On 01/07/2014 11:00 AM, Kernel freak wrote: > Yes. Security_compute_av calls context_struct_compute_av() which does > other checks like MLS constraints, allow_unknown flags, etc. Post that, the > access decisions are relayed. Thinking out loud here, I need to make > changes to security_compute_av() to make changes in how SELinux calls for > policy data structure/policy/pseudo filesystem. Am i correct? security_compute_av() isn't reading the policy file or any pseudo filesystem; it is just consulting the policy data structures that are already in kernel memory as a result of the earlier security_load_policy() call (which is triggered by a write to /sys/fs/selinux/load by init). I'm not sure what kind of change you are envisioning so it is difficult to say where you need to make it. > Thank you. Will keep this in mind. > > I hope this mail was correctly formatted. Thank you for your time. Also, please try to avoid HTML mail; disable that in your mail client. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
