From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Tue, 03 Jul 2012 09:55:04 -0400 Subject: [refpolicy] Interface naming question for a filetrans In-Reply-To: <20120702201514.GA18773@siphos.be> References: <20120701092920.GA32713@siphos.be> <4FF18E92.2080806@tresys.com> <20120702201514.GA18773@siphos.be> Message-ID: <4FF2F9B8.4050804@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 7/2/2012 4:15 PM, Sven Vermeulen wrote: > On Mon, Jul 02, 2012 at 08:05:38AM -0400, Christopher J. PeBenito wrote: >> On 07/01/12 05:29, Sven Vermeulen wrote: >>> Let's say I am in the need for two interfaces. >>> >>> One would do: >>> files_pid_filetrans($1, udev_rules_t, dir, $2) >>> the other one >>> filetrans_pattern($1, udev_var_run_t, udev_rules_t, dir, $2) >>> >>> I'm a bit in doubt about what to call the interfaces. > [...] >>> So, what's the take on this? >> >> The general idea of the naming is modulename_fromtype_filetrans[_totype], >> where fromtype and totype are the more abstract names for the types. But >> it sounds like the above situation is messy. Would you further describe >> what you're trying to do (raw rules would be fine)? > > One is: > > filetrans_pattern($1, var_run_t, udev_rules_t, dir, $2) > > The other one: > > filetrans_pattern($1, udev_var_run_t, udev_rules_t, dir, $2) > > which is about as raw as possible without loosing the idea ;-) For instance, > an init script creates "rules.d" in "/run/udev", so we need the second one. > But udevadm creates "rules" in "/var/run" which needs the first one. > filetrans_pattern(initrc_t, udev_var_run_t, udev_rules_t, dir, "rules.d") > filetrans_pattern(udev_t, var_run_t, udev_rules_t, dir, "rules") > > > The problem with the naming is that, in this particular case, _fromtype_ is > dubious. By using "_pids_" it can either refer to the generic one > (var_run_t) or to the subtype of the module (udev_var_run_t). Right. I'd go with generic pids for var_run_t; pids would imply the udev pids. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com