Desktop Integration Take 2

Desktop Integration Take 2

[Ivan Gyurdiev]

Okay, after discussing various obstacles, I think it's time to come up 
with a new plan for integrating selinux w/ nautilus.
How about the following:

- Have a file controlled by libsetrans which maps customizable types to 
(unicode?) translated strings
- Have a file controlled by libsetrans which maps mls ranges to 
(unicode?) translated strings
     (setrans.conf)

- Require the mappings above to be 1:1.

- Have two functions (with better names):
get_customizable_types_by_user()
get_mls_labels_by_user()

The first takes a [Unix] user, and returns the translated labels of all 
customizable types accessible { relabelto } from that user.
The second takes a [Unix] user, and returns the translated labels of all 
mls ranges accessible from that user, [ only the labeled ones ].

===========
Make nautilus link to libsetrans.

Then on startup, nautilus calls both of those functions exactly once.
Then it has an enumeration to work with in set interfaces - have a 
drop-down box for the type, and drop-down box for the mls range.
To label a file to a non-customizable context, add a "Restore Context" 
button, which runs restorecon.




--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Desktop Integration Take 2

[Ivan Gyurdiev]

Ivan Gyurdiev wrote:
> Okay, after discussing various obstacles, I think it's time to come up 
> with a new plan for integrating selinux w/ nautilus.
> How about the following:
>
> - Have a file controlled by libsetrans which maps customizable types 
> to (unicode?) translated strings
> - Have a file controlled by libsetrans which maps mls ranges to 
> (unicode?) translated strings
>     (setrans.conf)
>
> - Require the mappings above to be 1:1.
>
> - Have two functions (with better names):
> get_customizable_types_by_user()
> get_mls_labels_by_user()
>
> The first takes a [Unix] user, and returns the translated labels of 
> all customizable types accessible { relabelto } from that user.
> The second takes a [Unix] user, and returns the translated labels of 
> all mls ranges accessible from that user, [ only the labeled ones ].
>
> ===========
> Make nautilus link to libsetrans.
>
> Then on startup, nautilus calls both of those functions exactly once.
> Then it has an enumeration to work with in set interfaces - have a 
> drop-down box for the type, and drop-down box for the mls range.
> To label a file to a non-customizable context, add a "Restore Context" 
> button, which runs restorecon.
>
Any feedback on this plan?  I can write patches against libsetrans if 
there's agreement. Also, I think we should move libsetrans into this 
planned future repository that I hear about for selinux components.



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Desktop Integration Take 2

[Joe Nall]

On Mar 8, 2006, at 1:20 PM, Ivan Gyurdiev wrote:

>> - Have a file controlled by libsetrans which maps mls ranges to  
>> (unicode?) translated strings
>>     (setrans.conf)
>>
>> - Require the mappings above to be 1:1.
...

The work I'm doing on better MLS inverse bit handing (rel country1/ 
country2 ...) in libsetrans supports mapping label fragments  
(individual categories and category ranges) in addition to the  
current 1:1 mapping. With 256 bits, 1:1 MLS mappings are not  
practical because the number of potential combinations is so great. I  
hope to have a patch for review at by the end of next week.

In our CMW work, we have a GUI label builder that understands the MLS  
combination constraints and a 'last 40 labels built' menu. Individual  
users rarely go beyond the 40 labels. An initial manual label  
constructor that saves state in a preferences file would be an  
adequate start.

joe 

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Desktop Integration Take 2

[Ivan Gyurdiev]

>>> - Have a file controlled by libsetrans which maps mls ranges to 
>>> (unicode?) translated strings
>>>     (setrans.conf)
>>>
>>> - Require the mappings above to be 1:1.
> ...
>
> The work I'm doing on better MLS inverse bit handing (rel 
> country1/country2 ...) in libsetrans supports mapping label fragments 
> (individual categories and category ranges) in addition to the current 
> 1:1 mapping.
It was my understanding that the range should be treated as a whole for 
maximum generality, and we shouldn't unroll and translate individual 
categories [ at least for the purposes of nautilus ]. That way you could 
have a coded clearance label like: NSASecretProject, that unrolls to the 
actual categories [ say NDA_1, NDA_3, Programmer, NSA, Security, 
Confidential, ProjectX ], without listing them all individually.
> With 256 bits, 1:1 MLS mappings are not practical because the number 
> of potential combinations is so great. I hope to have a patch for 
> review at by the end of next week.
My comment said they should be 1:1, not onto.
(i.e. I don't expect the setrans file to define a translation for each 
and every bit combination. In fact, I though I could ignore the 
unspecified ones, and not provide access to them via the Nautilus GUI. 
They'd still be available for use, but they wouldn't be exposed via 
nautilus if they're not in the setrans file).

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Desktop Integration Take 2

[Joe Nall]

On Mar 8, 2006, at 3:52 PM, Ivan Gyurdiev wrote:

>
>>>> - Have a file controlled by libsetrans which maps mls ranges to  
>>>> (unicode?) translated strings
>>>>     (setrans.conf)
>>>>
>>>> - Require the mappings above to be 1:1.
>> ...
>>
>> The work I'm doing on better MLS inverse bit handing (rel country1/ 
>> country2 ...) in libsetrans supports mapping label fragments  
>> (individual categories and category ranges) in addition to the  
>> current 1:1 mapping.
> It was my understanding that the range should be treated as a whole  
> for maximum generality, and we shouldn't unroll and translate  
> individual categories [ at least for the purposes of nautilus ].  
> That way you could have a coded clearance label like:  
> NSASecretProject, that unrolls to the actual categories [ say  
> NDA_1, NDA_3, Programmer, NSA, Security, Confidential, ProjectX ],  
> without listing them all individually.

This doesn't scale in some (not all) environments. See below.

>> With 256 bits, 1:1 MLS mappings are not practical because the  
>> number of potential combinations is so great. I hope to have a  
>> patch for review at by the end of next week.
> My comment said they should be 1:1, not onto.
> (i.e. I don't expect the setrans file to define a translation for  
> each and every bit combination. In fact, I though I could ignore  
> the unspecified ones, and not provide access to them via the  
> Nautilus GUI. They'd still be available for use, but they wouldn't  
> be exposed via nautilus if they're not in the setrans file).

I agree that you can ignore the categories with unspecified mappings.  
I want to define a translation for 238 countries and combinations  
thereof (billions and billions to quote Carl Sagan) in the  
setrans.conf file. In order to keep the size finite, I have to have  
mappings that combine in addition to the current one name to many  
categories mappings. I'll send you an image of what our current label  
chooser looks like off list. If the selection mechanism supports a  
plugin, we can replace a simple picker with something more complex  
when warranted.

joe


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.