Class and Permission Statements =============================== common ------ Declares a common identifier in the current namespace with a set of common permissions that can be used by one or more [`class`](cil_class_and_permission_statements.md#class) identifiers. The [`classcommon`](cil_class_and_permission_statements.md#classcommon) statement is used to associate a [`common`](cil_class_and_permission_statements.md#common) identifier to a specific [`class`](cil_class_and_permission_statements.md#class) identifier. **Statement definition:** ```secil (common common_id (permission_id ...)) ``` **Where:**
common
The common keyword.
common_id
The common identifier.
permission_id
One or more permissions.
classcommon
The classcommon keyword.
class_id
A single previously declared class identifier.
class
A single previously declared common identifier that defines the common permissions for that class.
The class keyword.
The class identifier.
Zero or more permissions declared for the class. Note that if zero permissions, an empty list is required as shown in the example.
classorder
The classorder keyword.
One or more class identifiers.
classpermission
The classpermission keyword.
classpermissionset_id
The classpermissionset identifier.
classpermissionset
The classpermissionset keyword.
Zero or more permissions required by the class.
Note that there must be at least one permission identifier or expr declared).
permission
expr
Zero or more expr's, the valid operators and syntax are:
(and (permission_id ...) (permission_id ...))
(or (permission_id ...) (permission_id ...))
(xor (permission_id ...) (permission_id ...))
(not (permission_id ...))
(all)
classmap
The classmap keyword.
classmap_id
The classmap identifier.
classmapping_id
One or more classmapping identifiers.
classmapping
The classmapping keyword.
A single previously declared classmap identifier.
The classmapping identifier.
A single named classpermissionset identifier or a single anonymous classpermissionset using expr's as required (see the classpermissionset statement).
permissionx
The permissionx keyword.
kind
A keyword specifying how to interpret the extended permission values. Must be one of:
description
ioctl
Permissions define a whitelist of ioctl values. Permission values must range from 0x0000 to 0xFFFF, inclusive.
0x0000
0xFFFF
One or more numeric values, specified in decimal, or hexadecimal if prefixed with 0x, or octal if prefixed with 0. Values are interpreted based on the value of kind.
An expression, with valid operators and syntax:
(range (permission ...) (permission ...))
(and (permission ...) (permission ...))
(or (permission ...) (permission ...))
(xor (permission ...) (permission ...))
(not (permission ...))