Can attribute be associated with another attribute, the same way that is
done with type(s)?
eg. If we associate attributes with types using: "type mytype1_t,
my_attribute1, my_attribute2...;",
can we associate attributes with attributes using: "attribute
my_attribute0, my_attribute1, my_attribute2...;", or something similar?
--
Mladen Sekara <[email protected]>
On 05/24/2014 06:28 AM, Mladen Sekara wrote:
> Can attribute be associated with another attribute, the same way that is
> done with type(s)?
>
> eg. If we associate attributes with types using: "type mytype1_t,
> my_attribute1, my_attribute2...;",
>
> can we associate attributes with attributes using: "attribute
> my_attribute0, my_attribute1, my_attribute2...;", or something similar?
>
No, although it would be great if it could.
On Sat, 2014-05-24 at 20:28 +1000, Mladen Sekara wrote:
> Can attribute be associated with another attribute, the same way that is
> done with type(s)?
>
> eg. If we associate attributes with types using: "type mytype1_t,
> my_attribute1, my_attribute2...;",
>
> can we associate attributes with attributes using: "attribute
> my_attribute0, my_attribute1, my_attribute2...;", or something similar?
>
Not with reference policy but it is possible with CIL policy.
Do not ask me how they achieve that though because i do not know.
I suppose that they expand the attributes before the resulting policy
gets translated to policy the kernel understands because i think it is a
limitation is the kernel policy language.
Not that it matters much though, it is handy nevertheless.
Ah, OK.
Probably not needed very often, but in same cases it could save some
time.
Thanks.
--
Mladen Sekara <[email protected]>
On Sat, 2014-05-24 at 06:29 -0400, Daniel J Walsh wrote:
> On 05/24/2014 06:28 AM, Mladen Sekara wrote:
> > Can attribute be associated with another attribute, the same way that is
> > done with type(s)?
> >
> > eg. If we associate attributes with types using: "type mytype1_t,
> > my_attribute1, my_attribute2...;",
> >
> > can we associate attributes with attributes using: "attribute
> > my_attribute0, my_attribute1, my_attribute2...;", or something similar?
> >
> No, although it would be great if it could.
On 05/24/2014 07:14 AM, Dominick Grift wrote:
> On Sat, 2014-05-24 at 20:28 +1000, Mladen Sekara wrote:
>> Can attribute be associated with another attribute, the same way that is
>> done with type(s)?
>>
>> eg. If we associate attributes with types using: "type mytype1_t,
>> my_attribute1, my_attribute2...;",
>>
>> can we associate attributes with attributes using: "attribute
>> my_attribute0, my_attribute1, my_attribute2...;", or something similar?
>>
>
> Not with reference policy but it is possible with CIL policy.
>
> Do not ask me how they achieve that though because i do not know.
>
> I suppose that they expand the attributes before the resulting policy
> gets translated to policy the kernel understands because i think it is a
> limitation is the kernel policy language.
>
> Not that it matters much though, it is handy nevertheless.
Eventually I'd like to make a proper refpolicy high level language on top of CIL, when CIL gets merged. Then it would allow all of the nice features in refpolicy that we all want.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com