diff --git a/autotests/folding/test.te.fold b/autotests/folding/test.te.fold
new file mode 100644
--- /dev/null
+++ b/autotests/folding/test.te.fold
@@ -0,0 +1,125 @@
+# Sample SELinux Policy
+
+## >
+## Sample SELinux Policy
+##
+## >
+## >
+## This module is not functional,
+## but only to test the syntax highlighting.
+##
+##
+## val="true">
+## Depended on by other required modules.
+##
+
+policycap open_perms;
+module myapp 1.0;
+
+require {
+ type httpd_t;
+ type httpd_sys_content_t;
+ type initrc_t;
+ class sock_file write;
+ class unix_stream_socket connectto;
+}
+
+allow httpd_t httpd_sys_content_t:sock_file write;
+allow httpd_t initrc_t:unix_stream_socket connectto;
+
+tunable_policy(`allow_execmem',`
+ /usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0);
+')
+regexp(`GNUs not Unix', `\w\(\w+\)$', `*** \& *** \1 ***')
+ifdef(`distro_ubuntu',`
+ unconfined_domain(chkpwd_t)
+')
+
+dominance { gen_dominance(0,decr($1)) };
+neverallow user=_isolated domain=((?!isolated_app).)*
+
+allow consoletype_t self:capability { sys_admin sys_tty_config };
+allow consoletype_t self:msg { send receive };
+
+# sample for administrative user
+user jadmin roles { staff_r sysadm_r };
+# sample for regular user
+user jdoe roles { user_r };
+
+default_user process source;
+default_range process source low;
+
+sid devnull;
+sid sysctl;
+
+common file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton };
+class dir inherits file { add_name remove_name reparent search rmdir open audit_access execmod };
+class class;
+
+sensitivity s0 alias sens0;
+category c0 alias cat0;
+level s0:c0;
+
+mlsconstrain dir { search read ioctl lock }
+ (( h1 dom h2 ) or ( t1 == mcsreadall ) or
+ (( t1 != mcs_constrained_type ) and (t2 == domain)));
+
+attribute_role dpkg_roles;
+roleattribute system_r dpkg_roles;
+
+role system_r types system_t;
+role_transition hello init_script_file_type system_r;
+
+attribute filesystem_type;
+type dhcp_etc_t;
+typealias dhcp_etc_t alias { etc_dhcp_t etc_dhcpc_t etc_dhcpd_t };
+
+bool le_boolean true;
+TUNABLE allow_java_execstack false;
+
+type_transition root_xdrawable_t input_xevent_t:x_event root_input_xevent_t;
+AUDITALLOW xserver_t { root_xdrawable_t x_domain }:x_drawable send;
+
+optional {
+ neverallow untrusted_app *:{ netlink_route_socket netlink_selinux_socket } ioctl;
+ neverallowxperm shell domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
+};
+
+if le_boolean {
+ DONTAUDIT untrusted_app asec_public_file:file { execute execmod };
+} else {
+ ALLOW untrusted_app perfprofd_data_file:file r_file_perms;
+ allow untrusted_app perfprofd_data_file:dir r_dir_perms;
+};
+
+sid devnull system_u:object_r:null_device_t:s0
+genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)
+genfscon rootfs / gen_context(system_u:object_r:root_t,s0)
+
+genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+genfscon selinuxfs / u:object_r:selinuxfs:s0
+fs_use_trans devtmpfs system_u:object_r:device_t:s0;
+fs_use_task pipefs u:object_r:pipefs:s0;
+fs_use_xattr xfs u:object_r:labeledfs:s0;
+fs_use_xattr btrfs u:object_r:labeledfs:s0;
+
+portcon tcp 80 u:object_r:http_port:s0;
+portcon udp 1024-65535 gen_context(system_u:object_r:unreserved_port_t, s0);
+netifcon $2 gen_context(system_u:object_r:$1,$3) gen_context(system_u:object_r:unlabeled_t,$3);
+
+nodecon 2001:0DB8:AC10:FE01:: 2001:0DE0:DA88:2222:: system_u:object_r:hello_t:s0;
+nodecon ipv4 127.0.0.2 255.255.255.255 system_u:object_r:node_t:s0;
+
+# Regular Expressions
+regexp(`Hello(!|\^\^)+', `
+ ^\s*(?\.)
