[redhat-lspp] Changes to libtrans and chcat.

Chad Hanson chanson at TrustedCS.com
Thu Dec 1 22:55:35 UTC 2005 

Comments inline below

> -----Original Message-----
> From: Daniel J Walsh [mailto:dwalsh at redhat.com]
> Sent: Thursday, December 01, 2005 11:58 AM
> To: Stephen Smalley; redhat-lspp
> Subject: [redhat-lspp] Changes to libtrans and chcat.
> 
> Basically we want to be able to translate a file with file context of
> 
> so:c1,c5
> 
> setrans translation file has
> 
> s0:c1=PatientRecord
> s0:c5=UK
> 
> Currently this will not translate.  The user would need to add
> 
> s0:c1,c5 PatientRecord,UK
> 
> To make it work.
> 

Does the loop below take place for each MLS level (low & high)? I think this
is a must and can eliminate all of the range combinations in the current
setrans-mls.conf.

> If I change the library to
> 1. Look for s0:c1,c5
>         If round return the translation
> 2. Else look for s0:c1 and s0:c5
>        If both found return the translations as a comma separated list.
>        If only one found return the translation with the untranslated,
s0:c5
>        OR return both untranslated if nothing returns.
> 

Not sure the first option really makes sense... Are you saying return:
PatientRecord, s0:c5 
instead of s0:c1,c5?

For MLS translations (raw_to_trans), can we just append what is after a ':'
like the example below of

s2:c0   secret:a
s2:c1   secret:b

would translate to secret:a,b 

To untranslate secret:a,b,e (or secret:a,e,b) to "raw" (trans_to_raw) form
with the following definitions:

s2:c0   secret:a
s2:c1   secret:b
s2:c2   secret:c
s2:c3   secret:d
s2:c4   secret:e
s2:c5   secret:f


- translate "secret:a" to "s2:c0"
     our temporary level is "s2:c0"

- translate "secret:b" to "s2:c1"
     make sure that the sens of that partial translation matches
         the sens of the temporary level (s2 == s2)
     add the category of the new partial (c1) to the temporary level
     our temporary level is "s2:c0,c1"

- translate "secret:e" to "s2:c2"
     make sure that the sens of that partial translation matches
         the sens of the temporary level (s2 == s2)
     add the category of the new partial (c4) to the temporary level
     our temporary level is "s2:c0,c1,c4"

- done with all categories, so the final level is "s2:c0,c1,c4"

Some more comments relating to the example is the need to sort the category
list to ensure that

- "secret:a,b,c,e" and "secret:b,c,e,a" both translate to the same
         "s4:c0,c1,c2,c4" for consistency
     (this ordering will be critical to output the shortened notation
         where applicable in the future (using '.'s))

- as mentioned in the previous step, a refinement could go further and
shorten
     "s4:c0,c1,c2,c4" to "s4:c0.c2,c4"


> Also change chcat to add a + and - qualifier.
> 

The + and - sound like a good idea, probably want consistent ordering in
translate/untranslate

> chcat +PatientRecord /data/patients/dwalsh
> Will add c0 to the existing categories
> chcat -PatientRecord ...
> would remove this specific category from the list.
>

More information about the redhat-lspp mailing list