-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I do not totally understand your matching, but I thought if you looked for
allow TYPE etc_t:file getattr;
You could get extra matches.
I was thinking in terms of sepolgen-ifgen would take every type and
expand the attributes for the type then if you find attribute that
matches, not add weight.
seinfo -tetc_t -x
etc_t
file_type
non_security_file_type
configfile
If my target was etc_t then I would get the same weight as if I
substituted the attrbute with etc_t.
[InterfaceVector files_read_etc_files $1:source ]
$1,etc_t,file,read,lock,getattr,open,ioctl
$1,etc_t,dir,ioctl,search,read,lock,open,getattr
$1,etc_t,lnk_file,read,getattr
$1,configfile,dir,ioctl,search,read,lock,open,getattr
$1,configfile,file,read,lock,getattr,open,ioctl
$1,configfile,lnk_file,read,getattr
Would get translated at
[InterfaceVector files_read_etc_files $1:source ]
$1,etc_t,file,read,lock,getattr,open,ioctl
$1,etc_t,dir,ioctl,search,read,lock,open,getattr
$1,etc_t,lnk_file,read,getattr
$1,etc_t,dir,ioctl,search,read,lock,open,getattr
$1,etc_t,file,read,lock,getattr,open,ioctl
$1,etc_t,lnk_file,read,getattr
If I am looking for a target of etc_t
Which would then get boiled down to.
[InterfaceVector files_read_etc_files $1:source ]
$1,etc_t,file,read,lock,getattr,open,ioctl
$1,etc_t,dir,ioctl,search,read,lock,open,getattr
$1,etc_t,lnk_file,read,getattr
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvRuEMACgkQrlYvE4MpobPKzwCg3T0NUD5u1dQV6DmFHmPd22V1
uqYAnj/ytX750LXS6Um5izsloK4jhO7w
=oSpR
-----END PGP SIGNATURE-----
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
