The CDS Framework Toolkit provides a comprehensive architecture for most CDS development. However for some CDS architectures, the toolkit may generate policy that must be altered slightly to meet the CDS requirements. For these cases, CDS Framework provides a way to customize the SELinux policy for any CDS Framework policy object.
This means of customizing policy is only meant to be used as a very last resort.
The better options to customize the generated SELinux policy are to create new dictionary entries or to create new base domains, base resources and abilities.
If other customization techniques do not meet the CDS requirements, right click on a domain, resource, entrypoint, access or enter, and select the menu item Add Custom Policy.... The toolkit will create an SELinux policy template and fill it in with the SELinux policy that would be generated by CDS Framework for the object with its current properties. Then the toolkit will open a SLIDE module editor, allowing you to edit the raw SELinux policy.
Once a policy item is customized, all graphical editing features for that policy item are disabled To remove the customizations for the particular policy item, remove the generated template from the custom module.
Base domains or base resources can not be customized as they are links to the base SELinux policy. If the policy for a base domain or resource does not meet requirements, create a new base domain or base resource for the project.
The naming of custom templates follows a standard pattern.
©2005 - 2009 Tresys Technology, LLC