From: stanv@altlinux.org (Andrew V. Stepanov)
Date: Wed, 11 Dec 2013 12:00:03 +0400
Subject: [refpolicy] flask.py and its stuff
In-Reply-To: <5293189C.4030501@altlinux.org>
References: <5293189C.4030501@altlinux.org>
Message-ID: <52A81B83.1070708@altlinux.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

25.11.13, 13:30, Andrew V. Stepanov ?????:
> Hello.
>
> My main target is to write my own policy.
> My policy is some kind simple than refpolicy.
> I took files access_vectors, initial_sids, security_classes from 
> refpolicy.
> Within time I do changes to above files.
> Now I have stuck with them and with 
> selinux-policy.git/plain/policy/flask/flask.py
> I have few questions.
>
> 1. PURPOSE.
> What is the purpose of selinux-policy.git/plain/policy/flask/flask.py 
> script?
> Does `flask.py' take access_vectors, initial_sids, security_classes as 
> an input ?
> Does `flask.py' generate access_vectors, initial_sids, 
> security_classes files?
>
> 2. KERNEL SIDE
> I can see that
> * Nowadays kernels use only file:
> security/selinux/include/initial_sid_to_string.h:1:/* This file is 
> automatically generated.  Do not edit. */
> * Early kernels uses also:
> security/selinux/include/av_inherit.h:1:/* This file is automatically 
> generated.  Do not edit. */
> security/selinux/include/av_perm_to_string.h:1:/* This file is 
> automatically generated.  Do not edit. */
> security/selinux/include/av_permissions.h:1:/* This file is 
> automatically generated.  Do not edit. */
> security/selinux/include/class_to_string.h:1:/* This file is 
> automatically generated.  Do not edit. */
> security/selinux/include/common_perm_to_string.h:1:/* This file is 
> automatically generated.  Do not edit. */
> security/selinux/include/flask.h:1:/* This file is automatically 
> generated.  Do not edit. */
> security/selinux/include/initial_sid_to_string.h:1:/* This file is 
> automatically generated.  Do not edit. */
> Do I need rebuild kernel if :
> My file `initial_sids' is the same as in refpolicy.
> &
> My files `access_vectors' and `security_classes' has been changed by me.
> ?
>
> 3. LIBSELINUX SIDE
> libselinux has files as part of it:
>
> $ grep -rn 'This file is auto' .
> ./include/selinux/av_permissions.h:1:/* This file is automatically 
> generated.  Do not edit. */
> ./include/selinux/flask.h:1:/* This file is automatically generated.  
> Do not edit. */
> ./src/av_inherit.h:1:/* This file is automatically generated.  Do not 
> edit. */
> ./src/av_perm_to_string.h:1:/* This file is automatically generated.  
> Do not edit. */
> ./src/class_to_string.h:1:/* This file is automatically generated. Do 
> not edit. */
> ./src/common_perm_to_string.h:1:/* This file is automatically 
> generated.  Do not edit. */
> Does it mean, that I need to:
> * generate above headers with flask.py sript?
> * rebuild libselinux each time with new generated headers ?
>


Please, could somebody give some comments to above message ?