rpms / selinux-policy

Clone
Source Code
GIT

Blame policy/support/loadable_module.spt

config-existence-check config-existence-check2 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 main private-master-atomic-policy private-master-migrate-to-var-lib-selinux rawhide
  1.   75da4b8ad377020754c8eaa456cba3353e64baf4
  2.   policy
  3.   support
  4.   loadable_module.spt
Blob History Raw
Chris PeBenito 17de1b7 
########################################
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
# Macros for switching between source policy
Chris PeBenito 17de1b7 
# and loadable policy module support
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7
Chris PeBenito 17de1b7 
##############################
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
# For adding the module statement
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
define(`policy_module',`
Chris PeBenito 17de1b7 
	ifndef(`self_contained_policy',`
Chris PeBenito 17de1b7 
		module $1 $2;
Chris PeBenito 17de1b7
Chris PeBenito 17de1b7 
		require {
Chris PeBenito 17de1b7 
			role system_r;
Chris PeBenito 17de1b7 
			all_kernel_class_perms
Chris PeBenito e070dd2
Chris PeBenito e070dd2 
			ifdef(`enable_mcs',`
Chris PeBenito 2d0c9ce 
				decl_sens(0,0)
Chris PeBenito 2d0c9ce 
				decl_cats(0,decr(mcs_num_cats))
Chris PeBenito e070dd2 
			')
Chris PeBenito e070dd2
Chris PeBenito e070dd2 
			ifdef(`enable_mls',`
Chris PeBenito 2d0c9ce 
				decl_sens(0,decr(mls_num_sens))
Chris PeBenito 2d0c9ce 
				decl_cats(0,decr(mls_num_cats))
Chris PeBenito e070dd2 
			')
Chris PeBenito 17de1b7 
		}
Chris PeBenito 17de1b7 
	')
Chris PeBenito 17de1b7 
')
Chris PeBenito 17de1b7
Chris PeBenito 17de1b7 
##############################
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
# For use in interfaces, to optionally insert a require block
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
define(`gen_require',`
Chris PeBenito 17de1b7 
	ifdef(`self_contained_policy',`
Chris PeBenito 17de1b7 
		ifdef(`__in_optional_policy',`
Chris PeBenito 17de1b7 
			require {
Chris PeBenito 17de1b7 
				$1
Chris PeBenito 17de1b7 
			} # end require
Chris PeBenito 17de1b7 
		')
Chris PeBenito 17de1b7 
	',`
Chris PeBenito 17de1b7 
		require {
Chris PeBenito 17de1b7 
			$1
Chris PeBenito 17de1b7 
		} # end require
Chris PeBenito 17de1b7 
	')
Chris PeBenito 17de1b7 
')
Chris PeBenito 17de1b7
Chris PeBenito 17de1b7 
# helper function, since m4 wont expand macros
Chris PeBenito 17de1b7 
# if a line is a comment (#):
Chris PeBenito 17de1b7 
define(`policy_m4_comment',`
Chris PeBenito 17de1b7 
##### $2 depth: $1
Chris PeBenito 17de1b7 
')dnl
Chris PeBenito 17de1b7
Chris PeBenito 17de1b7 
##############################
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
# In the future interfaces should be in loadable modules
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
# template(name,rules)
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
define(`template',` dnl
Chris PeBenito ea3c1f5 
	ifdef(`$1',`refpolicyerr(`duplicate definition of $1(). Original definition on '$1.) define(`__if_error')',`define(`$1',__line__)') dnl
Chris PeBenito 17de1b7 
	`define(`$1',` dnl
Chris PeBenito 75da4b8 
	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
Chris PeBenito 17de1b7 
	policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar)) dnl
Chris PeBenito 17de1b7 
	$2 dnl
Chris PeBenito 75da4b8 
	popdef(`policy_call_depth') dnl
Chris PeBenito 17de1b7 
	policy_m4_comment(policy_call_depth,end `$1'(dollarsstar)) dnl
Chris PeBenito 17de1b7 
	'')
Chris PeBenito 17de1b7 
')
Chris PeBenito 17de1b7
Chris PeBenito 17de1b7 
##############################
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
