This commit is contained in:
Karl MacMillan 2005-06-15 21:19:06 +00:00
parent 45d25ff075
commit 5ba9f0b643
2 changed files with 10 additions and 4 deletions

View File

@ -0,0 +1,4 @@
<h1>Contributing</h1>
<p>
If you are interested in working on refpolicy feel free to contact the developers at either <a mailto="selinux@tresys.com">selinux@tresys.com</a> or on the <A href="http://www.nsa.gov/selinux/info/list.cfm?MenuID=41.1.1.9">SELinux mailing list</A>. All public development related discussion happens on the SELinux mailing list.
</p>

View File

@ -11,7 +11,7 @@ Modules should be placed in refpolicy/policy/LAYER, where LAYER is the name of t
</p> </p>
<h3>Module TE Policy</h3> <h3>Module TE Policy</h3>
<p> <p>
First, let's create myapp.te and add the following: First create myapp.te and add the following:
<div id="codeblock"> <div id="codeblock">
<pre> <pre>
# Private type declarations # Private type declarations
@ -38,19 +38,20 @@ allow myapp_t myapp_log_t:file ra_file_perms;
allow myapp_t myapp_tmp_t:file create_file_perms; allow myapp_t myapp_tmp_t:file create_file_perms;
</pre> </pre>
</div> </div>
This allows myapp_t to write to it's private types, but it needs to be able to <p>This allows myapp_t to write to it's private types, but it needs to be able to
create its temporary files in /tmp. This requires a call to the files module. create its temporary files in /tmp. This requires a call to the files module.</p>
<div id="codeblock"> <div id="codeblock">
<pre> <pre>
files_create_tmp_files(myapp_t,myapp_tmp_t,file) files_create_tmp_files(myapp_t,myapp_tmp_t,file)
</pre> </pre>
</div> </div>
<p>
This call to the files module allows myapp_t to create myapp_tmp_t files in This call to the files module allows myapp_t to create myapp_tmp_t files in
the /tmp directory. the /tmp directory.
</p> </p>
<h3>Module IF Policy</h3> <h3>Module IF Policy</h3>
<p> <p>
First, let's create myapp.if and add the following: The interface file creates the macros that other modules will use to gain access to my resources. This allows the module that created the type or attribute to define appropriate uses. Additionally, it provides a single point for documentation. Create myapp.if and add the following:
<div id="codeblock"> <div id="codeblock">
<pre> <pre>
## &lt;module name="myapp" layer="apps"&gt; ## &lt;module name="myapp" layer="apps"&gt;
@ -102,6 +103,7 @@ define(`myapp_read_log',`
## &lt;/module&gt; ## &lt;/module&gt;
</pre> </pre>
</div> </div>
<p>
The first interface allows other domains to do a domain The first interface allows other domains to do a domain
transition to myapp_t, by executing a program labeled myapp_exec_t. transition to myapp_t, by executing a program labeled myapp_exec_t.
</p> </p>