Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListUsing scripting languages to "macro" policy
From: Aleks Kissinger <aleks0_at_gmail.com>
Date: Fri, 1 Sep 2006 11:30:43 -0500
The idea I put forward here is to create a set of base objects in Ruby, Python, or something of that ilk that can be extended and used to define policy in an organized, error-checking, and namespaced manner. Heres a quick little example:
class LogDir < FileType
class SomeProgam < Application
This expands to all the relevant TE & FC statements. 'executable' generates the someprogram_exec_t type and all needed type transitions and allows, 'allow_role' looks up types associated with the role and generates relevant allows and transitions. The 'allow' statement works pretty much as expected, except that the FLASK class File is an actual Ruby class, with the ability to filter on permission categories, etc. This system isn't meant to replace all the work thats gone in to existing policies, nor does it set out to be a policy language of its own like existing high-level lanaguage work, but I think it would make an interesting little project. Ideas, comments, suggestions, criticisms, etc. would be appreciated. Aleks Kissinger -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Fri 1 Sep 2006 - 12:30:44 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |