On Thu, Jul 09, 2020 at 10:36:36AM +0200, bauen1 wrote: > Some features where dropped or change since the docs were last updated. > > Signed-off-by: Jonathan Hettwer I think it should go to 3.1 release. But I have to confess myself not beeing able to confirm whether the change is correct. If it's acked somebody else I could apply it and push to 3.1 release > --- > > Notes: > Updated to include additional fixes and a correct Signed-off-by line. > > secilc/docs/cil_call_macro_statements.md | 6 ++++-- > secilc/docs/cil_container_statements.md | 2 +- > secilc/docs/cil_reference_guide.md | 2 +- > secilc/docs/cil_user_statements.md | 2 +- > 4 files changed, 7 insertions(+), 5 deletions(-) > > diff --git a/secilc/docs/cil_call_macro_statements.md b/secilc/docs/cil_call_macro_statements.md > index 17c46ed9..98b70368 100644 > --- a/secilc/docs/cil_call_macro_statements.md > +++ b/secilc/docs/cil_call_macro_statements.md > @@ -44,7 +44,7 @@ macro > > Declare a macro in the current namespace with its associated parameters. The macro identifier is used by the [`call`](cil_call_macro_statements.md#call) statement to instantiate the macro and resolve any parameters. The call statement may be within the body of a macro. > > -Note that when resolving macros the callers namespace is not checked, only the following places: > +When resolving macros the following places are checked in this order: > > - Items defined inside the macro > > @@ -52,6 +52,8 @@ Note that when resolving macros the callers namespace is not checked, only the f > > - Items defined in the same namespace of the macro > > +- Items defined in the callers namespace > + > - Items defined in the global namespace > > **Statement definition:** > @@ -80,7 +82,7 @@ Note that when resolving macros the callers namespace is not checked, only the f > >

param_type

Zero or more parameters that are passed to the macro. The param_type is a keyword used to determine the declaration type (e.g. type, class, categoryset).

> -

The list of valid param_type entries are: type, typealias, role, user, sensitivity, sensitivityalias, category, categoryalias, categoryset (named or anonymous), level (named or anonymous), levelrange (named or anonymous), class, classpermission (named or anonymous), ipaddr (named or anonymous), block, name (a string), classmap

> +

> > >

param_id

> diff --git a/secilc/docs/cil_container_statements.md b/secilc/docs/cil_container_statements.md > index a570cb23..58b3224d 100644 > --- a/secilc/docs/cil_container_statements.md > +++ b/secilc/docs/cil_container_statements.md > @@ -254,7 +254,7 @@ This example will instantiate the optional block `ext_gateway.move_file` into po > in > -- > > -Allows the insertion of CIL statements into a named container ([`block`](cil_container_statements.md#block), [`optional`](cil_container_statements.md#optional) or [`macro`](cil_call_macro_statements.md#macro)). This statement is not allowed in [`booleanif`](cil_conditional_statements.md#booleanif) or [`tunableif`](cil_conditional_statements.md#tunableif) statements. > +Allows the insertion of CIL statements into a named container ([`block`](cil_container_statements.md#block), [`optional`](cil_container_statements.md#optional) or [`macro`](cil_call_macro_statements.md#macro)). This statement is not allowed in [`booleanif`](cil_conditional_statements.md#booleanif) or [`tunableif`](cil_conditional_statements.md#tunableif) statements. This only works for containers that aren't inherited using [`blockinherit`](cil_conditional_statements.md#blockinherit). > > **Statement definition:** > > diff --git a/secilc/docs/cil_reference_guide.md b/secilc/docs/cil_reference_guide.md > index 1b1fccca..3e33c5f7 100644 > --- a/secilc/docs/cil_reference_guide.md > +++ b/secilc/docs/cil_reference_guide.md > @@ -176,7 +176,7 @@ Should the symbol not be prefixed with a dot, the current namespace would be sea > Expressions > ----------- > > -Expressions may occur in the following CIL statements: [`booleanif`](cil_conditional_statements.md#booleanif), [`tunableif`](cil_conditional_statements.md#tunableif), [`classpermissionset`](cil_class_and_permission_statements.md#classpermissionset), [`typeattributeset`](cil_type_statements.md#typeattributeset), [`roleattributeset`](cil_role_statements.md#roleattributeset), [`categoryset`](cil_mls_labeling_statements.md#categoryset), [`constrain`](cil_constraint_statements.md#constrain), [`mlsconstrain`](cil_constraint_statements.md#mlsconstrain), [`validatetrans`](cil_constraint_statements.md#validatetrans), [`validatetrans`](cil_constraint_statements.md#validatetrans) > +Expressions may occur in the following CIL statements: [`booleanif`](cil_conditional_statements.md#booleanif), [`tunableif`](cil_conditional_statements.md#tunableif), [`classpermissionset`](cil_class_and_permission_statements.md#classpermissionset), [`typeattributeset`](cil_type_statements.md#typeattributeset), [`roleattributeset`](cil_role_statements.md#roleattributeset), [`categoryset`](cil_mls_labeling_statements.md#categoryset), [`constrain`](cil_constraint_statements.md#constrain), [`mlsconstrain`](cil_constraint_statements.md#mlsconstrain), [`validatetrans`](cil_constraint_statements.md#validatetrans), [`mlsvalidatetrans`](cil_constraint_statements.md#mlsvalidatetrans) > > CIL expressions use the [prefix](http://www.cs.man.ac.uk/~pjj/cs212/fix.html) or Polish notation and may be nested (note that the kernel policy language uses postfix or reverse Polish notation). The syntax is as follows, where the parenthesis are part of the syntax: > > diff --git a/secilc/docs/cil_user_statements.md b/secilc/docs/cil_user_statements.md > index bbd76eff..26e45510 100644 > --- a/secilc/docs/cil_user_statements.md > +++ b/secilc/docs/cil_user_statements.md > @@ -260,7 +260,7 @@ This example will associate `unconfined.user` with a named [`levelrange`](cil_ml > (categoryorder (c0 c1)) > (sensitivity s0) > (sensitivity s1) > - (dominance (s0 s1)) > + (sensitivityorder (s0 s1)) > (sensitivitycategory s0 (c0 c1)) > (level systemLow (s0)) > (level systemHigh (s0 (c0 c1))) > -- > 2.27.0 >