From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 25 Aug 2010 11:49:22 -0400 Subject: [refpolicy] [m4-isms patch 2/6] Move can_exec to a file that I can parse In-Reply-To: <1282745048.25778.10.camel@moss-lions.epoch.ncsc.mil> References: <1282679438.14992.32.camel@moss-lions.epoch.ncsc.mil> <4C7511F0.1050700@tresys.com> <1282745048.25778.10.camel@moss-lions.epoch.ncsc.mil> Message-ID: <4C753B82.2020602@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/25/10 10:04, James Carter wrote: > On Wed, 2010-08-25 at 08:52 -0400, Christopher J. PeBenito wrote: >> On 08/24/10 15:50, James Carter wrote: >>> It is not possible for mere mortals to parse misc_macros.spt, so I move >>> can_exec to a different file. >> >> I don't agree with the move; is your parser ignoring misc_macros.spt? >> > > I didn't think that you would. ;) > > I don't parse misc_macros.spt and I doubt if any Refpolicy-to-CIL > translator will want to either. I've never expected to be able to use Refpolicy unchanged when we get CIL up and running. I've always assumed that there would be tweaks. I also want to get rid of even more of the m4-isms when we work on a translator. Then, for example, the interface delcarations wouldn't look like m4 macro delcarations and we wouldn't have the crazy ` vs ' quoting annoyances of m4. >>> --- >>> policy/support/misc_macros.spt | 6 ------ >>> policy/support/misc_patterns.spt | 6 ++++++ >>> 2 files changed, 6 insertions(+), 6 deletions(-) >>> >>> diff --git a/policy/support/misc_macros.spt b/policy/support/misc_macros.spt >>> index 4ca5688..7068f24 100644 >>> --- a/policy/support/misc_macros.spt >>> +++ b/policy/support/misc_macros.spt >>> @@ -65,12 +65,6 @@ define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'ifdef(`enable_mcs',`:s0`'if >>> >>> ######################################## >>> # >>> -# can_exec(domain,executable) >>> -# >>> -define(`can_exec',`allow $1 $2:file { mmap_file_perms ioctl lock execute_no_trans };') >>> - >>> -######################################## >>> -# >>> # gen_bool(name,default_value) >>> # >>> define(`gen_bool',` >>> diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt >>> index 22ca011..7e55f43 100644 >>> --- a/policy/support/misc_patterns.spt >>> +++ b/policy/support/misc_patterns.spt >>> @@ -62,3 +62,9 @@ define(`ps_process_pattern',` >>> allow $1 $2:lnk_file read_lnk_file_perms; >>> allow $1 $2:process getattr; >>> ') >>> + >>> +######################################## >>> +# >>> +# can_exec(domain,executable) >>> +# >>> +define(`can_exec',`allow $1 $2:file { mmap_file_perms ioctl lock execute_no_trans };') >>> >> >> > -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com