temporal role base access control in Linux

Hi,
I want to enforce temporal role base access control to Fedora10 platform.
Therefore, I have written a piece of code which receives simple temporal policy
rules and updates a file in which disallowed roles are being kept. In order to
attach the code to the fedora core, I am making use of SELinux modules. I wonder
if avc_has_perm(...) function in /libselinex/src/avc.c can be the right place
for using my code where requests will be granted or denied access. Actually, I
had thought about getting the role field from the security_id_t (@ssid) and
compare it with the denied roles that my code computes. If I`m wrong and this
will not work out, is there any other suggestions for attaching my code to
SELinux?

Best regards,
Behnaz

-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.

• This message: [ Message body ]
• Next message: cto_at_nospam: "Re: temporal role base access control in Linux"
• Previous message: Christopher J. PeBenito: "Re: About compile an appplication's policy"
• Next in thread: cto_at_nospam: "Re: temporal role base access control in Linux"
• Reply: cto_at_nospam: "Re: temporal role base access control in Linux"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]