SELinux security policy for OpenWrt

Git:
    git://git.defensec.nl/selinux-policy.git
    https://git.defensec.nl/selinux-policy.git
Git web:
    https://git.defensec.nl/?p=selinux-policy.git
Author:
    Dominick Grift <dominick.grift@defensec.nl>
License:
    Unlicense
Requirements:
    SELinux CIL compiler (secilc) and optionally policycoreutils (setfiles) for the check Makefile target (make check)
Contributing:
    Please sign-off on your patches and send them to <dominick.grift@defensec.nl> with git send-email
Feedback:
    Found a bug? Send AVC denials (`dmesg | grep -i denied`) along with a brief description of what you were doing to <dominick.grift@defensec.nl>

Introduction:

    This repository contains a basic modern SELinux security policy
    designed specifically for OpenWrt. It uses the Type-Enforcement
    security model to implement a targeted policy model that covers a
    moderate selection of basic components with the goal of enhancing
    integrity to help ensure continuity of systems operations.
    Security-Enhanced Linux (SELinux) is a flexible framework that
    allows for fine-grained mandatory access control.

    The SELinux policy is written in modern Common Intermediate
    Language that is native to SELinux and can easily be extended to
    address a wide variety of access control challenges. The
    permissive license allows for creation of custom policy models
    based off of this basic SELinux policy to be enclosed -for
    example using the Image Builder that supports SELinux- as a
    replacement.

Installation:

    Please see support/selinux-policy-XXXX for an example package
    manifest for OpenWrt.

Notes:

    Some chips might lack support for CONFIG_STRICT_KERNEL_RWX and in
    that scenario you will see unexplained "execute", "execmem" and
    possibly "execstack" events. These events can be suppressed with:
    echo 1 > /sys/fs/selinux/checkreqprot.