# In the future interfaces should be in loadable modules
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
# interface(name,rules)
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
define(`interface',` dnl
Chris PeBenito ea3c1f5 
	ifdef(`$1',`refpolicyerr(`duplicate definition of $1(). Original definition on '$1.) define(`__if_error')',`define(`$1',__line__)') dnl
Chris PeBenito 17de1b7 
	`define(`$1',` dnl
Chris PeBenito 75da4b8 
	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
Chris PeBenito 17de1b7 
	policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar)) dnl
Chris PeBenito 17de1b7 
	$2
Chris PeBenito 75da4b8 
	popdef(`policy_call_depth') dnl
Chris PeBenito 17de1b7 
	policy_m4_comment(policy_call_depth,end `$1'(dollarsstar)) dnl
Chris PeBenito 17de1b7 
	'')
Chris PeBenito 17de1b7 
')
Chris PeBenito 17de1b7
Chris PeBenito 17de1b7 
define(`policy_call_depth',0)
Chris PeBenito 17de1b7
Chris PeBenito 17de1b7 
##############################
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
# Optional policy handling
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
define(`optional_policy',`
Chris PeBenito 17de1b7 
	ifelse(regexp(`$1',`\W'),`-1',`
Chris PeBenito ea3c1f5 
		refpolicywarn(`deprecated use of module name ($1) as first parameter of optional_policy() block.')
Chris PeBenito 17de1b7 
		optional_policy(shift($*))
Chris PeBenito 17de1b7 
	',`
Chris PeBenito 17de1b7 
		optional {`'pushdef(`__in_optional_policy')
Chris PeBenito 17de1b7 
			$1
Chris PeBenito 17de1b7 
		ifelse(`$2',`',`',`} else {
Chris PeBenito 17de1b7 
			$2
Chris PeBenito 17de1b7 
		')}`'popdef(`__in_optional_policy')`'ifndef(`__in_optional_policy',` # end optional')
Chris PeBenito 17de1b7 
	')
Chris PeBenito 17de1b7 
')
Chris PeBenito 17de1b7
Chris PeBenito 17de1b7 
##############################
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
# Determine if we should use the default
Chris PeBenito 17de1b7 
# tunable value as specified by the policy
Chris PeBenito 17de1b7 
# or if the override value should be used
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
define(`dflt_or_overr',`ifdef(`$1',$1,$2)')
Chris PeBenito 17de1b7
Chris PeBenito 17de1b7 
##############################
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
# Extract booleans out of an expression.
Chris PeBenito 17de1b7 
# This needs to be reworked so expressions
Chris PeBenito 17de1b7 
# with parentheses can work.
Chris PeBenito 17de1b7
Chris PeBenito f6ddd6b 
define(`declare_required_symbols',`
Chris PeBenito 17de1b7 
ifelse(regexp($1, `\w'), -1, `', `dnl
Chris PeBenito 17de1b7 
bool regexp($1, `\(\w+\)', `\1');
Chris PeBenito f6ddd6b 
declare_required_symbols(regexp($1, `\w+\(.*\)', `\1'))dnl
Chris PeBenito 17de1b7 
') dnl
Chris PeBenito 17de1b7 
')
Chris PeBenito 17de1b7
Chris PeBenito 17de1b7 
##############################
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
# Tunable declaration
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
define(`gen_tunable',`
Chris PeBenito f6ddd6b 
	bool $1 dflt_or_overr(`$1'_conf,$2);
Chris PeBenito 17de1b7 
')
Chris PeBenito 17de1b7
Chris PeBenito 17de1b7 
##############################
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
# Tunable policy handling
Chris PeBenito 17de1b7 
#
Chris PeBenito 17de1b7 
define(`tunable_policy',`
Chris PeBenito f6ddd6b 
	gen_require(`
Chris PeBenito f6ddd6b 
		declare_required_symbols(`$1')
Chris PeBenito 17de1b7 
	')
Chris PeBenito f6ddd6b 
	if (`$1') {
Chris PeBenito f6ddd6b 
		$2
Chris PeBenito f6ddd6b 
	ifelse(`$3',`',`',`} else {
Chris PeBenito f6ddd6b 
		$3
Chris PeBenito f6ddd6b 
	')}
Chris PeBenito 17de1b7 
')
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.