SELinux policy developers already have a number of file formats to work with. Currently, policy code is written in a set of three files:
.tefile contains the SELinux policy code (type enforcement rules)
.iffile contains functions which turn a set of arguments into blocks of SELinux policy code (interfaces). These functions are called by other interface files or type enforcement files
.fcfile contains mappings of file path expressions towards labels (file contexts)
These files are compiled into loadable modules (or a base module) which are then transformed to an active policy. But this is not a single-step approach.more ...