1# Configuring an OpenHarmony SELinux Policy for a Parameter 2 3## Scenario 4 5To implement access control for a system parameter, you can configure an SELinux label for the parameter. For details about the parameter definition, see [Parameter Management](subsys-boot-init-sysparam.md). 6 7## Procedure 8 9Define the mappings between parameters and labels in the **parameter_contexts** file. If a parameter name ends with a dot (.), the parameter is a wildcard parameter. Otherwise, the parameter is a fixed parameter. 10 11The following is an example of the mapping between a label and a wildcard parameter. The label for parameters starting with **init.svc.** is **u:object_r:init_svc_param:s0**. 12```text 13init.svc. u:object_r:init_svc_param:s0 14``` 15The following is an example of the mapping between a label and a fixed parameter. The label for the parameter **const.secure** is **u:object_r:secure_param:s0**. 16```text 17const.secure u:object_r:secure_param:s0 18``` 19 20The wildcard parameters are labelled by the best match prefix. For example, the **paramter_contexts** file contains the following mappings: 21```text 22init. u:object_r:init_param:s0 23init.svc. u:object_r:init_svc_param:s0 24``` 25Then, 26- The label of the **init.a** parameter is **u:object_r:init_param:s0**. 27- The label of the **init.svc** parameter is **u:object_r:init_param:s0**. 28- The label of the **init.svc.a** parameter is **u:object_r:init_svc_param:s0**. 29 30 31For example, to assign the label **init_svc_param** for parameters prefixed with **init.svc.**, do as follows: 32 331. Add the parameter-label mapping in the **parameter_contexts** file. 34 ```text 35 init.svc. u:object_r:init_svc_param:s0 36 ``` 37 382. Add **init_svc_param** in **type.te** to make the label valid. 39 ```text 40 type init_svc_param, parameter_attr; 41 ``` 42