XENStatements - Revision history http://selinuxproject.org/w/?title=XENStatements&action=history Revision history for this page on the wiki en MediaWiki 1.10.4 Sun, 19 May 2013 17:24:03 GMT RichardHaines: New page: = Xen Statements = Xen policy supports additional policy language statements: <tt>iomemcon</tt>, <tt>ioportcon</tt>, <tt>pcidevicecon</tt> and <tt>pirqcon</tt> that are discussed in the se... http://selinuxproject.org/w/?title=XENStatements&diff=1302&oldid=prev <p>New page: = Xen Statements = Xen policy supports additional policy language statements: &lt;tt&gt;iomemcon&lt;/tt&gt;, &lt;tt&gt;ioportcon&lt;/tt&gt;, &lt;tt&gt;pcidevicecon&lt;/tt&gt; and &lt;tt&gt;pirqcon&lt;/tt&gt; that are discussed in the se...</p> <p><b>New page</b></p><div>= Xen Statements =<br /> Xen policy supports additional policy language statements: &lt;tt&gt;iomemcon&lt;/tt&gt;, &lt;tt&gt;ioportcon&lt;/tt&gt;, &lt;tt&gt;pcidevicecon&lt;/tt&gt; and &lt;tt&gt;pirqcon&lt;/tt&gt; that are discussed in the sections that follow.<br /> <br /> To compile these additional statements using &lt;tt&gt;'''semodule'''(8)&lt;/tt&gt;, ensure that the &lt;tt&gt;'''semanage.conf'''(5)&lt;/tt&gt; file has the &lt;tt&gt;policy-target=xen&lt;/tt&gt; entry.<br /> <br /> <br /> == iomemcon Statement ==<br /> The sid statement declares the actual SID identifier and is defined at the start of a policy source file.<br /> <br /> '''The statement definition is:'''<br /> &lt;pre&gt;<br /> iomemcon addr context;<br /> &lt;/pre&gt;<br /> <br /> <br /> '''Where:'''<br /> {|border=&quot;1&quot;<br /> | iomemcon<br /> | The iomemcon keyword.<br /> <br /> |-<br /> | addr<br /> | The memory address to apply the context. This may also be a range that consists of a start and end address separated by a hypen ('&lt;tt&gt;-&lt;/tt&gt;').<br /> <br /> |-<br /> | context<br /> | The security context to be applied.<br /> <br /> |}<br /> <br /> <br /> '''The statement is valid in:'''<br /> {|border=&quot;1&quot;<br /> | &lt;center&gt;'''Monolithic Policy'''&lt;/center&gt;<br /> | &lt;center&gt;'''Base Policy'''&lt;/center&gt;<br /> | &lt;center&gt;'''Module Policy'''&lt;/center&gt;<br /> <br /> |-<br /> | &lt;center&gt;Yes&lt;/center&gt;<br /> | &lt;center&gt;Yes&lt;/center&gt;<br /> | &lt;center&gt;No&lt;/center&gt;<br /> <br /> |-<br /> | &lt;center&gt;'''Conditional Policy (if]) Statement'''&lt;/center&gt;<br /> | &lt;center&gt;'''optional Statement'''&lt;/center&gt;<br /> | &lt;center&gt;'''require Statement'''&lt;/center&gt;<br /> <br /> |-<br /> | &lt;center&gt;No&lt;/center&gt;<br /> | &lt;center&gt;No&lt;/center&gt;<br /> | &lt;center&gt;No&lt;/center&gt;<br /> <br /> |}<br /> <br /> <br /> '''Example:'''<br /> &lt;pre&gt;<br /> iomemcon 0xfebd9 system_u:object_r:nicP_t;<br /> <br /> iomemcon 0xfebe0-0xfebff system_u:object_r:nicP_t;<br /> &lt;/pre&gt;<br /> <br /> <br /> == ioportcon Statement ==<br /> The sid statement declares the actual SID identifier and is defined at the start of a policy source file.<br /> <br /> '''The statement definition is:'''<br /> &lt;pre&gt;<br /> ioportcon port context;<br /> &lt;/pre&gt;<br /> <br /> <br /> '''Where:'''<br /> {|border=&quot;1&quot;<br /> | ioportcon<br /> | The ioportcon keyword.<br /> <br /> |-<br /> | port<br /> | The port to apply the context. This may also be a range that consists of a start and end port number separated by a hypen ('&lt;tt&gt;-&lt;/tt&gt;').<br /> <br /> |-<br /> | context<br /> | The security context to be applied.