On 6/5/2015 4:28 PM, Ted Toth wrote:
> I tried to use "refpolicywarn(`$0($*) has been deprecated.')" in a
> deprecated interface removing all of the previously defined policy.
> However the interface is used in an 'optional' which then causes the
> policy compilation to fail. What is the right way to handle this
> situation?
This should go to the refpolicy list.
Refpolicywarn is an m4 macro, so it doesn't result in any policy. If
you have an optional block with only one call to an interface that only
has a refpolicywarn in its implementation, it will result in an optional
with no rules inside.
We handle this in refpolicy by calling the new interface, e.g. if
interface X is being replaced by interface Y, in the implementation of X
we put a refpolicywarn message and call Y. If there is no new
interface, you could put safe placeholder rules, such as a call to
dev_rw_null().
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
So many lists so little time ... I'll post to the refpolicy list next time.
Simply adding:
gen_require(` type null_device_t; ')
did the trick.
On Mon, Jun 8, 2015 at 8:11 AM, Christopher J. PeBenito
<[email protected]> wrote:
> On 6/5/2015 4:28 PM, Ted Toth wrote:
>> I tried to use "refpolicywarn(`$0($*) has been deprecated.')" in a
>> deprecated interface removing all of the previously defined policy.
>> However the interface is used in an 'optional' which then causes the
>> policy compilation to fail. What is the right way to handle this
>> situation?
>
> This should go to the refpolicy list.
>
> Refpolicywarn is an m4 macro, so it doesn't result in any policy. If
> you have an optional block with only one call to an interface that only
> has a refpolicywarn in its implementation, it will result in an optional
> with no rules inside.
>
> We handle this in refpolicy by calling the new interface, e.g. if
> interface X is being replaced by interface Y, in the implementation of X
> we put a refpolicywarn message and call Y. If there is no new
> interface, you could put safe placeholder rules, such as a call to
> dev_rw_null().
>
>
> --
> Chris PeBenito
> Tresys Technology, LLC
> http://www.tresys.com | oss.tresys.com