+ (
+ hello[^\s\x12/][1-9]*| # Hello
+ bye
+ )\s*$
+')
+"aaaa(?=
+sdf sdf)ds(aa
+ aa)"
+"sdf[^
+a]"
diff --git a/autotests/html/test.te.html b/autotests/html/test.te.html
new file mode 100644
--- /dev/null
+++ b/autotests/html/test.te.html
@@ -0,0 +1,132 @@
+
+
+
+test.te
+
+
+# Sample SELinux Policy
+
+## <summary>
+## Sample SELinux Policy
+## </summary>
+## <desc>
+## <p>
+## This module is not functional,
+## but only to test the syntax highlighting.
+## </p>
+## </desc>
+## <required val="true">
+## Depended on by other required modules.
+## </required>
+
+policycap open_perms;
+module myapp 1.0;
+
+require {
+ type httpd_t;
+ type httpd_sys_content_t;
+ type initrc_t;
+ class sock_file write;
+ class unix_stream_socket connectto;
+}
+
+allow httpd_t httpd_sys_content_t:sock_file write;
+allow httpd_t initrc_t:unix_stream_socket connectto;
+
+tunable_policy(`allow_execmem',`
+ /usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0);
+')
+regexp(`GNUs not Unix', `\w\(\w+\)$', `*** \& *** \1 ***')
+ifdef(`distro_ubuntu',`
+ unconfined_domain(chkpwd_t)
+')
+
+dominance { gen_dominance(0,decr($1)) };
+neverallow user=_isolated domain=((?!isolated_app).)*
+
+allow consoletype_t self:capability { sys_admin sys_tty_config };
+allow consoletype_t self:msg { send receive };
+
+# sample for administrative user
+user jadmin roles { staff_r sysadm_r };
+# sample for regular user
+user jdoe roles { user_r };
+
+default_user process source;
+default_range process source low;
+
+sid devnull;
+sid sysctl;
+
+common file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton };
+class dir inherits file { add_name remove_name reparent search rmdir open audit_access execmod };
+class class;
+
+sensitivity s0 alias sens0;
+category c0 alias cat0;
+level s0:c0;
+
+mlsconstrain dir { search read ioctl lock }
+ (( h1 dom h2 ) or ( t1 == mcsreadall ) or
+ (( t1 != mcs_constrained_type ) and (t2 == domain)));
+
+attribute_role dpkg_roles;
+roleattribute system_r dpkg_roles;
+
+role system_r types system_t;
+role_transition hello init_script_file_type system_r;
+
+attribute filesystem_type;
+type dhcp_etc_t;
+typealias dhcp_etc_t alias { etc_dhcp_t etc_dhcpc_t etc_dhcpd_t };
+
+bool le_boolean true;
+TUNABLE allow_java_execstack false;
+
+type_transition root_xdrawable_t input_xevent_t:x_event root_input_xevent_t;
+AUDITALLOW xserver_t { root_xdrawable_t x_domain }:x_drawable send;
+
+optional {
+ neverallow untrusted_app *:{ netlink_route_socket netlink_selinux_socket } ioctl;
+ neverallowxperm shell domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
+};
+
+if le_boolean {
+ DONTAUDIT untrusted_app asec_public_file:file { execute execmod };
+} else {
+ ALLOW untrusted_app perfprofd_data_file:file r_file_perms;
+ allow untrusted_app perfprofd_data_file:dir r_dir_perms;
+};
+
+sid devnull system_u:object_r:null_device_t:s0
+genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)
+genfscon rootfs / gen_context(system_u:object_r:root_t,s0)
+
+genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+genfscon selinuxfs / u:object_r:selinuxfs:s0
+fs_use_trans devtmpfs system_u:object_r:device_t:s0;
+fs_use_task pipefs u:object_r:pipefs:s0;
+fs_use_xattr xfs u:object_r:labeledfs:s0;
+fs_use_xattr btrfs u:object_r:labeledfs:s0;
+
+portcon tcp 80 u:object_r:http_port:s0;
+portcon udp 1024-65535 gen_context(system_u:object_r:unreserved_port_t, s0);
+netifcon $2 gen_context(system_u:object_r:$1,$3) gen_context(system_u:object_r:unlabeled_t,$3);
+
+nodecon 2001:0DB8:AC10:FE01:: 2001:0DE0:DA88:2222:: system_u:object_r:hello_t:s0;
+nodecon ipv4 127.0.0.2 255.255.255.255 system_u:object_r:node_t:s0;
+
+# Regular Expressions
+regexp(`Hello(!|\^\^)+', `
+ ^\s*(?<hello>\.)
