I wouldn't view that as a hard restriction; it just isn't implemented today. We certainly support pathname prefix matching (essentially the same as a final glob) for genfs_contexts already, and there is at least one example of pathname regex matching in the kernel already. But it would require kernel and checkpolicy/libsepol changes to support it in SELinux.
On Tue, Nov 12, 2013 at 2:45 PM, William Roberts <[email protected]> wrote: > Ok thanks... I forgot how much the Kernel community abhors that type of > stuff. > > > On Tue, Nov 12, 2013 at 7:15 AM, Stephen Smalley <[email protected]> > wrote: >> >> No, not at present. Exact match only. >> >> On Tue, Nov 12, 2013 at 9:25 AM, William Roberts >> <[email protected]> wrote: >> > Do named/hinted type transitions, like what was done for the GPS >> > jni_pipe >> > take regex or glob chars? >> > >> > >> > >> > -- >> > Respectfully, >> > >> > William C Roberts >> > > > > > > -- > Respectfully, > > William C Roberts > -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
