[RFC} sectioned package format

Fri Oct 21 13:07:25 UTC 2005

Currently, module package files store policy modules and their corresponding
file_contexts in a format that is not extensible.  Eventually, we would like
to be able to add other components to the package (e.g. default_contexts),
or modify the package file format.  This was discussed on
fedora-selinux-list a few days ago.  To accomplish this, we are proposing
the following simple module package file format.

Policy Package Header
The package begins with the package header.  This contains the following
fields:

uint32_t magic_number;
uint32_t package_file_version;
uint32_t num_sections;
uint32_t section_offset;
... 

uint32_t is a 4-byte datum stored in little-endian format.  magic_number
identifies the file as a module package, and has a value of 0xf97c668f.
package_file_version identifies the version of the package file, and this
first version will be 1.  num_sections gives the total number of sections in
this file, which is also the number of section_offset entries that follow.
section_offset identifies the offset in bytes from the beginning of the file
to the beginning of the section.  These sections are always listed in
sequence, so the length of a given section is the difference between its
offset and the following offset, except the final section which ends with
the end of the file.

Sections
Sections are generic areas for data from the package perspective.  They are
identified by a magic number at the beginning of the section, just as
current policy modules begin with a magic number.  We will add a magic
number to the top of the file_contexts section as well to identify it.
Different kinds of sections can be added later simply by assigning them a
new magic number.

Please let us know what you think of this format, and if you see any
problems with it.

Thanks,
Chad Sellers

----------------------
Chad Sellers
Tresys Technology, LLC
csellers at tresys.com
(410)290-1411 x117
http://www.tresys.com