Navigation

← Previous Changeset
Next Changeset →

Changeset 1995

Timestamp:

03/12/08 12:45:03 (8 months ago)

Author:

dsugar

Message:

Begin changes to policy translator to support customization stuff.
So far domains, resources, entrypoints and accesses have been started.
None of this is finalized, but it should be enough for Anand to move forward with.

Files:

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

branches/custome_policy/framework-plugin/src/com/tresys/framework/compiler/policy/AccessResource.java

r1949	r1995
85	85	return allDefns;
86	86	}
87
	87
	88	public Collection GetAccessDefns (Rdef i_rdef)
	89	{
	90	Set defns = (Set) accessDefs.get (i_rdef);
	91	return defns;
	92	}
	93
	94	public Collection GetAccessRdefs ()
	95	{
	96	return accessDefs.keySet ();
	97	}
	98
88	99	/*
89	100	* (non-Javadoc)

branches/custome_policy/framework-plugin/src/com/tresys/framework/compiler/policy/ComponentWithDictObjects.java

r1989	r1995
20	20	import com.tresys.framework.compiler.ErrorHandler;
21	21	import com.tresys.framework.compiler.AbstractToken;
	22	import com.tresys.framework.compiler.custom.ICustomPolicy;
22	23	import com.tresys.framework.compiler.dictionary.Rdef;
23	24	import com.tresys.framework.compiler.dictionary.IDictionaryObject;
…	…
41	42	public abstract class ComponentWithDictObjects
42	43	extends Component
43		implements IMLSSetting
	44	implements IMLSSetting, ICustomPolicy
44	45	{
45	46	protected final Map/<String, Rdef>/assocRdefs; // associated rdefs
…	…
292	293	sysResources.clear();
293	294	}
	295
	296	public boolean supportsCustomPolicy()
	297	{
	298	return true;
	299	}
	300
	301	public boolean hasCustomization()
	302	{
	303	return mIsModified;
	304	}
	305
	306	public void markCustomized ()
	307	{
	308	mIsModified = true;
	309	}
	310
	311	public void removeCustomization ()
	312	{
	313	mIsModified = false;
	314	}
294	315	}

branches/custome_policy/framework-plugin/src/com/tresys/framework/compiler/policy/Domain.java

r1987	r1995
359	359	public boolean supportsCustomPolicy()
360	360	{
361		return true;
362		}
363
364		public boolean hasCustomization()
365		{
366		return false;
367		}
368
	361	return (GetChildren ().size () == 0);
	362	}
369	363	}

branches/custome_policy/framework-plugin/src/com/tresys/framework/compiler/policy/Resource.java

r1991	r1995
17	17
18	18	import com.tresys.framework.compiler.AbstractToken;
19		~~import com.tresys.framework.compiler.custom.ICustomPolicy;~~
20	19	import com.tresys.framework.compiler.dictionary.Rdef;
21	20	import com.tresys.framework.compiler.dictionary.Verb;
…	…
32	31	public class Resource
33	32	extends ComponentWithDictObjects
34		implements IResource~~, ICustomPolicy~~
	33	implements IResource
35	34	{
36	35
…	…
143	142	accesses.clear();
144	143	}
145
146		~~public boolean supportsCustomPolicy()~~
147		{
148		~~return true;~~
149		}
150
151		~~public boolean hasCustomization()~~
152		{
153		~~return mIsModified;~~
154		}
155
156		~~public void markCustomized ()~~
157		{
158		~~mIsModified = true;~~
159		}
160
161		~~public void removeCustomization ()~~
162		{
163		~~mIsModified = false;~~
164		}
165
166	144	}

branches/custome_policy/framework-plugin/src/com/tresys/framework/compiler/translator/SELinuxPolicy.java

