لطفا منتظر باشید ...
9.1 The SELinux Policy Source Tree
Chapter 5 explained
the
structure of the SELinux policy source tree. The source tree
typically resides in the directory
/etc/security/selinux/src/policy; however, your
SELinux distribution may place it elsewhere. Table 9-1 recaps the structure of the policy source
tree. You'll likely find it convenient to refer to
this table as you read this chapter; it will help you locate the file
that contains a particular type of declaration, the file to which you
should add a particular type of declaration, or the directory in
which you should create the file to hold a particular type of
declaration. In other words, it's your roadmap to
the policy source tree.
Table 9-1. The SELinux policy source tree
Directory/file
Description
appconfig/*
Defines contexts for special applications, such as
init
.
assert.te
Defines TE assertions.
attrib.te
Defines type attributes.
constraints
Defines Boolean constraints on permissions.
domains/admin.te
Defines administrative domains.
domains/misc/*
Defines miscellaneous domains, such as the
kernel_t
domain.
domains/program/*
Defines domains for specific programs.
domains/user.te
Defines user domains.
file_contexts/misc
Defines security contexts of miscellaneous domains.
file_contexts/program/*
Defines security contexts for files related to specific programs.
file_contexts/types.fc
Defines security contexts applied when the security policy is
installed.
flask/*
Contains filessuch as security_classes,
initial_sids, and
access_vectorsthat define basic Flask
elements and their characteristics. Generally, only SELinux
developers modify the contents of this directory.
fs_use
Defines the labeling behavior for specific filesystem types.
genfs_contexts
Defines security contexts for filesystem types not supporting
persistent labels or that use a fixed labeling scheme.
initial_sid_contexts
Defines the security context for each initial SID. Generally, only
SELinux developers modify the contents of this file.
macros/admin_macros.te
Defines macros used in specifying administrative domains.
macros/base_user_macros.te
Defines rules and types related to an ordinary user domain.
macros/core_macros.te
Defines core TE macros.
macros/global_macros.te
Defines macros used throughout the policy.
macros/mini_user_macros.te
Defines macros used in specifying very simple user domains.
macros/program/*
Defines macros used to specify derived domains that support policy
separation among multiple instances of a single program.
macros/user_macros.te
Defines macros used in specifying user domains.
Makefile
Supports common administrative operations, as explained in the
section of this chapter titled "Using the SELinux
Makefile."
mls
Defines the MLS configuration.
net_contexts
Defines the security contexts of network objects.
policy.??
The policy binary file; for example, policy.17.
policy.conf
The policy source file, assembled under control of the
Makefile, from the component sources.
rbac
Defines the RBAC (Role-Based Access Control) configuration.
serviceusers
Defines users related to specific services (Fedora Core).
tmp/*
A working directory used during policy compilation. The
Makefile assembles the component files of the TE
configuration into the file tmp/all.te.
tunable.te
Provides tweakable macro definitions for tuning the policy (Fedora
Core).
types/*
Contains files defining general typestypes not associated with
a particular domainand related rules.
users
Defines the users.
