Remove rolemap and per-role template support.

This support was deprecated and unused in Reference Policy November 5 2008.

Changelog

@@ -1,3 +1,4 @@
+- Remove rolemap and per-role template support.
 - Change corenetwork port declaration to apply the reserved port type
   attribute only, when the type has ports above and below 1024.
 - Change secure_mode_policyload to disable only toggling of this Boolean

Makefile

@@ -130,7 +130,6 @@ endif
 # config file paths
 globaltun = $(poldir)/global_tunables
 globalbool = $(poldir)/global_booleans
-rolemap = $(poldir)/rolemap
 user_files := $(poldir)/users
 policycaps := $(poldir)/policy_capabilities
 
@@ -316,48 +315,6 @@ fs_names := "btrfs ext2 ext3 ext4 xfs jfs"
 # Functions
 #
 
-# parse-rolemap-compat modulename,outputfile
-define parse-rolemap-compat
-	$(verbose) $(M4) $(M4PARAM) $(rolemap) | \
-		$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
-endef
-
-# parse-rolemap modulename,outputfile
-define parse-rolemap
-	$(verbose) $(M4) $(M4PARAM) $(rolemap) | \
-		$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_role_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
-endef
-
-# perrole-expansion modulename,outputfile
-define perrole-expansion
-	$(verbose) echo "ifdef(\`""$1""_per_role_template',\`" > $2
-	$(call parse-rolemap,$1,$2)
-	$(verbose) echo "')" >> $2
-
-	$(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" >> $2
-	$(verbose) echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$1""_per_userdomain_template)'__endline__)" >> $2
-	$(call parse-rolemap-compat,$1,$2)
-	$(verbose) echo "')" >> $2
-endef
-
-# create-base-per-role-tmpl modulenames,outputfile
-define create-base-per-role-tmpl
-	$(verbose) echo "define(\`base_per_role_template',\`" >> $2
-
-	$(verbose) for i in $1; do \
-		echo "ifdef(\`""$$i""_per_role_template',\`""$$i""_per_role_template("'$$*'")')" \
-			>> $2 ;\
-	done
-
-	$(verbose) for i in $1; do \
-		echo "ifdef(\`""$$i""_per_userdomain_template',\`" >> $2 ;\
-		echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$$i""_per_userdomain_template)'__endline__)" >> $2 ;\
-		echo """$$i""_per_userdomain_template("'$$*'")')"  >> $2 ;\
-	done
-	$(verbose) echo "')" >> $@
-
-endef
-
 # detect-metaxml layer_names
 ifdef LOCAL_ROOT
 define detect-metaxml
@@ -552,7 +509,6 @@ install-headers: $(layerxml) $(tunxml) $(boolxml)
 	@mkdir -p $(headerdir)
 	@echo "Installing $(NAME) policy headers."
 	$(verbose) $(INSTALL) -m 644 $^ $(headerdir)
-	$(verbose) $(M4) $(M4PARAM) $(rolemap) > $(headerdir)/$(notdir $(rolemap))
 	$(verbose) mkdir -p $(headerdir)/support
 	$(verbose) $(INSTALL) -m 644 $(m4support) $(word $(words $(genxml)),$(genxml)) $(xmldtd) $(headerdir)/support
 	$(verbose) $(genperm) $(avs) $(secclass) > $(headerdir)/support/all_perms.spt

README

@@ -214,11 +214,6 @@ policy/modules.conf	This file contains a listing of available modules, and
 			in the base module; those set to "module" will be
 			compiled as individual loadable	modules.
 
-policy/rolemap		This file contains prefix and user domain type that
-			corresponds to each user role.  The contents of this
-			file will be used to expand the per-user domain
-			templates for each module.
-
 policy/support/*	Support macros.
 
 policy/users		This file defines the users included in the policy.

Rules.modular

@@ -73,8 +73,7 @@ $(modpkgdir)/%.pp: $(builddir)%.pp
 $(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
 	@echo "Compliling $(NAME) $(@F) module"
 	@test -d $(tmpdir) || mkdir -p $(tmpdir)
-	$(call perrole-expansion,$(basename $(@F)),$@.role)
+	$(verbose) $(M4) $(M4PARAM) -s $^ > $(@:.mod=.tmp)
-	$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
 	$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
 
 $(tmpdir)/%.mod.fc: $(m4support) %.fc
@@ -143,13 +142,8 @@ $(tmpdir)/all_interfaces.conf: $(m4support) $(all_interfaces) $(m4iferror)
 	$(verbose) $(SED) -e s/dollarsstar/\$$\*/g $(tmpdir)/$(@F).tmp >> $@
 	@echo "divert" >> $@
 
-$(tmpdir)/rolemap.conf: M4PARAM += -D self_contained_policy
-$(tmpdir)/rolemap.conf: $(rolemap)
-	$(verbose) echo "" > $@
-	$(call parse-rolemap,base,$@)
-
 $(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
-$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
+$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files)
 ifeq "$(strip $(base_te_files))" ""
 	$(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf")
 endif

Rules.monolithic

@@ -131,11 +131,7 @@ $(tmpdir)/all_interfaces.conf: $(m4support) $(all_interfaces) $(m4iferror)
 	$(verbose) $(SED) -e s/dollarsstar/\$$\*/g $(tmpdir)/$(@F).tmp >> $@
 	@echo "divert" >> $@
 
-$(tmpdir)/rolemap.conf: $(rolemap)
+$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(all_te_files)
-	$(verbose) echo "" > $@
-	$(call parse-rolemap,base,$@)
-
-$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(all_te_files) $(tmpdir)/rolemap.conf
 ifeq "$(strip $(all_te_files))" ""
 	$(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf")
 endif

policy/rolemap

@@ -1,13 +0,0 @@
-#
-# This file contains the mappings
-# used for per-role template
-# infrastructure.  Each line describes
-# the prefix and user domain type
-# corresponding to each role.
-#
-# syntax: role prefix user_domain
-#
-
-# This support has been deprecated and
-# will be removed in the future.  Note:  No
-# per-role templates exist in refpolicy.

support/Makefile.devel

@@ -84,8 +84,6 @@ header_layers := $(filter-out $(HEADERDIR)/support,$(shell find $(wildcard $(HEA
 header_xml := $(addsuffix .xml,$(header_layers))
 header_interfaces := $(foreach layer,$(header_layers),$(wildcard $(layer)/*.if))
 
-rolemap := $(HEADERDIR)/rolemap
-
 local_layers := $(filter-out CVS tmp $(docs),$(shell find $(wildcard *) -maxdepth 0 -type d))
 local_xml := $(addprefix tmp/, $(addsuffix .xml,$(local_layers)))
 
@@ -108,35 +106,6 @@ vpath %.te $(local_layers)
 vpath %.if $(local_layers)
 vpath %.fc $(local_layers)
 
-########################################
-#
-# Functions
-#
-
-# parse-rolemap-compat modulename,outputfile
-define parse-rolemap-compat
-	$(verbose) $(M4) $(M4PARAM) $(rolemap) | \
-		$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
-endef
-
-# parse-rolemap modulename,outputfile
-define parse-rolemap
-	$(verbose) $(M4) $(M4PARAM) $(rolemap) | \
-		$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_role_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
-endef
-
-# peruser-expansion modulename,outputfile
-define peruser-expansion
-	$(verbose) echo "ifdef(\`""$1""_per_role_template',\`" > $2
-	$(call parse-rolemap,$1,$2)
-	$(verbose) echo "')" >> $2
-
-	$(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" >> $2
-	$(verbose) echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$1""_per_userdomain_template)'__endline__)" >> $2
-	$(call parse-rolemap-compat,$1,$2)
-	$(verbose) echo "')" >> $2
-endef
-
 .PHONY: clean all xml load reload
 .SUFFIXES:
 .SUFFIXES: .pp
@@ -185,8 +154,7 @@ reload: $(all_packages)
 tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
 	@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
 	@test -d $(@D) || mkdir -p $(@D)
-	$(call peruser-expansion,$(basename $(@F)),$@.role)
+	$(verbose) $(M4) $(M4PARAM) -s $^ > $(@:.mod=.tmp)
-	$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
 	$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
 
 tmp/%.mod.fc: $(m4support) %.fc