Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: policy hierarchy patch
From: Darrel Goeddel <dgoeddel_at_TrustedCS.com>
Date: Tue, 05 Apr 2005 18:35:25 -0500
>>Sounds good to me. I should actually be able to take a look at it tomorrow and >>help you out with the code. I know that the parsing isn't the prettiest... I >>think I may be able to make it look better in C code. And we didn't really like >>the spaces anyway. >> > > > So what were you thinking? the hierarchy stuff already has the > infrastructure for checking for '.' in the identifier and splitting out > the "parent", which in your case would be the lower part of the range. > Obviously these have hierarchy specific names and would be very > confusing to on-lookers so maybe we could generalize those to avoid > repeating code. > > Then we just convert everything to identifier and anything that expects > a category can check for '.' and set the values appropriately, this > seems even cleaner than the way it's done now with the MLS_CAT_RANGE > string.. > > I can probably bang this out pretty quickly unless you had something > else you wanted to do with MLS or prefer to deal with that part > yourself, let me know what you want to do. Also, will you be able to > send a policy patch at the same time that rids the policy of those > spaces? > > Thanks, Joshua Brindle > Here is a patch relative to the hierarchy-backport.patch that reworks the mls category processing. It gets rid of the special MLS_IDENTIFIER - now uses standard IDENTIFIERS. There is a new centralized function to parse categories which interprets the '.' char in C code (and that nasty MLS_CAT_RANGE stuff is gone). This patch also disallows '.' in the names and aliases of sensitivities and categories. I have only tried this with our mls policy currently - I have not tried this with a policy generated from CVS using the mlsconvert target. The patch does modify the mlsconvert target to fit with the new processing (no spaces around the '.') - I will test that tomorrow. If anyone else tests this first please let me know. I will be banging on this tomorrow to make sure all everything behaves sanely. I am still testing, and am open to suggestions... I'll let everyone know when I am satisfied with it. -- DarrelReceived on Tue 5 Apr 2005 - 19:36:28 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |