[refpolicy] [v1 PATCH 1/1] Move role declarations to the top of base.conf

[refpolicy] [v1 PATCH 1/1] Move role declarations to the top of base.conf

[Harry Ciao]

system_r is required by the policy_module macro, which however will
be expanded as empty if the module is built into base.pp. system_r
is defined in the kernel.te, its definition should be moved to the
top of base.conf so that other modules copied earlier into base.conf
than kernel.te could reference system_r in their unconditional block
properly.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
---
 support/comment_move_decl.sed  |    1 +
 support/get_type_attr_decl.sed |    7 ++++++-
 2 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/support/comment_move_decl.sed b/support/comment_move_decl.sed
index 601c4f7..00b94b6 100644
--- a/support/comment_move_decl.sed
+++ b/support/comment_move_decl.sed
@@ -10,5 +10,6 @@
 /^[[:blank:]]*fs_use_(xattr|task|trans) /s/^/# this line was moved by the build process: &/
 /^[[:blank:]]*sid /s/^/# this line was moved by the build process: &/
 /^[[:blank:]]*bool /s/^/# this line was moved by the build process: &/
+/^[[:blank:]]*role[[:blank:]]+[a-zA-Z_]+[[:blank:]]*;/s/^/# this line was moved by the build process: &/
 
 :nextline
diff --git a/support/get_type_attr_decl.sed b/support/get_type_attr_decl.sed
index 69c6ccd..5c7a6a8 100644
--- a/support/get_type_attr_decl.sed
+++ b/support/get_type_attr_decl.sed
@@ -1,5 +1,5 @@
 #n
-# print out type and attribute declarations that
+# print out type, role and attribute declarations that
 # are not inside require and optional blocks.
 
 /require \{/,/} # end require/b nextline
@@ -10,4 +10,9 @@
 	p
 }
 
+/^[[:blank:]]*role[[:blank:]]+[a-zA-Z_]+[[:blank:]]*;/{
+	s/^[[:blank:]]+//
+	p
+}
+
 :nextline
-- 
1.7.0.4

[refpolicy] [v1 PATCH 1/1] Move role declarations to the top of base.conf

[Christopher J. PeBenito]

On 02/29/12 03:16, Harry Ciao wrote:
> system_r is required by the policy_module macro, which however will
> be expanded as empty if the module is built into base.pp. system_r
> is defined in the kernel.te, its definition should be moved to the
> top of base.conf so that other modules copied earlier into base.conf
> than kernel.te could reference system_r in their unconditional block
> properly.

Merged.

> Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
> ---
>  support/comment_move_decl.sed  |    1 +
>  support/get_type_attr_decl.sed |    7 ++++++-
>  2 files changed, 7 insertions(+), 1 deletions(-)
> 
> diff --git a/support/comment_move_decl.sed b/support/comment_move_decl.sed
> index 601c4f7..00b94b6 100644
> --- a/support/comment_move_decl.sed
> +++ b/support/comment_move_decl.sed
> @@ -10,5 +10,6 @@
>  /^[[:blank:]]*fs_use_(xattr|task|trans) /s/^/# this line was moved by the build process: &/
>  /^[[:blank:]]*sid /s/^/# this line was moved by the build process: &/
>  /^[[:blank:]]*bool /s/^/# this line was moved by the build process: &/
> +/^[[:blank:]]*role[[:blank:]]+[a-zA-Z_]+[[:blank:]]*;/s/^/# this line was moved by the build process: &/
>  
>  :nextline
> diff --git a/support/get_type_attr_decl.sed b/support/get_type_attr_decl.sed
> index 69c6ccd..5c7a6a8 100644
> --- a/support/get_type_attr_decl.sed
> +++ b/support/get_type_attr_decl.sed
> @@ -1,5 +1,5 @@
>  #n
> -# print out type and attribute declarations that
> +# print out type, role and attribute declarations that
>  # are not inside require and optional blocks.
>  
>  /require \{/,/} # end require/b nextline
> @@ -10,4 +10,9 @@
>  	p
>  }
>  
> +/^[[:blank:]]*role[[:blank:]]+[a-zA-Z_]+[[:blank:]]*;/{
> +	s/^[[:blank:]]+//
> +	p
> +}
> +
>  :nextline


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com