Glad to hear its still going as I started converting the Android policy to CIL using the current compiler that works ok so far. However I'm having problems defining 'sets of classes' for example with M4:
define(`dir_file_class_set (dir file lnk_file sock_file fifo_file chr_file blk_file))
I've tried various methods using classmap/classmapping etc. but failed to work out how to define in CIL:
mlsconstrain dir_file_class_set { create relabelfrom relabelto }
(l2 eq h2 and (l1 eq l2 or t1 == mlstrustedsubject));
I can produce CIL mlsconstrain statements when I define them with each class separately but not as a set. Is it possible with the current release of CIL ? (if not I'll just produce an entry for each class so I can continue).
Thanks
Richard
--- On Fri, 20/7/12, James Carter <jwcart2@xxxxxxxxxxxxx> wrote:
> From: James Carter <jwcart2@xxxxxxxxxxxxx>
> Subject: Re: Is the CIL project still active
> To: "Richard Haines" <richard_c_haines@xxxxxxxxxxxxxx>
> Cc: selinux@xxxxxxxxxxxxx
> Date: Friday, 20 July, 2012, 20:13
> On Fri, 2012-07-20 at 19:39 +0100,
> Richard Haines wrote:
> > Does anyone know the status of the CIL project as it
> looked useful and would seem ideal for SEAndroid.
>
> There are still a few more bugs that need to be fixed so
> that it can
> correctly compile a CIL-transformed Refpolicy. Progress has
> been slow
> recently, but it is not going to be abandoned.
>
> --
> James Carter <jwcart2@xxxxxxxxxxxxx>
> National Security Agency
>
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