+ (
+ hello[^\s\x12/][1-9]*| # Hello
+ bye
+ )\s*$
+')
+"aaaa(?=
+sdf sdf)ds(aa
+ aa)"
+"sdf[^
+a]"
+
diff --git a/autotests/input/test.te b/autotests/input/test.te
new file mode 100644
--- /dev/null
+++ b/autotests/input/test.te
@@ -0,0 +1,125 @@
+# Sample SELinux Policy
+
+##
+## Sample SELinux Policy
+##
+##
+##
+## This module is not functional,
+## but only to test the syntax highlighting.
+##
+##
+##
+## Depended on by other required modules.
+##
+
+policycap open_perms;
+module myapp 1.0;
+
+require {
+ type httpd_t;
+ type httpd_sys_content_t;
+ type initrc_t;
+ class sock_file write;
+ class unix_stream_socket connectto;
+}
+
+allow httpd_t httpd_sys_content_t:sock_file write;
+allow httpd_t initrc_t:unix_stream_socket connectto;
+
+tunable_policy(`allow_execmem',`
+ /usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0);
+')
+regexp(`GNUs not Unix', `\w\(\w+\)$', `*** \& *** \1 ***')
+ifdef(`distro_ubuntu',`
+ unconfined_domain(chkpwd_t)
+')
+
+dominance { gen_dominance(0,decr($1)) };
+neverallow user=_isolated domain=((?!isolated_app).)*
+
+allow consoletype_t self:capability { sys_admin sys_tty_config };
+allow consoletype_t self:msg { send receive };
+
+# sample for administrative user
+user jadmin roles { staff_r sysadm_r };
+# sample for regular user
+user jdoe roles { user_r };
+
+default_user process source;
+default_range process source low;
+
+sid devnull;
+sid sysctl;
+
+common file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton };
+class dir inherits file { add_name remove_name reparent search rmdir open audit_access execmod };
+class class;
+
+sensitivity s0 alias sens0;
+category c0 alias cat0;
+level s0:c0;
+
+mlsconstrain dir { search read ioctl lock }
+ (( h1 dom h2 ) or ( t1 == mcsreadall ) or
+ (( t1 != mcs_constrained_type ) and (t2 == domain)));
+
+attribute_role dpkg_roles;
+roleattribute system_r dpkg_roles;
+
+role system_r types system_t;
+role_transition hello init_script_file_type system_r;
+
+attribute filesystem_type;
+type dhcp_etc_t;
+typealias dhcp_etc_t alias { etc_dhcp_t etc_dhcpc_t etc_dhcpd_t };
+
+bool le_boolean true;
+TUNABLE allow_java_execstack false;
+
+type_transition root_xdrawable_t input_xevent_t:x_event root_input_xevent_t;
+AUDITALLOW xserver_t { root_xdrawable_t x_domain }:x_drawable send;
+
+optional {
+ neverallow untrusted_app *:{ netlink_route_socket netlink_selinux_socket } ioctl;
+ neverallowxperm shell domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
+};
+
+if le_boolean {
+ DONTAUDIT untrusted_app asec_public_file:file { execute execmod };
+} else {
+ ALLOW untrusted_app perfprofd_data_file:file r_file_perms;
+ allow untrusted_app perfprofd_data_file:dir r_dir_perms;
+};
+
+sid devnull system_u:object_r:null_device_t:s0
+genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)
+genfscon rootfs / gen_context(system_u:object_r:root_t,s0)
+
+genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+genfscon selinuxfs / u:object_r:selinuxfs:s0
+fs_use_trans devtmpfs system_u:object_r:device_t:s0;
+fs_use_task pipefs u:object_r:pipefs:s0;
+fs_use_xattr xfs u:object_r:labeledfs:s0;
+fs_use_xattr btrfs u:object_r:labeledfs:s0;
+
+portcon tcp 80 u:object_r:http_port:s0;
+portcon udp 1024-65535 gen_context(system_u:object_r:unreserved_port_t, s0);
+netifcon $2 gen_context(system_u:object_r:$1,$3) gen_context(system_u:object_r:unlabeled_t,$3);
+
+nodecon 2001:0DB8:AC10:FE01:: 2001:0DE0:DA88:2222:: system_u:object_r:hello_t:s0;
+nodecon ipv4 127.0.0.2 255.255.255.255 system_u:object_r:node_t:s0;
+
+# Regular Expressions
+regexp(`Hello(!|\^\^)+', `
+ ^\s*(?\.)
