Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
# Macros for switching between source policy
Chris PeBenito 17de1b
# and loadable policy module support
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
Chris PeBenito 17de1b
##############################
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
# For adding the module statement
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
define(`policy_module',`
Chris PeBenito 17de1b
	ifndef(`self_contained_policy',`
Chris PeBenito 17de1b
		module $1 $2;
Chris PeBenito 17de1b
Chris PeBenito 17de1b
		require {
Chris PeBenito 17de1b
			role system_r;
Chris PeBenito 17de1b
			all_kernel_class_perms
Chris PeBenito e070dd
Chris PeBenito e070dd
			ifdef(`enable_mcs',`
Chris PeBenito e070dd
				sensitivity s0;
Chris PeBenito e070dd
				category c0, c`'decr(mcs_num_cats);
Chris PeBenito e070dd
			')
Chris PeBenito e070dd
Chris PeBenito e070dd
			ifdef(`enable_mls',`
Chris PeBenito e070dd
				sensitivity s0, s`'decr(mls_num_sens);
Chris PeBenito e070dd
				category c0, c`'decr(mls_num_cats);
Chris PeBenito e070dd
			')
Chris PeBenito 17de1b
		}
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
##############################
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
# For use in interfaces, to optionally insert a require block
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
define(`gen_require',`
Chris PeBenito 17de1b
	ifdef(`self_contained_policy',`
Chris PeBenito 17de1b
		ifdef(`__in_optional_policy',`
Chris PeBenito 17de1b
			require {
Chris PeBenito 17de1b
				$1
Chris PeBenito 17de1b
			} # end require
Chris PeBenito 17de1b
		')
Chris PeBenito 17de1b
	',`
Chris PeBenito 17de1b
		require {
Chris PeBenito 17de1b
			$1
Chris PeBenito 17de1b
		} # end require
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
# helper function, since m4 wont expand macros
Chris PeBenito 17de1b
# if a line is a comment (#):
Chris PeBenito 17de1b
define(`policy_m4_comment',`
Chris PeBenito 17de1b
##### $2 depth: $1
Chris PeBenito 17de1b
')dnl
Chris PeBenito 17de1b
Chris PeBenito 17de1b
##############################
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
# In the future interfaces should be in loadable modules
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
# template(name,rules)
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
define(`template',` dnl
Chris PeBenito ea3c1f
	ifdef(`$1',`refpolicyerr(`duplicate definition of $1(). Original definition on '$1.) define(`__if_error')',`define(`$1',__line__)') dnl
Chris PeBenito 17de1b
	`define(`$1',` dnl
Chris PeBenito 17de1b
	define(`policy_temp',incr(policy_call_depth)) dnl
Chris PeBenito 17de1b
	pushdef(`policy_call_depth',policy_temp) dnl
Chris PeBenito 17de1b
	undefine(`policy_temp') dnl
Chris PeBenito 17de1b
	policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar)) dnl
Chris PeBenito 17de1b
	$2 dnl
Chris PeBenito 17de1b
	define(`policy_temp',decr(policy_call_depth)) dnl
Chris PeBenito 17de1b
	pushdef(`policy_call_depth',policy_temp) dnl
Chris PeBenito 17de1b
	undefine(`policy_temp') dnl
Chris PeBenito 17de1b
	policy_m4_comment(policy_call_depth,end `$1'(dollarsstar)) dnl
Chris PeBenito 17de1b
	'')
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
##############################
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
# In the future interfaces should be in loadable modules
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
# interface(name,rules)
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
define(`interface',` dnl
Chris PeBenito ea3c1f
	ifdef(`$1',`refpolicyerr(`duplicate definition of $1(). Original definition on '$1.) define(`__if_error')',`define(`$1',__line__)') dnl
Chris PeBenito 17de1b
	`define(`$1',` dnl
Chris PeBenito 17de1b
	define(`policy_temp',incr(policy_call_depth)) dnl
Chris PeBenito 17de1b
	pushdef(`policy_call_depth',policy_temp) dnl
Chris PeBenito 17de1b
	undefine(`policy_temp') dnl
Chris PeBenito 17de1b
	policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar)) dnl
Chris PeBenito 17de1b
	$2
Chris PeBenito 17de1b
	define(`policy_temp',decr(policy_call_depth)) dnl
Chris PeBenito 17de1b
	pushdef(`policy_call_depth',policy_temp) dnl
Chris PeBenito 17de1b
	undefine(`policy_temp') dnl
Chris PeBenito 17de1b
	policy_m4_comment(policy_call_depth,end `$1'(dollarsstar)) dnl
Chris PeBenito 17de1b
	'')
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
define(`policy_call_depth',0)
Chris PeBenito 17de1b
Chris PeBenito 17de1b
##############################
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
# Optional policy handling
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
define(`optional_policy',`
Chris PeBenito 17de1b
	ifelse(regexp(`$1',`\W'),`-1',`
Chris PeBenito ea3c1f
		refpolicywarn(`deprecated use of module name ($1) as first parameter of optional_policy() block.')
Chris PeBenito 17de1b
		optional_policy(shift($*))
Chris PeBenito 17de1b
	',`
Chris PeBenito 17de1b
		optional {`'pushdef(`__in_optional_policy')
Chris PeBenito 17de1b
			$1
Chris PeBenito 17de1b
		ifelse(`$2',`',`',`} else {
Chris PeBenito 17de1b
			$2
Chris PeBenito 17de1b
		')}`'popdef(`__in_optional_policy')`'ifndef(`__in_optional_policy',` # end optional')
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
##############################
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
# Determine if we should use the default
Chris PeBenito 17de1b
# tunable value as specified by the policy
Chris PeBenito 17de1b
# or if the override value should be used
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
define(`dflt_or_overr',`ifdef(`$1',$1,$2)')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
##############################
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
# Extract booleans out of an expression.
Chris PeBenito 17de1b
# This needs to be reworked so expressions
Chris PeBenito 17de1b
# with parentheses can work.
Chris PeBenito 17de1b
Chris PeBenito f6ddd6
define(`declare_required_symbols',`
Chris PeBenito 17de1b
ifelse(regexp($1, `\w'), -1, `', `dnl
Chris PeBenito 17de1b
bool regexp($1, `\(\w+\)', `\1');
Chris PeBenito f6ddd6
declare_required_symbols(regexp($1, `\w+\(.*\)', `\1'))dnl
Chris PeBenito 17de1b
') dnl
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
##############################
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
# Tunable declaration
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
define(`gen_tunable',`
Chris PeBenito f6ddd6
	bool $1 dflt_or_overr(`$1'_conf,$2);
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
##############################
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
# Tunable policy handling
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
define(`tunable_policy',`
Chris PeBenito f6ddd6
	gen_require(`
Chris PeBenito f6ddd6
		declare_required_symbols(`$1')
Chris PeBenito 17de1b
	')
Chris PeBenito f6ddd6
	if (`$1') {
Chris PeBenito f6ddd6
		$2
Chris PeBenito f6ddd6
	ifelse(`$3',`',`',`} else {
Chris PeBenito f6ddd6
		$3
Chris PeBenito f6ddd6
	')}
Chris PeBenito 17de1b
')