On 08/26/2013 01:03 PM, William Roberts wrote: > On Mon, Aug 26, 2013 at 10:00 AM, Stephen Smalley <[email protected]> wrote: > >> On 08/26/2013 12:56 PM, William Roberts wrote: >>> On Mon, Aug 26, 2013 at 9:22 AM, William Roberts >>>> Implementation 2: >>>> We add a new sens category >>>> >>> Id be more ok with this approach if level was cats. And adding cats now >>> would be an additional thing to remember based on history. >>> sens=s0 cats=app is a bit more clear then sens=s1 level=app >> >> I think you mean if levelFrom= was catsFrom= (or categoriesFrom=). >> If you want to effectively introduce an alias into the parser so that it >> accepts either categoriesFrom= or levelFrom= and switch the sample >> seapp_contexts over to using categoriesFrom=, then I am fine with that. >> That's no different than what we did with the levelFromUid=true|false >> to levelFrom=none|app|user|all transition. >> >> Yes, but my underlying problem with this, is looking back, i think level > could have just been smarter. since a true level (sens + cat) is a > wellformed and well standardized, the logic to handle it is simple.
Really? All of the below are valid values for level= s0 s0:c0 s0:c0,c2 s0:c0.c10 == s0:c0,c1,c2,c3,c4,c5,c6,c7,c8,c9,c10 s0:c0.c10,c255 s0-s15 (a range; lowlevel-highlevel) s0-s15:c0,c2 s0:c0-s15:c0 s0:c0,c2-s15:c0.c1024 It gets a bit messy to parse them. mcstransd in Fedora/RHEL is likely an example if you want to look at one. -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
