On Sun, May 07, 2017 at 03:42:50PM -0400, Joshua Brindle wrote: > Dominick Grift wrote: > > On Sun, May 07, 2017 at 11:22:00AM -0400, Joshua Brindle wrote:the > > > Dominick Grift wrote: > > > <snip> > > > > > > > The idea is nice, unfortunately its inflexible and it has hard-references to reference policy all-over. It has potential but it is still rough. > > > > > > > Of course, it is an analysis of a refpolicy-based policy. If you want to > > > analyze a different policy (e.g., Android or home-rolled) you will have to > > > change out all of the type sets, etc. > > > > > > You can't make a magic generic analysis script without knowing how key parts > > > of the system work and what types are associated with those components. > > > > What do you mean? that for example that hard-coded array of "trusted" types. Is that not just redundant. > > > > you mean the example trusted types? I'm not sure I understand your concern. Yes my mistake, that array is just an example? Anyhow it distracted me. The array isnt so much an issue. The bigger issue is that i cannot easily override the ps.policy_config_source file suffixes and paths from the notebook (am i over looking this?) But yes, i think these issues will eventually be addressed automatically. It works pretty well for me now. > > > Can't i just create that array myself and use it to exlude rules with types in that array? That was one does not have to hard-code it. > > > > It is python, you can do anything you want. The example notebook > is a starting point, anyone doing an analysis would probably make > major changes for their analysis, which is the point. You modify > the notebook to build a usable analysis between the starting > policy and the policy you are analyzing. > > I've thought about trying this on an Android policy but haven't > made it a priority. > Python is not really my thing so i will have to get used to it and explore my options Its a cool module, has a few rough edges (but thats to be expected from v0.0.0) > > Also with regard to hardcoding the refpolicy file system (ps.load_policy_source). I mean if youre just going to `grep -r` then why do we have to assume anything there and hard code file suffixed, directory structures etc etc? > > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
Attachment:
signature.asc
Description: PGP signature
