It is not possible for mere mortals to parse misc_macros.spt, so I move
can_exec to a different file.
---
policy/support/misc_macros.spt | 6 ------
policy/support/misc_patterns.spt | 6 ++++++
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/policy/support/misc_macros.spt b/policy/support/misc_macros.spt
index 4ca5688..7068f24 100644
--- a/policy/support/misc_macros.spt
+++ b/policy/support/misc_macros.spt
@@ -65,12 +65,6 @@ define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'ifdef(`enable_mcs',`:s0`'if
########################################
#
-# can_exec(domain,executable)
-#
-define(`can_exec',`allow $1 $2:file { mmap_file_perms ioctl lock execute_no_trans };')
-
-########################################
-#
# gen_bool(name,default_value)
#
define(`gen_bool',`
diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt
index 22ca011..7e55f43 100644
--- a/policy/support/misc_patterns.spt
+++ b/policy/support/misc_patterns.spt
@@ -62,3 +62,9 @@ define(`ps_process_pattern',`
allow $1 $2:lnk_file read_lnk_file_perms;
allow $1 $2:process getattr;
')
+
+########################################
+#
+# can_exec(domain,executable)
+#
+define(`can_exec',`allow $1 $2:file { mmap_file_perms ioctl lock execute_no_trans };')
--
James Carter <[email protected]>
National Security Agency
On 08/24/10 15:50, James Carter wrote:
> It is not possible for mere mortals to parse misc_macros.spt, so I move
> can_exec to a different file.
I don't agree with the move; is your parser ignoring misc_macros.spt?
> ---
> policy/support/misc_macros.spt | 6 ------
> policy/support/misc_patterns.spt | 6 ++++++
> 2 files changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/policy/support/misc_macros.spt b/policy/support/misc_macros.spt
> index 4ca5688..7068f24 100644
> --- a/policy/support/misc_macros.spt
> +++ b/policy/support/misc_macros.spt
> @@ -65,12 +65,6 @@ define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'ifdef(`enable_mcs',`:s0`'if
>
> ########################################
> #
> -# can_exec(domain,executable)
> -#
> -define(`can_exec',`allow $1 $2:file { mmap_file_perms ioctl lock execute_no_trans };')
> -
> -########################################
> -#
> # gen_bool(name,default_value)
> #
> define(`gen_bool',`
> diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt
> index 22ca011..7e55f43 100644
> --- a/policy/support/misc_patterns.spt
> +++ b/policy/support/misc_patterns.spt
> @@ -62,3 +62,9 @@ define(`ps_process_pattern',`
> allow $1 $2:lnk_file read_lnk_file_perms;
> allow $1 $2:process getattr;
> ')
> +
> +########################################
> +#
> +# can_exec(domain,executable)
> +#
> +define(`can_exec',`allow $1 $2:file { mmap_file_perms ioctl lock execute_no_trans };')
>
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On Wed, 2010-08-25 at 08:52 -0400, Christopher J. PeBenito wrote:
> On 08/24/10 15:50, James Carter wrote:
> > It is not possible for mere mortals to parse misc_macros.spt, so I move
> > can_exec to a different file.
>
> I don't agree with the move; is your parser ignoring misc_macros.spt?
>
I didn't think that you would. ;)
I don't parse misc_macros.spt and I doubt if any Refpolicy-to-CIL
translator will want to either.
> > ---
> > policy/support/misc_macros.spt | 6 ------
> > policy/support/misc_patterns.spt | 6 ++++++
> > 2 files changed, 6 insertions(+), 6 deletions(-)
> >
> > diff --git a/policy/support/misc_macros.spt b/policy/support/misc_macros.spt
> > index 4ca5688..7068f24 100644
> > --- a/policy/support/misc_macros.spt
> > +++ b/policy/support/misc_macros.spt
> > @@ -65,12 +65,6 @@ define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'ifdef(`enable_mcs',`:s0`'if
> >
> > ########################################
> > #
> > -# can_exec(domain,executable)
> > -#
> > -define(`can_exec',`allow $1 $2:file { mmap_file_perms ioctl lock execute_no_trans };')
> > -
> > -########################################
> > -#
> > # gen_bool(name,default_value)
> > #
> > define(`gen_bool',`
> > diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt
> > index 22ca011..7e55f43 100644
> > --- a/policy/support/misc_patterns.spt
> > +++ b/policy/support/misc_patterns.spt
> > @@ -62,3 +62,9 @@ define(`ps_process_pattern',`
> > allow $1 $2:lnk_file read_lnk_file_perms;
> > allow $1 $2:process getattr;
> > ')
> > +
> > +########################################
> > +#
> > +# can_exec(domain,executable)
> > +#
> > +define(`can_exec',`allow $1 $2:file { mmap_file_perms ioctl lock execute_no_trans };')
> >
>
>
--
James Carter <[email protected]>
National Security Agency
On 08/25/10 10:04, James Carter wrote:
> On Wed, 2010-08-25 at 08:52 -0400, Christopher J. PeBenito wrote:
>> On 08/24/10 15:50, James Carter wrote:
>>> It is not possible for mere mortals to parse misc_macros.spt, so I move
>>> can_exec to a different file.
>>
>> I don't agree with the move; is your parser ignoring misc_macros.spt?
>>
>
> I didn't think that you would. ;)
>
> I don't parse misc_macros.spt and I doubt if any Refpolicy-to-CIL
> translator will want to either.
I've never expected to be able to use Refpolicy unchanged when we get
CIL up and running. I've always assumed that there would be tweaks. I
also want to get rid of even more of the m4-isms when we work on a
translator. Then, for example, the interface delcarations wouldn't look
like m4 macro delcarations and we wouldn't have the crazy ` vs ' quoting
annoyances of m4.
>>> ---
>>> policy/support/misc_macros.spt | 6 ------
>>> policy/support/misc_patterns.spt | 6 ++++++
>>> 2 files changed, 6 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/policy/support/misc_macros.spt b/policy/support/misc_macros.spt
>>> index 4ca5688..7068f24 100644
>>> --- a/policy/support/misc_macros.spt
>>> +++ b/policy/support/misc_macros.spt
>>> @@ -65,12 +65,6 @@ define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'ifdef(`enable_mcs',`:s0`'if
>>>
>>> ########################################
>>> #
>>> -# can_exec(domain,executable)
>>> -#
>>> -define(`can_exec',`allow $1 $2:file { mmap_file_perms ioctl lock execute_no_trans };')
>>> -
>>> -########################################
>>> -#
>>> # gen_bool(name,default_value)
>>> #
>>> define(`gen_bool',`
>>> diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt
>>> index 22ca011..7e55f43 100644
>>> --- a/policy/support/misc_patterns.spt
>>> +++ b/policy/support/misc_patterns.spt
>>> @@ -62,3 +62,9 @@ define(`ps_process_pattern',`
>>> allow $1 $2:lnk_file read_lnk_file_perms;
>>> allow $1 $2:process getattr;
>>> ')
>>> +
>>> +########################################
>>> +#
>>> +# can_exec(domain,executable)
>>> +#
>>> +define(`can_exec',`allow $1 $2:file { mmap_file_perms ioctl lock execute_no_trans };')
>>>
>>
>>
>
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com