Each policy module should be self contained -- should not need any other modules (except for base policy that contains mandatory definitions such as object classes, or permissions) to function properly. This is achieved using the following principles: all domains that are influenced (granted access to some resource) by given module are defined in it [1]
Plain allow rules only grant access to types defined in the same module Each module defines interfaces to all resources that should be accessible by other modules The module resources (e. g. types) can only be accessed from other modules using interfaces (i.e. Access to other resources is always granted using interfaces defined by the module that defined given resource) Similarly, attribute assignment is only done in its parent module (module that defined given attribute), or by parent module interfaces
- ↑ Domain transitions are an exception to this rule, however all the necessary rules are still covered by a macro (domtrans_pattern)