From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzhorn.ncsc.mil (mummy.ncsc.mil [144.51.88.129]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id j4QHVogA006149 for ; Thu, 26 May 2005 13:31:51 -0400 (EDT) Received: from gotham.columbia.tresys.com (jazzhorn.ncsc.mil [144.51.5.9]) by jazzhorn.ncsc.mil (8.12.10/8.12.10) with ESMTP id j4QHQRmU002679 for ; Thu, 26 May 2005 17:26:27 GMT Subject: [Patch 0/3] Loadable policy module infrastructure From: Joshua Brindle To: selinux Cc: selinux-dev@tresys.com Content-Type: text/plain Date: Thu, 26 May 2005 13:26:59 -0400 Message-Id: <1117128419.3482.18.camel@localhost> Mime-Version: 1.0 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov These patches provide the infrastructure to implement loadable policy modules in the SELinux policy compiler. They add all the module data structures and changes to checkpolicy to build a policy by reading the policy.conf into the module structures and then expand it into the current policy format. This will add everything we need to implement the loadable modules in a subsequent patch. We attempted to match the upstream compiler behavior completely and so there are parts of the patch that implements inconsistent logic (such as type conflict handling for conditionals) that we plan on cleaning up later and making consistent. Aside from policies with large amounts of conditional rules the policies generated by this compiler and the current policy compiler will be identical, this ensures that correct policies are being built. The conditional rules are ordered differently by this patch because of the way the conditional expressions are optimized. The policy itself is semantically identical however. Also, we have tested MLS policy generation and it seems to work but we'd like some indication from someone running an MLS system that it indeed does work correctly. We expect to send additional patches soon; one which implements the module language itself and another to remove * and ~ from allow rules per a previous thread on this list. Joshua Brindle Tresys Technology -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.