Creating custom modules
We can always maintain our own SELinux policy modules as well. To accomplish this, we either need to have at least a file with the .te suffix (which stands for type enforcement) and optionally a file context (.fc) file and interface (.if) file or, when using the new policy format, a .cil file. All these files need to have the same base name, which will be used as a module name later.
There are several formats in which SELinux policy modules can be written:
The first format we call SELinux native. It does not understand reference policy macros, but it is the base policy development approach that is still in use. The reference project even relies on this format to build its own set of rules.
The second format we call reference policy style. Here, macros are provided that facilitate SELinux policy development while still supporting most of the syntax that SELinux native uses. Transitioning from SELinux native to reference policy style is therefore quite simple.
The third...
