selinux-policy/refpolicy/policy/support/loadable_module.spt

########################################
#
# Macros for switching between source policy
# and loadable policy module support
#

##############################
#
# For adding the module statement
#
define(`policy_module',`
	ifdef(`self_contained_policy',`',`
		module $1 $2;

		require {
			role system_r;
			all_kernel_class_perms
		}
	')
')

##############################
#
# For use in interfaces, to optionally insert a require block
#
define(`gen_require',`
	ifdef(`self_contained_policy',`
		ifdef(`__in_optional_policy',`
			require {
				$1
			} # end require
		')
	',`
		require {
			$1
		} # end require
	')
')

# helper function, since m4 wont expand macros
# if a line is a comment (#):
define(`policy_m4_comment',`
##### $2 depth: $1
')dnl

##############################
#
# In the future interfaces should be in loadable modules
#
# template(name,rules)
#
define(`template',` dnl
	ifdef(`$1',`errprint(__file__:__line__`: duplicate definition of $1(). Original definition on '$1. __endline__) define(`__if_error')',`define(`$1',__line__)') dnl
	`define(`$1',` dnl
	define(`policy_temp',incr(policy_call_depth)) dnl
	pushdef(`policy_call_depth',policy_temp) dnl
	undefine(`policy_temp') dnl
	policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar)) dnl
	$2 dnl
	define(`policy_temp',decr(policy_call_depth)) dnl
	pushdef(`policy_call_depth',policy_temp) dnl
	undefine(`policy_temp') dnl
	policy_m4_comment(policy_call_depth,end `$1'(dollarsstar)) dnl
	'')
')

##############################
#
# In the future interfaces should be in loadable modules
#
# interface(name,rules)
#
define(`interface',` dnl
	ifdef(`$1',`errprint(__file__:__line__`: duplicate definition of $1(). Original definition on '$1. __endline__) define(`__if_error')',`define(`$1',__line__)') dnl
	`define(`$1',` dnl
	define(`policy_temp',incr(policy_call_depth)) dnl
	pushdef(`policy_call_depth',policy_temp) dnl
	undefine(`policy_temp') dnl
	policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar)) dnl
	$2
	define(`policy_temp',decr(policy_call_depth)) dnl
	pushdef(`policy_call_depth',policy_temp) dnl
	undefine(`policy_temp') dnl
	policy_m4_comment(policy_call_depth,end `$1'(dollarsstar)) dnl
	'')
')

define(`policy_call_depth',0)

##############################
#
# Optional policy handling
#
define(`optional_policy',`
	ifelse(regexp(`$1',`\W'),`-1',`
		errprint(__file__:__line__`: deprecated use of module name ($1) as first parameter of optional_policy() block.' __endline__)
		optional {
			pushdef(`__in_optional_policy') dnl
			$2
			popdef(`__in_optional_policy') dnl
		ifelse(`$3',`',`',`
		} else {
			$3
		')
		}
	',`
		optional {
			pushdef(`__in_optional_policy') dnl
			$1
			popdef(`__in_optional_policy') dnl
		ifelse(`$2',`',`',`
		} else {
			$2
		')
		}
	')
')

##############################
#
# Determine if we should use the default
# tunable value as specified by the policy
# or if the override value should be used
#
define(`dflt_or_overr',`ifdef(`$1',$1,$2)')

##############################
#
# Extract booleans out of an expression.
# This needs to be reworked so expressions
# with parentheses can work.

define(`delcare_required_symbols',`
ifelse(regexp($1, `\w'), -1, `', `dnl
bool regexp($1, `\(\w+\)', `\1');
delcare_required_symbols(regexp($1, `\w+\(.*\)', `\1'))dnl
') dnl
')

##############################
#
# Tunable declaration
#
define(`gen_tunable',`
	ifdef(`self_contained_policy',`
		bool $1 dflt_or_overr(`$1'_conf,$2);
	',`
		# loadable module tunable
		# declaration will go here
		# instead of bool when
		# loadable modules support
		# tunables
		bool $1 dflt_or_overr(`$1'_conf,$2);
	')
')

##############################
#
# Tunable policy handling
#
define(`tunable_policy',`
	ifdef(`self_contained_policy',`
		if (`$1') {
			$2
		ifelse(`$3',`',`',`
		} else {
			$3
		')
		}
	',`
		# structure for tunables
		# will go here instead of a
		# conditional when loadable
		# modules support tunables
		gen_require(`
			delcare_required_symbols(`$1')
		')

		if (`$1') {
			$2
		ifelse(`$3',`',`',`
		} else {
			$3
		')
		}
	')
')
start breaking up support_macros into macros dir 2005-06-02 14:31:31 +00:00			`########################################`
			`#`
			`# Macros for switching between source policy`
			`# and loadable policy module support`
			`#`

