16cd6a6acSopenharmony_ci<?xml version="1.0" encoding="UTF-8"?> 26cd6a6acSopenharmony_ci<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML//EN" 36cd6a6acSopenharmony_ci "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> 46cd6a6acSopenharmony_ci 56cd6a6acSopenharmony_ci<refentry> 66cd6a6acSopenharmony_ci <refentryinfo> 76cd6a6acSopenharmony_ci <author> 86cd6a6acSopenharmony_ci <firstname>Richard</firstname><surname>Haines</surname><contrib></contrib> 96cd6a6acSopenharmony_ci </author> 106cd6a6acSopenharmony_ci </refentryinfo> 116cd6a6acSopenharmony_ci 126cd6a6acSopenharmony_ci <refmeta> 136cd6a6acSopenharmony_ci <refentrytitle>SECILC</refentrytitle> 146cd6a6acSopenharmony_ci <manvolnum>8</manvolnum> 156cd6a6acSopenharmony_ci <refmiscinfo class="date">18 February 2015</refmiscinfo> 166cd6a6acSopenharmony_ci <refmiscinfo class="source">secilc</refmiscinfo> 176cd6a6acSopenharmony_ci <refmiscinfo class="manual">SELinux CIL Compiler</refmiscinfo> 186cd6a6acSopenharmony_ci </refmeta> 196cd6a6acSopenharmony_ci <refnamediv id="name"> 206cd6a6acSopenharmony_ci <refname>secilc</refname> 216cd6a6acSopenharmony_ci <refpurpose>invoke the SELinux Common Intermediate Language (CIL) Compiler</refpurpose> 226cd6a6acSopenharmony_ci </refnamediv> 236cd6a6acSopenharmony_ci 246cd6a6acSopenharmony_ci <refsynopsisdiv id="synopsis"> 256cd6a6acSopenharmony_ci <cmdsynopsis> 266cd6a6acSopenharmony_ci <command>secilc</command> 276cd6a6acSopenharmony_ci <arg choice="opt" rep="repeat"><replaceable>OPTION</replaceable></arg> 286cd6a6acSopenharmony_ci <arg choice="plain"><replaceable>file</replaceable></arg> 296cd6a6acSopenharmony_ci </cmdsynopsis> 306cd6a6acSopenharmony_ci </refsynopsisdiv> 316cd6a6acSopenharmony_ci 326cd6a6acSopenharmony_ci <refsect1 id="description"><title>DESCRIPTION</title> 336cd6a6acSopenharmony_ci <para><emphasis role="italic">secilc</emphasis> invokes the CIL compiler with the specified <emphasis role="italic">argument</emphasis>s to build a kernel binary policy. A <emphasis role="bold">file_contexts</emphasis> file will also be built as described in the <emphasis role="bold">FILE FORMAT</emphasis> section of <citerefentry><refentrytitle>file_contexts</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> 346cd6a6acSopenharmony_ci </refsect1> 356cd6a6acSopenharmony_ci 366cd6a6acSopenharmony_ci <refsect1 id="options"><title>OPTIONS</title> 376cd6a6acSopenharmony_ci <variablelist> 386cd6a6acSopenharmony_ci <varlistentry> 396cd6a6acSopenharmony_ci <term><option>-o, --output=<file></option></term> 406cd6a6acSopenharmony_ci <listitem><para>Write binary policy to <emphasis role="italic">file</emphasis> (default: policy.<emphasis role="italic">version</emphasis>)</para></listitem> 416cd6a6acSopenharmony_ci </varlistentry> 426cd6a6acSopenharmony_ci 436cd6a6acSopenharmony_ci <varlistentry> 446cd6a6acSopenharmony_ci <term><option>-f, --filecontext=<file></option></term> 456cd6a6acSopenharmony_ci <listitem><para>Write file contexts to <emphasis role="italic">file</emphasis> (default: <emphasis role="bold">file_contexts</emphasis>)</para></listitem> 466cd6a6acSopenharmony_ci </varlistentry> 476cd6a6acSopenharmony_ci 486cd6a6acSopenharmony_ci <varlistentry> 496cd6a6acSopenharmony_ci <term><option>-t, --target=<type></option></term> 506cd6a6acSopenharmony_ci <listitem><para>Specify target architecture. May be <emphasis role="bold">selinux</emphasis> or <emphasis role="bold">xen</emphasis> (default: <emphasis role="bold">selinux</emphasis>)</para></listitem> 516cd6a6acSopenharmony_ci </varlistentry> 526cd6a6acSopenharmony_ci 536cd6a6acSopenharmony_ci <varlistentry> 546cd6a6acSopenharmony_ci <term><option>-M, --mls true|false</option></term> 556cd6a6acSopenharmony_ci <listitem><para>Build an mls policy. Must be <emphasis role="bold">true</emphasis> or <emphasis role="bold">false</emphasis>. This will override the <emphasis role="bold">(mls <emphasis role="italic">boolean</emphasis></emphasis><emphasis role="bold">)</emphasis> statement if present in the policy.</para></listitem> 566cd6a6acSopenharmony_ci </varlistentry> 576cd6a6acSopenharmony_ci 586cd6a6acSopenharmony_ci <varlistentry> 596cd6a6acSopenharmony_ci <term><option>-c, --policyvers=<version></option></term> 606cd6a6acSopenharmony_ci <listitem><para>Build a binary policy with a given <emphasis role="italic">version</emphasis> (default: depends on the systems SELinux policy <emphasis role="italic">version</emphasis>, see <citerefentry><refentrytitle>sestatus</refentrytitle><manvolnum>8</manvolnum></citerefentry>)</para></listitem> 616cd6a6acSopenharmony_ci </varlistentry> 626cd6a6acSopenharmony_ci 636cd6a6acSopenharmony_ci <varlistentry> 646cd6a6acSopenharmony_ci <term><option>-U, --handle-unknown=<action></option></term> 656cd6a6acSopenharmony_ci <listitem><para>How to handle unknown classes or permissions. May be <emphasis role="bold">deny</emphasis>, <emphasis role="bold">allow</emphasis>, or <emphasis role="bold">reject</emphasis> (default: <emphasis role="bold">deny</emphasis>). This will override the <emphasis role="bold">(handleunknown <emphasis role="italic">action</emphasis></emphasis><emphasis role="bold">)</emphasis> statement if present in the policy.</para></listitem> 666cd6a6acSopenharmony_ci </varlistentry> 676cd6a6acSopenharmony_ci 686cd6a6acSopenharmony_ci <varlistentry> 696cd6a6acSopenharmony_ci <term><option>-D, --disable-dontaudit</option></term> 706cd6a6acSopenharmony_ci <listitem><para>Do not add <emphasis role="bold">dontaudit</emphasis> rules to the binary policy.</para></listitem> 716cd6a6acSopenharmony_ci </varlistentry> 726cd6a6acSopenharmony_ci 736cd6a6acSopenharmony_ci <varlistentry> 746cd6a6acSopenharmony_ci <term><option>-P, --preserve-tunables</option></term> 756cd6a6acSopenharmony_ci <listitem><para>Treat tunables as booleans.</para></listitem> 766cd6a6acSopenharmony_ci </varlistentry> 776cd6a6acSopenharmony_ci 786cd6a6acSopenharmony_ci <varlistentry> 796cd6a6acSopenharmony_ci <term><option>-Q, --qualified-names</option></term> 806cd6a6acSopenharmony_ci <listitem><para>Allow names containing dots (qualified names). Blocks, blockinherits, blockabstracts, and in-statements will not be allowed.</para></listitem> 816cd6a6acSopenharmony_ci </varlistentry> 826cd6a6acSopenharmony_ci 836cd6a6acSopenharmony_ci <varlistentry> 846cd6a6acSopenharmony_ci <term><option>-m, --multiple-decls</option></term> 856cd6a6acSopenharmony_ci <listitem><para>Allow some statements to be re-declared.