From: guido@trentalancia.com (Guido Trentalancia)
Date: Tue, 25 Jan 2011 20:20:30 +0100
Subject: [refpolicy] [PATCH/RFC 3/19]: patch set to update the git
 reference policy
In-Reply-To: <4D3F1A9D.1060707@gmail.com>
References: <1295829836.3862.62.camel@tesla.lan>
	<4D3D8B05.2050002@gmail.com> <1295978687.3051.3.camel@tesla.lan>
	<4D3F1317.8000309@gmail.com> <1295979981.3051.10.camel@tesla.lan>
	<4D3F16D2.9070705@gmail.com> <1295980781.11770.4.camel@tesla.lan>
	<4D3F1A9D.1060707@gmail.com>
Message-ID: <1295983230.11770.24.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 25/01/2011 at 19.46 +0100, Dominick Grift wrote:
> On 01/25/2011 07:39 PM, Guido Trentalancia wrote:
> > Hello Dominick !
> > 
> > It was just to keep the interface more generic and eventually re-usable.
> > But I have now changed the interface to:
> 
> I understand, and allowing a domain to search a directory isnt a big
> deal. Yet i learned from experience. I mean there is a "pattern" in
> refpolicy, and i almost never see the read_fifo_file_pattern for domain
> types used so that is the reason for my suggestion. A nitpick but i had
> to mention it anyway. Trying to keep things uniform.

Yes, one of my first aims is to stay definitely uniform unless there is
really a good reason to do things differently because of a possible
improvement which brings some good advantages.

Splitting up dbus:send_msg permissions (to be uni-directional from each
module) was one thing that I thought it could improve the actual
situation for a good reason. But nobody else commented on that, so that
thing is still pending... You didn't manage to convince me yet of your
different opinion, but we'll see ;-)

> > allow $1 init_t:fifo_file read_fifo_file_perms;
> > 
> > so it's a bit more optimised and tight.

Regards,

Guido