Warning, /frameworks/syntax-highlighting/autotests/input/test.cil is written in an unsupported language. File is not indexed.
0001 ;; SELinux CIL Policy Example 0002 0003 ;; NOTE: This file is not functional, but 0004 ;; is designed to test syntax highlighting. 0005 0006 ; Brackets colors 0007 ((((((((((((( ))))))))))))) )) 0008 0009 ; Statements 0010 (policycap open_perms) ; Policy config. statement 0011 (mls true) 0012 (handleunknown allow) 0013 0014 (sid kernel) ; Declaration type statement 0015 (classpermissionset char_w (char (write setattr))) ; Other statements 0016 0017 (user user) ; Declare identifier 'user' of user type 0018 (role role) 0019 (type type) 0020 (allow allow) (true true) (in in) (xor xor) 0021 0022 ; List of permissions 0023 (class security (compute_av compute_create compute_member check_context load_policy compute_relabel compute_user setenforce setbool setsecparam setcheckreqprot read_policy)) 0024 0025 ; Highlighting permissions only if there is not a statement keyword 0026 (class binder (impersonate call set_context_mgr transfer receive)) 0027 (class binder (classcommon impersonate call set_context_mgr transfer receive)) 0028 (impersonate call set_context_mgr transfer receive) 0029 (tunableif impersonate call set_context_mgr transfer receive) 0030 0031 ; This is allowed by the CIL compiler 0032 ( typeattribute;comment 0033 all_fs_type_except_usermodehelper_and_proc_security) 0034 (;comment 0035 typeattribute all_fs_type_except_usermodehelper_and_proc_security) 0036 ( ;comment 0037 ;more comments 0038 typeattribute all_fs_type_except_usermodehelper_and_proc_security) 0039 0040 ; Paths 0041 (true true /true true /true/true/ true true/true "true") 0042 ; Global namespace 0043 (true true .true true true.true true .true.true true.true.true 0044 .true. true. true.true. ; invalid 0045 ) 0046 0047 ; Keywords in some rules 0048 0049 ; filecon 0050 (filecon "/system/bin/run-as" file runas_exec_context) 0051 (filecon "/dev/socket/wpa_wlan[0-9]" any u:object_r:wpa.socket:s0-s0) 0052 (filecon "/data/local/mine" dir ()) 0053 (classcommon file any dir) 0054 (file any dir) 0055 ; portcon 0056 (portcon sctp 3333 (unconfined.user object_r unconfined.object levelrange_1)) 0057 (portcon udp 4444 (unconfined.user object_r unconfined.object ((s0) level_2))) 0058 (defaultrole tcp udp) 0059 (tcp udp) 0060 ; fsuse 0061 (fsuse xattr ext4 file.labeledfs_context) 0062 (fsuse task pipefs file.pipefs_context) 0063 (fsuse trans tmpfs file.tmpfs_context) 0064 (typemember xattr task trans) 0065 (xattr task trans) 0066 0067 (allow unconfined.process self (file (read write))) 0068 (allow process httpd.object (file (read write))) 0069 0070 (defaultrange db_table glblub) 0071 0072 ; Paths 0073 "/system/(foo|bar)/[^/]*/(hi){2,6}(.*)?" 0074 "/pa\12th.*a+b?" 0075 /usr/hi\"esc\032esc\*3es{2,2}ds 0076 "/data/(open " 0077 "/data/[open " 0078 0079 0080 ; Some rules 0081 0082 (call macro1("__kmsg__")) 0083 (macro macro1 ((string ARG1)) 0084 (typetransition audit.process device.device chr_file ARG1 device.klog_device) 0085 ) 0086 0087 (allow unconfined.process self (file (read write))) 0088 (auditallow release_app.process secmark_demo.browser_packet (packet (send recv))) 0089 (allowx type_1 type_2 (ioctl tcp_socket (range 0x2000 0x20FF))) 0090 (permissionx ioctl_nodebug (ioctl udp_socket (not (range 0x4000 0x4010)))) 0091 (allowx type_3 type_4 ioctl_nodebug) 0092 (dontauditx type_1 type_2 (ioctl tcp_socket (range 0x3000 0x30FF))) 0093 0094 (class property_service (set)) 0095 (block av_rules 0096 (type type_1) 0097 (type type_2) 0098 (typeattribute all_types) 0099 (typeattributeset all_types ((all))) 0100 0101 (neverallow type_2 all_types (property_service (set))) 0102 ) 0103 (macro binder_call ((type ARG1) (type ARG2)) 0104 (allow ARG1 ARG2 (binder (transfer call))) 0105 ) 0106 (ipaddr netmask_1 255.255.255.0) 0107 0108 (class dir) 0109 (class foo) 0110 (class bar) 0111 (class baz) 0112 (classorder (dir foo)) 0113 (classorder (unordered bar foo baz)) 0114 0115 (classpermission zygote_2) 0116 (classpermissionset zygote_2 (zygote 0117 (and 0118 (all) 0119 (not (specifyinvokewith specifyseinfo)) 0120 ) 0121 )) 0122 0123 (permissionx ioctl_3 (ioctl tcp_socket (and (range 0x8000 0x90FF) (not (range 0x8100 0x82FF))))) 0124 (boolean disableAudioCapture false) 0125 (booleanif (and (not disableAudio) (not disableAudioCapture)) 0126 (true 0127 (allow process mediaserver.audio_capture_device (chr_file_set (rw_file_perms))) 0128 ) 0129 ) 0130 (tunable range_trans_rule false) 0131 0132 (block init 0133 (class process (process)) 0134 (type process) 0135 (tunableif range_trans_rule 0136 (true 0137 (rangetransition process sshd.exec process low_high)))) 0138 0139 (validatetrans file (eq t1 unconfined.process)) 0140 (block ext_gateway 0141 (optional move_file 0142 (typetransition process msg_filter.move_file.in_queue file msg_filter.move_file.in_file) 0143 (allow process msg_filter.move_file.in_queue (dir (read getattr write search add_name))))) 0144 0145 (context runas_exec_context (u object_r exec low_low)) 0146 (filecon "/system/bin/run-as" file runas_exec_context) 0147 0148 (in file 0149 (genfscon rootfs / rootfs_context) 0150 (genfscon selinuxfs / selinuxfs_context) 0151 ) 0152 0153 ; ioctl & call: due to the way in which the highlighter treats the parenthesis blocks 0154 ; (each level of different color), it is not possible to differentiate between statement and permission. 0155 (allowx x bin_t (ioctl policy.file (range 0x1000 0x11FF))) ; ioctl kind 0156 (ioctl read 0157 find connectto) ; kind or permission? 0158 (ioctl read find connectto) ; ioctl permission 0159 (ioctl read ) 0160 (call ioctl read find connectto) ; statement or permission? 0161 ( call ) ; call permission