Lines Matching full:role
0 Role Statements
4 role
7 Declares a role identifier in the current namespace.
11 (role role_id)
22 <td align="left"><p><code>role</code></p></td>
23 <td align="left"><p>The <code>role</code> keyword.</p></td>
27 <td align="left"><p>The <code>role</code> identifier.</p></td>
34 This example declares two roles: `object_r` in the global namespace and `unconfined.role`:
36 (role object_r)
39 (role role)
45 Authorises a [`role`](cil_role_statements.md#role) to access a [`type`](cil_type_statements.md#type) identifier.
49 (role role_id type_id)
65 <td align="left"><p>A single previously declared <code>role</code> or <code>roleattribute</code> identifier.</p></td>
76 This example will declare [`role`](cil_role_statements.md#role) and [`type`](cil_type_statements.md#type) identifiers, then associate them:
79 (role role)
81 (roletype role process)
87 Declares a role attribute identifier in the current namespace. The identifier may have zero or more [`role`](cil_role_statements.md#role) and [`roleattribute`](cil_role_statements.md#roleattribute) identifiers associated to it via the [`typeattributeset`](cil_type_statements.md#typeattributeset) statement.
114 This example will declare a role attribute `roles.role_holder` that will have an empty set:
123 Allows the association of one or more previously declared [`role`](cil_role_statements.md#role) identifiers to a [`roleattribute`](cil_role_statements.md#roleattribute) identifier. Expressions may be used to refine the associations as shown in the examples.
147 <td align="left"><p>Zero or more previously declared <code>role</code> or <code>roleattribute</code> identifiers.</p>
164 This example will declare three roles and two role attributes, then associate all the roles to them as shown:
167 (role role_1)
168 (role role_2)
169 (role role_3)
181 Authorise the current role to assume a new role.
185 - May require a [`roletransition`](cil_role_statements.md#roletransition) rule to ensure transition to the new role.
207 <td align="left"><p>A single previously declared <code>role</code> or <code>roleattribute</code> identifier.</p></td>
211 <td align="left"><p>A single previously declared <code>role</code> or <code>roleattribute</code> identifier.</p></td>
223 Specify a role transition from the current role to a new role when computing a context for the target type. The [`class`](cil_class_and_permission_statements.md#class) identifier would normally be `process`, however for kernel versions 2.6.39 with policy version \>= 25 and above, any valid class may be used. Note that a [`roleallow`](cil_role_statements.md#roleallow) rule must be used to authorise the transition.
243 <td align="left"><p>A single previously declared <code>role</code> or <code>roleattribute</code> identifier.</p></td>
255 <td align="left"><p>A single previously declared <code>role</code> identifier to be set on transition.</p></td>
262 This example will authorise the `unconfined.role` to assume the `msg_filter.role` role, and then transition to that role:
268 (roletype msg_filter.role process)
269 (roleallow unconfined.role msg_filter.role)
270 (roletransition unconfined.role exec process msg_filter.role)
276 Defines a hierarchical relationship between roles where the child role cannot have more privileges than the parent.
280 - It is not possible to bind the parent role to more than one child role.
302 <td align="left"><p>A single previously declared <code>role</code> identifier.</p></td>
306 <td align="left"><p>A single previously declared <code>role</code> identifier.</p></td>
313 In this example the role `test` cannot have greater priviledges than `unconfined.role`:
315 (role test)
318 (role role)
319 (rolebounds role .test)
