From: Steve Lawrence <slawrence@tresys.com>
To: James Carter <jwcart2@tycho.nsa.gov>,
Richard Haines <richard_c_haines@btinternet.com>
Cc: selinux <selinux@tycho.nsa.gov>
Subject: Re: secilc: classmappings do not work
Date: Wed, 21 May 2014 15:01:19 -0400 [thread overview]
Message-ID: <537CF7FF.3050204@tresys.com> (raw)
In-Reply-To: <537CF233.6050000@tycho.nsa.gov>
On 05/21/2014 02:36 PM, James Carter wrote:
> On 05/20/2014 11:57 AM, Richard Haines wrote:
>> Just been testing the latest fix for expanding classmapping and found
>> that if the
>> classes are unique, then it works okay. If there are repeated classes
>> then I get
>> this error in the example below when the binary is being generated:
>> "Type default labeling for class binder already specified"
>>
>>
>
> OK. This has been fixed and pushed to bitbucket.
>
> I have also pushed the new syntax for classpermissionsets and
> classmappings.
>
> Class-permission sets are now declared with a classpermission statement
> and the set is defined with one or more classpermissionset statements.
>
> Example:
> (classpermission foo)
> (classpermissionset foo (file (not execute)))
> (classpermissionset foo (char (read write)))
>
>
> One or more classmapping statements are now used to define a class map
> instead of a list of class and permissions.
>
> Example:
> (classmap bar baz)
One minor correction. I think the syntax for classmap is:
(classmap bar (baz))
which allows you to define multiple classmap permissions, e.g.
(classmap bar (baz qaz raz))
> (classmapping bar baz (file (not execute)))
> (classmapping bar baz (char (read write)))
>
>
> Neither a classpermissionset nor a classmapping are now allowed to have
> a list of class and permissions.
>
> Now illegal syntax:
>
> (classpermissionset foo ((file (not execute)) (char (read write))))
>
> If anyone has suggestions on the syntax and statement names of CIL, now
> would be a good time to bring them up while we still have the
> flexibility to change things.
>
> Jim
>
next prev parent reply other threads:[~2014-05-21 19:01 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-16 12:14 secilc: classmappings do not work Dominick Grift
2014-05-16 14:20 ` James Carter
2014-05-16 14:38 ` James Carter
2014-05-20 15:57 ` Richard Haines
2014-05-21 18:36 ` James Carter
2014-05-21 19:01 ` Steve Lawrence [this message]
2014-05-21 19:14 ` James Carter
2014-05-16 15:05 ` Dominick Grift
2014-05-20 16:22 ` Richard Haines
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=537CF7FF.3050204@tresys.com \
--to=slawrence@tresys.com \
--cc=jwcart2@tycho.nsa.gov \
--cc=richard_c_haines@btinternet.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.