On 08/23/11 06:27, HarryCiao wrote:
> This is the refpolicy patchset to test along with new toolchain feature
> of separating tunables from booleans, generally speaking a "tunable"
> keyword is introduced and made use of by tunable_policy(), whereas a new
> boolean_policy() macro would make use of the "bool" keyword.
>
> tunable is indeed a boolean, except that the COND_BOOL_FLAGS_TUNABLE bit
> would be set in the newly added member of flags in the cond_bool_datum_t
> structure.
>
> Once the new toolchain feature is welcomed and merged, we could change
> refpolicy to shrink policy.X size significantly.
>
> Any comments or suggestions as for how to better this new toolchain
> feature are greatly welcomed.
To make sure I understand correctly, a tunable block will have the same
token in the raw policy as runtime conditional blocks? e.g.
tunable foo false;
if (foo) {
....
}
If tunable blocks use the same token, I think Refpolicy would just drop
the tunable_policy() macro.
There are no examples of this in Refpolicy, but can you mix Booleans and
tunables in an expression? e.g.
tunable foo true;
boolean bar true;
if (foo || bar) {
....
}
I'd say its not a requirement, I'm just trying to make sure I understand
the features.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
