Blob Blame History Raw
########################################
#
# Macros for switching between source policy
# and loadable policy module support
#

##############################
#
# For adding the module statement
#
define(`policy_module',`
	ifdef(`monolithic_policy',`',`
		module $1 $2;

		require { all_kernel_class_perms }
	')
')

##############################
#
# For use in interfaces, to optionally insert a require block
#
define(`gen_require',`
	ifdef(`monolithic_policy',`',`
		define(`in_gen_require_block')
		require {
			$1
		}
		undefine(`in_gen_require_block')
	')
')

##############################
#
# In the future interfaces should be in loadable modules
#
# template(name,rules)
#
define(`template',`
	`define(`$1',`
##### begin $1(dollarsstar)
		$2
##### end $1(dollarsstar)
	'')
')

# helper function, since m4 wont expand macros
# if a line is a comment (#):
define(`policy_m4_comment',`dnl
##### $2 depth: $1
')dnl

##############################
#
# In the future interfaces should be in loadable modules
#
# interface(name,rules)
#
define(`interface',`
	`define(`$1',`

	define(`policy_temp',incr(policy_call_depth))
	pushdef(`policy_call_depth',policy_temp)
	undefine(`policy_temp')

	policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar))

	$2

	define(`policy_temp',decr(policy_call_depth))
	pushdef(`policy_call_depth',policy_temp)
	undefine(`policy_temp')

	policy_m4_comment(policy_call_depth,end `$1'(dollarsstar))

	'')
')

define(`policy_call_depth',0)

##############################
#
# Optional policy handling
#
define(`optional_policy',`
	ifdef(`monolithic_policy',`
		ifdef(`$1',`$2',`$3')
	',`
		optional {
			$2
		ifelse(`$3',`',`',`
		} else {
			$3
		')
		}
	')
')

##############################
#
# Determine if we should use the default
# tunable value as specified by the policy
# or if the override value should be used
#
define(`dflt_or_overr',`ifdef(`$1',$1,$2)')

##############################
#
# Tunable declaration
#
define(`gen_tunable',`
	ifdef(`in_gen_require_block',`
		ifdef(`monolithic_policy',`
			bool $1;
		',`
			# loadable module tunable
			# declaration will go here
			# instead of bool when
			# loadable modules support
			# tunables
			bool $1;
		')
	',`
		ifdef(`monolithic_policy',`
			bool $1 dflt_or_overr(`$1'_conf,$2);
		',`
			# loadable module tunable
			# declaration will go here
			# instead of bool when
			# loadable modules support
			# tunables
			bool $1 dflt_or_overr(`$1'_conf,$2);
		')
	')
')

##############################
#
# Tunable policy handling
#
define(`tunable_policy',`
	ifdef(`monolithic_policy',`
		if (`$1') {
			$2
		} else {
			$3
		}
	',`
		# structure for tunables
		# will go here instead of a
		# conditional when loadable
		# modules support tunables
		if (`$1') {
			$2
		} else {
			$3
		}
	')
')