r1994	r1995
47	47	import com.tresys.framework.compiler.Utility;
48	48	import com.tresys.framework.compiler.dictionary.AccessDefn;
	49	import com.tresys.framework.compiler.dictionary.AccessDefnGroup;
49	50	import com.tresys.framework.compiler.dictionary.AccessTarget;
50	51	import com.tresys.framework.compiler.dictionary.EntryAccessDefn;
…	…
78	79	import com.tresys.framework.compiler.policy.IMLSSetting;
79	80	import com.tresys.framework.compiler.policy.IPolicyVisitor;
80		~~import com.tresys.framework.compiler.policy.IResource;~~
81	81	import com.tresys.framework.compiler.policy.Policy;
82	82	import com.tresys.framework.compiler.policy.Resource;
…	…
93	93	{
94	94	private final Linkage m_linkage;
	95	private final boolean m_bGeneratePolicyTemplate;
95	96
96	97	private boolean m_hasFileContext = false;
…	…
116	117	m_moduleName = _moduleName;
117	118	m_hasFileContext = false;
	119	m_bGeneratePolicyTemplate = false;
118	120
119	121	if(fcFile != null && fcFile.exists())
…	…
125	127	}
126	128
127		public SELinuxPolicy (Linkage i_linkage, boolean i_b~~Customization~~Templates)
	129	public SELinuxPolicy (Linkage i_linkage, boolean i_bGenerateTemplates)
128	130	{
129	131	m_linkage = i_linkage;
130		m_moduleName = "customization";
	132	m_bGeneratePolicyTemplate = i_bGenerateTemplates;
	133	m_moduleName = "template";
131	134	}
132	135
…	…
177	180	public void PreVisit (Policy i_policy)
178	181	{
	182	m_linkage.InitInterface(m_bufferInterfaces);
	183	m_bufferInterfaces.print("\n# SEFramework generated interface\n\n");
	184
	185
179	186	m_bufferPolicy.print("# SEFramework policy output\n");
180	187	m_linkage.InitPolicy(m_bufferPolicy, m_moduleName);
…	…
189	196	public void Visit(Resource i_resource)
190	197	{
	198	PrintStream outStream = m_bufferPolicy;
	199
191	200	Map rdefs = i_resource.GetRdefs();
192		Iterator itr = rdefs.values().iterator();
193
194		while(itr.hasNext())
	201	/*
	202	if (!m_bGeneratePolicyTemplate)
	203	{
	204	makeAllowInterface (i_resource, m_bufferInterfaces);
	205	}
	206	*/
	207	for (Iterator itr = rdefs.values().iterator(); itr.hasNext(); )
195	208	{
196	209	Rdef rdef = (Rdef) itr.next();
197	210
	211	String sType = i_resource.GetTypeWithDictionaryObject(rdef.GetName());
	212
	213	String sCustomName = "customize_" + i_resource.getName () + "_" + rdef.GetOutputName();
	214
	215	if (m_bGeneratePolicyTemplate)
	216	{
	217	outStream = m_bufferInterfaces;
	218	outStream.println();
	219	outStream.println("########################");
	220	outStream.println("##<summary>");
	221	outStream.println("## Customization for resource " + i_resource.getName ());
	222	outStream.println("##</summary>");
	223	outStream.println("##<param name='resource'>");
	224	outStream.println("## Type of resource being customized");
	225	outStream.println("##</param>");
	226	outStream.println("template(`" + sCustomName + "',`");
	227	}
	228
	229	if (m_bGeneratePolicyTemplate)
	230	sType = "$1";
	231
	232
198	233	m_bufferPolicy.println("# CDSFramework resource: " + i_resource.getName());
199		m_bufferPolicy.println("type " + i_resource.GetTypeWithDictionaryObject(rdef.GetName()) + ";");
200		m_linkage.MakeResource(i_resource.GetTypeWithDictionaryObject(rdef.GetName()), m_bufferPolicy);
201
202		if(rdef.GetSysResourceState (SystemResourceTypes.dir) != SysResourceState.No
203		\|\| rdef.GetSysResourceState (SystemResourceTypes.file) != SysResourceState.No)