			`##############################`
			`#`
			`# For adding the module statement`
			`#`
			define(`policy_module',`
change monolithic_policy to self_contained_policy for clarity 2005-09-21 13:26:30 +00:00			ifdef(`self_contained_policy',`',`
start switching over to new tunable infrastructure 2005-06-07 18:45:47 +00:00			`module $1 $2;`
complete infrastructure support for building modules 2005-08-22 17:07:17 +00:00
fix last loadable module problems 2005-10-19 14:36:04 +00:00			`require {`
			`role system_r;`
			`all_kernel_class_perms`
			`}`
move require to right position, for modular policy 2005-08-22 20:18:42 +00:00			`')`
start breaking up support_macros into macros dir 2005-06-02 14:31:31 +00:00			`')`

			`##############################`
			`#`
rename requires_block_tempalte to gen_require 2005-06-13 20:47:04 +00:00			`# For use in interfaces, to optionally insert a require block`
start breaking up support_macros into macros dir 2005-06-02 14:31:31 +00:00			`#`
rename requires_block_tempalte to gen_require 2005-06-13 20:47:04 +00:00			define(`gen_require',`
enable optionals in base/monolithic 2006-03-23 21:07:57 +00:00			ifdef(`self_contained_policy',`
			ifdef(`__in_optional_policy',`
			`require {`
			`$1`
			`} # end require`
			`')`
			',`
start switching over to new tunable infrastructure 2005-06-07 18:45:47 +00:00			`require {`
			`$1`
enable optionals in base/monolithic 2006-03-23 21:07:57 +00:00			`} # end require`
start switching over to new tunable infrastructure 2005-06-07 18:45:47 +00:00			`')`
			`')`
start breaking up support_macros into macros dir 2005-06-02 14:31:31 +00:00
add check for duplicate interface/template definitions 2005-12-05 16:43:28 +00:00			`# helper function, since m4 wont expand macros`
			`# if a line is a comment (#):`
			define(`policy_m4_comment',`
			`##### $2 depth: $1`
			`')dnl`

add interface macro 2005-06-08 13:11:47 +00:00			`##############################`
			`#`
move all interfaces over to the interface macro. add traceback debugging info 2005-06-22 19:21:31 +00:00			`# In the future interfaces should be in loadable modules`
add interface macro 2005-06-08 13:11:47 +00:00			`#`
move all interfaces over to the interface macro. add traceback debugging info 2005-06-22 19:21:31 +00:00			`# template(name,rules)`
add interface macro 2005-06-08 13:11:47 +00:00			`#`
add check for duplicate interface/template definitions 2005-12-05 16:43:28 +00:00			define(`template',` dnl
make dupe interface and templates a fatal error. 2006-05-02 14:34:32 +00:00			ifdef(`$1',`errprint(__file__:__line__`: duplicate definition of $1(). Original definition on '$1. __endline__) define(`__if_error')',`define(`$1',__line__)') dnl
add check for duplicate interface/template definitions 2005-12-05 16:43:28 +00:00			`define(`$1',` dnl
			define(`policy_temp',incr(policy_call_depth)) dnl
			pushdef(`policy_call_depth',policy_temp) dnl
			undefine(`policy_temp') dnl
			policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar)) dnl
			`$2 dnl`
			define(`policy_temp',decr(policy_call_depth)) dnl
			pushdef(`policy_call_depth',policy_temp) dnl
			undefine(`policy_temp') dnl
			policy_m4_comment(policy_call_depth,end `$1'(dollarsstar)) dnl
move all interfaces over to the interface macro. add traceback debugging info 2005-06-22 19:21:31 +00:00			`'')`
add interface macro 2005-06-08 13:11:47 +00:00			`')`

move all interfaces over to the interface macro. add traceback debugging info 2005-06-22 19:21:31 +00:00			`##############################`
			`#`
			`# In the future interfaces should be in loadable modules`
			`#`
			`# interface(name,rules)`
			`#`
add check for duplicate interface/template definitions 2005-12-05 16:43:28 +00:00			define(`interface',` dnl
make dupe interface and templates a fatal error. 2006-05-02 14:34:32 +00:00			ifdef(`$1',`errprint(__file__:__line__`: duplicate definition of $1(). Original definition on '$1. __endline__) define(`__if_error')',`define(`$1',__line__)') dnl
add check for duplicate interface/template definitions 2005-12-05 16:43:28 +00:00			`define(`$1',` dnl
			define(`policy_temp',incr(policy_call_depth)) dnl
			pushdef(`policy_call_depth',policy_temp) dnl
			undefine(`policy_temp') dnl
			policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar)) dnl
move all interfaces over to the interface macro. add traceback debugging info 2005-06-22 19:21:31 +00:00			`$2`
add check for duplicate interface/template definitions 2005-12-05 16:43:28 +00:00			define(`policy_temp',decr(policy_call_depth)) dnl
			pushdef(`policy_call_depth',policy_temp) dnl
			undefine(`policy_temp') dnl
			policy_m4_comment(policy_call_depth,end `$1'(dollarsstar)) dnl
move all interfaces over to the interface macro. add traceback debugging info 2005-06-22 19:21:31 +00:00			`'')`
			`')`

