rpms
/
secilc
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
secilc/0001-Update-the-cil-docs-to...

90 lines
6.9 KiB
Diff
Raw Permalink Blame History

From fbe1e526dc01f6797428c88e24881fdc3d3ec6e8 Mon Sep 17 00:00:00 2001
From: bauen1 <j2468h@googlemail.com>
Date: Thu, 9 Jul 2020 10:36:36 +0200
Subject: [PATCH] Update the cil docs to match the current behaviour.
Some features where dropped or change since the docs were last updated.
Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
secilc/docs/cil_call_macro_statements.md | 6 ++++--
secilc/docs/cil_container_statements.md | 2 +-
secilc/docs/cil_reference_guide.md | 2 +-
secilc/docs/cil_user_statements.md | 2 +-
4 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/secilc/docs/cil_call_macro_statements.md b/secilc/docs/cil_call_macro_statements.md
index 17c46ed9c893..98b703687e44 100644
--- a/secilc/docs/cil_call_macro_statements.md
+++ b/secilc/docs/cil_call_macro_statements.md
@@ -44,7 +44,7 @@ macro
Declare a macro in the current namespace with its associated parameters. The macro identifier is used by the [`call`](cil_call_macro_statements.md#call) statement to instantiate the macro and resolve any parameters. The call statement may be within the body of a macro.
-Note that when resolving macros the callers namespace is not checked, only the following places:
+When resolving macros the following places are checked in this order:
- Items defined inside the macro
@@ -52,6 +52,8 @@ Note that when resolving macros the callers namespace is not checked, only the f
- Items defined in the same namespace of the macro
+- Items defined in the callers namespace
+
- Items defined in the global namespace
**Statement definition:**
@@ -80,7 +82,7 @@ Note that when resolving macros the callers namespace is not checked, only the f
<tr class="odd">
<td align="left"><p><code>param_type</code></p></td>
<td align="left"><p>Zero or more parameters that are passed to the macro. The <code>param_type</code> is a keyword used to determine the declaration type (e.g. <code>type</code>, <code>class</code>, <code>categoryset</code>).</p>
-<p>The list of valid <code>param_type</code> entries are: <code>type</code>, <code>typealias</code>, <code>role</code>, <code>user</code>, <code>sensitivity</code>, <code>sensitivityalias</code>, <code>category</code>, <code>categoryalias</code>, <code>categoryset</code> (named or anonymous), <code>level</code> (named or anonymous), <code>levelrange</code> (named or anonymous), <code>class</code>, <code>classpermission</code> (named or anonymous), <code>ipaddr</code> (named or anonymous), <code>block</code>, <code>name</code> (a string), <code>classmap</code></p></td>
+<p>The list of valid <code>param_type</code> entries are: <code>type</code>, <code>typealias</code>, <code>role</code>, <code>user</code>, <code>sensitivity</code>, <code>sensitivityalias</code>, <code>category</code>, <code>categoryalias</code>, <code>categoryset</code> (named or anonymous), <code>level</code> (named or anonymous), <code>levelrange</code> (named or anonymous), <code>class</code>, <code>classpermission</code> (named or anonymous), <code>ipaddr</code> (named or anonymous), <code>name</code> (a string), <code>classmap</code></p></td>
</tr>
<tr class="even">
<td align="left"><p><code>param_id</code></p></td>
diff --git a/secilc/docs/cil_container_statements.md b/secilc/docs/cil_container_statements.md
index a570cb235d7c..58b3224de211 100644
--- a/secilc/docs/cil_container_statements.md
+++ b/secilc/docs/cil_container_statements.md
@@ -254,7 +254,7 @@ This example will instantiate the optional block `ext_gateway.move_file` into po
in
--
-Allows the insertion of CIL statements into a named container ([`block`](cil_container_statements.md#block), [`optional`](cil_container_statements.md#optional) or [`macro`](cil_call_macro_statements.md#macro)). This statement is not allowed in [`booleanif`](cil_conditional_statements.md#booleanif) or [`tunableif`](cil_conditional_statements.md#tunableif) statements.
+Allows the insertion of CIL statements into a named container ([`block`](cil_container_statements.md#block), [`optional`](cil_container_statements.md#optional) or [`macro`](cil_call_macro_statements.md#macro)). This statement is not allowed in [`booleanif`](cil_conditional_statements.md#booleanif) or [`tunableif`](cil_conditional_statements.md#tunableif) statements. This only works for containers that aren't inherited using [`blockinherit`](cil_conditional_statements.md#blockinherit).
**Statement definition:**
diff --git a/secilc/docs/cil_reference_guide.md b/secilc/docs/cil_reference_guide.md
index 1b1fccca5faa..3e33c5f74283 100644
--- a/secilc/docs/cil_reference_guide.md
+++ b/secilc/docs/cil_reference_guide.md
@@ -176,7 +176,7 @@ Should the symbol not be prefixed with a dot, the current namespace would be sea
Expressions
-----------
-Expressions may occur in the following CIL statements: [`booleanif`](cil_conditional_statements.md#booleanif), [`tunableif`](cil_conditional_statements.md#tunableif), [`classpermissionset`](cil_class_and_permission_statements.md#classpermissionset), [`typeattributeset`](cil_type_statements.md#typeattributeset), [`roleattributeset`](cil_role_statements.md#roleattributeset), [`categoryset`](cil_mls_labeling_statements.md#categoryset), [`constrain`](cil_constraint_statements.md#constrain), [`mlsconstrain`](cil_constraint_statements.md#mlsconstrain), [`validatetrans`](cil_constraint_statements.md#validatetrans), [`validatetrans`](cil_constraint_statements.md#validatetrans)
+Expressions may occur in the following CIL statements: [`booleanif`](cil_conditional_statements.md#booleanif), [`tunableif`](cil_conditional_statements.md#tunableif), [`classpermissionset`](cil_class_and_permission_statements.md#classpermissionset), [`typeattributeset`](cil_type_statements.md#typeattributeset), [`roleattributeset`](cil_role_statements.md#roleattributeset), [`categoryset`](cil_mls_labeling_statements.md#categoryset), [`constrain`](cil_constraint_statements.md#constrain), [`mlsconstrain`](cil_constraint_statements.md#mlsconstrain), [`validatetrans`](cil_constraint_statements.md#validatetrans), [`mlsvalidatetrans`](cil_constraint_statements.md#mlsvalidatetrans)
CIL expressions use the [prefix](http://www.cs.man.ac.uk/~pjj/cs212/fix.html) or Polish notation and may be nested (note that the kernel policy language uses postfix or reverse Polish notation). The syntax is as follows, where the parenthesis are part of the syntax:
diff --git a/secilc/docs/cil_user_statements.md b/secilc/docs/cil_user_statements.md
index bbd76eff8645..26e45510405d 100644
--- a/secilc/docs/cil_user_statements.md
+++ b/secilc/docs/cil_user_statements.md
@@ -260,7 +260,7 @@ This example will associate `unconfined.user` with a named [`levelrange`](cil_ml
(categoryorder (c0 c1))
(sensitivity s0)
(sensitivity s1)
- (dominance (s0 s1))
+ (sensitivityorder (s0 s1))
(sensitivitycategory s0 (c0 c1))
(level systemLow (s0))
(level systemHigh (s0 (c0 c1)))
--
2.29.2
Reference in New Issue View Git Blame Copy Permalink