204		{
205		m_linkage.MakeFileType(i_resource.GetTypeWithDictionaryObject(rdef.GetName()), m_bufferPolicy);
206		Domain currComp = i_resource.getParent ();
207		while(currComp != null)
208		{
209		m_linkage.MakeFileType(currComp.getType(), m_bufferPolicy);
210		currComp = currComp.getParent();
211		}
212		}
213		}
	234	if (!m_bGeneratePolicyTemplate)
	235	{
	236	m_bufferPolicy.println("type " + sType + ";");
	237	}
	238	if (!m_bGeneratePolicyTemplate && i_resource.hasCustomization ())
	239	{
	240	outStream.println (sCustomName + "(" + sType + ")");
	241	}
	242	else
	243	{
	244	m_linkage.MakeResource(sType, outStream);
	245
	246	if (rdef.GetSysResourceState (SystemResourceTypes.dir) != SysResourceState.No
	247	\|\| rdef.GetSysResourceState (SystemResourceTypes.file) != SysResourceState.No)
	248	{
	249	m_linkage.MakeFileType(sType, outStream);
	250	Domain currComp = i_resource.getParent ();
	251	while (currComp != null)
	252	{
	253	m_linkage.MakeFileType(currComp.getType (), outStream);
	254	currComp = currComp.getParent();
	255	}
	256	}
	257	}
	258
	259	if (m_bGeneratePolicyTemplate)
	260	{
	261	m_bufferInterfaces.println("')");
	262	}
	263	}
	264
214	265	}
215	266
216	267	public void Visit(Domain i_domain)
217	268	{
218		m_bufferPolicy.println("#Framework domain: " + i_domain.getName());
219		m_bufferPolicy.println("type " + i_domain.getType() + ';');
220		m_linkage.MakeDomain (i_domain.getType (), m_bufferPolicy);
221
222		OutputAbilities (i_domain);
223
224		if(i_domain.GetChildren().isEmpty())
	269	PrintStream outStream = m_bufferPolicy;
	270
	271	if (m_bGeneratePolicyTemplate)
	272	{
	273	outStream = m_bufferInterfaces;
	274	outStream.println();
	275	outStream.println("########################");
	276	outStream.println("##<summary>");
	277	outStream.println("## Customization for domain " + i_domain.getName ());
	278	outStream.println("##</summary>");
	279	outStream.println("##<param name='domain'>");
	280	outStream.println("## Domain being customized");
	281	outStream.println("##</param>");
	282	outStream.println("template(`customize_" + i_domain.getName () + "',`");
	283	}
	284
	285	outStream.println("#Framework domain: " + i_domain.getName());
	286
	287	if (!m_bGeneratePolicyTemplate)
	288	{
	289	m_bufferPolicy.println ("type " + i_domain.getType() + ';');
	290	}
	291
	292	String sType = i_domain.getType ();
	293	if (m_bGeneratePolicyTemplate)
	294	sType = "$1";
	295
	296	if (!m_bGeneratePolicyTemplate && i_domain.hasCustomization ())
	297	{
	298	outStream.println ("customize_" + i_domain.getName () + "(" + sType + ")");
	299	}
	300
	301	if (m_bGeneratePolicyTemplate \|\| !i_domain.hasCustomization ())
	302	{
	303	m_linkage.MakeDomain (sType, outStream);
	304	OutputAbilities (i_domain, outStream);
	305	}
	306
	307	if (i_domain.GetChildren().isEmpty())
225	308	{
226	309	for (Iterator iter = i_domain.GetRdefs().values().iterator(); iter.hasNext(); )
227	310	{
228	311	Rdef rdef = (Rdef) iter.next();
229		// dont generate the unique label and label based permissions for control rdefs
230
231		if(rdef.isControlRdef())
232		{
233		~~m_bufferPolicy~~.println("# CDSFramework rdef@domain: " + rdef.GetName() + i_domain.getName());
	312	// don't generate the unique label and label based permissions for control rdefs
	313
	314	if (rdef.isControlRdef())
	315	{
	316	outStream.println("# CDSFramework rdef@domain: " + rdef.GetName() + i_domain.getName());
234	317	// create the access rules
235		~~m_bufferPolicy.println("framework_" + rdef.GetOutputName () + "_owner_self(" + i_domain.getType ()~~ + ")");
	318	outStream.println("framework_" + rdef.GetOutputName () + "_owner_self(" + sType + ")");
236	319	// makeAllowsOnSelf(i_domain, rdef.getAccessAllSelf(), m_bufferPolicy);
237	320	}
238	321	else
239	322	{
240		m_bufferPolicy.println("# CDSFramework domain_rdef: " + i_domain.getName() + "_" + rdef.GetName());
241		m_bufferPolicy.println("type " + i_domain.GetTypeWithDictionaryObject(rdef.GetName()) + ";");
	323	outStream.println("# CDSFramework domain_rdef: " + i_domain.getName() + "_" + rdef.GetName());
	324
	325	String sRdefType = i_domain.GetTypeWithDictionaryObject(rdef.GetName());
	326	// if (m_bGeneratePolicyTemplate)
	327	// sRdefType = "$2";
	328	// else
	329	outStream.println("type " + sRdefType + ";");
	330
242	331	// create the access rules
243		~~m_bufferPolicy.println("framework_" + rdef.GetOutputName () + "_owner_self(" + i_domain.getType ()~~ + ")");
	332	outStream.println("framework_" + rdef.GetOutputName () + "_owner_self(" + sType + ")");
244	333	// makeAllowsOnSelf(i_domain, rdef.getAccessAllSelf(), m_bufferPolicy);
245	334
246	335
247	336	// makeAllowWithRdef(i_domain, i_domain, rdef, rdef.getAccessAllResource(), m_bufferPolicy);
248		m_bufferPolicy.println("framework_" + rdef.GetOutputName () + "_owner_resource(" + i_domain.getType () + ", " + i_domain.GetTypeWithDictionaryObject(rdef.GetName()) + ")");
249
	337	outStream.println("framework_" + rdef.GetOutputName () + "_owner_resource(" + sType + ", " + sRdefType + ")");
250	338
251	339	IDomain srcParent = i_domain;
252	340	Component targParent = i_domain;
253	341
254		while(srcParent.getParent() != null \|\| targParent.getParent() != null)
255		{
256		if(srcParent.getParent() != null)
	342	while (srcParent.getParent() != null \|\| targParent.getParent() != null)
	343	{
	344	if (srcParent.getParent() != null)
257	345	srcParent = srcParent.getParent();
258		if(targParent.getParent() != null)
	346	if (targParent.getParent() != null)
259	347	targParent = targParent.getParent();
260		if(targParent == i_domain)
	348
	349	String sSrcType = srcParent.getType ();
	350	String sTargType = targParent.getType ();
	351
	352	if (targParent == i_domain)
261	353	{
262		~~m_bufferPolicy.println ("framework_" + rdef.GetOutputName () + "_owner_resource(" + srcParent.getType () + ", " + i_domain.GetTypeWithDictionaryObject (rdef.GetName ())~~ + ")");
	354	outStream.println ("framework_" + rdef.GetOutputName () + "_owner_resource(" + sSrcType + ", " + sRdefType + ")");
263	355	// policyStream.print("allow " + srcParent.getType() + " "
264	356	// + target.GetTypeWithDictionaryObject(rdef.GetName())
…	…
269	361	if (srcParent.getType().equals (targParent.getType()))
270	362	{
271		~~m_bufferPolicy.println ("framework_" + rdef.GetOutputName () + "_owner_resource(" + srcParent.getType ()~~ + ", self)");
	363	outStream.println ("framework_" + rdef.GetOutputName () + "_owner_resource(" + sSrcType + ", self)");
272	364	// policyStream.print("allow " + srcParent.getType() + " self:" + classAndPerms + ";\n");
273	365	}
274	366	else
275	367	{
276		~~m_bufferPolicy.println ("framework_" + rdef.GetOutputName () + "_owner_resource(" + srcParent.getType () + ", " + targParent.getType()~~ + ")");
