mls: support templates

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
author: Dominick Grift <dominick.grift@defensec.nl> 2024-11-04 05:52:25 +0100
committer: Dominick Grift <dominick.grift@defensec.nl> 2024-11-04 06:26:42 +0100
commit: c31f9de714589eb1946a5972ab105011816e2353 (patch)
tree: 2b2ed2e698b09f444f512736f9af617d8ca09a87 /src/sys.cil
parent: 489df53e4bdd8f03047a8c48b2fb8ccd8b51957e (diff)
download: selinux-policy-c31f9de714589eb1946a5972ab105011816e2353.tar.gz
1 files changed, 9 insertions, 3 deletions
diff --git a/src/sys.cil b/src/sys.cil
index fed73dc..9738789 100644
--- a/src/sys.cil
+++ b/src/sys.cil
@@ -1,18 +1,24 @@
 ;; SPDX-FileCopyrightText: © 2024 Dominick Grift <dominick.grift@defensec.nl>
 ;; SPDX-License-Identifier: Unlicense
 
-(sidcontext kernel (sys.id sys.role sys.subj lowlevelrange))
+(sidcontext kernel (sys.id sys.role sys.subj sys.lowlow))
 
 (block sys
 
+  (level low (s0))
+  (level high (s0 .catset))
+
+  (levelrange lowlow (low low))
+  (levelrange lowhigh (low high))
+
   (role role)
   (roletype role subj)
 
   (user id)
   (userrole id role)
 
-  (userlevel id systemlow)
-  (userrange id lowhighlevelrange)
+  (userlevel id low)
+  (userrange id lowhigh)
 
   (blockinherit .subj.template)
author	Dominick Grift <dominick.grift@defensec.nl>	2024-11-04 05:52:25 +0100
committer	Dominick Grift <dominick.grift@defensec.nl>	2024-11-04 06:26:42 +0100
commit	c31f9de714589eb1946a5972ab105011816e2353 (patch)
tree	2b2ed2e698b09f444f512736f9af617d8ca09a87 /src/sys.cil
parent	489df53e4bdd8f03047a8c48b2fb8ccd8b51957e (diff)
download	selinux-policy-c31f9de714589eb1946a5972ab105011816e2353.tar.gz