Warning, file /frameworks/syntax-highlighting/autotests/html/test.cil.html was not indexed or was modified since last indexation (in which case cross-reference links may be missing, inaccurate or erroneous).
0001 <!DOCTYPE html> 0002 <html><head> 0003 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> 0004 <title>test.cil</title> 0005 <meta name="generator" content="KF5::SyntaxHighlighting - Definition (SELinux CIL Policy) - Theme (Breeze Light)"/> 0006 </head><body style="background-color:#ffffff;color:#1f1c1b"><pre> 0007 <span style="color:#898887;">;; SELinux CIL Policy Example</span> 0008 0009 <span style="color:#898887;">;; </span><span style="color:#81ca2d;background-color:#f7e6e6;font-weight:bold;">NOTE</span><span style="color:#898887;">: This file is not functional, but</span> 0010 <span style="color:#898887;">;; is designed to test syntax highlighting.</span> 0011 0012 <span style="color:#898887;">; Brackets colors</span> 0013 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#888800;font-weight:bold;">(</span><span style="color:#009400;font-weight:bold;">(</span><span style="color:#3689e6;font-weight:bold;">(</span><span style="color:#a56de2;font-weight:bold;">(</span><span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#888800;font-weight:bold;">(</span><span style="color:#009400;font-weight:bold;">(</span><span style="color:#3689e6;font-weight:bold;">(</span><span style="color:#a56de2;font-weight:bold;">(</span><span style="color:#c6262e;font-weight:bold;">(</span> <span style="color:#c6262e;font-weight:bold;">)</span><span style="color:#a56de2;font-weight:bold;">)</span><span style="color:#3689e6;font-weight:bold;">)</span><span style="color:#009400;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span><span style="color:#a56de2;font-weight:bold;">)</span><span style="color:#3689e6;font-weight:bold;">)</span><span style="color:#009400;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> <span style="color:#bf0303;text-decoration:underline;">))</span> 0014 0015 <span style="color:#898887;">; Statements</span> 0016 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#006e28;font-weight:bold;">policycap</span> <span style="color:#006e28;">open_perms</span><span style="color:#c6262e;font-weight:bold;">)</span> <span style="color:#898887;">; Policy config. statement</span> 0017 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#006e28;font-weight:bold;">mls</span> <span style="color:#0095ff;font-weight:bold;">true</span><span style="color:#c6262e;font-weight:bold;">)</span> 0018 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#006e28;font-weight:bold;">handleunknown</span> <span style="color:#bf0303;font-weight:bold;">allow</span><span style="color:#c6262e;font-weight:bold;">)</span> 0019 0020 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">sid</span> kernel<span style="color:#c6262e;font-weight:bold;">)</span> <span style="color:#898887;">; Declaration type statement</span> 0021 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">classpermissionset</span> char_w <span style="color:#ff8800;font-weight:bold;">(</span>char <span style="color:#888800;font-weight:bold;">(</span><span style="color:#e31616;">write</span> <span style="color:#e31616;">setattr</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> <span style="color:#898887;">; Other statements</span> 0022 0023 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">user</span> user<span style="color:#c6262e;font-weight:bold;">)</span> <span style="color:#898887;">; Declare identifier 'user' of user type</span> 0024 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">role</span> role<span style="color:#c6262e;font-weight:bold;">)</span> 0025 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> type<span style="color:#c6262e;font-weight:bold;">)</span> 0026 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> allow<span style="color:#c6262e;font-weight:bold;">)</span> <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#0095ff;font-weight:bold;">true</span> <span style="color:#0095ff;font-weight:bold;">true</span><span style="color:#c6262e;font-weight:bold;">)</span> <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">in</span> in<span style="color:#c6262e;font-weight:bold;">)</span> <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">xor</span> xor<span style="color:#c6262e;font-weight:bold;">)</span> 0027 0028 <span style="color:#898887;">; List of permissions</span> 0029 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> security <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#e31616;">compute_av</span> <span style="color:#e31616;">compute_create</span> <span style="color:#e31616;">compute_member</span> <span style="color:#e31616;">check_context</span> <span style="color:#e31616;">load_policy</span> <span style="color:#e31616;">compute_relabel</span> <span style="color:#e31616;">compute_user</span> <span style="color:#e31616;">setenforce</span> <span style="color:#e31616;">setbool</span> <span style="color:#e31616;">setsecparam</span> <span