Navigation

← Previous Changeset
Next Changeset →

Changeset 1945

Timestamp:

02/21/08 10:34:56 (9 months ago)

Author:

dsugar

Message:

one more attempt to get correct dir search perms - I think it is ok now
remove some dead code

Files:

branches/dictionary_changes/src/com/tresys/framework/compiler/translator/TranslatorSELinux.java (modified) (10 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

branches/dictionary_changes/src/com/tresys/framework/compiler/translator/TranslatorSELinux.java

r1944	r1945
466	466
467	467	m_bufferPolicy.println ((resource).GetTypeWithDictionaryObject(axxDefn.getAccessDefnGroup().getRdef().GetName()) + ")");
468		// generateParentSearchPerms (i_access.getDomain (), resource, m_bufferPolicy);
	468
	469	Rdef rdef = axxDefn.getAccessDefnGroup ().getRdef ();
	470
	471	if (rdef.GetSysResourceState (SystemResourceTypes.file) != SysResourceState.No)
	472	generateParentSearchPerms (i_access.getDomain (), resource, false, m_bufferPolicy);
469	473	}
470	474
…	…
535	539	}
536	540
537		~~// m_bufferPolicy.println ("type_transition " + sProcessType + " "~~
538		~~// + sTarget + " : " + sObjClass + " " + sResType + ";");~~
539
540	541	m_bufferPolicy.println("optional_policy(`");
541	542	m_bufferPolicy.println("\tgen_require(`");
…	…
548	549	m_bufferPolicy.println("')");
549	550	}
550
551		~~generateParentSearchPerms (i_access.getDomain (), resource, m_bufferPolicy);~~
552
553	551	}
554	552	}
…	…
630	628	}
631	629
632		private void generateParentSearchPerms(IDomain domain, Resource resource, PrintStream policyStream)
	630	private void generateParentSearchPerms(IDomain domain, Resource resource, boolean i_bToRoot, PrintStream policyStream)
633	631	{
634	632	policyStream.print("# Auto generated search perms for parent directories of resource: " + resource.getName() + "\n");
…	…
686	684	m_dirPermSet.add(key);
687	685	}
	686
	687	if (!i_bToRoot)
	688	break;
688	689	}
689	690	}
…	…
769	770	if(target instanceof Resource)
770	771	{
771		generateParentSearchPerms(source, (Resource) target, policyStream);
772		}
773		}
774		/*
775		private void makeAllows(String source, String target, Map permVectors, PrintStream policyStream)
776		{
777		if(source.equals(target))
778		target = "self";
779		Iterator permList = permVectors.entrySet().iterator();
780		while(permList.hasNext())
781		{
782		Map.Entry vector = (Map.Entry) permList.next();
783
784		String classAndPerms = vector.getKey() + " { ";
785		Iterator perms = ((PermVector) vector.getValue()).getPermissions().iterator();
786		while(perms.hasNext())
787		{
788		classAndPerms += (String) perms.next() + " ";
789		}
790		classAndPerms += "}";
791
792		// create this rule for current domain
793		policyStream.print("\t\tallow " + source + " " + target + ":" + classAndPerms + ";\n");
794		}
795		}
796		*/
	772	generateParentSearchPerms(source, (Resource) target, true, policyStream);
	773	}
	774	}
	775
797	776	private void makeAllowsOnSelf(IDomain source, Map/<String, PermVector>/permVectors, PrintStream policyStream)
798	777	{
…	…
867	846	}
868	847	}
869		/*
870		private void makeControlResourceTemplate(Rdef rdef, PrintStream ifStream)
871		{
872		ifStream.print("## <summary> CDSFramework Control Resource\n" + "## " + rdef.GetName() + "\n" + "## </summary>\n");
873		if(!rdef.GetNameValuePairs().isEmpty())
874		{
875		ifStream.print("## <desc>\n");
876		Iterator itr = rdef.GetNameValuePairs().values().iterator();
877		while(itr.hasNext())
878		{
879		NameValuePair nvp = (NameValuePair) itr.next();
880		ifStream.print("## <p>\n");
881		ifStream.print("## " + nvp.GetName() + " : "
882		+ nvp.GetValue().toString() + "\n");
883		ifStream.print("## </p>\n");
884		}
885		ifStream.print("## </desc>\n");
886		}
887		ifStream.print("## <param name=\"domain\">\n" + "## <summary> The owner of the resource's type </summary>\n"
888		+ "## </param>\n");
889
890		ifStream.print("template(`" + "framework_controlRes_" + rdef.GetName().replaceAll("@", "_AT") + "',`\n");
891		makeAllows("$1", "self", rdef.getAccessAllSelf(), ifStream);
892		ifStream.print("')\n\n\n");
893		}
894
895		private void makeEnterTemplate(EntryAccessDefn entryDef, PrintStream ifStream)
896		{
897		ifStream.print("## <summary> CDSFramework Dictionary Enter Access </summary>\n");
898		ifStream.print("## <param name=\"starting domain\">\n"
899		+ "## <summary> Domain you start in. </summary>\n"
900		+ "## </param>\n" + "## <param name=\"ending domain\">\n"
901		+ "## <summary> Domain you end in. </summary>\n"
