Skip to content
Commit 4caa6b1e authored by Robert Craig's avatar Robert Craig
Browse files

Impose an ordering on created SELinuxMMAC Policy objects.



Imposing an order on Policy objects allows us to extend the
policy writers ability to union mac_permissions.xml files.
Policy developers can now create new mac_permissions.xml
entries under their device specific directories. This is
in contrast to current methods which only allow differing
stanzas to appear outside the base mac_permissions.xml.

Also, report on stanzas with duplicate input selectors and
treat these as errors. There are some ambiguities that can
arise otherwise.

Lastly, impose an XOR condition on signer stanzas w.r.t seinfo
and package tags. This finer distinction helps the union feature
of policy to become clearer and simpler to code.

Change-Id: Idd86df8ad9a63d1b8ba6e8270670814ca6cee8d2
Signed-off-by: default avatarrpcraig <rpcraig@tycho.ncsc.mil>
parent 1d3c77a2
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment