Harry Ciao wrote:
1. Add a uint32_t "flavor" field and an ebitmap "roles" to the role_datum_t structure; 2. Modify the attribute declaration rule to add support to declare role attribute as well as type attribute;
Lets just use a different token to declare role attributes and use separate parser functions. I strongly dislike the char *kind in define_attrib(). Overloading tokens has caused much pain in the past.
3. Modify declare_role() to setup role_datum_t.flavor according to the isattr argument; 4. Add a new roleattribute rule and its handler, which will record the regular role's (policy value - 1) into the role attribute's role_datum_t.roles ebitmap; 5. Modify the syntax for the role_types rule only to define the role-type associations; 6. Add a new role_attr rule to support the declaration of a single role, and the role attribute that the role belongs to; 7. Check if the new_role used in role transition is a regular role; 8. Make the role-types rule no longer used to declare a regular role but solely aimed for declaring role-types associations; FIXME: How to pass a second argument to require_attribute(), to indicate if the attribute is of role or type ?
My suggestion on #2 should resolve this. I'll look at the other patches soon. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
