From: jwcart2@tycho.nsa.gov (James Carter) Date: Wed, 25 Aug 2010 10:04:08 -0400 Subject: [refpolicy] [m4-isms patch 2/6] Move can_exec to a file that I can parse In-Reply-To: <4C7511F0.1050700@tresys.com> References: <1282679438.14992.32.camel@moss-lions.epoch.ncsc.mil> <4C7511F0.1050700@tresys.com> Message-ID: <1282745048.25778.10.camel@moss-lions.epoch.ncsc.mil> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, 2010-08-25 at 08:52 -0400, Christopher J. PeBenito wrote: > On 08/24/10 15:50, James Carter wrote: > > It is not possible for mere mortals to parse misc_macros.spt, so I move > > can_exec to a different file. > > I don't agree with the move; is your parser ignoring misc_macros.spt? > I didn't think that you would. ;) I don't parse misc_macros.spt and I doubt if any Refpolicy-to-CIL translator will want to either. > > --- > > policy/support/misc_macros.spt | 6 ------ > > policy/support/misc_patterns.spt | 6 ++++++ > > 2 files changed, 6 insertions(+), 6 deletions(-) > > > > diff --git a/policy/support/misc_macros.spt b/policy/support/misc_macros.spt > > index 4ca5688..7068f24 100644 > > --- a/policy/support/misc_macros.spt > > +++ b/policy/support/misc_macros.spt > > @@ -65,12 +65,6 @@ define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'ifdef(`enable_mcs',`:s0`'if > > > > ######################################## > > # > > -# can_exec(domain,executable) > > -# > > -define(`can_exec',`allow $1 $2:file { mmap_file_perms ioctl lock execute_no_trans };') > > - > > -######################################## > > -# > > # gen_bool(name,default_value) > > # > > define(`gen_bool',` > > diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt > > index 22ca011..7e55f43 100644 > > --- a/policy/support/misc_patterns.spt > > +++ b/policy/support/misc_patterns.spt > > @@ -62,3 +62,9 @@ define(`ps_process_pattern',` > > allow $1 $2:lnk_file read_lnk_file_perms; > > allow $1 $2:process getattr; > > ') > > + > > +######################################## > > +# > > +# can_exec(domain,executable) > > +# > > +define(`can_exec',`allow $1 $2:file { mmap_file_perms ioctl lock execute_no_trans };') > > > > -- James Carter National Security Agency