	368	outStream.println ("framework_" + rdef.GetOutputName () + "_owner_resource(" + sSrcType + ", " + sTargType + ")");
277	369	// policyStream.print("allow " + srcParent.getType() + " " + targParent.getType() + ":" + classAndPerms + ";\n");
278	370	}
…	…
280	372	}
281	373
282
283	374	// if it has children re-expand it's resource group for ?allow dom_t dom_t:<selfperms>"
284	375	// this is required to pass the hierarchy checks in checkpolicy
285		if(i_domain.GetChildren().size() > 0)
286		{
287		makeAllowsOnSelf(i_domain, rdef.getAccessAllResource(), ~~m_bufferPolicy~~);
	376	if (i_domain.GetChildren().size() > 0)
	377	{
	378	makeAllowsOnSelf(i_domain, rdef.getAccessAllResource(), outStream);
288	379	}
289	380	}
…	…
293	384	\|\| rdef.GetSysResourceState (SystemResourceTypes.file) != SysResourceState.No)
294	385	{
295		if(i_domain.GetChildren().size() == 0)
296		{
297		m_linkage.MakeFileType(i_domain.GetTypeWithDictionaryObject(rdef.GetName()), ~~m_bufferPolicy~~);
	386	if (i_domain.GetChildren().size() == 0)
	387	{
	388	m_linkage.MakeFileType(i_domain.GetTypeWithDictionaryObject(rdef.GetName()), outStream);
298	389	}
299	390	else
300	391	{
301		m_linkage.MakeFileType(i_domain.getType(), ~~m_bufferPolicy~~);
	392	m_linkage.MakeFileType(i_domain.getType(), outStream);
302	393	}
303	394
304	395	Domain currDom = i_domain.getParent();
305		while(currDom != null)
306		{
307		m_linkage.MakeFileType(currDom.getType(), ~~m_bufferPolicy~~);
	396	while (currDom != null)
	397	{
	398	m_linkage.MakeFileType(currDom.getType(), outStream);
308	399	currDom = currDom.getParent();
309	400	}
…	…
311	402	}
312	403	}
313		m_bufferPolicy.println("#End of Framework domain: " + i_domain.getName());
314
	404	outStream.println("#End of Framework domain: " + i_domain.getName());
	405
	406	if (m_bGeneratePolicyTemplate)
	407	{
	408	m_bufferInterfaces.println("')");
	409	}
	410
315	411	}
316	412
…	…
319	415	boolean isBoolean = false;
320	416
321		if(i_enter.getBool () != null)
	417	if (i_enter.getBool () != null)
322	418	{
323	419	m_bufferPolicy.println ("if(" + i_enter.getBool().image + ") {");
…	…
383	479	public void Visit(EntrypointResource i_entryPoint)
384	480	{
385		m_bufferPolicy.println("# CDSFramework entrypoint identifier: " + i_entryPoint.getName());
386		m_bufferPolicy.println("type " + i_entryPoint.getType() + ";");
387
	481	PrintStream outStream = m_bufferPolicy;
	482
	483	if (!m_bGeneratePolicyTemplate && i_entryPoint.hasCustomization ())
	484	{
	485	outStream.println ("customize_" + i_entryPoint.getName () + "(" + i_entryPoint.getType () + ")");
	486	return;
	487	}
	488
	489	if (m_bGeneratePolicyTemplate)
	490	{
	491	outStream = m_bufferInterfaces;
	492	outStream.println();
	493	outStream.println("########################");
	494	outStream.println("##<summary>");
	495	outStream.println("## Customization for entrypoint " + i_entryPoint.getName ());
	496	outStream.println("##</summary>");
	497	outStream.println("##<param name='entrypoint'>");
	498	outStream.println("## Entrypoint Resource being customized");
	499	outStream.println("##</param>");
	500	outStream.println("template(`customize_" + i_entryPoint.getName () + "',`");
	501	}
	502
	503	String sType = i_entryPoint.getType ();
	504	if (m_bGeneratePolicyTemplate)
	505	sType = "$1";
	506
	507	if (!m_bGeneratePolicyTemplate)
