Access Vector Rules =================== allow ----- Specifies the access allowed between a source and target type. Note that access may be refined by constraint rules based on the source, target and class ([`validatetrans`](cil_constraint_statements.md#validatetrans) or [`mlsvalidatetrans`](cil_constraint_statements.md#mlsvalidatetrans)) or source, target class and permissions ([`constrain`](cil_constraint_statements.md#constrain) or [`mlsconstrain`](cil_constraint_statements.md#mlsconstrain) statements). **Rule definition:** ```secil (allow source_id target_id|self classpermissionset_id ...) ``` **Where:**
allow
The allow keyword.
source_id
A single previously defined source type, typealias or typeattribute identifier.
type
typealias
typeattribute
target_id
A single previously defined target type, typealias or typeattribute identifier.
The self keyword may be used instead to signify that source and target are the same.
self
classpermissionset_id
A single named or anonymous classpermissionset or a single set of classmap/classmapping identifiers.
classpermissionset
classmap
classmapping
auditallow
The auditallow keyword.
dontaudit
The dontaudit keyword.
neverallow
The neverallow keyword.
allowx
The allowx keyword.
A single previously defined source type, typealias, or typeattribute identifier.
A single previously defined target type, typealias, or typeattribute identifier.
permissionx_id
A single named or anonymous permissionx.
permissionx
auditallowx
The auditallowx keyword.
dontauditx
The dontauditx keyword.
neverallowx
The neverallowx keyword.