2.2. Where is the Policy?

There are two components to the policy, the binary tree and the source tree. The binary tree comes from the selinux-policy-<policyname> package and supplies the binary policy file. Alternately, the binary policy can be built from source when the selinux-policy-<policyname>-sources package is installed. For Red Hat Enterprise Linux 4 the <policyname> is targeted. Directory conventions for this guide are explained in Section 3 Conventions for SELinux Directories and Files.

To help applications that need the various SELinux paths, libselinux has a number of functions that return the paths to the different configuration files and directories. This keeps applications from having to hard code the paths, especially since the active policy location is dependent on the setting in /etc/selinux/config. The list of functions is available from the manual page which you can view with the command man 3 selinux_binary_policy_path.