style="color:#e31616;">setcheckreqprot</span> <span style="color:#e31616;">read_policy</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0030 0031 <span style="color:#898887;">; Highlighting permissions only if there is not a statement keyword</span> 0032 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> binder <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#e31616;">impersonate</span> <span style="color:#e31616;">call</span> <span style="color:#e31616;">set_context_mgr</span> <span style="color:#e31616;">transfer</span> <span style="color:#e31616;">receive</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0033 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> binder <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">classcommon</span> impersonate call set_context_mgr transfer receive<span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0034 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#e31616;">impersonate</span> <span style="color:#e31616;">call</span> <span style="color:#e31616;">set_context_mgr</span> <span style="color:#e31616;">transfer</span> <span style="color:#e31616;">receive</span><span style="color:#c6262e;font-weight:bold;">)</span> 0035 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">tunableif</span> impersonate call set_context_mgr transfer receive<span style="color:#c6262e;font-weight:bold;">)</span> 0036 0037 <span style="color:#898887;">; This is allowed by the CIL compiler</span> 0038 <span style="color:#c6262e;font-weight:bold;">(</span> <span style="color:#644a9b;font-weight:bold;">typeattribute</span><span style="color:#898887;">;comment</span> 0039 all_fs_type_except_usermodehelper_and_proc_security<span style="color:#c6262e;font-weight:bold;">)</span> 0040 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#898887;">;comment</span> 0041 <span style="color:#644a9b;font-weight:bold;">typeattribute</span> all_fs_type_except_usermodehelper_and_proc_security<span style="color:#c6262e;font-weight:bold;">)</span> 0042 <span style="color:#c6262e;font-weight:bold;">(</span> <span style="color:#898887;">;comment</span> 0043 <span style="color:#898887;">;more comments</span> 0044 <span style="color:#644a9b;font-weight:bold;">typeattribute</span> all_fs_type_except_usermodehelper_and_proc_security<span style="color:#c6262e;font-weight:bold;">)</span> 0045 0046 <span style="color:#898887;">; Paths</span> 0047 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#0095ff;font-weight:bold;">true</span> <span style="color:#0095ff;font-weight:bold;">true</span> /true <span style="color:#0095ff;font-weight:bold;">true</span> /true/true/ <span style="color:#0095ff;font-weight:bold;">true</span> <span style="color:#0095ff;font-weight:bold;">true</span>/true <span style="color:#bf0303;">"true"</span><span style="color:#c6262e;font-weight:bold;">)</span> 0048 <span style="color:#898887;">; Global namespace</span> 0049 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#0095ff;font-weight:bold;">true</span> <span style="color:#0095ff;font-weight:bold;">true</span> .true <span style="color:#0095ff;font-weight:bold;">true</span> true.true <span style="color:#0095ff;font-weight:bold;">true</span> .true.true true.true.true 0050 .<span style="color:#0095ff;font-weight:bold;">true</span>. <span style="color:#0095ff;font-weight:bold;">true</span>. <span style="color:#0095ff;font-weight:bold;">true</span>.<span style="color:#0095ff;font-weight:bold;">true</span>. <span style="color:#898887;">; invalid</span> 0051 <span style="color:#c6262e;font-weight:bold;">)</span> 0052 0053 <span style="color:#898887;">; Keywords in some rules</span> 0054 0055 <span style="color:#898887;">; filecon</span> 0056 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">filecon</span> <span style="color:#bf0303;">"/system/bin/run-as"</span> <span style="color:#0057ae;">file</span> runas_exec_context<span style="color:#c6262e;font-weight:bold;">)</span> 0057 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">filecon</span> <span style="color:#bf0303;">"/dev/socket/wpa_wlan</span><span style="color:#ff5500;">[</span><span style="color:#ff5500;">0-9</span><span style="color:#ff5500;">]</span><span style="color:#bf0303;">"</span> <span style="color:#0057ae;">any</span> <span style="color:#ff5500;">u</span>:<span style="color:#ff5500;">object_r</span>:<span style="color:#b08000;">wpa.socket</span>:<span style="color:#ff5500;">s0</span>-<span style="color:#ff5500;">s0</span><span style="color:#c6262e;font-weight:bold;">)</span> 0058 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">filecon</span> <span style="color:#bf0303;">"/data/local/mine"</span> <span style="color:#0057ae;">dir</span> <span style="color:#ff8800;font-weight:bold;">()</span><span style="color:#c6262e;font-weight:bold;">)</span> 0059 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">classcommon</span> file any dir<span style="color:#c6262e;font-weight:bold;">)</span> 0060 <span style="color:#c6262e;font-weight:bold;">(</span>file