From: stanv@altlinux.org (Andrew V. Stepanov)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] flask.py and its stuff
Date: Wed, 11 Dec 2013 12:00:03 +0400 [thread overview]
Message-ID: <52A81B83.1070708@altlinux.org> (raw)
In-Reply-To: <5293189C.4030501@altlinux.org>
25.11.13, 13:30, Andrew V. Stepanov ?????:
> Hello.
>
> My main target is to write my own policy.
> My policy is some kind simple than refpolicy.
> I took files access_vectors, initial_sids, security_classes from
> refpolicy.
> Within time I do changes to above files.
> Now I have stuck with them and with
> selinux-policy.git/plain/policy/flask/flask.py
> I have few questions.
>
> 1. PURPOSE.
> What is the purpose of selinux-policy.git/plain/policy/flask/flask.py
> script?
> Does `flask.py' take access_vectors, initial_sids, security_classes as
> an input ?
> Does `flask.py' generate access_vectors, initial_sids,
> security_classes files?
>
> 2. KERNEL SIDE
> I can see that
> * Nowadays kernels use only file:
> security/selinux/include/initial_sid_to_string.h:1:/* This file is
> automatically generated. Do not edit. */
> * Early kernels uses also:
> security/selinux/include/av_inherit.h:1:/* This file is automatically
> generated. Do not edit. */
> security/selinux/include/av_perm_to_string.h:1:/* This file is
> automatically generated. Do not edit. */
> security/selinux/include/av_permissions.h:1:/* This file is
> automatically generated. Do not edit. */
> security/selinux/include/class_to_string.h:1:/* This file is
> automatically generated. Do not edit. */
> security/selinux/include/common_perm_to_string.h:1:/* This file is
> automatically generated. Do not edit. */
> security/selinux/include/flask.h:1:/* This file is automatically
> generated. Do not edit. */
> security/selinux/include/initial_sid_to_string.h:1:/* This file is
> automatically generated. Do not edit. */
> Do I need rebuild kernel if :
> My file `initial_sids' is the same as in refpolicy.
> &
> My files `access_vectors' and `security_classes' has been changed by me.
> ?
>
> 3. LIBSELINUX SIDE
> libselinux has files as part of it:
>
> $ grep -rn 'This file is auto' .
> ./include/selinux/av_permissions.h:1:/* This file is automatically
> generated. Do not edit. */
> ./include/selinux/flask.h:1:/* This file is automatically generated.
> Do not edit. */
> ./src/av_inherit.h:1:/* This file is automatically generated. Do not
> edit. */
> ./src/av_perm_to_string.h:1:/* This file is automatically generated.
> Do not edit. */
> ./src/class_to_string.h:1:/* This file is automatically generated. Do
> not edit. */
> ./src/common_perm_to_string.h:1:/* This file is automatically
> generated. Do not edit. */
> Does it mean, that I need to:
> * generate above headers with flask.py sript?
> * rebuild libselinux each time with new generated headers ?
>
Please, could somebody give some comments to above message ?
prev parent reply other threads:[~2013-12-11 8:00 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-25 9:30 [refpolicy] flask.py and its stuff Andrew V. Stepanov
2013-12-11 8:00 ` Andrew V. Stepanov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52A81B83.1070708@altlinux.org \
--to=stanv@altlinux.org \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.