+ (
+ hello[^\s\x12/][1-9]*| # Hello
+ bye
+ )\s*$
+')
+"aaaa(?=
+sdf sdf)ds(aa
+ aa)"
+"sdf[^
+a]"
diff --git a/autotests/reference/test.te.ref b/autotests/reference/test.te.ref
new file mode 100644
--- /dev/null
+++ b/autotests/reference/test.te.ref
@@ -0,0 +1,125 @@
+# Sample SELinux Policy
+
+##
+## Sample SELinux Policy
+##
+##
+##
+## This module is not functional,
+## but only to test the syntax highlighting.
+##
+##
+## val="true">
+## Depended on by other required modules.
+##
+
+policycap open_perms;
+module myapp 1.0;
+
+require {
+ type httpd_t;
+ type httpd_sys_content_t;
+ type initrc_t;
+ class sock_file write;
+ class unix_stream_socket connectto;
+}
+
+allow httpd_t httpd_sys_content_t:sock_file write;
+allow httpd_t initrc_t:unix_stream_socket connectto;
+
+tunable_policy(`allow_execmem',`
+ /usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0);
+')
+regexp(`GNUs not Unix', `\w\(\w+\)$', `*** \& *** \1 ***')
+ifdef(`distro_ubuntu',`
+ unconfined_domain(chkpwd_t)
+')
+
+dominance { gen_dominance(0,decr($1)) };
+neverallow user=_isolated domain=((?!isolated_app).)*
+
+allow consoletype_t self:capability { sys_admin sys_tty_config };
+allow consoletype_t self:msg { send receive };
+
+# sample for administrative user
+user jadmin roles { staff_r sysadm_r };
+# sample for regular user
+user jdoe roles { user_r };
+
+default_user process source;
+default_range process source low;
+
+sid devnull;
+sid sysctl;
+
+common file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton };
+class dir inherits file { add_name remove_name reparent search rmdir open audit_access execmod };
+class class;
+
+sensitivity s0 alias sens0;
+category c0 alias cat0;
+level s0:c0;
+
+mlsconstrain dir { search read ioctl lock }
+ (( h1 dom h2 ) or ( t1 == mcsreadall ) or
+ (( t1 != mcs_constrained_type ) and (t2 == domain)));
+
+attribute_role dpkg_roles;
+roleattribute system_r dpkg_roles;
+
+role system_r types system_t;
+role_transition hello init_script_file_type system_r;
+
+attribute filesystem_type;
+type dhcp_etc_t;
+typealias dhcp_etc_t alias { etc_dhcp_t etc_dhcpc_t etc_dhcpd_t };
+
+bool le_boolean true;
+TUNABLE allow_java_execstack false;
+
+type_transition root_xdrawable_t input_xevent_t:x_event root_input_xevent_t;
+AUDITALLOW xserver_t { root_xdrawable_t x_domain }:x_drawable send;
+
+optional {
+ neverallow untrusted_app *:{ netlink_route_socket netlink_selinux_socket } ioctl;
+ neverallowxperm shell domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
+};
+
+if le_boolean {
+ DONTAUDIT untrusted_app asec_public_file:file { execute execmod };
+} else {
+ ALLOW untrusted_app perfprofd_data_file:file r_file_perms;
