

DONE!
<1> a new version of lidsadm to fit the new feature of LIDS

	lidsadm -A -s subject_file -o object_file [-t] -j TARGET

	TARGET can be READ,APPEND,WRITE,NONE
Special Object,
	o MEM
	o RAW_IO
	o ROUTE
	o ..etc.

Example,

lidsadm -A -r /etc
to
lidsamd -A -o /etc/ -j READ

New feature is TARGET NONE.

lidsadm -A -s /usr/bin/httpd -o /home/httpd -j READ

lidsadm -A -o /home/httpd -j NONE 

lidsadm -D -s /usr/bin/httpd 
lidsamd -D -o /usr/bin/httpd
lidsadm -D -s /usr/bin/httpd -o /usr/bin/httpd -j READ

-s filename , filename must be a file, can not be a directory.
-o filename , can be filename or directory.

-j can be READ,WRITE,APPEND,NONE

0:0::1:1234:22:filename
123:12:filename1:2:2234:12:filename

subject_inode:subject_dev:subject_filename: Good READWRITE: object_ino:subject_dev:subject_filename

if subject is NULL, then the subject_inode and subject_dev must be 0. 
else ...

Special Resource ( No File) 

lidsadm -A -s /abc/xxx -o MEM -t -j READ

<2> A LIDS pre_check program to determin if the system can be run successful.

<1> /etc/, /sbin/ is on the root mount point. 
<2> doest the lids.conf has been correctly configurated.


DEFAULT NOTE:
<1> default rule target can only be DENY/READ/APPEND.
<2> inidvidual can be any DENY/READ/APPEND/WRITE.
<3> one must specify the defualt object rules before add subject->object rules.
<4> when has subject , object also must be present.
<5> If a path default rules is HIDDEN,  then on exception can be in its 
	subdirectory.
	
    If a path default rules is READ, then its sub-dir can be WRITE,HIDDEN,.o
<6> if a individual rules is READ to a diretory.

???????????????? MESH the rules.


Special Rules.

<1> go go go..
1,MEM
2,HD
3,ROUTE
...

0:0::2:-1:-1:MEM
123:234:/abc/asr:s:s:MEM

# check if the filename contain":"
-------------------
May,14
When define a s-o-j , the o must exit , the s must be also be protected.

so, the -s , and -o must be defined. 
the -s filename must be -o protect as <= READ. the subdirectory.
the -o filename must be protect as < WRITE. include the subdir.

if(!s)
	if("s or s's parent_dir has not been protected || type != READ )
		exit()
if(o!= -1 )
	if("o or o's parent_dir has not been protected" || type < now_type )
		exit()

add new routine.
--------------------------


get_object_type(canonical path)
{
	while(!root){
		the_nearest_path=get_nearest_path();
		check_each_in_path(){
			if(the s_file ="" and the_nearest_path == o_file )
				return type.
		}	
	}
}

{
if(!s)
	if(type = get_object_type(s_file) || type != READ )
		exit()
if(o!= -1 )
	if(type = get_object_type(o_file) || type < now_type )
		exit()
}