	508	{
	509	m_bufferPolicy.println("# CDSFramework entrypoint identifier: " + i_entryPoint.getName());
	510	m_bufferPolicy.println("type " + sType + ";");
	511	}
	512
388	513	// this call obtains the actual definition of the type
389		m_linkage.MakeEntrypoint(i_entryPoint.getType(), m_bufferPolicy);
390		m_linkage.MakeFileType(i_entryPoint.getType(), m_bufferPolicy);
	514	m_linkage.MakeEntrypoint(sType, outStream);
	515	m_linkage.MakeFileType(sType, outStream);
	516
	517	if (m_bGeneratePolicyTemplate)
	518	{
	519	outStream.println("')");
	520	}
391	521	}
392	522
…	…
466	596	boolean isBoolean = false;
467	597
468		if(i_access.getBool () != null)
	598	PrintStream outStream = m_bufferPolicy;
	599
	600	if (i_access.getBool () != null)
469	601	{
470	602	isBoolean = true;
…	…
481	613	if (domain instanceof BaseDomain)
482	614	{
483		m_bufferPolicy.println ("optional_policy(`");
484		m_bufferPolicy.println ("\tgen_require(`");
485		m_bufferPolicy.println ("\t\ttype " + domain.getType() + ";");
486		m_bufferPolicy.println ("\t\trole " + ((BaseDomain) domain).getRole() + ";");
487		m_bufferPolicy.println ("\t')");
488		}
	615	m_bufferPolicy.println ("optional_policy(`");
	616	m_bufferPolicy.println ("\tgen_require(`");
	617	m_bufferPolicy.println ("\t\ttype " + domain.getType() + ";");
	618	m_bufferPolicy.println ("\t\trole " + ((BaseDomain) domain).getRole() + ";");
	619	m_bufferPolicy.println ("\t')");
	620	}
	621
	622	Resource resource = (Resource) i_access.getResource ();
	623	String sDomType = domain.getType ();
	624	if (m_bGeneratePolicyTemplate)
	625	sDomType = "$1";
489	626
490	627	// for each AccessTarget associated with this AccessDefn
491		Collection accessDefns = i_access.GetAccessDefns();
492		for (Iterator axxDefs = accessDefns.iterator(); axxDefs.hasNext(); )
	628
	629	// Collection accessDefns = i_access.GetAccessDefns();
	630	// for (Iterator axxDefs = accessDefns.iterator(); axxDefs.hasNext(); )
	631
	632	Collection rdefs = i_access.GetAccessRdefs ();
	633	for (Iterator rdefitr = rdefs.iterator (); rdefitr.hasNext (); )
	634	{
	635	Rdef rdef = (Rdef) rdefitr.next ();
	636
	637	String sCustomName = "customize_access_" + domain.getName () + "_" + resource.getName () + "_" + rdef.GetOutputName();
	638
	639	if (m_bGeneratePolicyTemplate)
	640	{
	641	outStream = m_bufferInterfaces;
	642	outStream.println();
	643	outStream.println("########################");
	644	outStream.println("##<summary>");
	645	outStream.println("## Customization for access domain: " + domain.getName () + " resource: " + resource.getName () + " rdef: " + rdef.GetOutputName());
	646	outStream.println("##</summary>");
	647	outStream.println("##<param name='domain'>");
	648	outStream.println("## Domain accessing resource");
	649	outStream.println("##</param>");
	650	outStream.println("##<param name='resource'>");
	651	outStream.println("## Resource being accessed");
	652	outStream.println("##</param>");
	653	outStream.println("template(`" + sCustomName + "',`");
	654	}
	655
	656
	657	Collection accessDefns = i_access.GetAccessDefns (rdef);
	658	for (Iterator axxDefs = accessDefns.iterator (); axxDefs.hasNext (); )
	659
493	660	{
494	661	AccessDefn axxDefn = (AccessDefn) axxDefs.next();
	662	AccessDefnGroup axxGroup = axxDefn.getAccessDefnGroup ();
	663
495	664	String templateName = "framework_"
