CIL (Common Intermediate Language) Table of Contents Introduction Design Philosophy Goals and Primary Features Design Overview CIL Information Declarations Definitions Symbol Character Set String Character Set Comments Namespaces Global Namespace Expressions Name String self Example CIL Policy Access Vector Rules allow auditallow dontaudit neverallow allowx auditallowx dontauditx neverallowx Call / Macro Statements call macro Class and Permission Statements common classcommon class classorder classpermission classpermissionset classmap classmapping permissionx Conditional Statements boolean booleanif tunable tunableif Constraint Statements constrain validatetrans mlsconstrain mlsvalidatetrans Container Statements block blockabstract blockinherit optional in Context Statement context Default Object Statements defaultuser defaultrole defaulttype defaultrange File Labeling Statements filecon fsuse genfscon Multi-Level Security Labeling Statements sensitivity sensitivityalias sensitivityaliasactual sensitivityorder category categoryalias categoryaliasactual categoryorder categoryset sensitivitycategory level levelrange rangetransition mlsconstrain mlsvalidatetrans Network Labeling Statements ipaddr netifcon nodecon portcon Policy Configuration Statements mls handleunknown policycap Role Statements role roletype roleattribute roleattributeset roleallow roletransition rolebounds SID Statements sid sidorder sidcontext Type Statements type typealias typealiasactual typeattribute typeattributeset typebounds typechange typemember typetransition typepermissive User Statements user userrole userattribute userattributeset userlevel userrange userbounds userprefix selinuxuser selinuxuserdefault Infiniband Statements ibpkeycon ibendportcon Xen Statements iomemcon ioportcon pcidevicecon pirqcon devicetreecon Example Policy