SELinux Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH] secilc/docs: document expandtypeattribute
@ 2020-07-30  9:23 Dominick Grift
  2020-07-30 11:45 ` [PATCH v2] " Dominick Grift
  0 siblings, 1 reply; 20+ messages in thread
From: Dominick Grift @ 2020-07-30  9:23 UTC (permalink / raw)
  To: selinux; +Cc: Dominick Grift

This was added for Androids Treble in 2017.

I was unsure whether this belongs in type_statements or in conditional_statements.

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
---
 secilc/docs/cil_type_statements.md | 38 ++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/secilc/docs/cil_type_statements.md b/secilc/docs/cil_type_statements.md
index f9dd3a76..4ac1dcb9 100644
--- a/secilc/docs/cil_type_statements.md
+++ b/secilc/docs/cil_type_statements.md
@@ -213,6 +213,44 @@ This example is equivalent to `{ domain -kernel.process -ueventd.process -init.p
         )
     )
 
+expandtypeattribute
+----------------
+
+Allows expansion compiler defaults for one or more previously declared [`typeattribute`](cil_type_statements.md#typeattribute) identifiers to be overriden.
+
+**Statement definition:**
+
+    (expandtypeattribute typeattribute_id true|false)
+
+**Where:**
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p><code>expandtypeattribute</code></p></td>
+<td align="left"><p>The <code>expandtypeattribute</code> keyword.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><code>typeattribute_id</code></p></td>
+<td align="left"><p>One or more previously declared <code>typeattribute</code> identifiers.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><code>true | false</code></p></td>
+<td align="left"><p>Either true or false.</p></td>
+</tr>
+</tbody>
+</table>
+
+**Example:**
+
+This example will use the expandtypeattribute statement to forcibly expand a previously declared `domain` type attribute.
+
+    (expandtypeattribute domain true)
+
 typebounds
 ----------
 
-- 
2.28.0.rc1


^ permalink raw reply	[flat|nested] 20+ messages in thread

end of thread, back to index

Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-30  9:23 [PATCH] secilc/docs: document expandtypeattribute Dominick Grift
2020-07-30 11:45 ` [PATCH v2] " Dominick Grift
2020-07-30 13:11   ` [PATCH v3] " Dominick Grift
2020-07-30 22:22     ` James Carter
2020-07-31  7:26       ` Dominick Grift
2020-07-31 19:50         ` James Carter
2020-07-31 20:12           ` Dominick Grift
2020-07-31 20:22             ` James Carter
2020-07-31 21:07               ` Dominick Grift
2020-08-02 12:34       ` [PATCH v4] " Dominick Grift
2020-08-03 20:56         ` James Carter
2020-08-04  7:18           ` Dominick Grift
2020-08-04 14:45             ` James Carter
2020-08-04 15:48               ` Dominick Grift
2020-08-04 20:23                 ` James Carter
2020-08-04 20:29                   ` Dominick Grift
2020-08-05 19:23                     ` James Carter
2020-08-05 19:48                       ` [PATCH v5] " Dominick Grift
2020-08-05 20:22                         ` James Carter
2020-08-17 15:57                           ` Stephen Smalley

SELinux Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/selinux/0 selinux/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux selinux/ https://lore.kernel.org/selinux \
		selinux@vger.kernel.org
	public-inbox-index selinux

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git