libsemanage >= 2.4 provides support for CIL and for high level language (HLL) compilers, which convert policy from a defined format to CIL. This allows for the importing and compilation of modules in any format. Currently, libsemanage >= 2.4 ships with support for converting policy packages (.pp) into CIL. By default, the current pp compiler is located in/usr/libexec/selinux/hll/pp

To add support for a new HLL language, there are a few things to consider. The current HLL infrastructure requires that the HLL compiler reads the HLL data from stdin and writes the appropriate CIL to stdout. Note that the data is written to the compiler via apipe(2), so a HLL compiler must not use calls that fail when associated with a pipe (e.g.lseek(2),fseek(3)). The name of the HLL compiler must be the same as the extension for your HLL files. For example, thepp compiler will be used to convert all HLL files ending in.pp to CIL. The HLL to CIL compiler must be placed in the HLL compiler directory. By default this directory is/usr/libexec/selinux/hll/, though this is configurable insemanage.conf with thecompiler-directory option.

The HLL data, cached CIL data, and HLL extension are stored in/var/lib/selinux/<store>/active/modules/<priority>/<module_name>/{cil,hll,lang_ext}. Thelang_ext file contains the extension of the HLL (with no newline), which is used to determine the file in the compiler directory to execute to compile the HLL data to CIL.