From: jwcart2@tycho.nsa.gov (James Carter) Date: Tue, 24 Aug 2010 15:50:45 -0400 Subject: [refpolicy] [m4-isms patch 4/6] Remove basic_ubac_conditions macro Message-ID: <1282679445.14992.34.camel@moss-lions.epoch.ncsc.mil> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com The macro basic_ubac_conditions is an example of using an m4 macro to manipulate text rather than as an interface. Removing it makes the constraints file easier to parse. --- policy/constraints | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/policy/constraints b/policy/constraints index 155883b..b901c9f 100644 --- a/policy/constraints +++ b/policy/constraints @@ -25,21 +25,15 @@ # name_list : name | name_list name # -define(`basic_ubac_conditions',` - ifdef(`enable_ubac',` - u1 == u2 - or u1 == system_u - or u2 == system_u - or t1 != ubac_constrained_type - or t2 != ubac_constrained_type - ') -') - define(`basic_ubac_constraint',` ifdef(`enable_ubac',` constrain $1 all_$1_perms ( - basic_ubac_conditions + u1 == u2 + or u1 == system_u + or u2 == system_u + or t1 != ubac_constrained_type + or t2 != ubac_constrained_type ); ') ') @@ -48,7 +42,11 @@ define(`exempted_ubac_constraint',` ifdef(`enable_ubac',` constrain $1 all_$1_perms ( - basic_ubac_conditions + u1 == u2 + or u1 == system_u + or u2 == system_u + or t1 != ubac_constrained_type + or t2 != ubac_constrained_type or t1 == $2 ); ') @@ -82,7 +80,11 @@ constrain dir_file_class_set { create relabelto relabelfrom } ifdef(`enable_ubac',` constrain process { sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setrlimit } ( - basic_ubac_conditions + u1 == u2 + or u1 == system_u + or u2 == system_u + or t1 != ubac_constrained_type + or t2 != ubac_constrained_type or t1 == ubacproc ); ') @@ -241,5 +243,4 @@ basic_ubac_constraint(peer) undefine(`basic_ubac_constraint') -undefine(`basic_ubac_conditions') undefine(`exempted_ubac_constraint') -- James Carter National Security Agency