From mboxrd@z Thu Jan 1 00:00:00 1970 From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Tue, 28 Feb 2012 10:56:40 -0500 Subject: [refpolicy] [v0 PATCH 1/1] Copy role declarations to the top of base.conf or policy.conf In-Reply-To: <4F4CAF51.2030501@windriver.com> References: <1330425185-10025-1-git-send-email-qingtao.cao@windriver.com> <4F4CAF51.2030501@windriver.com> Message-ID: <4F4CF938.5030601@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 2/28/2012 5:41 AM, Harry Ciao wrote: > Hi Chirst, Call me Chris please. Christ has completely different meanings that I couldn't live up to :) > I am a rookie about regexp, were I able to match just the role rule but > skip the role-types rule in one regexp, I would have combined the two > steps of "get_role_rules" and "remove_role_types" into one, and properly > comment out the original role declaration, which so far has not been > commented off but duplicated to the top of base.conf or policy.conf, > where I have taken the advantage of the fact that multiple declarations > for a role identifier are tolerated by the compiler. > > Such improvement is a must-have given that role-types no longer is used > to define roles, and a module built into base.pp which also defines a > role could be sorted after other modules which could reference the same > role in the role-types rule. How about this: diff --git a/support/comment_move_decl.sed b/support/comment_move_decl.sed index 601c4f7..1d851c9 100644 --- a/support/comment_move_decl.sed +++ b/support/comment_move_decl.sed @@ -10,5 +10,6 @@ /^[[:blank:]]*fs_use_(xattr|task|trans) /s/^/# this line was moved by the build process: &/ /^[[:blank:]]*sid /s/^/# this line was moved by the build process: &/ /^[[:blank:]]*bool /s/^/# this line was moved by the build process: &/ +/^[[:blank:]]*role [a-zA-Z_]+[[:blank:]]*;/s/^/# this line was moved by the build process: &/ :nextline diff --git a/support/get_type_attr_decl.sed b/support/get_type_attr_decl.sed index 69c6ccd..5bf48be 100644 --- a/support/get_type_attr_decl.sed +++ b/support/get_type_attr_decl.sed @@ -10,4 +10,9 @@ p } +/^[[:blank:]]*role [a-zA-Z_]+[[:blank:]]*;/{ + s/^[[:blank:]]+// + p +} + :nextline -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com