Refpolicy uses m4 to implement interfaces and other policy language
constructs. If one wants to treat Refpolicy like a policy language,
then it has to be parsed before m4 processing. This can be challenging.
Most of the ugly m4 usage is in a few files like loadable_module.spt,
misc_macros.spt, and mls_mcs_macros.spt and is not too hard to work
around. There are, however, a few places where m4 usage still presents
a problem.
The following patches "fix" the places where m4 still causes problems,
making parsing Refpolicy easier for crazy compilers[1].
These patches are really more to show where problems exist and to start
a discussion, since some of the solutions (like commenting out a
genfscon rule) are not really solutions at all.
When CIL makes its appearance we will need a Refpolicy-to-CIL
translator, and I would like to try to work out as many issues now as
possible.
The same policy is generated with the patches for standard, mls, and mcs
as without.
Even with these patches, I still need to do "make conf" before I can
parse using my compiler.
[1] http://marc.info/?l=selinux&m=123497901607467&w=1
--
James Carter <[email protected]>
National Security Agency