+ allow untrusted_app perfprofd_data_file:dir r_dir_perms;
+};
+
+sid devnull system_u:object_r:null_device_t:s0
+genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)
+genfscon rootfs / gen_context(system_u:object_r:root_t,s0)
+
+genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+genfscon selinuxfs / u:object_r:selinuxfs:s0
+fs_use_trans devtmpfs system_u:object_r:device_t:s0;
+fs_use_task pipefs u:object_r:pipefs:s0;
+fs_use_xattr xfs u:object_r:labeledfs:s0;
+fs_use_xattr btrfs u:object_r:labeledfs:s0;
+
+portcon tcp 80 u:object_r:http_port:s0;
+portcon udp 1024-65535 gen_context(system_u:object_r:unreserved_port_t, s0);
+netifcon $2 gen_context(system_u:object_r:$1,$3) gen_context(system_u:object_r:unlabeled_t,$3);
+
+nodecon 2001:0DB8:AC10:FE01:: 2001:0DE0:DA88:2222:: system_u:object_r:hello_t:s0;
+nodecon ipv4 127.0.0.2 255.255.255.255 system_u:object_r:node_t:s0;
+
+# Regular Expressions
+regexp(`Hello(!|\^\^)+', `
+ ^\s*(?\.)
+ (
+ hello[^\s\x12/][1-9]*| # Hello
+ bye
+ )\s*$
+')
+"aaaa(?=
+sdf sdf)ds(aa
+ aa)"
+"sdf[^
+a]"
diff --git a/data/syntax/selinux.xml b/data/syntax/selinux.xml
new file mode 100644
--- /dev/null
+++ b/data/syntax/selinux.xml
@@ -0,0 +1,1524 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+]>
+
+
+
+
+
+
+
+
+ - SELF
+ - self
+
+
+ - FALSE
+ - false
+ - TRUE
+ - true
+
+
+ - ALLOW
+ - allow
+ - NEVERALLOW
+ - neverallow
+ - AUDITALLOW
+ - auditallow
+ - AUDITDENY
+ - auditdeny
+ - DONTAUDIT
+ - dontaudit
+ - ALLOWXPERM
+ - allowxperm
+ - AUDITALLOWXPERM
+ - auditallowxperm
+ - DONTAUDITXPERM
+ - dontauditxperm
+ - NEVERALLOWXPERM
+ - neverallowxperm
+
+
+
+
+ - ALIAS
+ - alias
+ - CLONE
+ - clone
+ - INHERITS
+ - inherits
+ - ROLES
+ - roles
+ - TYPES
+ - types
+
+
+ - ATTRIBUTE
+ - attribute
+ - ATTRIBUTE_ROLE
+ - attribute_role
+ - BOOL
+ - bool
+ - CATEGORY
+ - category
+ - COMMON
+ - common
+ - DOMINANCE
+ - dominance
+ - EXPANDATTRIBUTE
+ - expandattribute
+ - LEVEL
+ - level
+ - MODULE
+ - module
+ - PERMISSIVE
+ - permissive
+ - RANGE
+ - range
+ - RANGE_TRANSITION
+ - range_transition
+ - ROLE
+ - role
+ - ROLEATTRIBUTE
+ - roleattribute
+ - SENSITIVITY
+ - sensitivity
+ - TUNABLE
+ - tunable
+ - TYPE
+ - type
+ - TYPEALIAS
+ - typealias
+ - TYPEATTRIBUTE
+ - typeattribute
+ - TYPEBOUNDS
+ - typebounds
+ - USER
+ - user
+
+ - IF
+ - if
+ - ELSE
+ - else
+ - require
+ - REQUIRE
+ - optional
+ - OPTIONAL
+
+
+ - CLASS
+ - class
+
+
+ - DEVICETREECON
+ - devicetreecon
+ - FS_USE_TASK
+ - fs_use_task
+ - FS_USE_TRANS
+ - fs_use_trans
+ - FS_USE_XATTR
+ - fs_use_xattr
+ - FSCON
+ - fscon
+ - GENFSCON
+ - genfscon
+ - IBENDPORTCON
