From: russell@coker.com.au (Russell Coker)
Date: Mon, 29 Sep 2008 12:50:22 +1000
Subject: [refpolicy] policy_module() vs file name
Message-ID: <200809291250.24425.russell@coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Currently we have a standard practice (as implemented in about 99% of all 
modules) of having the name passed to the policy_module() macro be the same 
as the basename of the policy source file used minus the ".te" extension.  
For example the file policy/modules/system/getty.te 
contains "policy_module(getty,1.6.0)".

We currently have some exceptions to this rule, iscsi.te (module name iscsid), 
and audioentropy.te (module name audio_entropy).

It seems to me that having the build system permit this (as is currently the 
case) is just asking for trouble.  It allows the creation of a policy whereby 
it can be unreasonably difficult for a human (and impossible for a script) to 
determine which .pp file is the origin of a module.

The minimal solution to this would be to have the build system refuse to build 
such a module.

To avoid problems in the short-term we need to change the policy_module lines 
in iscsi.te and audioentropy.te (I've done that in my tree).

If someone is looking for something to work on then a "make check" target for 
the policy which checks for a variety of silly things of this calibre would 
be a good idea.  Something that people who do serious policy work could run 
as a nightly cron job.

-- 
russell at coker.com.au
http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development