Re: Cil Macros

[Dan <dtdevore64@xxxxxxxxx>]

Oh okay I understand now. Thanks for your help.

On 09/24/2015 01:08 PM, James Carter wrote:
> On 09/24/2015 01:02 PM, Dan wrote:
> > The only thing I am confused on now is on what to put for the "ARG" 
> > statements.
> > Now when it says "ARG1" am I supposed to put my mytest_t type there 
> > or just
> > leave it as it says like ARG1? I took out the typeattributeset 
> > statement like
> > you said and tried to build it with the following, but it still 
> > failed. Thanks.
> >
> > (macro mytest_t_domain_auto_trans ((type ARG1))
> >    (call domain_trans (type ARG1))
> >    (allow ARG1  mytest_t (process (exec read write getattr transition)))
> > )
>
> You had the call right before: (call domain_trans (ARG1))
>
> ARG1 is just the parameter, so it is replaced in the call.
> Somewhere else you would have (call mytest_t_domain_auto_trans 
> (sometype_t)), and sometype_t will replace ARG1.
>
> Is this clearer?
>
> Jim
>
> > On 09/24/2015 08:20 AM, James Carter wrote:
> > > On 09/24/2015 12:42 AM, Dan wrote:
> > > > Hello everyone, I've been trying to play around with macros with 
> > > > the CIL
> > > > language and have come across some problems on how they work. I'm 
> > > > just trying to
> > > > simple create a macro that will do a type transition with a process 
> > > > called
> > > > mytest_t domain.
> > > >
> > > > Here is what I have so far:
> > > >
> > > >
> > > >
> > > >
> > > > (macro mytest_t_domain_auto_trans ((ARG1))
> > > >    (typeattributeset cil_gen_require application_domain_type)
> > > >    (call domain_trans (ARG1))
> > > >    (allow ARG1 mytest_t (process (exec read write getattr 
> > > > transition)))
> > > > )
> > >
> > > You are probably getting a message saying invalid syntax.
> > > The macro definition needs to say what the argument is, like this:
> > > (macro mytest_t_domain_auto_trans ((type ARG1))
> > >
> > > We use (typeattributeset cil_gen_require SOME_TYPE) when converting 
> > > pp files
> > > to cil to make optional blocks work when a type is required, but not 
> > > used. I
> > > don't think that you need it here.
> > >
> > > I hope that helps.
> > >
> > > Jim
> > >
> > > > ...but when I try to run it it obviously doesn't work. If anyone 
> > > > has any input
> > > > on what I am doing wrong I'm all ears. Thanks.
> > > > _______________________________________________
> > > > Selinux mailing list
> > > > Selinux@xxxxxxxxxxxxx
> > > > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
> > > > To get help, send an email containing "help" to 
> > > > Selinux-request@xxxxxxxxxxxxx.

_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.