any dir<span style="color:#c6262e;font-weight:bold;">)</span> 0061 <span style="color:#898887;">; portcon</span> 0062 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">portcon</span> <span style="color:#0057ae;">sctp</span> <span style="color:#b08000;">3333</span> <span style="color:#ff8800;font-weight:bold;">(</span>unconfined.user <span style="font-style:italic;">object_r</span> unconfined.object levelrange_1<span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0063 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">portcon</span> <span style="color:#0057ae;">udp</span> <span style="color:#b08000;">4444</span> <span style="color:#ff8800;font-weight:bold;">(</span>unconfined.user <span style="font-style:italic;">object_r</span> unconfined.object <span style="color:#888800;font-weight:bold;">(</span><span style="color:#009400;font-weight:bold;">(</span>s0<span style="color:#009400;font-weight:bold;">)</span> level_2<span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0064 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">defaultrole</span> tcp udp<span style="color:#c6262e;font-weight:bold;">)</span> 0065 <span style="color:#c6262e;font-weight:bold;">(</span>tcp udp<span style="color:#c6262e;font-weight:bold;">)</span> 0066 <span style="color:#898887;">; fsuse</span> 0067 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">fsuse</span> <span style="color:#0057ae;">xattr</span> <span style="font-style:italic;">ext4</span> file.labeledfs_context<span style="color:#c6262e;font-weight:bold;">)</span> 0068 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">fsuse</span> <span style="color:#0057ae;">task</span> <span style="font-style:italic;">pipefs</span> file.pipefs_context<span style="color:#c6262e;font-weight:bold;">)</span> 0069 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">fsuse</span> <span style="color:#0057ae;">trans</span> <span style="font-style:italic;">tmpfs</span> file.tmpfs_context<span style="color:#c6262e;font-weight:bold;">)</span> 0070 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">typemember</span> xattr task trans<span style="color:#c6262e;font-weight:bold;">)</span> 0071 <span style="color:#c6262e;font-weight:bold;">(</span>xattr task trans<span style="color:#c6262e;font-weight:bold;">)</span> 0072 0073 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> unconfined.process <span style="color:#006e28;">self</span> <span style="color:#ff8800;font-weight:bold;">(</span>file <span style="color:#888800;font-weight:bold;">(</span><span style="color:#e31616;">read</span> <span style="color:#e31616;">write</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0074 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> process httpd.object <span style="color:#ff8800;font-weight:bold;">(</span>file <span style="color:#888800;font-weight:bold;">(</span><span style="color:#e31616;">read</span> <span style="color:#e31616;">write</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0075 0076 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">defaultrange</span> db_table <span style="font-style:italic;">glblub</span><span style="color:#c6262e;font-weight:bold;">)</span> 0077 0078 <span style="color:#898887;">; Paths</span> 0079 <span style="color:#bf0303;">"/system/</span><span style="color:#ff5500;">(</span><span style="color:#ff5500;">foo</span><span style="color:#ca60ca;">|</span><span style="color:#ff5500;">bar</span><span style="color:#ff5500;">)</span><span style="color:#bf0303;">/</span><span style="color:#ff5500;">[</span><span style="color:#ca60ca;">^</span><span style="color:#ff5500;">/</span><span style="color:#ff5500;">]</span><span style="color:#3daee9;">*</span><span style="color:#bf0303;">/</span><span style="color:#ff5500;">(</span><span style="color:#ff5500;">hi</span><span style="color:#ff5500;">){</span><span style="color:#ff5500;">2</span><span style="color:#ca60ca;">,</span><span style="color:#ff5500;">6</span><span style="color:#ff5500;">}(</span><span style="color:#3daee9;">.*</span><span style="color:#ff5500;">)</span><span style="color:#3daee9;">?</span><span style="color:#bf0303;">"</span> 0080 <span style="color:#bf0303;">"/pa</span><span style="color:#924c9d;">\12</span><span style="color:#bf0303;">th</span><span style="color:#3daee9;">.*</span><span style="color:#bf0303;">a</span><span style="color:#3daee9;">+</span><span style="color:#bf0303;">b</span><span style="color:#3daee9;">?