On Tue, Sep 29, 2015 at 12:36 PM, William Roberts <bill.c.roberts@xxxxxxxxx> wrote:
On Sep 29, 2015 12:35 PM, "Joshua Brindle" <brindle@xxxxxxxxxxxxxxxxx> wrote:
>
> William Roberts wrote:
>>
>> On Sep 29, 2015 12:12 PM, "Joshua Brindle"<brindle@xxxxxxxxxxxxxxxxx>
>> wrote:
>>>
>>> William Roberts wrote:
>>>>
>>>> Out of curiosity, whats the purpose of the types field in the struct
>>>> type_datum? This seems to never have anything in it.
>>>>
>>> type_datum is used for both types and attributes (as designated by the
>>
>> flavor field). In the attribute case the types field is the ebitmap of
>> types have have this attribute.
>>
>> What about if its a type, is it an ebitmap of attrs?
>
>
> No, but as Stephen said below there is a type_attr_map that contains that.OK that explains why its empty.
So is this information only available at compile time? I see that the types field is
empty for both attributes and types. Perhaps my code is wrong to do this, but
I can loop over the ebitmap entries from the attr_type and type_attr maps just
fine.
>> It is set in checkpolicy, look at policy_define.c:define_typeattribute().
>>>
>>>
>>>
>>>> Also, conditional.h has a field called bool, this would seem to conflict
>>>> with stdbool.h, whats the consensus on renaming this to boolean perhaps?
>>>>
>>> probably...
>>>
>>>
>>>> On Thu, Sep 24, 2015 at 6:58 AM, Joshua Brindle<brindle@xxxxxxxxxxxxxxxxx
>>>> wrote:
>>>>
>>>>> Stephen Smalley wrote:
>>>>>
>>>>>> On 09/24/2015 08:43 AM, James Carter wrote:
>>>>>>
>>>>>>> On 09/23/2015 06:39 PM, Roberts, William C wrote:
>>>>>>>
>>>>>>>> How would one find all the attributes of a type with libsepol, can
>>>>>>>> someone point me to any relevant structures or functions?
>>>>>>>>
>>>>>>>> The policydb_t structure has type_attr_map field which maps types to
>>
>> an
>>>>>>>
>>>>>>> ebitmap of attributes.
>>>>>>>
>>>>>> It also has the reverse map (attr_type_map) if you want that.
>>>>>>
>>>>>> In Android, external/sepolicy/tools/sepolicy-analyze has examples of
>>>>>> using both maps.
>>>>>>
>>>>>>
>>>>> seinfo also knows how to do it, if you need more examples:
>>>>>
>>>>> $ seinfo -x -tuntrusted_app sepolicy
>>>>> untrusted_app
>>>>> bluetoothdomain
>>>>> netdomain
>>>>> appdomain
>>>>> domain
>>>>>
>>>>> _______________________________________________
>>>>> Selinux mailing list
>>>>> Selinux@xxxxxxxxxxxxx
>>>>> To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
>>>>> To get help, send an email containing "help" to
>>>>> Selinux-request@xxxxxxxxxxxxx.
>>>>>
>>>>
>>>>
>>
>
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
Respectfully,
William C Roberts
William C Roberts
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