<br /> <br /> |}<br /> <br /> <br /> '''The statement is valid in:'''<br /> {|border=&quot;1&quot;<br /> | &lt;center&gt;'''Monolithic Policy'''&lt;/center&gt;<br /> | &lt;center&gt;'''Base Policy'''&lt;/center&gt;<br /> | &lt;center&gt;'''Module Policy'''&lt;/center&gt;<br /> <br /> |-<br /> | &lt;center&gt;Yes&lt;/center&gt;<br /> | &lt;center&gt;Yes&lt;/center&gt;<br /> | &lt;center&gt;No&lt;/center&gt;<br /> <br /> |-<br /> | &lt;center&gt;'''Conditional Policy (if]) Statement'''&lt;/center&gt;<br /> | &lt;center&gt;'''optional Statement'''&lt;/center&gt;<br /> | &lt;center&gt;'''require Statement'''&lt;/center&gt;<br /> <br /> |-<br /> | &lt;center&gt;No&lt;/center&gt;<br /> | &lt;center&gt;No&lt;/center&gt;<br /> | &lt;center&gt;No&lt;/center&gt;<br /> <br /> |}<br /> <br /> <br /> '''Example:'''<br /> &lt;pre&gt;<br /> ioportcon 0xeac0 system_u:object_r:nicP_t;<br /> <br /> ioportcon 0xecc0-0xecdf system_u:object_r:nicP_t;<br /> &lt;/pre&gt;<br /> <br /> <br /> == pcidevicecon Statement ==<br /> The sid statement declares the actual SID identifier and is defined at the start of a policy source file.<br /> <br /> '''The statement definition is:'''<br /> &lt;pre&gt;<br /> pcidevicecon pci_id context;<br /> &lt;/pre&gt;<br /> <br /> <br /> '''Where:'''<br /> {|border=&quot;1&quot;<br /> | pcidevicecon<br /> | The pcidevicecon keyword.<br /> <br /> |-<br /> | pci_id<br /> | The PCI indentifer.<br /> <br /> |-<br /> | context<br /> | The security context to be applied.<br /> <br /> |}<br /> <br /> <br /> '''The statement is valid in:'''<br /> {|border=&quot;1&quot;<br /> | &lt;center&gt;'''Monolithic Policy'''&lt;/center&gt;<br /> | &lt;center&gt;'''Base Policy'''&lt;/center&gt;<br /> | &lt;center&gt;'''Module Policy'''&lt;/center&gt;<br /> <br /> |-<br /> | &lt;center&gt;Yes&lt;/center&gt;<br /> | &lt;center&gt;Yes&lt;/center&gt;<br /> | &lt;center&gt;No&lt;/center&gt;<br /> <br /> |-<br /> | &lt;center&gt;'''Conditional Policy (if]) Statement'''&lt;/center&gt;<br /> | &lt;center&gt;'''optional Statement'''&lt;/center&gt;<br /> | &lt;center&gt;'''require Statement'''&lt;/center&gt;<br /> <br /> |-<br /> | &lt;center&gt;No&lt;/center&gt;<br /> | &lt;center&gt;No&lt;/center&gt;<br /> | &lt;center&gt;No&lt;/center&gt;<br /> <br /> |}<br /> <br /> <br /> '''Example:'''<br /> &lt;pre&gt;<br /> pcidevicecon 0xc800 system_u:object_r:nicP_t;<br /> &lt;/pre&gt;<br /> <br /> <br /> <br /> == pirqcon Statement ==<br /> The sid statement declares the actual SID identifier and is defined at the start of a policy source file.<br /> <br /> '''The statement definition is:'''<br /> &lt;pre&gt;<br /> pirqcon irq context;<br /> &lt;/pre&gt;<br /> <br /> <br /> '''Where:'''<br /> {|border=&quot;1&quot;<br /> | pirqcon<br /> | The pirqcon keyword.<br /> <br /> |-<br /> | irq<br /> | The interrupt request number.<br /> <br /> |-<br /> | context<br /> | The security context to be applied.<br /> <br /> |}<br /> <br /> <br /> '''The statement is valid in:'''<br /> {|border=&quot;1&quot;<br /> | &lt;center&gt;'''Monolithic Policy'''&lt;/center&gt;<br /> | &lt;center&gt;'''Base Policy'''&lt;/center&gt;<br /> | &lt;center&gt;'''Module Policy'''&lt;/center&gt;<br /> <br /> |-<br /> | &lt;center&gt;Yes&lt;/center&gt;<br /> | &lt;center&gt;Yes&lt;/center&gt;<br /> | &lt;center&gt;No&lt;/center&gt;<br /> <br /> |-<br /> | &lt;center&gt;'''Conditional Policy (if]) Statement'''&lt;/center&gt;<br /> | &lt;center&gt;'''optional Statement'''&lt;/center&gt;<br /> | &lt;center&gt;'''require Statement'''&lt;/center&gt;<br /> <br /> |-<br /> | &lt;center&gt;No&lt;/center&gt;<br /> | &lt;center&gt;No&lt;/center&gt;<br /> | &lt;center&gt;No&lt;/center&gt;<br /> <br /> |}<br /> <br /> <br /> '''Example:'''<br /> &lt;pre&gt;<br /> pirqcon 33 system_u:object_r:nicP_t;<br /> &lt;/pre&gt;<br /> <br /> <br /> ----<br /> &lt;references/&gt;<br /> <br /> [[Category:Notebook]]</div> Mon, 19 Nov 2012 13:43:00 GMT RichardHaines http://selinuxproject.org/page/Talk:XENStatements