xref: /aosp_15_r20/external/selinux/secilc/README (revision 2d543d20722ada2425b5bdab9d0d1d29470e7bba)

SELinux Common Intermediate Language (CIL) Compiler

INTRODUCTION

	The SELinux CIL Compiler is a compiler that converts the CIL language as
	described on the CIL design wiki into a kernel binary policy file.
	Please see the CIL Design Wiki at:
	http://github.com/SELinuxProject/cil/wiki/
	for more information about the goals and features on the CIL language.

DEPENDENCIES

	gcc >= 4.5.1
	libsepol >= 2.5


BUILD STEPS

	Run "make" with one of the following targets:

	make
		Build the CIL compiler (secilc).

	make test
		Pass a sample policy to test with the compiler.

	make install
		Install the secilc compiler and man page to disk.

	make clean
		Remove temporary build files.

	make man
		Build the secilc man page.

	make bare
		Remove temporary build files and compile binaries.


USAGE

	Execute 'secilc' with any number of CIL files as arguments. A binary policy and
	file_contexts file will be created.

	Use the '--help' option for more details.


DOCUMENTATION

	There is a github markdown CIL Reference Guide in the docs directory. To
	view the table of contents, see README.md in the docs directory.

	To convert the github markdown content to HTML and PDF, change to the docs
	directory and run:
		make

	The documents will be located in the docs/html and docs/pdf directories.

	To build the html and pdf, the pandoc package is required.

KNOWN ISSUES

	- Blocks inside of macros causes undefined behavior

	- Policy must be well formed. For example, invalid usage of
	  sensitivities/categories/levels may create an unloaded binary

	- Recursive limits are not handled