From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: xen-devel@lists.xenproject.org
Cc: steve@zentific.com, Daniel De Graaf <dgdegra@tycho.nsa.gov>,
cardoe@cardoe.com
Subject: [PATCH 3/5] flask/policy: Remove unused support for binary modules
Date: Mon, 23 May 2016 11:05:31 -0400 [thread overview]
Message-ID: <1464015933-26891-4-git-send-email-dgdegra@tycho.nsa.gov> (raw)
In-Reply-To: <1464015933-26891-1-git-send-email-dgdegra@tycho.nsa.gov>
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
.../policy/policy/support/loadable_module.spt | 166 ---------------------
tools/flask/policy/policy/support/misc_macros.spt | 2 +
2 files changed, 2 insertions(+), 166 deletions(-)
delete mode 100644 tools/flask/policy/policy/support/loadable_module.spt
diff --git a/tools/flask/policy/policy/support/loadable_module.spt b/tools/flask/policy/policy/support/loadable_module.spt
deleted file mode 100644
index de48b3b..0000000
--- a/tools/flask/policy/policy/support/loadable_module.spt
+++ /dev/null
@@ -1,166 +0,0 @@
-########################################
-#
-# Macros for switching between source policy
-# and loadable policy module support
-#
-
-##############################
-#
-# For adding the module statement
-#
-define(`policy_module',`
- ifdef(`self_contained_policy',`',`
- module $1 $2;
-
- require {
- role system_r;
- all_kernel_class_perms
- }
- ')
-')
-
-##############################
-#
-# For use in interfaces, to optionally insert a require block
-#
-define(`gen_require',`
- ifdef(`self_contained_policy',`',`
- define(`in_gen_require_block')
- require {
- $1
- }
- undefine(`in_gen_require_block')
- ')
-')
-
-##############################
-#
-# In the future interfaces should be in loadable modules
-#
-# template(name,rules)
-#
-define(`template',`
- `define(`$1',`
-##### begin $1(dollarsstar)
- $2
-##### end $1(dollarsstar)
- '')
-')
-
-# helper function, since m4 wont expand macros
-# if a line is a comment (#):
-define(`policy_m4_comment',`dnl
-##### $2 depth: $1
-')dnl
-
-##############################
-#
-# In the future interfaces should be in loadable modules
-#
-# interface(name,rules)
-#
-define(`interface',`
- `define(`$1',`
-
- define(`policy_temp',incr(policy_call_depth))
- pushdef(`policy_call_depth',policy_temp)
- undefine(`policy_temp')
-
- policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar))
-
- $2
-
- define(`policy_temp',decr(policy_call_depth))
- pushdef(`policy_call_depth',policy_temp)
- undefine(`policy_temp')
-
- policy_m4_comment(policy_call_depth,end `$1'(dollarsstar))
-
- '')
-')
-
-define(`policy_call_depth',0)
-
-##############################
-#
-# Optional policy handling
-#
-define(`optional_policy',`
- ifdef(`self_contained_policy',`
- ifdef(`$1',`$2',`$3')
- ',`
- optional {
- $2
- ifelse(`$3',`',`',`
- } else {
- $3
- ')
- }
- ')
-')
-
-##############################
-#
-# Determine if we should use the default
-# tunable value as specified by the policy
-# or if the override value should be used
-#
-define(`dflt_or_overr',`ifdef(`$1',$1,$2)')
-
-##############################
-#
-# Extract booleans out of an expression.
-# This needs to be reworked so expressions
-# with parentheses can work.
-
-define(`delcare_required_symbols',`
-ifelse(regexp($1, `\w'), -1, `', `dnl
-bool regexp($1, `\(\w+\)', `\1');
-delcare_required_symbols(regexp($1, `\w+\(.*\)', `\1'))dnl
-') dnl
-')
-
-##############################
-#
-# Tunable declaration
-#
-define(`gen_tunable',`
- ifdef(`self_contained_policy',`
- bool $1 dflt_or_overr(`$1'_conf,$2);
- ',`
- # loadable module tunable
- # declaration will go here
- # instead of bool when
- # loadable modules support
- # tunables
- bool $1 dflt_or_overr(`$1'_conf,$2);
- ')
-')
-
-##############################
-#
-# Tunable policy handling
-#
-define(`tunable_policy',`
- ifdef(`self_contained_policy',`
- if (`$1') {
- $2
- } else {
- $3
- }
- ',`
- # structure for tunables
- # will go here instead of a
- # conditional when loadable
- # modules support tunables
- gen_require(`
- delcare_required_symbols(`$1')
- ')
-
- if (`$1') {
- $2
- } else {
- $3
- }
- ')
-')
diff --git a/tools/flask/policy/policy/support/misc_macros.spt b/tools/flask/policy/policy/support/misc_macros.spt
index 344f5c4..3116db9 100644
--- a/tools/flask/policy/policy/support/misc_macros.spt
+++ b/tools/flask/policy/policy/support/misc_macros.spt
@@ -61,6 +61,8 @@ define(`gen_all_users',`')
#
define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'')
+define(`dflt_or_overr',`ifdef(`$1',$1,$2)')
+
########################################
#
# gen_bool(name,default_value)
--
2.5.5
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-05-23 15:06 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-23 15:05 [PATCH 0/5] flask/policy: Updates for Xen 4.8 Daniel De Graaf
2016-05-23 15:05 ` [PATCH 1/5] flask/policy: split into modules Daniel De Graaf
2016-06-07 19:22 ` Konrad Rzeszutek Wilk
2016-06-07 19:39 ` Daniel De Graaf
2016-06-07 19:57 ` Konrad Rzeszutek Wilk
2016-05-23 15:05 ` [PATCH 2/5] flask/policy: move user definitions and constraints " Daniel De Graaf
2016-06-07 19:37 ` Konrad Rzeszutek Wilk
2016-05-23 15:05 ` Daniel De Graaf [this message]
2016-06-07 19:41 ` [PATCH 3/5] flask/policy: Remove unused support for binary modules Konrad Rzeszutek Wilk
2016-05-23 15:05 ` [PATCH 4/5] flask/policy: xenstore stubdom policy Daniel De Graaf
2016-06-07 19:44 ` Konrad Rzeszutek Wilk
2016-06-07 19:48 ` Daniel De Graaf
2016-06-07 20:02 ` Konrad Rzeszutek Wilk
2016-07-06 15:34 ` default XSM policy for PCI passthrough for unlabeled resources anshul makkar
2016-07-06 15:59 ` Daniel De Graaf
2016-07-06 16:19 ` anshul makkar
2016-07-07 15:36 ` Daniel De Graaf
2016-07-07 16:29 ` anshul makkar
2016-05-23 15:05 ` [PATCH 5/5] flask/policy: comment out unused xenstore example Daniel De Graaf
2016-06-07 19:45 ` Konrad Rzeszutek Wilk
2016-06-07 19:51 ` Daniel De Graaf
2016-06-07 20:02 ` Konrad Rzeszutek Wilk
2016-06-07 20:04 ` Daniel De Graaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1464015933-26891-4-git-send-email-dgdegra@tycho.nsa.gov \
--to=dgdegra@tycho.nsa.gov \
--cc=cardoe@cardoe.com \
--cc=steve@zentific.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).