File: loadable_module.spt

package info (click to toggle)
refpolicy 0.0.20061018-5.1+etch1
  • links: PTS
  • area: main
  • in suites: etch
  • size: 7,488 kB
  • ctags: 415
  • sloc: xml: 55,156; python: 1,867; makefile: 463; sh: 457; ansic: 290; perl: 196; sed: 14; awk: 7
file content (180 lines) | stat: -rw-r--r-- 4,107 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
########################################
#
# Macros for switching between source policy
# and loadable policy module support
#

##############################
#
# For adding the module statement
#
define(`policy_module',`
	ifndef(`self_contained_policy',`
		module $1 $2;

		require {
			role system_r;
			all_kernel_class_perms

			ifdef(`enable_mcs',`
				sensitivity s0;
				category c0, c`'decr(mcs_num_cats);
			')

			ifdef(`enable_mls',`
				sensitivity s0, s`'decr(mls_num_sens);
				category c0, c`'decr(mls_num_cats);
			')
		}
	')
')

##############################
#
# For use in interfaces, to optionally insert a require block
#
define(`gen_require',`
	ifdef(`self_contained_policy',`
		ifdef(`__in_optional_policy',`
			require {
				$1
			} # end require
		')
	',`
		require {
			$1
		} # end require
	')
')

# helper function, since m4 wont expand macros
# if a line is a comment (#):
define(`policy_m4_comment',`
##### $2 depth: $1
')dnl

##############################
#
# In the future interfaces should be in loadable modules
#
# template(name,rules)
#
define(`template',` dnl
	ifdef(`$1',`refpolicyerr(`duplicate definition of $1(). Original definition on '$1.) define(`__if_error')',`define(`$1',__line__)') dnl
	`define(`$1',` dnl
	define(`policy_temp',incr(policy_call_depth)) dnl
	pushdef(`policy_call_depth',policy_temp) dnl
	undefine(`policy_temp') dnl
	policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar)) dnl
	$2 dnl
	define(`policy_temp',decr(policy_call_depth)) dnl
	pushdef(`policy_call_depth',policy_temp) dnl
	undefine(`policy_temp') dnl
	policy_m4_comment(policy_call_depth,end `$1'(dollarsstar)) dnl
	'')
')

##############################
#
# In the future interfaces should be in loadable modules
#
# interface(name,rules)
#
define(`interface',` dnl
	ifdef(`$1',`refpolicyerr(`duplicate definition of $1(). Original definition on '$1.) define(`__if_error')',`define(`$1',__line__)') dnl
	`define(`$1',` dnl
	define(`policy_temp',incr(policy_call_depth)) dnl
	pushdef(`policy_call_depth',policy_temp) dnl
	undefine(`policy_temp') dnl
	policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar)) dnl
	$2
	define(`policy_temp',decr(policy_call_depth)) dnl
	pushdef(`policy_call_depth',policy_temp) dnl
	undefine(`policy_temp') dnl
	policy_m4_comment(policy_call_depth,end `$1'(dollarsstar)) dnl
	'')
')

define(`policy_call_depth',0)

##############################
#
# Optional policy handling
#
define(`optional_policy',`
	ifelse(regexp(`$1',`\W'),`-1',`
		refpolicywarn(`deprecated use of module name ($1) as first parameter of optional_policy() block.')
		optional_policy(shift($*))
	',`
		optional {`'pushdef(`__in_optional_policy')
			$1
		ifelse(`$2',`',`',`} else {
			$2
		')}`'popdef(`__in_optional_policy')`'ifndef(`__in_optional_policy',` # end optional')
	')
')

##############################
#
# Determine if we should use the default
# tunable value as specified by the policy
# or if the override value should be used
#
define(`dflt_or_overr',`ifdef(`$1',$1,$2)')

##############################
#
# Extract booleans out of an expression.
# This needs to be reworked so expressions
# with parentheses can work.

define(`delcare_required_symbols',`
ifelse(regexp($1, `\w'), -1, `', `dnl
bool regexp($1, `\(\w+\)', `\1');
delcare_required_symbols(regexp($1, `\w+\(.*\)', `\1'))dnl
') dnl
')

##############################
#
# Tunable declaration
#
define(`gen_tunable',`
	ifdef(`self_contained_policy',`
		bool $1 dflt_or_overr(`$1'_conf,$2);
	',`
		# loadable module tunable
		# declaration will go here
		# instead of bool when
		# loadable modules support
		# tunables
		bool $1 dflt_or_overr(`$1'_conf,$2);
	')
')

##############################
#
# Tunable policy handling
#
define(`tunable_policy',`
	ifdef(`self_contained_policy',`
		if (`$1') {
			$2
		ifelse(`$3',`',`',`} else {
			$3
		')}
	',`
		# structure for tunables
		# will go here instead of a
		# conditional when loadable
		# modules support tunables
		gen_require(`
			delcare_required_symbols(`$1')
		')
		if (`$1') {
			$2
		ifelse(`$3',`',`',`} else {
			$3
		')}
	')
')