RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-05-04 16:47:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
ac12826c11
selinux/secilc/docs/cil_call_macro_statements.md
Yuli Khodorkovskiy 12c7dfc553 secilc/docs: Convert DocBook documentation into github markdown 
Converting to github markdown allows for easier integration with the
SELinux project wiki and viewing of documentation directly on github without
creating PDFs or reading through DocBook XML.

The conversion of DocBook to github markdown would not format tables or
keyword links properly. By maintaining the documentation in github
markdown in the repository, the content is well formatted with a table of
contents when viewing in the github wiki or in the repository.

The migration from DocBook to github markdown was done using Pandoc and
manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook
conversion were added back. An introduction and design philosphy was
also pulled from the SELinux project wiki to provide more cohesion
to the current documentation.

Running make will now convert the github markdown into PDF and HTML.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 16:18:34 -05:00

131 lines
4.6 KiB
Markdown
Raw Blame History

Call / Macro Statements
=======================
call
----
Instantiate a [macro](#macro) within the current namespace. There may be zero or more parameters passed to the macro (with zero parameters this is similar to the [`blockinherit`](cil_container_statements.md#blockinherit) ([`call`](cil_call_macro_statements.md#call)) / [`blockabstract`](cil_container_statements.md#blockabstract) ([`macro`](cil_call_macro_statements.md#macro)) statements).
Each parameter passed contains an argument to be resolved by the [macro](#macro), these can be named or anonymous but must conform to the parameter types defined in the [`macro`](cil_call_macro_statements.md#macro) statement.
**Statement definition:**
(call macro_id [(param ...)])
**Where:**
<table>
<colgroup>
<col width="25%" />
<col width="75%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><code>call</code></p></td>
<td align="left"><p>The <code>call</code> keyword.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code>macro_id</code></p></td>
<td align="left"><p>The identifier of the <code>macro</code> to be instantiated.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><code>param</code></p></td>
<td align="left"><p>Zero or more parameters that are passed to the macro.</p></td>
</tr>
</tbody>
</table>
**Example:**
See the [`macro`](cil_call_macro_statements.md#macro) statement for an example.
macro
-----
Declare a macro in the current namespace with its associated parameters. The macro identifier is used by the [`call`](cil_call_macro_statements.md#call) statement to instantiate the macro and resolve any parameters. The call statement may be within the body of a macro.
Note that when resolving macros the callers namespace is not checked, only the following places:
- Items defined inside the macro
- Items passed into the macro as arguments
- Items defined in the same namespace of the macro
- Items defined in the global namespace
**Statement definition:**
(macro macro_id ([(param_type param_id) ...])
cil_statements
...
)
**Where:**
<table>
<colgroup>
<col width="25%" />
<col width="75%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><code>macro</code></p></td>
<td align="left"><p>The <code>macro</code> keyword.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code>macro_id</code></p></td>
<td align="left"><p>The <code>macro</code> identifier.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><code>param_type</code></p></td>
<td align="left"><p>Zero or more parameters that are passed to the macro. The <code>param_type</code> is a keyword used to determine the declaration type (e.g. <code>type</code>, <code>class</code>, <code>categoryset</code>).</p>
<p>The list of valid <code>param_type</code> entries are: <code>type</code>, <code>typealias</code>, <code>role</code>, <code>user</code>, <code>sensitivity</code>, <code>sensitivityalias</code>, <code>category</code>, <code>categoryalias</code>, <code>categoryset</code> (named or anonymous), <code>level</code> (named or anonymous), <code>levelrange</code> (named or anonymous), <code>class</code>, <code>classpermission</code> (named or anonymous), <code>ipaddr</code> (named or anonymous), <code>block</code>, <code>name</code> (a string), <code>classmap</code></p></td>
</tr>
<tr class="even">
<td align="left"><p><code>param_id</code></p></td>
<td align="left"><p>The parameter identifier used to reference the entry within the macro body (e.g. <code>ARG1</code>).</p></td>
</tr>
<tr class="odd">
<td align="left"><p><code>cil_statement</code></p></td>
<td align="left"><p>Zero or more valid CIL statements.</p></td>
</tr>
</tbody>
</table>
**Examples:**
This example will instantiate the `binder_call` macro in the calling namespace (`my_domain`) and replace `ARG1` with `appdomain` and `ARG2` with `binderservicedomain`:
(block my_domain
(call binder_call (appdomain binderservicedomain))
)
(macro binder_call ((type ARG1) (type ARG2))
(allow ARG1 ARG2 (binder (call transfer)))
(allow ARG2 ARG1 (binder (transfer)))
(allow ARG1 ARG2 (fd (use)))
)
This example does not pass any parameters to the macro but adds a [`type`](cil_type_statements.md#type) identifier to the current namespace:
(block unconfined
(call add_type)
....
(macro add_type ()
(type exec)
)
)
This example passes an anonymous and named IP address to the macro:
(ipaddr netmask_1 255.255.255.0)
(context netlabel_1 (system.user object_r unconfined.object low_low)
(call build_nodecon ((192.168.1.64) netmask_1))
(macro build_nodecon ((ipaddr ARG1) (ipaddr ARG2))
(nodecon ARG1 ARG2 netlabel_1)
)
Reference in New Issue View Git Blame Copy Permalink