From: stanv@altlinux.org (Andrew V. Stepanov)
Date: Mon, 25 Nov 2013 13:30:04 +0400
Subject: [refpolicy] flask.py and its stuff
Message-ID: <5293189C.4030501@altlinux.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hello.

My main target is to write my own policy.
My policy is some kind simple than refpolicy.
I took files access_vectors, initial_sids, security_classes from refpolicy.
Within time I do changes to above files.
Now I have stuck with them and with 
selinux-policy.git/plain/policy/flask/flask.py
I have few questions.

1. PURPOSE.
What is the purpose of selinux-policy.git/plain/policy/flask/flask.py 
script?
Does `flask.py' take access_vectors, initial_sids, security_classes as 
an input ?
Does `flask.py' generate access_vectors, initial_sids, security_classes 
files?

2. KERNEL SIDE
I can see that
* Nowadays kernels use only file:
security/selinux/include/initial_sid_to_string.h:1:/* This file is 
automatically generated.  Do not edit. */
* Early kernels uses also:
security/selinux/include/av_inherit.h:1:/* This file is automatically 
generated.  Do not edit. */
security/selinux/include/av_perm_to_string.h:1:/* This file is 
automatically generated.  Do not edit. */
security/selinux/include/av_permissions.h:1:/* This file is 
automatically generated.  Do not edit. */
security/selinux/include/class_to_string.h:1:/* This file is 
automatically generated.  Do not edit. */
security/selinux/include/common_perm_to_string.h:1:/* This file is 
automatically generated.  Do not edit. */
security/selinux/include/flask.h:1:/* This file is automatically 
generated.  Do not edit. */
security/selinux/include/initial_sid_to_string.h:1:/* This file is 
automatically generated.  Do not edit. */
Do I need rebuild kernel if :
My file `initial_sids' is the same as in refpolicy.
&
My files `access_vectors' and `security_classes' has been changed by me.
?

3. LIBSELINUX SIDE
libselinux has files as part of it:

$ grep -rn 'This file is auto' .
./include/selinux/av_permissions.h:1:/* This file is automatically 
generated.  Do not edit. */
./include/selinux/flask.h:1:/* This file is automatically generated.  Do 
not edit. */
./src/av_inherit.h:1:/* This file is automatically generated.  Do not 
edit. */
./src/av_perm_to_string.h:1:/* This file is automatically generated.  Do 
not edit. */
./src/class_to_string.h:1:/* This file is automatically generated. Do 
not edit. */
./src/common_perm_to_string.h:1:/* This file is automatically 
generated.  Do not edit. */
Does it mean, that I need to:
* generate above headers with flask.py sript?
* rebuild libselinux each time with new generated headers ?