| Message ID | 20200730114150.915048-1-dominick.grift@defensec.nl (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [SELinux-notebook,v3] type_statements: document expandattribute | expand |
On Thu, Jul 30, 2020 at 7:42 AM Dominick Grift <dominick.grift@defensec.nl> wrote: > > This functionality was added for Androids Treble in 2017. > > I was not sure whether this belong here or in conditional_statements.md > > Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> > --- > v2: change expandtypeattribute to expandattribute > v3: overriden is overridden > > src/type_statements.md | 70 ++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 70 insertions(+) I'm in the process of converting all of the remaining HTML to markdown so I would prefer not to add any new HTML tables if it can be avoided; would you mind trying to write this using markdown's pipe tables (they render correctly on GitHub)? Other than that, do any of the policy or SEAndroid folks have any comments? > diff --git a/src/type_statements.md b/src/type_statements.md > index 61c7191..04b6f4c 100644 > --- a/src/type_statements.md > +++ b/src/type_statements.md > @@ -201,6 +201,76 @@ attribute non_security_file_type; > > <br> > > +## `expandattribute` > + > +The `expandattribute` statement allows type attribute expansion > +compiler defaults to be overridden. > + > +**The statement definition is:** > + > +`expandattribute attribute_id default_value;` > + > +**Where:** > + > +<table> > +<tbody> > +<tr> > +<td><code>expandattribute</code></td> > +<td>The <code>expandattribute</code> keyword.</td> > +</tr> > +<tr> > +<td><code>attribute_id</code></td> > +<td>One or more previously declared <code>attribute</code>. Multiple entries consist of a space separated list enclosed in braces '{}'.</td> > +</tr> > +<tr> > +<td><code>default_value</code></td> > +<td>Either true or false</td> > +</tr> > +</tbody> > +</table> > + > +**The statement is valid in:** > + > +<table style="text-align:center"> > +<tbody> > +<tr style="background-color:#D3D3D3;"> > +<td><strong>Monolithic Policy</strong></td> > +<td><strong>Base Policy</strong></td> > +<td><strong>Module Policy</strong></td> > +</tr> > +<tr> > +<td>Yes</td> > +<td>Yes</td> > +<td>Yes</td> > +</tr> > +<tr style="background-color:#D3D3D3;"> > +<td><strong>Conditional Policy <code>if</code> Statement</strong></td> > +<td><strong><code>optional</code> Statement</strong></td> > +<td><strong><code>require</code> Statement</strong></td> > +</tr> > +<tr> > +<td>No</td> > +<td>Yes</td> > +<td>No</td> > +</tr> > +</tbody> > +</table> > + > +**Example:** > + > +``` > +# Using the expandattribute statement to forcibly expand a > +# previously declared domain attribute. > + > +# The previously declared attribute: > +attribute domain; > + > +# The attribute stripping using the expandattribute statement: > +expandattribute domain true; > +``` > + > +<br> > + > ## `typeattribute` > > The `typeattribute` statement allows the association of previously > -- > 2.28.0.rc1 >
diff --git a/src/type_statements.md b/src/type_statements.md index 61c7191..04b6f4c 100644 --- a/src/type_statements.md +++ b/src/type_statements.md @@ -201,6 +201,76 @@ attribute non_security_file_type; <br> +## `expandattribute` + +The `expandattribute` statement allows type attribute expansion +compiler defaults to be overridden. + +**The statement definition is:** + +`expandattribute attribute_id default_value;` + +**Where:** + +<table> +<tbody> +<tr> +<td><code>expandattribute</code></td> +<td>The <code>expandattribute</code> keyword.</td> +</tr> +<tr> +<td><code>attribute_id</code></td> +<td>One or more previously declared <code>attribute</code>. Multiple entries consist of a space separated list enclosed in braces '{}'.</td> +</tr> +<tr> +<td><code>default_value</code></td> +<td>Either true or false</td> +</tr> +</tbody> +</table> + +**The statement is valid in:** + +<table style="text-align:center"> +<tbody> +<tr style="background-color:#D3D3D3;"> +<td><strong>Monolithic Policy</strong></td> +<td><strong>Base Policy</strong></td> +<td><strong>Module Policy</strong></td> +</tr> +<tr> +<td>Yes</td> +<td>Yes</td> +<td>Yes</td> +</tr> +<tr style="background-color:#D3D3D3;"> +<td><strong>Conditional Policy <code>if</code> Statement</strong></td> +<td><strong><code>optional</code> Statement</strong></td> +<td><strong><code>require</code> Statement</strong></td> +</tr> +<tr> +<td>No</td> +<td>Yes</td> +<td>No</td> +</tr> +</tbody> +</table> + +**Example:** + +``` +# Using the expandattribute statement to forcibly expand a +# previously declared domain attribute. + +# The previously declared attribute: +attribute domain; + +# The attribute stripping using the expandattribute statement: +expandattribute domain true; +``` + +<br> + ## `typeattribute` The `typeattribute` statement allows the association of previously
This functionality was added for Androids Treble in 2017. I was not sure whether this belong here or in conditional_statements.md Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> --- v2: change expandtypeattribute to expandattribute v3: overriden is overridden src/type_statements.md | 70 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+)