Re: Cil Macros

[Dan <dtdevore64@xxxxxxxxx>]

Sorry for replying again but I wanted to paste my code in case anyone 
wanted to see an example of a process transition with a domain using a 
macro.

(macro domain_auto_trans ((type ARG1) (type ARG2) (type ARG3))
   (allow ARG1 ARG2 (file (read getattr execute open)))
   (allow ARG1 ARG3 (process (transition)))
   (allow ARG3 ARG2 (file (ioctl entrypoint read getattr lock execute 
execute_no_trans open)))
   (typetransition ARG1 ARG2 process ARG3)
)

(call domain_trans (staff_t mytest_exec_t mytest_t))


On 09/24/2015 01:08 PM, James Carter wrote:
> On 09/24/2015 01:02 PM, Dan wrote:
> > The only thing I am confused on now is on what to put for the "ARG" 
> > statements.
> > Now when it says "ARG1" am I supposed to put my mytest_t type there 
> > or just
> > leave it as it says like ARG1? I took out the typeattributeset 
> > statement like
> > you said and tried to build it with the following, but it still 
> > failed. Thanks.
> >
> > (macro mytest_t_domain_auto_trans ((type ARG1))
> >    (call domain_trans (type ARG1))
> >    (allow ARG1  mytest_t (process (exec read write getattr transition)))
> > )
>
> You had the call right before: (call domain_trans (ARG1))
>
> ARG1 is just the parameter, so it is replaced in the call.
> Somewhere else you would have (call mytest_t_domain_auto_trans 
> (sometype_t)), and sometype_t will replace ARG1.
>
> Is this clearer?
>
> Jim
>
> > On 09/24/2015 08:20 AM, James Carter wrote:
> > > On 09/24/2015 12:42 AM, Dan wrote:
> > > > Hello everyone, I've been trying to play around with macros with 
> > > > the CIL
> > > > language and have come across some problems on how they work. I'm 
> > > > just trying to
> > > > simple create a macro that will do a type transition with a process 
> > > > called
> > > > mytest_t domain.
> > > >
> > > > Here is what I have so far:
> > > >
> > > >
> > > >
> > > >
> > > > (macro mytest_t_domain_auto_trans ((ARG1))
> > > >    (typeattributeset cil_gen_require application_domain_type)
> > > >    (call domain_trans (ARG1))
> > > >    (allow ARG1 mytest_t (process (exec read write getattr 
> > > > transition)))
> > > > )
> > >
> > > You are probably getting a message saying invalid syntax.
> > > The macro definition needs to say what the argument is, like this:
> > > (macro mytest_t_domain_auto_trans ((type ARG1))
> > >
> > > We use (typeattributeset cil_gen_require SOME_TYPE) when converting 
> > > pp files
> > > to cil to make optional blocks work when a type is required, but not 
> > > used. I
> > > don't think that you need it here.
> > >
> > > I hope that helps.
> > >
> > > Jim
> > >
> > > > ...but when I try to run it it obviously doesn't work. If anyone 
> > > > has any input
> > > > on what I am doing wrong I'm all ears. Thanks.
> > > > _______________________________________________
> > > > Selinux mailing list
> > > > Selinux@xxxxxxxxxxxxx
> > > > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
> > > > To get help, send an email containing "help" to 
> > > > Selinux-request@xxxxxxxxxxxxx.

_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.