</span><span style="color:#bf0303;">"</span> 0081 /usr/hi<span style="color:#924c9d;">\"</span>esc<span style="color:#924c9d;">\032</span>esc<span style="color:#924c9d;">\*</span>3es<span style="color:#ff5500;">{</span><span style="color:#ff5500;">2</span><span style="color:#ca60ca;">,</span><span style="color:#ff5500;">2</span><span style="color:#ff5500;">}</span>ds 0082 <span style="color:#bf0303;">"/data/</span><span style="color:#ff5500;">(</span><span style="color:#ff5500;">ope</span><span style="color:#ff5500;text-decoration:underline;">n</span><span style="color:#ff5500;"> </span><span style="color:#bf0303;">"</span> 0083 <span style="color:#bf0303;">"/data/</span><span style="color:#ff5500;">[</span><span style="color:#ff5500;">ope</span><span style="color:#ff5500;text-decoration:underline;">n</span><span style="color:#ff5500;"> </span><span style="color:#bf0303;">"</span> 0084 0085 0086 <span style="color:#898887;">; Some rules</span> 0087 0088 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">call</span> macro1<span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#bf0303;">"__kmsg__"</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0089 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">macro</span> macro1 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">string</span> ARG1<span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> 0090 <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">typetransition</span> audit.process device.device chr_file ARG1 device.klog_device<span style="color:#ff8800;font-weight:bold;">)</span> 0091 <span style="color:#c6262e;font-weight:bold;">)</span> 0092 0093 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> unconfined.process <span style="color:#006e28;">self</span> <span style="color:#ff8800;font-weight:bold;">(</span>file <span style="color:#888800;font-weight:bold;">(</span><span style="color:#e31616;">read</span> <span style="color:#e31616;">write</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0094 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">auditallow</span> release_app.process secmark_demo.browser_packet <span style="color:#ff8800;font-weight:bold;">(</span>packet <span style="color:#888800;font-weight:bold;">(</span><span style="color:#e31616;">send</span> <span style="color:#e31616;">recv</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0095 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allowx</span> type_1 type_2 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">ioctl</span> tcp_socket <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">range</span> <span style="color:#b08000;">0x2000</span> <span style="color:#b08000;">0x20FF</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0096 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">permissionx</span> ioctl_nodebug <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">ioctl</span> udp_socket <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">not</span> <span style="color:#009400;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">range</span> <span style="color:#b08000;">0x4000</span> <span style="color:#b08000;">0x4010</span><span style="color:#009400;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0097 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allowx</span> type_3 type_4 ioctl_nodebug<span style="color:#c6262e;font-weight:bold;">)</span> 0098 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">dontauditx</span> type_1 type_2 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">ioctl</span> tcp_socket <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">range</span> <span style="color:#b08000;">0x3000</span> <span style="color:#b08000;">0x30FF</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0099 0100 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> property_service <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#e31616;font-style:italic;">set</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0101 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">block</span> av_rules 0102 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> type_1<span style="color:#ff8800;font-weight:bold;">)</span> 0103 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> type_2<span style="color:#ff8800;font-weight:bold;">)</span> 0104 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">typeattribute</span> all_types<span style="color:#ff8800;font-weight:bold;">)</span> 0105 <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">typeattributeset</span> all_types <span style="color:#888800;font-weight:bold;">(</span><span style="color:#009400;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">all</span><span style="color:#009400;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> 0106 0107 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">neverallow</span> type_2 all_types <span style="color:#888800;font-weight:bold;">(</span>property_service <span style="color:#009400;font-weight:bold;">(</span><span style="color:#e31616;font-style:italic;">set</span><span style="color:#009400;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> 0108 <span style="color:#c6262e;font-weight:bold;">)</span> 0109 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">macro</span> binder_call <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#888800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> ARG1<span style="color:#888800;font-weight:bold;">)</span> <span style="color:#888800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> ARG2<span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> 0110 