute

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Jul 30, 2020 at 7:42 AM Dominick Grift
<dominick.grift@xxxxxxxxxxx> wrote:
>
> This functionality was added for Androids Treble in 2017.
>
> I was not sure whether this belong here or in conditional_statements.md
>
> Signed-off-by: Dominick Grift <dominick.grift@xxxxxxxxxxx>
> ---
> v2: change expandtypeattribute to expandattribute
> v3: overriden is overridden
>
> src/type_statements.md | 70 ++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 70 insertions(+)

I'm in the process of converting all of the remaining HTML to markdown
so I would prefer not to add any new HTML tables if it can be avoided;
would you mind trying to write this using markdown's pipe tables (they
render correctly on GitHub)?

Other than that, do any of the policy or SEAndroid folks have any comments?

> diff --git a/src/type_statements.md b/src/type_statements.md
> index 61c7191..04b6f4c 100644
> --- a/src/type_statements.md
> +++ b/src/type_statements.md
> @@ -201,6 +201,76 @@ attribute non_security_file_type;
>
>  <br>
>
> +## `expandattribute`
> +
> +The `expandattribute` statement allows type attribute expansion
> +compiler defaults to be overridden.
> +
> +**The statement definition is:**
> +
> +`expandattribute attribute_id default_value;`
> +
> +**Where:**
> +
> +<table>
> +<tbody>
> +<tr>
> +<td><code>expandattribute</code></td>
> +<td>The <code>expandattribute</code> keyword.</td>
> +</tr>
> +<tr>
> +<td><code>attribute_id</code></td>
> +<td>One or more previously declared <code>attribute</code>. Multiple entries consist of a space separated list enclosed in braces '{}'.</td>
> +</tr>
> +<tr>
> +<td><code>default_value</code></td>
> +<td>Either true or false</td>
> +</tr>
> +</tbody>
> +</table>
> +
> +**The statement is valid in:**
> +
> +<table style="text-align:center">
> +<tbody>
> +<tr style="background-color:#D3D3D3;">
> +<td><strong>Monolithic Policy</strong></td>
> +<td><strong>Base Policy</strong></td>
> +<td><strong>Module Policy</strong></td>
> +</tr>
> +<tr>
> +<td>Yes</td>
> +<td>Yes</td>
> +<td>Yes</td>
> +</tr>
> +<tr style="background-color:#D3D3D3;">
> +<td><strong>Conditional Policy <code>if</code> Statement</strong></td>
> +<td><strong><code>optional</code> Statement</strong></td>
> +<td><strong><code>require</code> Statement</strong></td>
> +</tr>
> +<tr>
> +<td>No</td>
> +<td>Yes</td>
> +<td>No</td>
> +</tr>
> +</tbody>
> +</table>
> +
> +**Example:**
> +
> +```
> +# Using the expandattribute statement to forcibly expand a
> +# previously declared domain attribute.
> +
> +# The previously declared attribute:
> +attribute domain;
> +
> +# The attribute stripping using the expandattribute statement:
> +expandattribute domain true;
> +```
> +
> +<br>
> +
>  ## `typeattribute`
>
>  The `typeattribute` statement allows the association of previously
> --
> 2.28.0.rc1
>


-- 
paul moore
www.paul-moore.com
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux