On Fri, Apr 16, 2021 at 8:54 AM Petr Lautrbach <plautrba@xxxxxxxxxx> wrote: > > James Carter <jwcart2@xxxxxxxxx> writes: > > > Update the documentation for macros, booleans, booleanifs, tunables, > > tunableifs, blocks, blockabstracts, blockinherits, and optionals to > > tell where these statements can be used and, for those that have > > blocks, what statements are not allowed in them. > > > > Signed-off-by: James Carter <jwcart2@xxxxxxxxx> > > --- > > secilc/docs/cil_call_macro_statements.md | 2 ++ > > secilc/docs/cil_conditional_statements.md | 6 +++++ > > secilc/docs/cil_container_statements.md | 28 +++++++++++++++-------- > > 3 files changed, 26 insertions(+), 10 deletions(-) > > > > diff --git a/secilc/docs/cil_call_macro_statements.md b/secilc/docs/cil_call_macro_statements.md > > index 332eb28f..352a9fb0 100644 > > --- a/secilc/docs/cil_call_macro_statements.md > > +++ b/secilc/docs/cil_call_macro_statements.md > > @@ -58,6 +58,8 @@ When resolving macros the following places are checked in this order: > > > > - Items defined in the global namespace > > > > +[`tunable`](cil_conditional_statements.md#tunable), [`in`](cil_container_statements.md#in), [`block`](cil_container_statements.md#block), [`blockinherit`](cil_container_statements.md#blockinherit), [`blockabstract`](cil_container_statements.md#blockabstract), and other [`macro`](cil_call_macro_statements.md#macro) statements are not allowed in [`macro`](cil_call_macro_statements.md#macro) blocks. > > + > > **Statement definition:** > > > > ```secil > > diff --git a/secilc/docs/cil_conditional_statements.md b/secilc/docs/cil_conditional_statements.md > > index a55a9b6c..d0c8e2ce 100644 > > --- a/secilc/docs/cil_conditional_statements.md > > +++ b/secilc/docs/cil_conditional_statements.md > > @@ -6,6 +6,8 @@ boolean > > > > Declares a run time boolean as true or false in the current namespace. The [`booleanif`](cil_conditional_statements.md#booleanif) statement contains the CIL code that will be in the binary policy file. > > > > +[`boolean`](cil_conditional_statements.md#boolean) are not allowed in [`booleanif`](cil_conditional_statements.md#booleanif) blocks. > > + > > **Statement definition:** > > > > ```secil > > @@ -126,6 +128,8 @@ Tunables are similar to booleans, however they are used to manage areas of CIL s > > > > Note that tunables can be treated as booleans by the CIL compiler command line parameter `-P` or `--preserve-tunables` flags. > > > > +Since [`tunableif`](cil_conditional_statements.md#tunableif) statements are resolved first, [`tunable`](cil_conditional_statements.md#tunable) statements are not allowed in [`in`](cil_container_statements.md#in), [`macro`](cil_call_macro_statements.md#macro), [`optional`](cil_container_statements.md#optional), and [`booleanif`](cil_conditional_statements.md#booleanif) blocks. To simplify processing, they are also not allowed in [`tunableif`](cil_conditional_statements.md#tunableif) blocks. > > + > > **Statement definition:** > > > > ```secil > > @@ -164,6 +168,8 @@ tunableif > > > > Compile time conditional statement that may or may not add CIL statements to be compiled. > > > > +If tunables are being treated as booleans (by using the CIL compiler command line parameter `-P` or `--preserve-tunables` flag), then only the statements allowed in a [`booleanif`](cil_conditional_statements.md#booleanif) block are allowed in a [`tunableif`](cil_conditional_statements.md#tunableif) block. Otherwise, [`tunable`](cil_conditional_statements.md#tunable) statements are not allowed in a [`tunableif`](cil_conditional_statements.md#tunableif) block. > > + > > **Statement definition:** > > > > ```secil > > diff --git a/secilc/docs/cil_container_statements.md b/secilc/docs/cil_container_statements.md > > index 76e9da51..c75c2d7c 100644 > > --- a/secilc/docs/cil_container_statements.md > > +++ b/secilc/docs/cil_container_statements.md > > @@ -4,7 +4,11 @@ Container Statements > > block > > ----- > > > > -Start a new namespace where any CIL statement is valid. > > +Start a new namespace. > > + > > +Not allowed in [`macro`](cil_call_macro_statements.md#macro) and [`optional`](cil_container_statements.md#optional) blocks. > > > > FYI: > > Applying: secilc/docs: Update the CIL documentation for various blocks > .../devel/github/SELinuxProject/selinux/master/.git/worktrees/patchwork/rebase-apply/patch:62: trailing whitespace. > Not allowed in [`macro`](cil_call_macro_statements.md#macro) and [`optional`](cil_container_statements.md#optional) blocks. > warning: 1 line adds whitespace errors. > > > I'll fix this when I apply the patches. Thanks, Jim
