Chris PeBenito ca83af
########################################
Chris PeBenito ca83af
#
Chris PeBenito ca83af
# Macros for switching between source policy
Chris PeBenito ca83af
# and loadable policy module support
Chris PeBenito ca83af
#
Chris PeBenito ca83af
Chris PeBenito ca83af
##############################
Chris PeBenito ca83af
#
Chris PeBenito ca83af
# For adding the module statement
Chris PeBenito ca83af
#
Chris PeBenito ca83af
define(`policy_module',`
Chris PeBenito 0e15cd
	ifdef(`self_contained_policy',`',`
Chris PeBenito 254bbc
		module $1 $2;
Chris PeBenito c04f2a
Chris PeBenito 0efe52
		require {
Chris PeBenito 0efe52
			role system_r;
Chris PeBenito 0efe52
			all_kernel_class_perms
Chris PeBenito 0efe52
		}
Chris PeBenito 4b8c54
	')
Chris PeBenito ca83af
')
Chris PeBenito ca83af
Chris PeBenito ca83af
##############################
Chris PeBenito ca83af
#
Chris PeBenito fa7bea
# For use in interfaces, to optionally insert a require block
Chris PeBenito ca83af
#
Chris PeBenito fa7bea
define(`gen_require',`
Chris PeBenito 0e15cd
	ifdef(`self_contained_policy',`',`
Chris PeBenito 41c480
		define(`in_gen_require_block')
Chris PeBenito 254bbc
		require {
Chris PeBenito 254bbc
			$1
Chris PeBenito 254bbc
		}
Chris PeBenito 41c480
		undefine(`in_gen_require_block')
Chris PeBenito 254bbc
	')
Chris PeBenito 254bbc
')
Chris PeBenito ca83af
Chris PeBenito ca83af
##############################
Chris PeBenito ca83af
#
Chris PeBenito 199895
# In the future interfaces should be in loadable modules
Chris PeBenito a9ec54
#
Chris PeBenito 199895
# template(name,rules)
Chris PeBenito a9ec54
#
Chris PeBenito 199895
define(`template',`
Chris PeBenito 199895
	`define(`$1',`
Chris PeBenito 20a227
##### begin $1(dollarsstar)
Chris PeBenito a9ec54
		$2
Chris PeBenito 20a227
##### end $1(dollarsstar)
Chris PeBenito 199895
	'')
Chris PeBenito a9ec54
')
Chris PeBenito a9ec54
Chris PeBenito 199895
# helper function, since m4 wont expand macros
Chris PeBenito 199895
# if a line is a comment (#):
Chris PeBenito 199895
define(`policy_m4_comment',`dnl
Chris PeBenito 199895
##### $2 depth: $1
Chris PeBenito 199895
')dnl
Chris PeBenito 199895
Chris PeBenito 199895
##############################
Chris PeBenito 199895
#
Chris PeBenito 199895
# In the future interfaces should be in loadable modules
Chris PeBenito 199895
#
Chris PeBenito 199895
# interface(name,rules)
Chris PeBenito 199895
#
Chris PeBenito 199895
define(`interface',`
Chris PeBenito 199895
	`define(`$1',`
Chris PeBenito 199895
Chris PeBenito 199895
	define(`policy_temp',incr(policy_call_depth))
Chris PeBenito 199895
	pushdef(`policy_call_depth',policy_temp)
Chris PeBenito 199895
	undefine(`policy_temp')
Chris PeBenito 199895
Chris PeBenito 199895
	policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar))
Chris PeBenito 199895
Chris PeBenito 199895
	$2
Chris PeBenito 199895
Chris PeBenito 199895
	define(`policy_temp',decr(policy_call_depth))
Chris PeBenito 199895
	pushdef(`policy_call_depth',policy_temp)
Chris PeBenito 199895
	undefine(`policy_temp')
Chris PeBenito 199895
Chris PeBenito 199895
	policy_m4_comment(policy_call_depth,end `$1'(dollarsstar))
Chris PeBenito 199895
Chris PeBenito 199895
	'')
Chris PeBenito 199895
')
Chris PeBenito 199895
Chris PeBenito 199895
define(`policy_call_depth',0)
