From 0db866cbf46dc0da4114b6afe0e6045bcaa1a91b Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Thu, 23 Mar 2006 21:07:57 +0000 Subject: [PATCH] enable optionals in base/monolithic --- refpolicy/Changelog | 2 ++ refpolicy/policy/support/loadable_module.spt | 28 +++++++++++--------- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/refpolicy/Changelog b/refpolicy/Changelog index 0049c8692..8ad2aef27 100644 --- a/refpolicy/Changelog +++ b/refpolicy/Changelog @@ -1,3 +1,5 @@ +- Enable optional blocks in base module and monolithic policy. + This requires checkpolicy 1.30.1. - Fix vpn module declaration. - Numerous fixes from Dan Walsh. - Change build order to preserve m4 line number information so policy diff --git a/refpolicy/policy/support/loadable_module.spt b/refpolicy/policy/support/loadable_module.spt index 77b41a900..93b726a20 100644 --- a/refpolicy/policy/support/loadable_module.spt +++ b/refpolicy/policy/support/loadable_module.spt @@ -24,10 +24,16 @@ define(`policy_module',` # For use in interfaces, to optionally insert a require block # define(`gen_require',` - ifdef(`self_contained_policy',`',` + ifdef(`self_contained_policy',` + ifdef(`__in_optional_policy',` + require { + $1 + } # end require + ') + ',` require { $1 - } + } # end require ') ') @@ -86,17 +92,15 @@ define(`policy_call_depth',0) # Optional policy handling # define(`optional_policy',` - ifdef(`self_contained_policy',` - ifdef(`$1.te',`$2',`$3') - ',` - optional { - $2 - ifelse(`$3',`',`',` - } else { - $3 - ') - } + optional { + pushdef(`__in_optional_policy') dnl + $2 + popdef(`__in_optional_policy') dnl + ifelse(`$3',`',`',` + } else { + $3 ') + } ') ##############################