+ - ibendportcon
+ - IBPKEYCON
+ - ibpkeycon
+ - IOMEMCON
+ - iomemcon
+ - IOPORTCON
+ - ioportcon
+ - NETIFCON
+ - netifcon
+ - NODECON
+ - nodecon
+ - PCIDEVICECON
+ - pcidevicecon
+ - PIRQCON
+ - pirqcon
+ - PORTCON
+ - portcon
+ - SID
+ - sid
+
+
+
+
+ - POLICYCAP
+ - policycap
+
+
+ - TYPE_TRANSITION
+ - type_transition
+ - TYPE_MEMBER
+ - type_member
+ - TYPE_CHANGE
+ - type_change
+
+
+ - ROLE_TRANSITION
+ - role_transition
+
+
+ - DEFAULT_USER
+ - default_user
+ - DEFAULT_ROLE
+ - default_role
+ - DEFAULT_TYPE
+ - default_type
+
+
+ - DEFAULT_RANGE
+ - default_range
+
+
+ - CONSTRAIN
+ - constrain
+ - VALIDATETRANS
+ - validatetrans
+ - MLSCONSTRAIN
+ - mlsconstrain
+ - MLSVALIDATETRANS
+ - mlsvalidatetrans
+
+
+
+ - SOURCE
+ - source
+ - TARGET
+ - target
+
+
+ - SAMEUSER
+ - sameuser
+
+
+
+ - OR
+ - or
+ - AND
+ - and
+ - NOT
+ - not
+ - xor
+ - XOR
+ - eq
+ - EQ
+
+
+ - eq
+ - EQ
+ - dom
+ - DOM
+ - domby
+ - DOMBY
+ - INCOMP
+ - incomp
+
+
+ - r1
+ - R1
+ - r2
+ - R2
+ - r3
+ - R3
+ - u1
+ - U1
+ - u2
+ - U2
+ - u3
+ - U3
+ - t1
+ - T1
+ - t2
+ - T2
+ - t3
+ - T3
+ - l1
+ - L1
+ - l2
+ - L2
+ - h1
+ - H1
+ - h2
+ - H2
+
+
+ - low-high
+ - LOW-HIGH
+ - high
+ - HIGH
+ - low
+ - LOW
+
+
+
+
+ - always_check_network
+ - always_use_network
+ - cgroup_seclabel
+ - extended_socket_class
+ - network_peer_controls
+ - nnp_nosuid_transition
+ - open_perms
+ - redhat1
+
+
+
+
+ - accept
+ - acceptfrom
+ - access
+ - acquire_svc
+ - add
+ - add_child
+ - add_color
+ - add_glyph
+ - add_name
+ - admin
+ - append
+ - associate
+ - attach_queue
+ - audit_access
+ - audit_control
+ - audit_read
+ - audit_write
+ - bell
+ - bind
+ - blend
+ - block_suspend
+ - call
+ - check_context
+ - chfn
+ - chown
+ - chsh
+ - compute_av
+ - compute_create
+ - compute_member
+ - compute_relabel
+ - compute_user
+ - connect
+ - connectto
+ - contains
+ - copy
+ - create
+ - create_files_as
+ - crontab
+ - dac_override
+ - dac_read_search
+ - dccp_recv
+ - dccp_send
+ - debug
+ - delete
+ - destroy
+ - disable
+ - drop
+ - dyntransition
+ - egress
+ - enable
+ - enforce_dest
+ - enqueue
+ - entrypoint
+ - execheap
+ - execmem
+ - execmod
+ - execstack
+ - execute
+ - execute_no_trans
+ - expand
+ - export
+ - force_cursor
+ - fork
+ - forward_in
+ - forward_out
+ - fowner
+ - freeze
+ - fsetid
+ - get_property
+ - get_value
+ - getattr
+ - getcap
+ - getfocus
+ - getgrp
+ - gethost
+ - getopt
+ - getpgid
+ - getpwd
+ - getrlimit
+ - getsched
+ - getserv
+ - getsession
+ - getstat
+ - grab
+ - halt
+ - hide
+ - hide_cursor
+ - impersonate
+ - implement
+ - import
+ - ingress
+ - insert
+ - install
+ - install_module
+ - ioctl