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> ARG1 ARG2 <span style="color:#888800;font-weight:bold;">(</span>binder <span style="color:#009400;font-weight:bold;">(</span><span style="color:#e31616;">transfer</span> <span style="color:#e31616;">call</span><span style="color:#009400;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> 0111 <span style="color:#c6262e;font-weight:bold;">)</span> 0112 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">ipaddr</span> netmask_1 <span style="color:#b08000;">255.255.255.0</span><span style="color:#c6262e;font-weight:bold;">)</span> 0113 0114 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> dir<span style="color:#c6262e;font-weight:bold;">)</span> 0115 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> foo<span style="color:#c6262e;font-weight:bold;">)</span> 0116 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> bar<span style="color:#c6262e;font-weight:bold;">)</span> 0117 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> baz<span style="color:#c6262e;font-weight:bold;">)</span> 0118 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">classorder</span> <span style="color:#ff8800;font-weight:bold;">(</span>dir foo<span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0119 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">classorder</span> <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">unordered</span> bar foo baz<span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0120 0121 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">classpermission</span> zygote_2<span style="color:#c6262e;font-weight:bold;">)</span> 0122 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">classpermissionset</span> zygote_2 <span style="color:#ff8800;font-weight:bold;">(</span>zygote 0123 <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">and</span> 0124 <span style="color:#009400;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">all</span><span style="color:#009400;font-weight:bold;">)</span> 0125 <span style="color:#009400;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">not</span> <span style="color:#3689e6;font-weight:bold;">(</span>specifyinvokewith specifyseinfo<span style="color:#3689e6;font-weight:bold;">)</span><span style="color:#009400;font-weight:bold;">)</span> 0126 <span style="color:#888800;font-weight:bold;">)</span> 0127 <span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0128 0129 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">permissionx</span> ioctl_3 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">ioctl</span> tcp_socket <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">and</span> <span style="color:#009400;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">range</span> <span style="color:#b08000;">0x8000</span> <span style="color:#b08000;">0x90FF</span><span style="color:#009400;font-weight:bold;">)</span> <span style="color:#009400;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">not</span> <span style="color:#3689e6;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">range</span> <span style="color:#b08000;">0x8100</span> <span style="color:#b08000;">0x82FF</span><span style="color:#3689e6;font-weight:bold;">)</span><span style="color:#009400;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0130 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">boolean</span> disableAudioCapture <span style="color:#0095ff;font-weight:bold;">false</span><span style="color:#c6262e;font-weight:bold;">)</span> 0131 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">booleanif</span> <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">and</span> <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">not</span> disableAudio<span style="color:#888800;font-weight:bold;">)</span> <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">not</span> disableAudioCapture<span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> 0132 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0095ff;font-weight:bold;">true</span> 0133 <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> process mediaserver.audio_capture_device <span style="color:#009400;font-weight:bold;">(</span>chr_file_set <span style="color:#3689e6;font-weight:bold;">(</span>rw_file_perms<span style="color:#3689e6;font-weight:bold;">)</span><span style="color:#009400;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span> 0134 <span style="color:#ff8800;font-weight:bold;">)</span> 0135 <span style="color:#c6262e;font-weight:bold;">)</span> 0136 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">tunable</span> range_trans_rule <span style="color:#0095ff;font-weight:bold;">false</span><span style="color:#c6262e;font-weight:bold;">)</span> 0137 0138 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">block</span> init 0139 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> process <span style="color:#888800;font-weight:bold;">(</span>process<span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> 0140 