do dtd verification on xml. fix current xml to be valid
This commit is contained in:
parent
3c62aa31a9
commit
004db90d3f
@ -44,6 +44,7 @@ SBINDIR := $(PREFIX)/sbin
|
|||||||
CHECKPOLICY := $(BINDIR)/checkpolicy
|
CHECKPOLICY := $(BINDIR)/checkpolicy
|
||||||
LOADPOLICY := $(SBINDIR)/load_policy
|
LOADPOLICY := $(SBINDIR)/load_policy
|
||||||
SETFILES := $(SBINDIR)/setfiles
|
SETFILES := $(SBINDIR)/setfiles
|
||||||
|
XMLLINT := $(BINDIR)/xmllint
|
||||||
|
|
||||||
# enable MLS if requested.
|
# enable MLS if requested.
|
||||||
ifeq ($(MLS),y)
|
ifeq ($(MLS),y)
|
||||||
@ -270,11 +271,16 @@ xml: policy.xml
|
|||||||
|
|
||||||
policy.xml: $(ALL_INTERFACES) tmp/generated_definitions.conf
|
policy.xml: $(ALL_INTERFACES) tmp/generated_definitions.conf
|
||||||
@echo "Creating $@"
|
@echo "Creating $@"
|
||||||
$(QUIET) echo "<policy>" > $@
|
$(QUIET) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
|
||||||
|
$(QUIET) echo '<!DOCTYPE policy SYSTEM "policy.dtd">' >> $@
|
||||||
|
$(QUIET) echo "<policy>" >> $@
|
||||||
# process this through m4 to eliminate the generated definitions.
|
# process this through m4 to eliminate the generated definitions.
|
||||||
# currently these are only in corenetwork.if
|
# currently these are only in corenetwork.if
|
||||||
$(QUIET) m4 $^ | egrep -h "^##[[:space:]]" | sed -e 's/^##[[:space:]]//g' >> $@
|
$(QUIET) m4 $^ | egrep -h "^##[[:blank:]]" | sed -e 's/^##[[:blank:]]//g' >> $@
|
||||||
$(QUIET) echo "</policy>" >> $@
|
$(QUIET) echo "</policy>" >> $@
|
||||||
|
$(QUIET) if test -x $(XMLLINT) && test -f policy.dtd; then \
|
||||||
|
$(XMLLINT) --noout --dtdvalid policy.dtd $@ ;\
|
||||||
|
fi
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -335,3 +335,4 @@ dontaudit $1_gpg_pinentry_t cifs_t:file write;
|
|||||||
dontaudit $1_gpg_pinentry_t { sysctl_t sysctl_kernel_t }:dir { getattr search };
|
dontaudit $1_gpg_pinentry_t { sysctl_t sysctl_kernel_t }:dir { getattr search };
|
||||||
') dnl end TODO
|
') dnl end TODO
|
||||||
') dnl end gpg_per_userdomain_template
|
') dnl end gpg_per_userdomain_template
|
||||||
|
|
||||||
|
@ -2,9 +2,16 @@
|
|||||||
## <summary>Policy controlling access to network objects</summary>
|
## <summary>Policy controlling access to network objects</summary>
|
||||||
|
|
||||||
ifdef(`interface_pass',`',`
|
ifdef(`interface_pass',`',`
|
||||||
#######################################
|
########################################
|
||||||
#
|
## <interface name="corenetwork_network_tcp_on_general_interface">
|
||||||
# corenetwork_network_tcp_on_general_interface(domain)
|
## <description>
|
||||||
|
## Send and receive TCP network traffic on the general interfaces.
|
||||||
|
## </description>
|
||||||
|
## <parameter name="domain">
|
||||||
|
## The type of the process performing this action.
|
||||||
|
## </parameter>
|
||||||
|
## <infoflow type="both" weight="10"/>
|
||||||
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corenetwork_network_tcp_on_general_interface',`
|
define(`corenetwork_network_tcp_on_general_interface',`
|
||||||
requires_block_template(`$0'_depend)
|
requires_block_template(`$0'_depend)
|
||||||
|
Loading…
Reference in New Issue
Block a user