[refpolicy] Associate attribute with another attribute?

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] Associate attribute with another attribute?
@ 2014-05-24 10:28 Mladen Sekara
  2014-05-24 10:29 ` Daniel J Walsh
  2014-05-24 11:14 ` Dominick Grift
  0 siblings, 2 replies; 5+ messages in thread
From: Mladen Sekara @ 2014-05-24 10:28 UTC (permalink / raw)
  To: refpolicy

Can attribute be associated with another attribute, the same way that is
done with type(s)?

eg. If we associate attributes with types using: "type mytype1_t,
my_attribute1, my_attribute2...;", 

can we associate attributes with attributes using: "attribute
my_attribute0, my_attribute1, my_attribute2...;", or something similar?

-- 
Mladen Sekara <dev@emefes.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [refpolicy] Associate attribute with another attribute?
  2014-05-24 10:28 [refpolicy] Associate attribute with another attribute? Mladen Sekara
@ 2014-05-24 10:29 ` Daniel J Walsh
  2014-05-25  4:10   ` Mladen Sekara
  2014-05-24 11:14 ` Dominick Grift
  1 sibling, 1 reply; 5+ messages in thread
From: Daniel J Walsh @ 2014-05-24 10:29 UTC (permalink / raw)
  To: refpolicy


On 05/24/2014 06:28 AM, Mladen Sekara wrote:
> Can attribute be associated with another attribute, the same way that is
> done with type(s)?
>
> eg. If we associate attributes with types using: "type mytype1_t,
> my_attribute1, my_attribute2...;", 
>
> can we associate attributes with attributes using: "attribute
> my_attribute0, my_attribute1, my_attribute2...;", or something similar?
>
No, although it would be great if it could.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [refpolicy] Associate attribute with another attribute?
  2014-05-24 10:28 [refpolicy] Associate attribute with another attribute? Mladen Sekara
  2014-05-24 10:29 ` Daniel J Walsh
@ 2014-05-24 11:14 ` Dominick Grift
  2014-05-27 12:40   ` Christopher J. PeBenito
  1 sibling, 1 reply; 5+ messages in thread
From: Dominick Grift @ 2014-05-24 11:14 UTC (permalink / raw)
  To: refpolicy

On Sat, 2014-05-24 at 20:28 +1000, Mladen Sekara wrote:
> Can attribute be associated with another attribute, the same way that is
> done with type(s)?
> 
> eg. If we associate attributes with types using: "type mytype1_t,
> my_attribute1, my_attribute2...;", 
> 
> can we associate attributes with attributes using: "attribute
> my_attribute0, my_attribute1, my_attribute2...;", or something similar?
> 

Not with reference policy but it is possible with CIL policy.

Do not ask me how they achieve that though because i do not know.

I suppose that they expand the attributes before the resulting policy
gets translated to policy the kernel understands because i think it is a
limitation is the kernel policy language.

Not that it matters much though, it is handy nevertheless.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [refpolicy] Associate attribute with another attribute?
  2014-05-24 10:29 ` Daniel J Walsh
@ 2014-05-25  4:10   ` Mladen Sekara
  0 siblings, 0 replies; 5+ messages in thread
From: Mladen Sekara @ 2014-05-25  4:10 UTC (permalink / raw)
  To: refpolicy

Ah, OK.
Probably not needed very often, but in same cases it could save some
time.

Thanks.
-- 
Mladen Sekara <dev@emefes.com>


On Sat, 2014-05-24 at 06:29 -0400, Daniel J Walsh wrote: 
> On 05/24/2014 06:28 AM, Mladen Sekara wrote:
> > Can attribute be associated with another attribute, the same way that is
> > done with type(s)?
> >
> > eg. If we associate attributes with types using: "type mytype1_t,
> > my_attribute1, my_attribute2...;", 
> >
> > can we associate attributes with attributes using: "attribute
> > my_attribute0, my_attribute1, my_attribute2...;", or something similar?
> >
> No, although it would be great if it could.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [refpolicy] Associate attribute with another attribute?
  2014-05-24 11:14 ` Dominick Grift
@ 2014-05-27 12:40   ` Christopher J. PeBenito
  0 siblings, 0 replies; 5+ messages in thread
From: Christopher J. PeBenito @ 2014-05-27 12:40 UTC (permalink / raw)
  To: refpolicy

On 05/24/2014 07:14 AM, Dominick Grift wrote:
> On Sat, 2014-05-24 at 20:28 +1000, Mladen Sekara wrote:
>> Can attribute be associated with another attribute, the same way that is
>> done with type(s)?
>>
>> eg. If we associate attributes with types using: "type mytype1_t,
>> my_attribute1, my_attribute2...;", 
>>
>> can we associate attributes with attributes using: "attribute
>> my_attribute0, my_attribute1, my_attribute2...;", or something similar?
>>
> 
> Not with reference policy but it is possible with CIL policy.
> 
> Do not ask me how they achieve that though because i do not know.
> 
> I suppose that they expand the attributes before the resulting policy
> gets translated to policy the kernel understands because i think it is a
> limitation is the kernel policy language.
> 
> Not that it matters much though, it is handy nevertheless.

Eventually I'd like to make a proper refpolicy high level language on top of CIL, when CIL gets merged.  Then it would allow all of the nice features in refpolicy that we all want.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2014-05-27 12:40 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-05-24 10:28 [refpolicy] Associate attribute with another attribute? Mladen Sekara
2014-05-24 10:29 ` Daniel J Walsh
2014-05-25  4:10   ` Mladen Sekara
2014-05-24 11:14 ` Dominick Grift
2014-05-27 12:40   ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.