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> process<span style="color:#ff8800;font-weight:bold;">)</span> 0141 <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">tunableif</span> range_trans_rule 0142 <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0095ff;font-weight:bold;">true</span> 0143 <span style="color:#009400;font-weight:bold;">(</span><span style="font-weight:bold;">rangetransition</span> process sshd.exec process low_high<span style="color:#009400;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0144 0145 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">validatetrans</span> file <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">eq</span> <span style="font-style:italic;">t1</span> unconfined.process<span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0146 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">block</span> ext_gateway 0147 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">optional</span> move_file 0148 <span style="color:#888800;font-weight:bold;">(</span><span style="font-weight:bold;">typetransition</span> process msg_filter.move_file.in_queue file msg_filter.move_file.in_file<span style="color:#888800;font-weight:bold;">)</span> 0149 <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> process msg_filter.move_file.in_queue <span style="color:#009400;font-weight:bold;">(</span>dir <span style="color:#3689e6;font-weight:bold;">(</span><span style="color:#e31616;">read</span> <span style="color:#e31616;">getattr</span> <span style="color:#e31616;">write</span> <span style="color:#e31616;">search</span> <span style="color:#e31616;">add_name</span><span style="color:#3689e6;font-weight:bold;">)</span><span style="color:#009400;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0150 0151 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">context</span> runas_exec_context <span style="color:#ff8800;font-weight:bold;">(</span>u <span style="font-style:italic;">object_r</span> exec low_low<span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> 0152 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">filecon</span> <span style="color:#bf0303;">"/system/bin/run-as"</span> <span style="color:#0057ae;">file</span> runas_exec_context<span style="color:#c6262e;font-weight:bold;">)</span> 0153 0154 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">in</span> file 0155 <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">genfscon</span> <span style="font-style:italic;">rootfs</span> / rootfs_context<span style="color:#ff8800;font-weight:bold;">)</span> 0156 <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">genfscon</span> <span style="font-style:italic;">selinuxfs</span> / selinuxfs_context<span style="color:#ff8800;font-weight:bold;">)</span> 0157 <span style="color:#c6262e;font-weight:bold;">)</span> 0158 0159 <span style="color:#898887;">; ioctl & call: due to the way in which the highlighter treats the parenthesis blocks</span> 0160 <span style="color:#898887;">; (each level of different color), it is not possible to differentiate between statement and permission.</span> 0161 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allowx</span> x bin_t <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">ioctl</span> policy.file <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">range</span> <span style="color:#b08000;">0x1000</span> <span style="color:#b08000;">0x11FF</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#c6262e;font-weight:bold;">)</span> <span style="color:#898887;">; ioctl kind</span> 0162 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">ioctl</span> <span style="color:#e31616;">read</span> 0163 <span style="color:#e31616;font-style:italic;">find</span> <span style="color:#e31616;">connectto</span><span style="color:#c6262e;font-weight:bold;">)</span> <span style="color:#898887;">; kind or permission?</span> 0164 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#e31616;">ioctl</span> <span style="color:#e31616;">read</span> <span style="color:#e31616;font-style:italic;">find</span> <span style="color:#e31616;">connectto</span><span style="color:#c6262e;font-weight:bold;">)</span> <span style="color:#898887;">; ioctl permission</span> 0165 <span style="color:#c6262e;font-weight:bold;">(</span><span style="color:#e31616;">ioctl</span> <span style="color:#e31616;">read</span> <span style="color:#c6262e;font-weight:bold;">)</span> 0166 <span style="color:#c6262e;font-weight:bold;">(</span><span style="font-weight:bold;">call</span> <span style="color:#e31616;">ioctl</span> <span style="color:#e31616;">read</span> <span style="color:#e31616;font-style:italic;">find</span> <span style="color:#e31616;">connectto</span><span style="color:#c6262e;font-weight:bold;">)</span> <span style="color:#898887;">; statement or permission?</span> 0167 <span style="color:#c6262e;font-weight:bold;">(</span> <span style="color:#e31616;">call</span> <span style="color:#c6262e;font-weight:bold;">)</span> <span style="color:#898887;">; call permission</span> 0168 </pre></body></html>