902		+ "## </param>\n" + "## <param name=\"resource\">\n"
903		+ "## <summary> Entrypoint resource.</summary>\n"
904		+ "## </param>\n");
905
906		ifStream.print("template(`" + "framework_enter_" + entryDef.getName () + "',`\n");
907
908		Iterator iter = entryDef.EntryAccessTargets.values().iterator();
909		while(iter.hasNext())
910		{
911		EntryAccessTarget axxTargetEP = (EntryAccessTarget) iter.next();
912
913		switch(axxTargetEP.FlowTarget.intValue())
914		{
915		case EntryTarget.StartEnd:
916		makeAllows("$1", "$2", axxTargetEP.GetPermVectors(), ifStream);
917		break;
918		case EntryTarget.StartStart:
919		makeAllows("$1", "self", axxTargetEP.GetPermVectors(), ifStream);
920		break;
921		case EntryTarget.StartResource:
922		makeAllows("$1", "$3", axxTargetEP.GetPermVectors(), ifStream);
923		break;
924		case EntryTarget.EndStart:
925		makeAllows("$2", "$1", axxTargetEP.GetPermVectors(), ifStream);
926		break;
927		case EntryTarget.EndEnd:
928		makeAllows("$2", "self", axxTargetEP.GetPermVectors(), ifStream);
929		break;
930		case EntryTarget.EndResource:
931		makeAllows("$2", "$3", axxTargetEP.GetPermVectors(), ifStream);
932		break;
933		}
934		}
935		ifStream.print("')\n\n\n");
936		}
937		*/
	848
938	849	private String makeExportedInterface(Export export)
939	850	{
…	…
1141	1052	ifacehead.append(iface.append(ifacefoot))).toString();
1142	1053	}
1143		/*
1144		private void makeRdefTemplate(AccessDefn access, PrintStream ifStream)
1145		{
1146		ifStream
1147		.print("## <summary> CDSFramework Dictionary Access Definition\n"
1148		+ "## Rdef: " + access.getAccessDefnGroup().getRdef().GetName()
1149		+ "\n" + "## Verb: " + access.getAccessDefnGroup().getName()
1150		+ "\n" + "## Access Def Name: " + access.getName() + "\n"
1151		+ "## </summary>\n");
1152		ifStream
1153		.print("## <param name=\"domain\">\n"
1154		+ "## <summary> Domain interacting with a CDSFramework resource. </summary>\n"
1155		+ "## </param>\n"
1156		+ "## <param name=\"resource\">\n"
1157		+ "## <summary> Resource the domain is getting access to.</summary>\n"
1158		+ "## </param>\n");
1159
1160		ifStream.print("template(`" + "framework_"
1161		+ access.getAccessDefnGroup().getRdef().GetName().replaceAll("@", "_AT") + "_"
1162		+ access.getAccessDefnGroup().getName() + "_" + access.getName()
1163		+ "',`\n");
1164
1165		for (Iterator accessTargets = access.getAccessTargets().values().iterator();
1166		accessTargets.hasNext() ;)
1167		{
1168		AccessTarget target = (AccessTarget) accessTargets.next();
1169		switch(target.getTargetName().intValue())
1170		{
1171		case Target.resource:
1172		makeAllows("$1", "$2", target.GetPermVectors(), ifStream);
1173		break;
1174		case Target.self:
1175		makeAllows("$1", "self", target.GetPermVectors(), ifStream);
1176		break;
1177		}
1178		}
1179		ifStream.print("')\n\n\n");
1180		}
1181		*/
	1054
1182	1055	private void propogateRole(IDomain endDomain, String role)
1183	1056	{
…	…
1215	1088	streamIF.print(makeExportedInterface(export));
1216	1089	}
1217		/*
1218		~~Map rdefs = m_policy.getDictionary().GetRdefs();~~
1219		~~for (Iterator allRdefs = rdefs.values().iterator(); allRdefs.hasNext(); )~~
1220		{
1221		~~Rdef currRdef = (Rdef) allRdefs.next();~~
1222		~~Iterator axxDefs = currRdef.GetAccessDefns().values().iterator();~~
1223		~~while(axxDefs.hasNext())~~
1224		{
1225		~~AccessDefn accessDef = (AccessDefn) axxDefs.next();~~
1226		~~makeRdefTemplate(accessDef, streamIF);~~
1227		}
1228		~~if(currRdef.isControlRdef())~~
1229		{
1230		~~makeControlResourceTemplate(currRdef, streamIF);~~
1231		}
1232		}
1233
1234		~~Map entryDefs = m_policy.getDictionary().GetEntrypoint().getEntryAccessDefins ();~~
1235		~~for (Iterator allEntries = entryDefs.values().iterator(); allEntries.hasNext(); )~~
1236		{
1237		~~EntryAccessDefn currEnterDef = (EntryAccessDefn) allEntries.next();~~
1238		~~makeEnterTemplate(currEnterDef, streamIF);~~
1239		}
1240		*/
1241	1090	}
1242	1091
…	…
1248	1097	m_linkage.InitNetwork(streamPolicy);
1249	1098
1250		~~// Component comp;~~
1251		~~// SystemResource sr;~~
1252		~~// DirResource dr;~~
1253		~~// FileResource fr;~~
1254		~~// File file;~~
1255		~~// String key;~~
1256		~~// String fileType;~~
1257		~~// String path;~~
1258		~~// String compType;~~
1259	1099
1260	1100	// the first pass is to generate a list framework specific file contexts

Download in other formats:

Unified Diff
Zip Disabled

* Generating other formats may take time.