SELinux Reference Policy 3 is a rewrite using the Cascade policy
language. This new language allows a shift in the approach of the
policy. With the new ability to delete rules as a feature of the
language, the approach in refpolicy3 is to a slightly coarser
granularity than in v2, aimed at making common case usage the main
focus. This includes a focus on creating higher level abstractions
while keeping low level functions for cases where tight least privilege
access is required.
**Refpolicy 2 will continue to be maintained as normal.**
This is pre-alpha quality. It is using the Cascade language which is
also in development. As such, syntax, structure, and API may change at
any time. This is developing in advance of the compiler development, so
you should not expect it to compile at this time.
This is also an RFC. Please review and comment on structure, style, etc.
Now is the time, as the design is not set. We implemented the majority
of kernel and system layers of refpolicy and are eager to hear your
feedback while the policy is still in its early stages so broad changes
Please send any discussion to the refpolicy mail list. If you would
like to contribute, pull requests on GitHub are strongly preferred, but
patches on the refpolicy mail list are also accepted.
For more information on the Cascade policy language see: