Chris PeBenito ca83af
########################################
Chris PeBenito ca83af
#
Chris PeBenito ca83af
# Macros for switching between source policy
Chris PeBenito ca83af
# and loadable policy module support
Chris PeBenito ca83af
#
Chris PeBenito ca83af
Chris PeBenito ca83af
##############################
Chris PeBenito ca83af
#
Chris PeBenito ca83af
# For adding the module statement
Chris PeBenito ca83af
#
Chris PeBenito ca83af
define(`policy_module',`
Chris PeBenito 0e15cd
	ifdef(`self_contained_policy',`',`
Chris PeBenito 254bbc
		module $1 $2;
Chris PeBenito c04f2a
Chris PeBenito 0efe52
		require {
Chris PeBenito 0efe52
			role system_r;
Chris PeBenito 0efe52
			all_kernel_class_perms
Chris PeBenito 0efe52
		}
Chris PeBenito 4b8c54
	')
Chris PeBenito ca83af
')
Chris PeBenito ca83af
Chris PeBenito ca83af
##############################
Chris PeBenito ca83af
#
Chris PeBenito fa7bea
# For use in interfaces, to optionally insert a require block
Chris PeBenito ca83af
#
Chris PeBenito fa7bea
define(`gen_require',`
Chris PeBenito 0db866
	ifdef(`self_contained_policy',`
Chris PeBenito 0db866
		ifdef(`__in_optional_policy',`
Chris PeBenito 0db866
			require {
Chris PeBenito 0db866
				$1
Chris PeBenito 0db866
			} # end require
Chris PeBenito 0db866
		')
Chris PeBenito 0db866
	',`
Chris PeBenito 254bbc
		require {
Chris PeBenito 254bbc
			$1
Chris PeBenito 0db866
		} # end require
Chris PeBenito 254bbc
	')
Chris PeBenito 254bbc
')
Chris PeBenito ca83af
Chris PeBenito 0176d1
# helper function, since m4 wont expand macros
Chris PeBenito 0176d1
# if a line is a comment (#):
Chris PeBenito 0176d1
define(`policy_m4_comment',`
Chris PeBenito 0176d1
##### $2 depth: $1
Chris PeBenito 0176d1
')dnl
Chris PeBenito 0176d1
Chris PeBenito ca83af
##############################
Chris PeBenito ca83af
#
Chris PeBenito 199895
# In the future interfaces should be in loadable modules
Chris PeBenito a9ec54
#
Chris PeBenito 199895
# template(name,rules)
Chris PeBenito a9ec54
#
Chris PeBenito 0176d1
define(`template',` dnl
Chris PeBenito 5706fa
	ifdef(`$1',`errprint(__file__:__line__`: duplicate definition of $1(). Original definition on '$1. __endline__) define(`__if_error')',`define(`$1',__line__)') dnl
Chris PeBenito 0176d1
	`define(`$1',` dnl
Chris PeBenito 0176d1
	define(`policy_temp',incr(policy_call_depth)) dnl
Chris PeBenito 0176d1
	pushdef(`policy_call_depth',policy_temp) dnl
Chris PeBenito 0176d1
	undefine(`policy_temp') dnl
Chris PeBenito 0176d1
	policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar)) dnl
Chris PeBenito 0176d1
	$2 dnl
Chris PeBenito 0176d1
	define(`policy_temp',decr(policy_call_depth)) dnl
Chris PeBenito 0176d1
	pushdef(`policy_call_depth',policy_temp) dnl
Chris PeBenito 0176d1
	undefine(`policy_temp') dnl
Chris PeBenito 0176d1
	policy_m4_comment(policy_call_depth,end `$1'(dollarsstar)) dnl
Chris PeBenito 199895
	'')
Chris PeBenito a9ec54
')
Chris PeBenito a9ec54
Chris PeBenito 199895
##############################
Chris PeBenito 199895
#
Chris PeBenito 199895
# In the future interfaces should be in loadable modules
Chris PeBenito 199895
#
Chris PeBenito 199895
# interface(name,rules)
Chris PeBenito 199895
#
Chris PeBenito 0176d1
define(`interface',` dnl
Chris PeBenito 5706fa
	ifdef(`$1',`errprint(__file__:__line__`: duplicate definition of $1(). Original definition on '$1. __endline__) define(`__if_error')',`define(`$1',__line__)') dnl
Chris PeBenito 0176d1
	`define(`$1',` dnl
Chris PeBenito 0176d1
	define(`policy_temp',incr(policy_call_depth)) dnl
Chris PeBenito 0176d1
	pushdef(`policy_call_depth',policy_temp) dnl
Chris PeBenito 0176d1
	undefine(`policy_temp') dnl
Chris PeBenito 0176d1
	policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar)) dnl
Chris PeBenito 199895
	$2
Chris PeBenito 0176d1
	define(`policy_temp',decr(policy_call_depth)) dnl
Chris PeBenito 0176d1
	pushdef(`policy_call_depth',policy_temp) dnl
Chris PeBenito 0176d1
	undefine(`policy_temp') dnl
Chris PeBenito 0176d1
	policy_m4_comment(policy_call_depth,end `$1'(dollarsstar)) dnl
Chris PeBenito 199895
	'')
Chris PeBenito 199895
')
Chris PeBenito 199895
Chris PeBenito 199895
define(`policy_call_depth',0)
Chris PeBenito 199895
Chris PeBenito a9ec54
##############################
Chris PeBenito a9ec54
#
Chris PeBenito ca83af
# Optional policy handling
Chris PeBenito ca83af
#
Chris PeBenito ca83af
define(`optional_policy',`
Chris PeBenito bb7170
	ifelse(regexp(`$1',`\W'),`-1',`
Chris PeBenito bb7170
		errprint(__file__:__line__`: deprecated use of module name ($1) as first parameter of optional_policy() block.' __endline__)
Chris PeBenito bb7170
		optional {
Chris PeBenito bb7170
			pushdef(`__in_optional_policy') dnl
Chris PeBenito bb7170
			$2
Chris PeBenito bb7170
			popdef(`__in_optional_policy') dnl
Chris PeBenito bb7170
		ifelse(`$3',`',`',`
Chris PeBenito bb7170
		} else {
Chris PeBenito bb7170
			$3
Chris PeBenito bb7170
		')
Chris PeBenito bb7170
		}
Chris PeBenito bb7170
	',`
Chris PeBenito bb7170
		optional {
Chris PeBenito bb7170
			pushdef(`__in_optional_policy') dnl
Chris PeBenito bb7170
			$1
Chris PeBenito bb7170
			popdef(`__in_optional_policy') dnl
Chris PeBenito bb7170
		ifelse(`$2',`',`',`
Chris PeBenito bb7170
		} else {
Chris PeBenito bb7170
			$2
Chris PeBenito bb7170
		')
Chris PeBenito bb7170
		}
Chris PeBenito 254bbc
	')
Chris PeBenito 254bbc
')
Chris PeBenito ca83af
Chris PeBenito ca83af
##############################
Chris PeBenito ca83af
#
Chris PeBenito ddea18
# Determine if we should use the default
Chris PeBenito ddea18
# tunable value as specified by the policy
Chris PeBenito ddea18
# or if the override value should be used
Chris PeBenito ddea18
#
Chris PeBenito 31908b
define(`dflt_or_overr',`ifdef(`$1',$1,$2)')
Chris PeBenito ddea18
Chris PeBenito ddea18
##############################
Chris PeBenito ddea18
#
Chris PeBenito 25c674
# Extract booleans out of an expression.
Chris PeBenito 25c674
# This needs to be reworked so expressions
Chris PeBenito 25c674
# with parentheses can work.
Chris PeBenito 25c674
Chris PeBenito 25c674
define(`delcare_required_symbols',`
Chris PeBenito 25c674
ifelse(regexp($1, `\w'), -1, `', `dnl
Chris PeBenito 25c674
bool regexp($1, `\(\w+\)', `\1');
Chris PeBenito 25c674
delcare_required_symbols(regexp($1, `\w+\(.*\)', `\1'))dnl
Chris PeBenito 25c674
') dnl
Chris PeBenito 25c674
')
Chris PeBenito 25c674
Chris PeBenito 25c674
##############################
Chris PeBenito 25c674
#
Chris PeBenito ddea18
# Tunable declaration
Chris PeBenito ddea18
#
Chris PeBenito 31908b
define(`gen_tunable',`
Chris PeBenito 25c674
	ifdef(`self_contained_policy',`
Chris PeBenito 25c674
		bool $1 dflt_or_overr(`$1'_conf,$2);
Chris PeBenito 3110de
	',`
Chris PeBenito 25c674
		# loadable module tunable
Chris PeBenito 25c674
		# declaration will go here
Chris PeBenito 25c674
		# instead of bool when
Chris PeBenito 25c674
		# loadable modules support
Chris PeBenito 25c674
		# tunables
Chris PeBenito 25c674
		bool $1 dflt_or_overr(`$1'_conf,$2);
Chris PeBenito 3110de
	')
Chris PeBenito ddea18
')
Chris PeBenito ddea18
Chris PeBenito ddea18
##############################
Chris PeBenito ddea18
#
Chris PeBenito ca83af
# Tunable policy handling
Chris PeBenito ca83af
#
Chris PeBenito ca83af
define(`tunable_policy',`
Chris PeBenito 0e15cd
	ifdef(`self_contained_policy',`
Chris PeBenito 254bbc
		if (`$1') {
Chris PeBenito 254bbc
			$2
Chris PeBenito 0176d1
		ifelse(`$3',`',`',`
Chris PeBenito 254bbc
		} else {
Chris PeBenito 254bbc
			$3
Chris PeBenito 0176d1
		')
Chris PeBenito 254bbc
		}
Chris PeBenito 3110de
	',`
Chris PeBenito 3110de
		# structure for tunables
Chris PeBenito 3110de
		# will go here instead of a
Chris PeBenito 3110de
		# conditional when loadable
Chris PeBenito 3110de
		# modules support tunables
Chris PeBenito 25c674
		gen_require(`
Chris PeBenito 25c674
			delcare_required_symbols(`$1')
Chris PeBenito 25c674
		')
Chris PeBenito 25c674
Chris PeBenito 6d1227
		if (`$1') {
Chris PeBenito 3110de
			$2
Chris PeBenito 0176d1
		ifelse(`$3',`',`',`
Chris PeBenito 3110de
		} else {
Chris PeBenito 3110de
			$3
Chris PeBenito 0176d1
		')
Chris PeBenito 3110de
		}
Chris PeBenito 3110de
	')
Chris PeBenito 254bbc
')