From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 2 Jul 2012 08:05:38 -0400
Subject: [refpolicy] Interface naming question for a filetrans
In-Reply-To: <20120701092920.GA32713@siphos.be>
References: <20120701092920.GA32713@siphos.be>
Message-ID: <4FF18E92.2080806@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/01/12 05:29, Sven Vermeulen wrote:
> Hi guys,
> 
> Let's say I am in the need for two interfaces.
> 
> One would do:
>   files_pid_filetrans($1, udev_rules_t, dir, $2)
> the other one
>   filetrans_pattern($1, udev_var_run_t, udev_rules_t, dir, $2)
> 
> I'm a bit in doubt about what to call the interfaces.
> 
> I believe the first one would be "udev_pid_filetrans_rules_dirs" as it seems
> that all *_pid_filetrans routines I find in the policy are about the
> var_run_t-based file transition, but then for the second one we would have
> no clear answer.
> 
> One way to tackle such cases, as Dominick Grift suggested on the chat, is to
> use *_generic_pid_filetrans for all the files_pid_filetrans() interfaces
> currently in the policy, but that does mean all interfaces will need to be
> updated.
> 
> Then udev_generic_pid_filetrans_rules_dirs could be used for the first case,
> and udev_pid_filetrans_rules_dirs for the second.
> 
> So, what's the take on this?

The general idea of the naming is modulename_fromtype_filetrans[_totype], where fromtype and totype are the more abstract names for the types.  But it sounds like the above situation is messy.  Would you further describe what you're trying to do (raw rules would be fine)?


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com