			define(`policy_call_depth',0)

start breaking up support_macros into macros dir 2005-06-02 14:31:31 +00:00			`##############################`
			`#`
			`# Optional policy handling`
			`#`
			define(`optional_policy',`
deprecate module name as first parameter of optional_policy() 2006-03-24 16:13:54 +00:00			ifelse(regexp(`$1',`\W'),`-1',`
			errprint(__file__:__line__`: deprecated use of module name ($1) as first parameter of optional_policy() block.' __endline__)
			`optional {`
			pushdef(`__in_optional_policy') dnl
			`$2`
			popdef(`__in_optional_policy') dnl
			ifelse(`$3',`',`',`
			`} else {`
			`$3`
			`')`
			`}`
			',`
			`optional {`
			pushdef(`__in_optional_policy') dnl
			`$1`
			popdef(`__in_optional_policy') dnl
			ifelse(`$2',`',`',`
			`} else {`
			`$2`
			`')`
			`}`
start switching over to new tunable infrastructure 2005-06-07 18:45:47 +00:00			`')`
			`')`
start breaking up support_macros into macros dir 2005-06-02 14:31:31 +00:00
more tunable work 2005-06-07 22:26:39 +00:00			`##############################`
			`#`
			`# Determine if we should use the default`
			`# tunable value as specified by the policy`
			`# or if the override value should be used`
			`#`
a few missed renames, and start fixing up tunables 2005-06-13 20:27:32 +00:00			define(`dflt_or_overr',`ifdef(`$1',$1,$2)')
more tunable work 2005-06-07 22:26:39 +00:00
loadable module compile fixes 2005-09-21 20:01:40 +00:00			`##############################`
			`#`
			`# Extract booleans out of an expression.`
			`# This needs to be reworked so expressions`
			`# with parentheses can work.`

			define(`delcare_required_symbols',`
			ifelse(regexp($1, `\w'), -1, `', `dnl
			bool regexp($1, `\(\w+\)', `\1');
			delcare_required_symbols(regexp($1, `\w+\(.*\)', `\1'))dnl
			`') dnl`
			`')`

more tunable work 2005-06-07 22:26:39 +00:00			`##############################`
			`#`
			`# Tunable declaration`
			`#`
a few missed renames, and start fixing up tunables 2005-06-13 20:27:32 +00:00			define(`gen_tunable',`
loadable module compile fixes 2005-09-21 20:01:40 +00:00			ifdef(`self_contained_policy',`
			bool $1 dflt_or_overr(`$1'_conf,$2);
fix tunables 2005-08-24 20:00:10 +00:00			',`
loadable module compile fixes 2005-09-21 20:01:40 +00:00			`# loadable module tunable`
			`# declaration will go here`
			`# instead of bool when`
			`# loadable modules support`
			`# tunables`
			bool $1 dflt_or_overr(`$1'_conf,$2);
fix tunables 2005-08-24 20:00:10 +00:00			`')`
more tunable work 2005-06-07 22:26:39 +00:00			`')`

start breaking up support_macros into macros dir 2005-06-02 14:31:31 +00:00			`##############################`
			`#`
			`# Tunable policy handling`
			`#`
			define(`tunable_policy',`
change monolithic_policy to self_contained_policy for clarity 2005-09-21 13:26:30 +00:00			ifdef(`self_contained_policy',`
start switching over to new tunable infrastructure 2005-06-07 18:45:47 +00:00			if (`$1') {
			`$2`
add check for duplicate interface/template definitions 2005-12-05 16:43:28 +00:00			ifelse(`$3',`',`',`
start switching over to new tunable infrastructure 2005-06-07 18:45:47 +00:00			`} else {`
			`$3`
add check for duplicate interface/template definitions 2005-12-05 16:43:28 +00:00			`')`
start switching over to new tunable infrastructure 2005-06-07 18:45:47 +00:00			`}`
fix tunables 2005-08-24 20:00:10 +00:00			',`
			`# structure for tunables`
			`# will go here instead of a`
			`# conditional when loadable`
			`# modules support tunables`
loadable module compile fixes 2005-09-21 20:01:40 +00:00			gen_require(`
			delcare_required_symbols(`$1')
			`')`

fix quoting 2005-08-24 20:18:28 +00:00			if (`$1') {
fix tunables 2005-08-24 20:00:10 +00:00			`$2`
add check for duplicate interface/template definitions 2005-12-05 16:43:28 +00:00			ifelse(`$3',`',`',`
fix tunables 2005-08-24 20:00:10 +00:00			`} else {`
			`$3`
add check for duplicate interface/template definitions 2005-12-05 16:43:28 +00:00			`')`
fix tunables 2005-08-24 20:00:10 +00:00			`}`
			`')`
start switching over to new tunable infrastructure 2005-06-07 18:45:47 +00:00			`')`