From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: xen-devel@lists.xenproject.org, cardoe@cardoe.com, steve@zentific.com
Subject: Re: [PATCH 3/5] flask/policy: Remove unused support for binary modules
Date: Tue, 7 Jun 2016 15:41:42 -0400 [thread overview]
Message-ID: <20160607194142.GC20716@char.us.oracle.com> (raw)
In-Reply-To: <1464015933-26891-4-git-send-email-dgdegra@tycho.nsa.gov>
On Mon, May 23, 2016 at 11:05:31AM -0400, Daniel De Graaf wrote:
> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
with my very limited knowledge of the policy language.
But it just looks to delete a lot and copy-n-paste the dflt_or_overr
over. And none of these functions are used (except in the file that
is being deleted).
> ---
> .../policy/policy/support/loadable_module.spt | 166 ---------------------
> tools/flask/policy/policy/support/misc_macros.spt | 2 +
> 2 files changed, 2 insertions(+), 166 deletions(-)
> delete mode 100644 tools/flask/policy/policy/support/loadable_module.spt
>
> diff --git a/tools/flask/policy/policy/support/loadable_module.spt b/tools/flask/policy/policy/support/loadable_module.spt
> deleted file mode 100644
> index de48b3b..0000000
> --- a/tools/flask/policy/policy/support/loadable_module.spt
> +++ /dev/null
> @@ -1,166 +0,0 @@
> -########################################
> -#
> -# Macros for switching between source policy
> -# and loadable policy module support
> -#
> -
> -##############################
> -#
> -# For adding the module statement
> -#
> -define(`policy_module',`
> - ifdef(`self_contained_policy',`',`
> - module $1 $2;
> -
> - require {
> - role system_r;
> - all_kernel_class_perms
> - }
> - ')
> -')
> -
> -##############################
> -#
> -# For use in interfaces, to optionally insert a require block
> -#
> -define(`gen_require',`
> - ifdef(`self_contained_policy',`',`
> - define(`in_gen_require_block')
> - require {
> - $1
> - }
> - undefine(`in_gen_require_block')
> - ')
> -')
> -
> -##############################
> -#
> -# In the future interfaces should be in loadable modules
> -#
> -# template(name,rules)
> -#
> -define(`template',`
> - `define(`$1',`
> -##### begin $1(dollarsstar)
> - $2
> -##### end $1(dollarsstar)
> - '')
> -')
> -
> -# helper function, since m4 wont expand macros
> -# if a line is a comment (#):
> -define(`policy_m4_comment',`dnl
> -##### $2 depth: $1
> -')dnl
> -
> -##############################
> -#
> -# In the future interfaces should be in loadable modules
> -#
> -# interface(name,rules)
> -#
> -define(`interface',`
> - `define(`$1',`
> -
> - define(`policy_temp',incr(policy_call_depth))
> - pushdef(`policy_call_depth',policy_temp)
> - undefine(`policy_temp')
> -
> - policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar))
> -
> - $2
> -
> - define(`policy_temp',decr(policy_call_depth))
> - pushdef(`policy_call_depth',policy_temp)
> - undefine(`policy_temp')
> -
> - policy_m4_comment(policy_call_depth,end `$1'(dollarsstar))
> -
> - '')
> -')
> -
> -define(`policy_call_depth',0)
> -
> -##############################
> -#
> -# Optional policy handling
> -#
> -define(`optional_policy',`
> - ifdef(`self_contained_policy',`
> - ifdef(`$1',`$2',`$3')
> - ',`
> - optional {
> - $2
> - ifelse(`$3',`',`',`
> - } else {
> - $3
> - ')
> - }
> - ')
> -')
> -
> -##############################
> -#
> -# Determine if we should use the default
> -# tunable value as specified by the policy
> -# or if the override value should be used
> -#
> -define(`dflt_or_overr',`ifdef(`$1',$1,$2)')
> -
> -##############################
> -#
> -# Extract booleans out of an expression.
