Type-enforcement (TE) declarations are of seven types:
Type alias declarations
TE access vector table declarations
Conditional statement declarations
The SELinux policy language requires that all type names be explicitly defined. In the simplest possible form, a type declaration merely defines a name as a type. For instance, the type declaration:
ping_t as the name of a type. Type
declarations need not precede all statements that refer to the types
they define; you can place type declarations any place within a TE
Optionally, a type declaration may define one or more aliases for the type name. Any alias associated with a type can be freely used in place of the primary name of the type. A type declaration can also optionally associate one or more attributes with the type name.
Figure 7-1 shows the syntax of a type declaration.
As an example, the
ping.te file contains two
type ping_t, domain, privlog; type ping_exec_t, file_type, sysadmfile, exec_type;
The first declaration identifies
ping_t as a type
name, and associates the attributes
privlog with the type name, marking the type as a
domain that communicates with the system log process. The second
ping_exec_t as a type name, and associates ...