From mboxrd@z Thu Jan  1 00:00:00 1970
From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 25 Aug 2010 08:52:00 -0400
Subject: [refpolicy] [m4-isms patch 2/6] Move can_exec to a file that I
 can parse
In-Reply-To: <1282679438.14992.32.camel@moss-lions.epoch.ncsc.mil>
References: <1282679438.14992.32.camel@moss-lions.epoch.ncsc.mil>
Message-ID: <4C7511F0.1050700@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/24/10 15:50, James Carter wrote:
> It is not possible for mere mortals to parse misc_macros.spt, so I move
> can_exec to a different file.

I don't agree with the move; is your parser ignoring misc_macros.spt?

> ---
>   policy/support/misc_macros.spt   |    6 ------
>   policy/support/misc_patterns.spt |    6 ++++++
>   2 files changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/policy/support/misc_macros.spt b/policy/support/misc_macros.spt
> index 4ca5688..7068f24 100644
> --- a/policy/support/misc_macros.spt
> +++ b/policy/support/misc_macros.spt
> @@ -65,12 +65,6 @@ define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'ifdef(`enable_mcs',`:s0`'if
>
>   ########################################
>   #
> -# can_exec(domain,executable)
> -#
> -define(`can_exec',`allow $1 $2:file { mmap_file_perms ioctl lock execute_no_trans };')
> -
> -########################################
> -#
>   # gen_bool(name,default_value)
>   #
>   define(`gen_bool',`
> diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt
> index 22ca011..7e55f43 100644
> --- a/policy/support/misc_patterns.spt
> +++ b/policy/support/misc_patterns.spt
> @@ -62,3 +62,9 @@ define(`ps_process_pattern',`
>          allow $1 $2:lnk_file read_lnk_file_perms;
>          allow $1 $2:process getattr;
>   ')
> +
> +########################################
> +#
> +# can_exec(domain,executable)
> +#
> +define(`can_exec',`allow $1 $2:file { mmap_file_perms ioctl lock execute_no_trans };')
>


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com