From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: xen-devel@lists.xenproject.org, cardoe@cardoe.com, steve@zentific.com
Subject: Re: [PATCH 3/5] flask/policy: Remove unused support for binary modules
Date: Tue, 7 Jun 2016 15:41:42 -0400 [thread overview]
Message-ID: <20160607194142.GC20716@char.us.oracle.com> (raw)
In-Reply-To: <1464015933-26891-4-git-send-email-dgdegra@tycho.nsa.gov>
On Mon, May 23, 2016 at 11:05:31AM -0400, Daniel De Graaf wrote:
> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
with my very limited knowledge of the policy language.
But it just looks to delete a lot and copy-n-paste the dflt_or_overr
over. And none of these functions are used (except in the file that
is being deleted).
> ---
> .../policy/policy/support/loadable_module.spt | 166 ---------------------
> tools/flask/policy/policy/support/misc_macros.spt | 2 +
> 2 files changed, 2 insertions(+), 166 deletions(-)
> delete mode 100644 tools/flask/policy/policy/support/loadable_module.spt
>
> diff --git a/tools/flask/policy/policy/support/loadable_module.spt b/tools/flask/policy/policy/support/loadable_module.spt
> deleted file mode 100644
> index de48b3b..0000000
> --- a/tools/flask/policy/policy/support/loadable_module.spt
> +++ /dev/null
> @@ -1,166 +0,0 @@
> -########################################
> -#
> -# Macros for switching between source policy
> -# and loadable policy module support
> -#
> -
> -##############################
> -#
> -# For adding the module statement
> -#
> -define(`policy_module',`
> - ifdef(`self_contained_policy',`',`
> - module $1 $2;
> -
> - require {
> - role system_r;
> - all_kernel_class_perms
> - }
> - ')
> -')
> -
> -##############################
> -#
> -# For use in interfaces, to optionally insert a require block
> -#
> -define(`gen_require',`
> - ifdef(`self_contained_policy',`',`
> - define(`in_gen_require_block')
> - require {
> - $1
> - }
> - undefine(`in_gen_require_block')
> - ')
> -')
> -
> -##############################
> -#
> -# In the future interfaces should be in loadable modules
> -#
> -# template(name,rules)
> -#
> -define(`template',`
> - `define(`$1',`
> -##### begin $1(dollarsstar)
> - $2
> -##### end $1(dollarsstar)
> - '')
> -')
> -
> -# helper function, since m4 wont expand macros
> -# if a line is a comment (#):
> -define(`policy_m4_comment',`dnl
> -##### $2 depth: $1
> -')dnl
> -
> -##############################
> -#
> -# In the future interfaces should be in loadable modules
> -#
> -# interface(name,rules)
> -#
> -define(`interface',`
> - `define(`$1',`
> -
> - define(`policy_temp',incr(policy_call_depth))
> - pushdef(`policy_call_depth',policy_temp)
> - undefine(`policy_temp')
> -
> - policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar))
> -
> - $2
> -
> - define(`policy_temp',decr(policy_call_depth))
> - pushdef(`policy_call_depth',policy_temp)
> - undefine(`policy_temp')
> -
> - policy_m4_comment(policy_call_depth,end `$1'(dollarsstar))
> -
> - '')
> -')
> -
> -define(`policy_call_depth',0)
> -
> -##############################
> -#
> -# Optional policy handling
> -#
> -define(`optional_policy',`
> - ifdef(`self_contained_policy',`
> - ifdef(`$1',`$2',`$3')
> - ',`
> - optional {
> - $2
> - ifelse(`$3',`',`',`
> - } else {
> - $3
> - ')
> - }
> - ')
> -')
> -
> -##############################
> -#
> -# Determine if we should use the default
> -# tunable value as specified by the policy
> -# or if the override value should be used
> -#
> -define(`dflt_or_overr',`ifdef(`$1',$1,$2)')
> -
> -##############################
> -#
> -# Extract booleans out of an expression.
