MLS permission map

[Frank Mayer]

I've been working through the new MLS implementation (a nice improvement by
the way). I see how the old method of mapping permissions to read or write
is changed and instead these ideas are implemented in the constraints
definitions. I like that too since a policy writer can tweak their notion of
reads and writes (which given the volume of covert channels that will be
present, will allow one to change how strict they want to be). 

My question is: although the mapping is not explicit, it is still there. In
the current sample policy, has someone captured the justification for which
permissions are restricted and which are not? Which are being treated as
reads, writes, both or neither? Ultimately for any certifiable security
policy we'll need to justify this mapping. I specially ask both to see if
the model we have built into apol's permmap is consistent with the MLS
mappings, as well as for the reference policy work we're doing that Karl
mentioned earlier. Thanks Frank