SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: policy hierarchy patch This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Darrel Goeddel <dgoeddel_at_TrustedCS.com> Date: Tue, 05 Apr 2005 18:35:25 -0500 Joshua Brindle wrote: >>Sounds good to me. I should actually be able to take a look at it tomorrow and >>help you out with the code. I know that the parsing isn't the prettiest... I >>think I may be able to make it look better in C code. And we didn't really like >>the spaces anyway. >> > > > So what were you thinking? the hierarchy stuff already has the > infrastructure for checking for '.' in the identifier and splitting out > the "parent", which in your case would be the lower part of the range. > Obviously these have hierarchy specific names and would be very > confusing to on-lookers so maybe we could generalize those to avoid > repeating code. > > Then we just convert everything to identifier and anything that expects > a category can check for '.' and set the values appropriately, this > seems even cleaner than the way it's done now with the MLS_CAT_RANGE > string.. > > I can probably bang this out pretty quickly unless you had something > else you wanted to do with MLS or prefer to deal with that part > yourself, let me know what you want to do. Also, will you be able to > send a policy patch at the same time that rids the policy of those > spaces? > > Thanks, Joshua Brindle > Here is a patch relative to the hierarchy-backport.patch that reworks the mls category processing. It gets rid of the special MLS_IDENTIFIER - now uses standard IDENTIFIERS. There is a new centralized function to parse categories which interprets the '.' char in C code (and that nasty MLS_CAT_RANGE stuff is gone). This patch also disallows '.' in the names and aliases of sensitivities and categories. I have only tried this with our mls policy currently - I have not tried this with a policy generated from CVS using the mlsconvert target. The patch does modify the mlsconvert target to fit with the new processing (no spaces around the '.') - I will test that tomorrow. If anyone else tests this first please let me know. I will be banging on this tomorrow to make sure all everything behaves sanely. I am still testing, and am open to suggestions... I'll let everyone know when I am satisfied with it. -- Darrel -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. text/x-patch attachment: hierarchy-mls-fix.patch Received on Tue 5 Apr 2005 - 19:36:28 EDT This message: [ Message body ] Next message: Ivan Gyurdiev: "Re: [ PATCH ] X clients cleanup Patch #3" Previous message: Ivan Gyurdiev: "Re: [ PATCH ] X clients cleanup Patch #3" In reply to: Joshua Brindle: "Re: policy hierarchy patch" Next in thread: Darrel Goeddel: "Re: policy hierarchy patch" Reply: Darrel Goeddel: "Re: policy hierarchy patch" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom