Hello all,
while trying to recreate some selinux-policy templates using CIL macros
I got stuck on creating new type/role/attribute names.
For example consider ssh_role_template [1], which uses its first
parameter to create a new type $1_ssh_agent_t.
Is there a way to recreate such functionality in a CIL macro (or another
CIL feature)?
Something along the lines of:
(macro new_type_macro ((string type_prefix))
(type (type_prefix)_t)
)
which when called (call new_type_macro ("yolo")) would produce
(type yolo_t)
I searched through CIL reference guide [2] and SELinuxProject CIL wiki
on github, but didn't find anything close (maybe there is a better
resource I don't know about).
I'd appreciate any hints or links to other resources related to CIL macros.
Thank you,
Vit
[1] -
https://github.com/TresysTechnology/refpolicy/blob/master/policy/modules/services/ssh.if#L301
[2] -
https://raw.githubusercontent.com/SELinuxProject/selinux-notebook/main/src/notebook-examples/selinux-policy/cil/CIL_Reference_Guide.pdf
[3] - https://github.com/SELinuxProject/cil/wiki#macros