Chris PeBenito 199895
Chris PeBenito a9ec54
##############################
Chris PeBenito a9ec54
#
Chris PeBenito ca83af
# Optional policy handling
Chris PeBenito ca83af
#
Chris PeBenito ca83af
define(`optional_policy',`
Chris PeBenito 0e15cd
	ifdef(`self_contained_policy',`
Chris PeBenito e8f005
		ifdef(`$1',`$2',`$3')
Chris PeBenito 254bbc
	',`
Chris PeBenito 254bbc
		optional {
Chris PeBenito 254bbc
			$2
Chris PeBenito fb0a3a
		ifelse(`$3',`',`',`
Chris PeBenito 254bbc
		} else {
Chris PeBenito 254bbc
			$3
Chris PeBenito fb0a3a
		')
Chris PeBenito 254bbc
		}
Chris PeBenito 254bbc
	')
Chris PeBenito 254bbc
')
Chris PeBenito ca83af
Chris PeBenito ca83af
##############################
Chris PeBenito ca83af
#
Chris PeBenito ddea18
# Determine if we should use the default
Chris PeBenito ddea18
# tunable value as specified by the policy
Chris PeBenito ddea18
# or if the override value should be used
Chris PeBenito ddea18
#
Chris PeBenito 31908b
define(`dflt_or_overr',`ifdef(`$1',$1,$2)')
Chris PeBenito ddea18
Chris PeBenito ddea18
##############################
Chris PeBenito ddea18
#
Chris PeBenito 25c674
# Extract booleans out of an expression.
Chris PeBenito 25c674
# This needs to be reworked so expressions
Chris PeBenito 25c674
# with parentheses can work.
Chris PeBenito 25c674
Chris PeBenito 25c674
define(`delcare_required_symbols',`
Chris PeBenito 25c674
ifelse(regexp($1, `\w'), -1, `', `dnl
Chris PeBenito 25c674
bool regexp($1, `\(\w+\)', `\1');
Chris PeBenito 25c674
delcare_required_symbols(regexp($1, `\w+\(.*\)', `\1'))dnl
Chris PeBenito 25c674
') dnl
Chris PeBenito 25c674
')
Chris PeBenito 25c674
Chris PeBenito 25c674
##############################
Chris PeBenito 25c674
#
Chris PeBenito ddea18
# Tunable declaration
Chris PeBenito ddea18
#
Chris PeBenito 31908b
define(`gen_tunable',`
Chris PeBenito 25c674
	ifdef(`self_contained_policy',`
Chris PeBenito 25c674
		bool $1 dflt_or_overr(`$1'_conf,$2);
Chris PeBenito 3110de
	',`
Chris PeBenito 25c674
		# loadable module tunable
Chris PeBenito 25c674
		# declaration will go here
Chris PeBenito 25c674
		# instead of bool when
Chris PeBenito 25c674
		# loadable modules support
Chris PeBenito 25c674
		# tunables
Chris PeBenito 25c674
		bool $1 dflt_or_overr(`$1'_conf,$2);
Chris PeBenito 3110de
	')
Chris PeBenito ddea18
')
Chris PeBenito ddea18
Chris PeBenito ddea18
##############################
Chris PeBenito ddea18
#
Chris PeBenito ca83af
# Tunable policy handling
Chris PeBenito ca83af
#
Chris PeBenito ca83af
define(`tunable_policy',`
Chris PeBenito 0e15cd
	ifdef(`self_contained_policy',`
Chris PeBenito 254bbc
		if (`$1') {
Chris PeBenito 254bbc
			$2
Chris PeBenito 254bbc
		} else {
Chris PeBenito 254bbc
			$3
Chris PeBenito 254bbc
		}
Chris PeBenito 3110de
	',`
Chris PeBenito 3110de
		# structure for tunables
Chris PeBenito 3110de
		# will go here instead of a
Chris PeBenito 3110de
		# conditional when loadable
Chris PeBenito 3110de
		# modules support tunables
Chris PeBenito 25c674
		gen_require(`
Chris PeBenito 25c674
			delcare_required_symbols(`$1')
Chris PeBenito 25c674
		')
Chris PeBenito 25c674
Chris PeBenito 6d1227
		if (`$1') {
Chris PeBenito 3110de
			$2
Chris PeBenito 3110de
		} else {
Chris PeBenito 3110de
			$3
Chris PeBenito 3110de
		}
Chris PeBenito 3110de
	')
Chris PeBenito 254bbc
')