496		+ axx~~Defn.getAccessDefnGroup()~~.getRdef().GetOutputName() + "_"
497		+ axx~~Defn.getAccessDefnGroup()~~.getName() + "_"
	665	+ axxGroup.getRdef().GetOutputName() + "_"
	666	+ axxGroup.getName() + "_"
498	667	+ axxDefn.getName();
499		m_bufferPolicy.print(templateName + "(" + i_access.getDomain().getType() + ",");
500
501		if (i_access.getResource() instanceof ControlResource)
502		{
503		m_bufferPolicy.println (((ControlResource)i_access.getResource()).getType() + ")");
504		}
505		else
506		{
507		Resource resource = (Resource) i_access.getResource ();
508
509		m_bufferPolicy.println ((resource).GetTypeWithDictionaryObject(axxDefn.getAccessDefnGroup().getRdef().GetName()) + ")");
510
511		Rdef rdef = axxDefn.getAccessDefnGroup ().getRdef ();
512
	668
	669	if (!m_bGeneratePolicyTemplate && i_access.hasCustomization ())
	670	{
	671	templateName = sCustomName;
	672	}
	673
	674	outStream.print (templateName + "(" + sDomType + ",");
	675	String sResType = "$2";
	676
	677	if (!m_bGeneratePolicyTemplate)
	678	{
	679	if (resource instanceof ControlResource)
	680	{
	681	sResType = ((ControlResource)resource).getType();
	682	}
	683	else
	684	{
	685	sResType = resource.GetTypeWithDictionaryObject(axxDefn.getAccessDefnGroup().getRdef().GetName());
	686	}
	687	}
	688
	689	outStream.println (sResType + ")");
	690
	691	if (!(resource instanceof ControlResource))
	692	{
	693	// Rdef rdef = axxDefn.getAccessDefnGroup ().getRdef ();
513	694	if (rdef.GetSysResourceState (SystemResourceTypes.file) != SysResourceState.No)
514		generateParentSearchPerms (i_access.getDomain (), resource, false, ~~m_bufferPolicy~~);
	695	generateParentSearchPerms (i_access.getDomain (), resource, false, outStream);
515	696	}
516	697
…	…
540	721	{
541	722	Component entry = (Component) iter3.next();
542		makeAllows(i_access.getDomain(), entry, axxTarget.GetPermVectors(), ~~m_bufferPolicy~~);
	723	makeAllows(i_access.getDomain(), entry, axxTarget.GetPermVectors(), outStream);
543	724	}
544	725	}
…	…
550	731	{
551	732	String sObjClass = itr2.next ().toString ();
552		IResource res = i_access.getResource ();
553		Rdef rdef = axxDefn.getAccessDefnGroup ().getRdef ();
	733	// IResource res = i_access.getResource ();
	734	// Rdef rdef = axxDefn.getAccessDefnGroup ().getRdef ();
554	735
555	736	// if it isn't a real resource - we can't make a transition
556		if (!(res instanceof Resource))
557		continue;
558
559		Resource resource = (Resource) res;
	737	// if (!(res instanceof Resource))
	738	// continue;
	739
	740	// Resource resource = (Resource) res;
560	741	List paths = resource.GetSystemResources (rdef);
561	742
…	…
569	750
570	751
571		~~String~~ sResType = resource.GetTypeWithDictionaryObject(rdef.GetName());
	752	sResType = resource.GetTypeWithDictionaryObject(rdef.GetName());
572	753	if(sResType == null)
573	754	{
574		m_errorEncountered = true;
	755	// m_errorEncountered = true;
575	756	String sErrMsg = "Unable to determine file context for "+ sPath + ", dynamic file labeling will not work correctly.";
576	757	if (resource.getToken () != null)
…	…
581	762	}
582	763
583		m_bufferPolicy.println("optional_policy(`");
584		m_bufferPolicy.println("\tgen_require(`");
585		m_bufferPolicy.println("\t\ttype " + sTarget + ";");
586		m_bufferPolicy.println("\t')");
587
588		m_bufferPolicy.println("\tfiletrans_pattern(" + sProcessType + ", " + sTarget
589		&nbs