From: dominick.grift@gmail.com (Dominick Grift)
Date: Sat, 24 May 2014 13:14:34 +0200
Subject: [refpolicy] Associate attribute with another attribute?
In-Reply-To: <1400927336.2689.14.camel@vaio-emefes-com>
References: <1400927336.2689.14.camel@vaio-emefes-com>
Message-ID: <1400930074.20666.4.camel@x220.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sat, 2014-05-24 at 20:28 +1000, Mladen Sekara wrote:
> Can attribute be associated with another attribute, the same way that is
> done with type(s)?
> 
> eg. If we associate attributes with types using: "type mytype1_t,
> my_attribute1, my_attribute2...;", 
> 
> can we associate attributes with attributes using: "attribute
> my_attribute0, my_attribute1, my_attribute2...;", or something similar?
> 

Not with reference policy but it is possible with CIL policy.

Do not ask me how they achieve that though because i do not know.

I suppose that they expand the attributes before the resulting policy
gets translated to policy the kernel understands because i think it is a
limitation is the kernel policy language.

Not that it matters much though, it is handy nevertheless.