From: stanv@altlinux.org (Andrew V. Stepanov)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] flask.py and its stuff
Date: Mon, 25 Nov 2013 13:30:04 +0400 [thread overview]
Message-ID: <5293189C.4030501@altlinux.org> (raw)
Hello.
My main target is to write my own policy.
My policy is some kind simple than refpolicy.
I took files access_vectors, initial_sids, security_classes from refpolicy.
Within time I do changes to above files.
Now I have stuck with them and with
selinux-policy.git/plain/policy/flask/flask.py
I have few questions.
1. PURPOSE.
What is the purpose of selinux-policy.git/plain/policy/flask/flask.py
script?
Does `flask.py' take access_vectors, initial_sids, security_classes as
an input ?
Does `flask.py' generate access_vectors, initial_sids, security_classes
files?
2. KERNEL SIDE
I can see that
* Nowadays kernels use only file:
security/selinux/include/initial_sid_to_string.h:1:/* This file is
automatically generated. Do not edit. */
* Early kernels uses also:
security/selinux/include/av_inherit.h:1:/* This file is automatically
generated. Do not edit. */
security/selinux/include/av_perm_to_string.h:1:/* This file is
automatically generated. Do not edit. */
security/selinux/include/av_permissions.h:1:/* This file is
automatically generated. Do not edit. */
security/selinux/include/class_to_string.h:1:/* This file is
automatically generated. Do not edit. */
security/selinux/include/common_perm_to_string.h:1:/* This file is
automatically generated. Do not edit. */
security/selinux/include/flask.h:1:/* This file is automatically
generated. Do not edit. */
security/selinux/include/initial_sid_to_string.h:1:/* This file is
automatically generated. Do not edit. */
Do I need rebuild kernel if :
My file `initial_sids' is the same as in refpolicy.
&
My files `access_vectors' and `security_classes' has been changed by me.
?
3. LIBSELINUX SIDE
libselinux has files as part of it:
$ grep -rn 'This file is auto' .
./include/selinux/av_permissions.h:1:/* This file is automatically
generated. Do not edit. */
./include/selinux/flask.h:1:/* This file is automatically generated. Do
not edit. */
./src/av_inherit.h:1:/* This file is automatically generated. Do not
edit. */
./src/av_perm_to_string.h:1:/* This file is automatically generated. Do
not edit. */
./src/class_to_string.h:1:/* This file is automatically generated. Do
not edit. */
./src/common_perm_to_string.h:1:/* This file is automatically
generated. Do not edit. */
Does it mean, that I need to:
* generate above headers with flask.py sript?
* rebuild libselinux each time with new generated headers ?
next reply other threads:[~2013-11-25 9:30 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-25 9:30 Andrew V. Stepanov [this message]
2013-12-11 8:00 ` [refpolicy] flask.py and its stuff Andrew V. Stepanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5293189C.4030501@altlinux.org \
--to=stanv@altlinux.org \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.