> -# This needs to be reworked so expressions
> -# with parentheses can work.
> -
> -define(`delcare_required_symbols',`
> -ifelse(regexp($1, `\w'), -1, `', `dnl
> -bool regexp($1, `\(\w+\)', `\1');
> -delcare_required_symbols(regexp($1, `\w+\(.*\)', `\1'))dnl
> -') dnl
> -')
> -
> -##############################
> -#
> -# Tunable declaration
> -#
> -define(`gen_tunable',`
> - ifdef(`self_contained_policy',`
> - bool $1 dflt_or_overr(`$1'_conf,$2);
> - ',`
> - # loadable module tunable
> - # declaration will go here
> - # instead of bool when
> - # loadable modules support
> - # tunables
> - bool $1 dflt_or_overr(`$1'_conf,$2);
> - ')
> -')
> -
> -##############################
> -#
> -# Tunable policy handling
> -#
> -define(`tunable_policy',`
> - ifdef(`self_contained_policy',`
> - if (`$1') {
> - $2
> - } else {
> - $3
> - }
> - ',`
> - # structure for tunables
> - # will go here instead of a
> - # conditional when loadable
> - # modules support tunables
> - gen_require(`
> - delcare_required_symbols(`$1')
> - ')
> -
> - if (`$1') {
> - $2
> - } else {
> - $3
> - }
> - ')
> -')
> diff --git a/tools/flask/policy/policy/support/misc_macros.spt b/tools/flask/policy/policy/support/misc_macros.spt
> index 344f5c4..3116db9 100644
> --- a/tools/flask/policy/policy/support/misc_macros.spt
> +++ b/tools/flask/policy/policy/support/misc_macros.spt
> @@ -61,6 +61,8 @@ define(`gen_all_users',`')
> #
> define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'')
>
> +define(`dflt_or_overr',`ifdef(`$1',$1,$2)')
> +
> ########################################
> #
> # gen_bool(name,default_value)
> --
> 2.5.5
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-06-07 19:41 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-23 15:05 [PATCH 0/5] flask/policy: Updates for Xen 4.8 Daniel De Graaf
2016-05-23 15:05 ` [PATCH 1/5] flask/policy: split into modules Daniel De Graaf
2016-06-07 19:22 ` Konrad Rzeszutek Wilk
2016-06-07 19:39 ` Daniel De Graaf
2016-06-07 19:57 ` Konrad Rzeszutek Wilk
2016-05-23 15:05 ` [PATCH 2/5] flask/policy: move user definitions and constraints " Daniel De Graaf
2016-06-07 19:37 ` Konrad Rzeszutek Wilk
2016-05-23 15:05 ` [PATCH 3/5] flask/policy: Remove unused support for binary modules Daniel De Graaf
2016-06-07 19:41 ` Konrad Rzeszutek Wilk [this message]
2016-05-23 15:05 ` [PATCH 4/5] flask/policy: xenstore stubdom policy Daniel De Graaf
2016-06-07 19:44 ` Konrad Rzeszutek Wilk
2016-06-07 19:48 ` Daniel De Graaf
2016-06-07 20:02 ` Konrad Rzeszutek Wilk
2016-07-06 15:34 ` default XSM policy for PCI passthrough for unlabeled resources anshul makkar
2016-07-06 15:59 ` Daniel De Graaf
2016-07-06 16:19 ` anshul makkar
2016-07-07 15:36 ` Daniel De Graaf
2016-07-07 16:29 ` anshul makkar
2016-05-23 15:05 ` [PATCH 5/5] flask/policy: comment out unused xenstore example Daniel De Graaf
2016-06-07 19:45 ` Konrad Rzeszutek Wilk
2016-06-07 19:51 ` Daniel De Graaf
2016-06-07 20:02 ` Konrad Rzeszutek Wilk
2016-06-07 20:04 ` Daniel De Graaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160607194142.GC20716@char.us.oracle.com \
--to=konrad.wilk@oracle.com \
--cc=cardoe@cardoe.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=steve@zentific.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.