</para></listitem> 866cd6a6acSopenharmony_ci </varlistentry> 876cd6a6acSopenharmony_ci 886cd6a6acSopenharmony_ci <varlistentry> 896cd6a6acSopenharmony_ci <term><option>-N, --disable-neverallow</option></term> 906cd6a6acSopenharmony_ci <listitem><para>Do not check <emphasis role="bold">neverallow</emphasis> rules.</para></listitem> 916cd6a6acSopenharmony_ci </varlistentry> 926cd6a6acSopenharmony_ci 936cd6a6acSopenharmony_ci <varlistentry> 946cd6a6acSopenharmony_ci <term><option>-G, --expand-generated</option></term> 956cd6a6acSopenharmony_ci <listitem><para>Expand and remove auto-generated attributes</para></listitem> 966cd6a6acSopenharmony_ci </varlistentry> 976cd6a6acSopenharmony_ci 986cd6a6acSopenharmony_ci <varlistentry> 996cd6a6acSopenharmony_ci <term><option>-X, --attrs-size <size></option></term> 1006cd6a6acSopenharmony_ci <listitem><para>Expand type attributes with fewer than <emphasis role="bold"><SIZE></emphasis> members.</para></listitem> 1016cd6a6acSopenharmony_ci </varlistentry> 1026cd6a6acSopenharmony_ci 1036cd6a6acSopenharmony_ci <varlistentry> 1046cd6a6acSopenharmony_ci <term><option>-O, --optimize</option></term> 1056cd6a6acSopenharmony_ci <listitem><para>Optimize final policy (remove redundant rules).</para></listitem> 1066cd6a6acSopenharmony_ci </varlistentry> 1076cd6a6acSopenharmony_ci 1086cd6a6acSopenharmony_ci <varlistentry> 1096cd6a6acSopenharmony_ci <term><option>-v, --verbose</option></term> 1106cd6a6acSopenharmony_ci <listitem><para>Increment verbosity level.</para></listitem> 1116cd6a6acSopenharmony_ci </varlistentry> 1126cd6a6acSopenharmony_ci 1136cd6a6acSopenharmony_ci <varlistentry> 1146cd6a6acSopenharmony_ci <term><option>-h, --help</option></term> 1156cd6a6acSopenharmony_ci <listitem><para>Display usage information.</para></listitem> 1166cd6a6acSopenharmony_ci </varlistentry> 1176cd6a6acSopenharmony_ci </variablelist> 1186cd6a6acSopenharmony_ci </refsect1> 1196cd6a6acSopenharmony_ci 1206cd6a6acSopenharmony_ci <refsect1 id="see_also"><title>SEE ALSO</title> 1216cd6a6acSopenharmony_ci <para> 1226cd6a6acSopenharmony_ci <simplelist type="inline"> 1236cd6a6acSopenharmony_ci <member><citerefentry> 1246cd6a6acSopenharmony_ci <refentrytitle>file_contexts</refentrytitle> 1256cd6a6acSopenharmony_ci <manvolnum>5</manvolnum> 1266cd6a6acSopenharmony_ci </citerefentry></member> 1276cd6a6acSopenharmony_ci <member><citerefentry> 1286cd6a6acSopenharmony_ci <refentrytitle>sestatus</refentrytitle> 1296cd6a6acSopenharmony_ci <manvolnum>8</manvolnum> 1306cd6a6acSopenharmony_ci </citerefentry></member> 1316cd6a6acSopenharmony_ci </simplelist> 1326cd6a6acSopenharmony_ci </para> 1336cd6a6acSopenharmony_ci <para>HTML documentation describing the CIL language statements is available starting with <emphasis role="italic">docs/html/index.html</emphasis>.</para> 1346cd6a6acSopenharmony_ci <para>PDF documentation describing the CIL language statements is available at: <emphasis role="italic">docs/pdf/CIL_Reference_Guide.pdf</emphasis>.</para> 1356cd6a6acSopenharmony_ci <para>There is a CIL Design Wiki at: <ulink url="http://github.com/SELinuxProject/cil/wiki"></ulink> that describes the goals and features of the CIL language.</para> 1366cd6a6acSopenharmony_ci </refsect1> 1376cd6a6acSopenharmony_ci</refentry> 1386cd6a6acSopenharmony_ci 139