All of lore.kernel.org
 help / color / mirror / Atom feed
From: James Carter <jwcart2@tycho.nsa.gov>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: qingtao.cao@windriver.com, Eric Paris <eparis@redhat.com>,
	"Christopher J. PeBenito" <cpebenito@tresys.com>,
	Daniel J Walsh <dwalsh@redhat.com>,
	SELinux <selinux@tycho.nsa.gov>
Subject: Re: checkpolicy is broken (which is not)
Date: Fri, 05 Aug 2011 12:58:32 -0400	[thread overview]
Message-ID: <1312563512.23489.17.camel@moss-lions.epoch.ncsc.mil> (raw)
In-Reply-To: <1312548982.19283.14.camel@moss-pluto>

On Fri, 2011-08-05 at 08:56 -0400, Stephen Smalley wrote:
> On Fri, 2011-08-05 at 12:19 +0800, Harry Ciao wrote:
> > Hi Eric,
> > 
> > Let me explain more about the background story.
> > 
> > The existing type rule could declare a type, and optionally associate it
> > with a list of type attributes. So I invented this "role <regular role>
> > attribute <a list of role attributes>" rule in the same manner to do the
> > similar things for roles, since I figure this would make refpolicy rules
> > similar and easy to remember and use.
> > 
> > Now that the above new role-attr rule takes care of declaring roles,
> > this duty has to be removed from role-type rule in order to avoid
> > ambiguity, and the role-type rule would be used to only associate types
> > with roles, which only requires TWO lines of code as in 3cbc9727, since
> > mostly used roles such as system_r have been declared in kernel.te(in
> > order to avoid some build failure).
> > 
> > In a word, we could preserve the behavior of role-type rule, but this
> > would introduce discrepancy between that of role-attr rule and type-attr
> > rule, considering that getting used to the new toolchain only requires
> > an easy cherry-pick of only 2 lines of change, would it be that
> > desirable for us to do so?
> 
> I don't think we should introduce an incompatible policy language change
> without very strong reasons.  It is fine to introduce new constructs
> like your role...attribute construct, but we shouldn't change the
> meaning of role...type statements and thereby render invalid policies
> that used to be valid.
> 

In the up and coming CIL compiler, declaration and use are always
separate, so user, role, and type rules are only used to declare. There
are typealias, typeattribute, and other such rules to define
associations. For a role there is a separate roletype rule to associate
a type with a role.

So if roletype and roleattribute rules were created for the current
toolchain, the current role rule would not have to be changed. Newer
policies could use the role rule only to declare a role, but it could
still be used in the old way for backwards compatibility.

-- 
James Carter <jwcart2@tycho.nsa.gov>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

  parent reply	other threads:[~2011-08-05 16:58 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <4E3AEA75.3090602@redhat.com>
     [not found] ` <4E3B3D39.4020700@windriver.com>
2011-08-05  1:15   ` checkpolicy is broken (which is not) Harry Ciao
2011-08-05  2:29     ` Eric Paris
2011-08-05  2:29       ` [refpolicy] " Eric Paris
2011-08-05  4:19       ` Harry Ciao
2011-08-05 12:56         ` Stephen Smalley
2011-08-05 12:59           ` Daniel J Walsh
2011-08-05 13:27             ` Stephen Smalley
2011-08-05 14:42               ` Daniel J Walsh
2011-08-05 15:30                 ` Russell Coker
2011-08-05 16:20                   ` Stephen Smalley
2011-08-08  6:41                     ` HarryCiao
2011-08-08 12:01                       ` Stephen Smalley
2011-08-05 15:45             ` Joshua Brindle
2011-08-08  5:38             ` Harry Ciao
2011-08-05 16:58           ` James Carter [this message]
2011-08-05 17:23             ` Eric Paris
2011-08-07  4:43               ` Joshua Brindle

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1312563512.23489.17.camel@moss-lions.epoch.ncsc.mil \
    --to=jwcart2@tycho.nsa.gov \
    --cc=cpebenito@tresys.com \
    --cc=dwalsh@redhat.com \
    --cc=eparis@redhat.com \
    --cc=qingtao.cao@windriver.com \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.