+ - ipc_info
+ - ipc_lock
+ - ipc_owner
+ - kill
+ - lease
+ - link
+ - linux_immutable
+ - list_child
+ - list_property
+ - listen
+ - load_module
+ - load_policy
+ - lock
+ - mac_admin
+ - mac_override
+ - manage
+ - manage_subnet
+ - map
+ - map_create
+ - map_read
+ - map_write
+ - mknod
+ - mmap_zero
+ - module_load
+ - module_request
+ - mount
+ - mounton
+ - name_bind
+ - name_connect
+ - net_admin
+ - net_bind_service
+ - net_broadcast
+ - net_raw
+ - newconn
+ - next_value
+ - nlmsg_read
+ - nlmsg_readpriv
+ - nlmsg_relay
+ - nlmsg_tty_audit
+ - nlmsg_write
+ - nnp_transition
+ - noatsecure
+ - node_bind
+ - nosuid_transition
+ - open
+ - override
+ - passwd
+ - paste
+ - paste_after_confirm
+ - polmatch
+ - prog_load
+ - prog_run
+ - ptrace
+ - query
+ - quotaget
+ - quotamod
+ - quotaon
+ - rawip_recv
+ - rawip_send
+ - read
+ - read_policy
+ - reboot
+ - receive
+ - record
+ - recv
+ - recv_msg
+ - recvfrom
+ - relabelfrom
+ - relabelto
+ - reload
+ - remount
+ - remove
+ - remove_child
+ - remove_color
+ - remove_glyph
+ - remove_name
+ - rename
+ - reparent
+ - rlimitinh
+ - rmdir
+ - rootok
+ - saver_getattr
+ - saver_hide
+ - saver_setattr
+ - saver_show
+ - search
+ - select
+ - send
+ - send_msg
+ - sendto
+ - set_context_mgr
+ - set_property
+ - set_value
+ - setattr
+ - setbool
+ - setcap
+ - setcheckreqprot
+ - setcontext
+ - setcurrent
+ - setenforce
+ - setexec
+ - setfcap
+ - setfocus
+ - setfscreate
+ - setgid
+ - setkeycreate
+ - setopt
+ - setpcap
+ - setpgid
+ - setrlimit
+ - setsched
+ - setsecparam
+ - setsockcreate
+ - setuid
+ - share
+ - shmemgrp
+ - shmemhost
+ - shmempwd
+ - shmemserv
+ - show
+ - show_cursor
+ - shutdown
+ - sigchld
+ - siginh
+ - sigkill
+ - signal
+ - signull
+ - sigstop
+ - start
+ - status
+ - stop
+ - swapon
+ - sys_admin
+ - sys_boot
+ - sys_chroot
+ - sys_module
+ - sys_nice
+ - sys_pacct
+ - sys_ptrace
+ - sys_rawio
+ - sys_resource
+ - sys_time
+ - sys_tty_config
+ - syslog
+ - syslog_console
+ - syslog_mod
+ - syslog_read
+ - tcp_recv
+ - tcp_send
+ - transfer
+ - transition
+ - translate
+ - udp_recv
+ - udp_send
+ - uninstall
+ - unix_read
+ - unix_write
+ - unlink
+ - unmount
+ - update
+ - use
+ - use_as_override
+ - validate_trans
+ - view
+ - wake_alarm
+ - write
+
+
+
+
+
+ - add_auth
+ - clear_uid
+ - closeDecryptSession
+ - consumeRights
+ - decrypt
+ - duplicate
+ - exist
+ - finalizeDecryptUnit
+ - find
+ - gen_unique_id
+ - get
+ - get_state
+ - grant
+ - initializeDecryptUnit
+ - is_empty
+ - list
+ - openDecryptSession
+ - password
+ - pread
+ - reset
+ - set
+ - setPlaybackStatus
+ - sign
+ - unlock
+ - user_changed
+ - verify
+
+
+
+
+
+ - ecryptfs
+ - overlayfs
+ - unionfs
+
+ - devtmpfs
+ - ramfs
+ - tmpfs
+
+ - adfs
+ - affs
+ - afs
+ - apfs
+ - apparmorfs
+ - autofs
+ - bdev
+ - bfs
+ - bpf
+ - btrfs
+ - cachefs
+ - ceph
+ - cgroup2
+ - cgroup
+ - cifs
+ - coda
+ - coherent
+ - configfs
+ - cpuset
+ - cramfs
+ - debugfs
+ - devfs
+ - devpts
+ - efs
+ - exfat
+ - ext2
+ - ext3
+ - ext4
+ - f2fs
+ - fatx
+ - fuse
+ - fuseblk
+ - fusectl
+ - futexfs
+ - gfs
+ - hfs
+ - hfsplus
+ - hpfs
+ - hugetlbfs
+ - ifs
+ - iso9660
+ - jffs2
+ - jffs
+ - jfs
+ - kernfs
+ - lvm2
+ - minix
+ - mqueue
+ - msdos
+ - ncpfs
+ - nfs4
+ - nfs
+ - nilfs2
+ - nilfs
+ - ntfs-3g
+ - ntfs
+ - ocfs
+ - pipefs
+ - proc
+ - procfs
+ - pstore
+ - pstorefs
+ - qnx4
+ - qnx6
+ - reiser4
+ - reiserfs
+ - romfs
+ - rootfs
+ - sdcardfs
+ - securityfs
+ - selinuxfs
+ - shm
+ - smbfs
+ - sockfs
+ - specfs
+ - squashfs
+ - swap
+ - swapfs
+ - sysfs
+ - sysv
+ - tracefs
+ - ubifs
+ - udf
+ - ufs
+ - umsdos
+ - urefs
+ - usbfs
+ - vfat
+ - xenix
+ - xfs
+ - yaffs2
+ - yaffs
+ - zfs
+
+
+ - functionfs
+ - inotifyfs
+ - labeledfs
+ - oemfs
+
+
+
+
+ - policy_module
+ - gen_require
+ - template
+ - interface
+ - optional_policy
+ - gen_tunable
+ - tunable_policy
+ - gen_user
+ - gen_context
+ - gen_bool
+ - gen_cats
+ - gen_sens
+ - gen_levels
+ - mls_systemlow
+ - mls_systemhigh
+ - mcs_systemlow
+ - mcs_systemhigh
+ - mcs_allcats
+ - ifndef
+
+
+
+
+ - __file__
+ - __line__
+ - __program__
+ - builtin
+ - changecom
+ - changequote
+ - changeword
+ - debugfile
+ - debugmode
+ - decr
+ - define
+ - defn
+ - divert
+ - divnum
+ - dnl
+ - dumpdef
+ - errprint
+ - esyscmd
+ - eval
+ - format
+ - ifdef
+ - ifelse
+ - include
+ - incr
+ - index
+ - indir
+ - len
+ - m4exit
+ - m4wrap
+ - maketemp
+ - mkstemp
+ - patsubst
+ - popdef
+ - pushdef
+ - shift
+ - sinclude
+ - substr
+ - syscmd
+ - sysval
+ - traceon
+ - traceoff
+ - translit
+ - undefine
+ - undivert
+ - m4___file__
+ - m4___line__
+ - m4___program__
+ - m4_builtin
+ - m4_changecom
+ - m4_changequote
+ - m4_changeword
+ - m4_debugfile
+ - m4_debugmode
+ - m4_decr
+ - m4_define
+ - m4_defn
+ - m4_divert
+ - m4_divnum
+ - m4_dnl
+ - m4_dumpdef
+ - m4_errprint
+ - m4_esyscmd
+ - m4_eval
+ - m4_format
+ - m4_ifdef
+ - m4_ifelse
+ - m4_include
+ - m4_incr
+ - m4_index
+ - m4_indir
+ - m4_len
+ - m4_m4exit
+ - m4_m4wrap
+ - m4_maketemp
+ - m4_mkstemp
+ - m4_patsubst
+ - m4_popdef
+ - m4_pushdef
+ - m4_shift
+ - m4_sinclude
+ - m4_substr
+ - m4_syscmd
+ - m4_sysval
+ - m4_traceon
+ - m4_traceoff
+ - m4_translit
+ - m4_undefine
+ - m4_undivert
+
+
+ - regexp
+ - m4_regexp
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+