> -# This needs to be reworked so expressions
> -# with parentheses can work.
> -
> -define(`delcare_required_symbols',`
> -ifelse(regexp($1, `\w'), -1, `', `dnl
> -bool regexp($1, `\(\w+\)', `\1');
> -delcare_required_symbols(regexp($1, `\w+\(.*\)', `\1'))dnl
> -') dnl
> -')
> -
> -##############################
> -#
> -# Tunable declaration
> -#
> -define(`gen_tunable',`
> - ifdef(`self_contained_policy',`
> - bool $1 dflt_or_overr(`$1'_conf,$2);
> - ',`
> - # loadable module tunable
> - # declaration will go here
> - # instead of bool when
> - # loadable modules support
> - # tunables
> - bool $1 dflt_or_overr(`$1'_conf,$2);
> - ')
> -')
> -
> -##############################
> -#
> -# Tunable policy handling
> -#
> -define(`tunable_policy',`
> - ifdef(`self_contained_policy',`
> - if (`$1') {
> - $2
> - } else {
> - $3
> - }
> - ',`
> - # structure for tunables
> - # will go here instead of a
> - # conditional when loadable
> - # modules support tunables
> - gen_require(`
> - delcare_required_symbols(`$1')
> - ')
> -
> - if (`$1') {
> - $2
> - } else {
> - $3
> - }
> - ')
> -')
> diff --git a/tools/flask/policy/policy/support/misc_macros.spt b/tools/flask/policy/policy/support/misc_macros.spt
> index 344f5c4..3116db9 100644
> --- a/tools/flask/policy/policy/support/misc_macros.spt
> +++ b/tools/flask/policy/policy/support/misc_macros.spt
> @@ -61,6 +61,8 @@ define(`gen_all_users',`')
> #
> define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'')
>
> +define(`dflt_or_overr',`ifdef(`$1',$1,$2)')
> +
> ########################################
> #
> # gen_bool(name,default_value)
> --
> 2.5.5
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-06-07 19:41 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-23 15:05 [PATCH 0/5] flask/policy: Updates for Xen 4.8 Daniel De Graaf
2016-05-23 15:05 ` [PATCH 1/5] flask/policy: split into modules Daniel De Graaf
2016-06-07 19:22 ` Konrad Rzeszutek Wilk
2016-06-07 19:39 ` Daniel De Graaf
2016-06-07 19:57 ` Konrad Rzeszutek Wilk
2016-05-23 15:05 ` [PATCH 2/5] flask/policy: move user definitions and constraints " Daniel De Graaf
2016-06-07 19:37 ` Konrad Rzeszutek Wilk
2016-05-23 15:05 ` [PATCH 3/5] flask/policy: Remove unused support for binary modules Daniel De Graaf
2016-06-07 19:41 ` Konrad Rzeszutek Wilk [this message]
2016-05-23 15:05 ` [PATCH 4/5] flask/policy: xenstore stubdom policy Daniel De Graaf
2016-06-07 19:44 ` Konrad Rzeszutek Wilk
2016-06-07 19:48 ` Daniel De Graaf
2016-06-07 20:02 ` Konrad Rzeszutek Wilk
2016-07-06 15:34 ` default XSM policy for PCI passthrough for unlabeled resources anshul makkar
2016-07-06 15:59 ` Daniel De Graaf
2016-07-06 16:19 ` anshul makkar
2016-07-07 15:36 ` Daniel De Graaf
2016-07-07 16:29 ` anshul makkar
2016-05-23 15:05 ` [PATCH 5/5] flask/policy: comment out unused xenstore example Daniel De Graaf
2016-06-07 19:45 ` Konrad Rzeszutek Wilk
2016-06-07 19:51 ` Daniel De Graaf
2016-06-07 20:02 ` Konrad Rzeszutek Wilk
2016-06-07 20:04 ` Daniel De Graaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160607194142.GC20716@char.us.oracle.com \
--to=konrad.wilk@oracle.com \
--cc=cardoe@cardoe.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=steve@zentific.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).