William Roberts wrote:
I started a thread with Stephen about implementing a way to adjust the
sensitivity portion of the MLS field in seapp_contexts. We have
differing ideologies on the implementation (I should have put this
public from day one):
Below is the thread in detail, Ill summarize here though:
Goal:
Given a policy that supports multiple sensitivities, be able to place
apps in different sensitivities while preserving a way to maintain the
categorie assignments as originally designed.
I don't understand the value of using sensitivities on Android as it
stands today. If the desire is to use sensitivities for an additional
layer of separation then why not append an extra category and spare
yourself the pain of rewriting all the constraints?
Constraints:
Backwards compatible
Implementation 1:
We keep the level and levelFrom keywords mutually exclusive, as is the
current design.
We allow the following expressions in the level keyword:
1. level = <cats>
2. level = <sens:cats>
3. level = keyword
4. level = <sens:cats>
Pros:
1. We could actually deprecate level from
2. Reduces the amount of output selectors, or minimally keeps it the same.
3. allows us to set a sens and still preserve category mappings
Cons:
1. Adds complexity to the level keyword
I think this is my big sticking point. Why is a compound value for level
better than another keyword?
Implementation 2:
We add a new sens category
Sense would be a new field that can work with either level OR levelFrom
but not Both (XOR)
in this case doing:
sens=s1
level=c0,c87
What if I want to use levelFrom=app and instead of setting the
sensitivity I want to add c999 or something?
would result in s1:c0,c87
doing:
sens=s1
levelFrom=app
s1:(app cat mapping)
Pros:
1. allows us to set a sens and still preserve category mappings
2. Keeps level usage exactly the same
Cons:
1. adds a new output selector, which means more of specified sens over
unspecified sens...etc
So the point of this is, what do people prefer and why, and what other
things should be considered?
My vote is always for more verbose, if more clear. Compound values are
confusing and less clear IMHO.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
