Macro help

Macro help

[Dan]

Hello everyone I have hit another bump with the cil macros. I am trying
to make a macro that covers the domain_type and domain_type_entry file
interfaces equivalent in Cil with macros that will confine a simple
shell script( and if anyone has any input to what I can do better or if
I am going about this in the wrong way please say so), but it says it
doesn't understand my "call usersubject_domain_type" line and won't
build for some reason. Here is what I have so far. Any help is much
appreciated, thanks.


(macro usersubject_domain_type ((type ARG1)) (type ARG2))
        (typeattributeset domain ARG2)
        (typeattributeset exec_type ARG1)
        (typeattributeset corenet_unlabeled_type ARG2)
        (typeattributeset entry_type ARG1)
        (typeattributeset file_type ARG1)
        (typeattributeset non_security_file_type ARG1)
        (typeattributeset non_auth_file_type ARG1)


(call usersubject_domain_type (myshell_exec_t myshell_t))

Re: Macro help

[Steve Lawrence]

On 10/28/2015 06:24 PM, Dan wrote:
> Hello everyone I have hit another bump with the cil macros. I am trying
> to make a macro that covers the domain_type and domain_type_entry file
> interfaces equivalent in Cil with macros that will confine a simple
> shell script( and if anyone has any input to what I can do better or if
> I am going about this in the wrong way please say so), but it says it
> doesn't understand my "call usersubject_domain_type" line and won't
> build for some reason. Here is what I have so far. Any help is much
> appreciated, thanks.
> 
> 
> (macro usersubject_domain_type ((type ARG1)) (type ARG2))
>         (typeattributeset domain ARG2)
>         (typeattributeset exec_type ARG1)
>         (typeattributeset corenet_unlabeled_type ARG2)
>         (typeattributeset entry_type ARG1)
>         (typeattributeset file_type ARG1)
>         (typeattributeset non_security_file_type ARG1)
>         (typeattributeset non_auth_file_type ARG1)
> 
> 
> (call usersubject_domain_type (myshell_exec_t myshell_t))

The parenthesis aren't quite correct in the macro parameter list. You're
closing the parameter list too early, so the macro defines only a single
parameter, ARG1, and the body of the macro only contains the definition
of a type called ARG2. Re-indenting what you have shows it more clearly:

  (macro usersubject_domain_type ((type ARG1))
    (type ARG2))

  (typeattributeset domain ARG2)
  (typeattributeset exec_type ARG1)
  (typeattributeset corenet_unlabeled_type ARG2)
  (typeattributeset entry_type ARG1)
  (typeattributeset file_type ARG1)
  (typeattributeset non_security_file_type ARG1)
  (typeattributeset non_auth_file_type ARG1)

  (call usersubject_domain_type (myshell_exec_t myshell_t))

So it's probably complaining that the macro requires one argument, but
you're passing in two. To fix this, you just need to move a parenthesis
around, e.g.:

  (macro usersubject_domain_type ((type ARG1) (type ARG2))
    (typeattributeset domain ARG2)
    (typeattributeset exec_type ARG1)
    (typeattributeset corenet_unlabeled_type ARG2)
    (typeattributeset entry_type ARG1)
    (typeattributeset file_type ARG1)
    (typeattributeset non_security_file_type ARG1)
    (typeattributeset non_auth_file_type ARG1)) ;notice the extra paren
here closing the maro

  (call usersubject_domain_type (myshell_exec_t myshell_t))

- Steve

Re: Macro help

[Dan]

Yeah you were right, I can't believe I missed that simple mistake
because I had another macro that had the parenthesis correct to look at
but must have missed it. Thanks a lot man.

On 10/28/2015 08:02 PM, Steve Lawrence wrote:
> On 10/28/2015 06:24 PM, Dan wrote:
>> Hello everyone I have hit another bump with the cil macros. I am trying
>> to make a macro that covers the domain_type and domain_type_entry file
>> interfaces equivalent in Cil with macros that will confine a simple
>> shell script( and if anyone has any input to what I can do better or if
>> I am going about this in the wrong way please say so), but it says it
>> doesn't understand my "call usersubject_domain_type" line and won't
>> build for some reason. Here is what I have so far. Any help is much
>> appreciated, thanks.
>>
>>
>> (macro usersubject_domain_type ((type ARG1)) (type ARG2))
>>         (typeattributeset domain ARG2)
>>         (typeattributeset exec_type ARG1)
>>         (typeattributeset corenet_unlabeled_type ARG2)
>>         (typeattributeset entry_type ARG1)
>>         (typeattributeset file_type ARG1)
>>         (typeattributeset non_security_file_type ARG1)
>>         (typeattributeset non_auth_file_type ARG1)
>>
>>
>> (call usersubject_domain_type (myshell_exec_t myshell_t))
> 
> The parenthesis aren't quite correct in the macro parameter list. You're
> closing the parameter list too early, so the macro defines only a single
> parameter, ARG1, and the body of the macro only contains the definition
> of a type called ARG2. Re-indenting what you have shows it more clearly:
> 
>   (macro usersubject_domain_type ((type ARG1))
>     (type ARG2))
> 
>   (typeattributeset domain ARG2)
>   (typeattributeset exec_type ARG1)
>   (typeattributeset corenet_unlabeled_type ARG2)
>   (typeattributeset entry_type ARG1)
>   (typeattributeset file_type ARG1)
>   (typeattributeset non_security_file_type ARG1)
>   (typeattributeset non_auth_file_type ARG1)
> 
>   (call usersubject_domain_type (myshell_exec_t myshell_t))
> 
> So it's probably complaining that the macro requires one argument, but
> you're passing in two. To fix this, you just need to move a parenthesis
> around, e.g.:
> 
>   (macro usersubject_domain_type ((type ARG1) (type ARG2))
>     (typeattributeset domain ARG2)
>     (typeattributeset exec_type ARG1)
>     (typeattributeset corenet_unlabeled_type ARG2)
>     (typeattributeset entry_type ARG1)
>     (typeattributeset file_type ARG1)
>     (typeattributeset non_security_file_type ARG1)
>     (typeattributeset non_auth_file_type ARG1)) ;notice the extra paren
> here closing the maro
> 
>   (call usersubject_domain_type (myshell_exec_t myshell_t))
> 
> - Steve
>