1<!-- Common Interface Language (CIL) Reference Guide --> 2 <!-- call_macro_statements.xml --> 3 4 <sect1> 5 <title>Call / Macro Statements</title> 6 <sect2 id="call"> 7 <title>call</title> 8 <para>Instantiate a <link linkend="macro">macro</link> within the current namespace. There may be zero or more parameters passed to the macro (with zero parameters this is similar to the <literal><link linkend="blockinherit">blockinherit</link></literal> (<literal><link linkend="call">call</link></literal>) / <literal><link linkend="blockabstract">blockabstract</link></literal> (<literal><link linkend="macro">macro</link></literal>) statements).</para> 9 <para>Each parameter passed contains an argument to be resolved by the <link linkend="macro">macro</link>, these can be named or anonymous but must conform to the parameter types defined in the <literal><link linkend="macro">macro</link></literal> statement.</para> 10 <para><emphasis role="bold">Statement definition:</emphasis></para> 11 <programlisting><![CDATA[(call macro_id [(param ...)])]]></programlisting> 12 <para><emphasis role="bold">Where:</emphasis></para> 13 <informaltable frame="all"> 14 <tgroup cols="2"> 15 <colspec colwidth="2 *"/> 16 <colspec colwidth="6 *"/> 17 <tbody> 18 <row> 19 <entry> 20 <para><literal><link linkend="call">call</link></literal></para> 21 </entry> 22 <entry> 23 <para>The <literal><link linkend="call">call</link></literal> keyword.</para> 24 </entry> 25 </row> 26 <row> 27 <entry> 28 <para><literal>macro_id</literal></para> 29 </entry> 30 <entry> 31 <para>The identifier of the <literal><link linkend="macro">macro</link></literal> to be instantiated.</para> 32 </entry> 33 </row> 34 <row> 35 <entry> 36 <para><literal>param</literal></para> 37 </entry> 38 <entry> 39 <para>Zero or more parameters that are passed to the macro.</para> 40 </entry> 41 </row> 42 </tbody></tgroup> 43 </informaltable> 44 <para><emphasis role="bold">Example:</emphasis></para> 45 <para>See the <literal><link linkend="macro">macro</link></literal> statement for an example.</para> 46 </sect2> 47 48 <sect2 id="macro"> 49 <title>macro</title> 50 <para>Declare a macro in the current namespace with its associated parameters. The macro identifier is used by the <literal><link linkend="call">call</link></literal> statement to instantiate the macro and resolve any parameters. The call statement may be within the body of a macro.</para> 51 52 <para>Note that when resolving macros the callers namespace is not checked, only the following places: 53 <itemizedlist> 54 <listitem><simpara>Items defined inside the macro</simpara></listitem> 55 <listitem><simpara>Items passed into the macro as arguments</simpara></listitem> 56 <listitem><simpara>Items defined in the same namespace of the macro</simpara></listitem> 57 <listitem><simpara>Items defined in the global namespace</simpara></listitem> 58 </itemizedlist> 59 </para> 60 <para><emphasis role="bold">Statement definition:</emphasis></para> 61 <programlisting><![CDATA[ 62(macro macro_id ([(param_type param_id) ...]) 63 cil_statements 64 ... 65)]]> 66 </programlisting> 67 <para><emphasis role="bold">Where:</emphasis></para> 68 <informaltable frame="all"> 69 <tgroup cols="2"> 70 <colspec colwidth="2 *"/> 71 <colspec colwidth="6 *"/> 72 <tbody> 73 <row> 74 <entry> 75 <para><literal><link linkend="macro">macro</link></literal></para> 76 </entry> 77 <entry> 78 <para>The <literal><link linkend="macro">macro</link></literal> keyword.</para> 79 </entry> 80 </row> 81 <row> 82 <entry> 83 <para><literal>macro_id</literal></para> 84 </entry> 85 <entry> 86 <para>The <literal><link linkend="macro">macro</link></literal> identifier.</para> 87 </entry> 88 </row> 89 <row> 90 <entry> 91 <para><literal>param_type</literal></para> 92 </entry> 93 <entry> 94 <para>Zero or more parameters that are passed to the macro. The <literal>param_type</literal> is a keyword used to determine the declaration type (e.g. <literal>type</literal>, <literal>class</literal>, <literal>categoryset</literal>).</para> 95 <para>The list of valid <literal>param_type</literal> entries are: 96 <simplelist type="inline"> 97 <member><literal><link linkend="type">type</link></literal></member> 98 <member><literal><link linkend="typealias">typealias</link></literal></member> 99 <member><literal><link linkend="role">role</link></literal></member> 100 <member><literal><link linkend="user">user</link></literal></member> 101 <member><literal><link linkend="sensitivity">sensitivity</link></literal></member> 102 <member><literal><link linkend="sensitivityalias">sensitivityalias</link></literal></member> 103 <member><literal><link linkend="category">category</link></literal></member> 104 <member><literal><link linkend="categoryalias">categoryalias</link></literal></member> 105 <member><literal><link linkend="categoryset">categoryset</link></literal> (named or anonymous)</member> 106 <member><literal><link linkend="level">level</link></literal> (named or anonymous)</member> 107 <member><literal><link linkend="levelrange">levelrange</link></literal> (named or anonymous)</member> 108 <member><literal><link linkend="class">class</link></literal></member> 109 <member><literal><link linkend="classpermission">classpermission</link></literal> (named or anonymous)</member> 110 <member><literal><link linkend="ipaddr">ipaddr</link></literal> (named or anonymous)</member> 111 <member><literal><link linkend="boolean">block</link></literal></member> 112 <member><literal><link linkend="name">name</link></literal> (a string)</member> 113 <member><literal><link linkend="classmap">classmap</link></literal></member> 114 </simplelist></para> 115 </entry> 116 </row> 117 <row> 118 <entry> 119 <para><literal>param_id</literal></para> 120 </entry> 121 <entry> 122 <para>The parameter identifier used to reference the entry within the macro body (e.g. <literal>ARG1</literal>).</para> 123 </entry> 124 </row> 125 <row> 126 <entry> 127 <para><literal>cil_statement</literal></para> 128 </entry> 129 <entry> 130 <para>Zero or more valid CIL statements.</para> 131 </entry> 132 </row> 133 </tbody></tgroup> 134 </informaltable> 135 136 <para><emphasis role="bold">Examples:</emphasis></para> 137 <para>This example will instantiate the <literal>binder_call</literal> macro in the calling namespace (<literal>my_domain</literal>) and replace <literal>ARG1</literal> with <literal>appdomain</literal> and <literal>ARG2</literal> with <literal>binderservicedomain</literal>:</para> 138 <programlisting><![CDATA[ 139(block my_domain 140 (call binder_call (appdomain binderservicedomain)) 141) 142 143(macro binder_call ((type ARG1) (type ARG2)) 144 (allow ARG1 ARG2 (binder (call transfer))) 145 (allow ARG2 ARG1 (binder (transfer))) 146 (allow ARG1 ARG2 (fd (use))) 147)]]> 148 </programlisting> 149 150 <para>This example does not pass any parameters to the macro but adds a <literal>type</literal> identifier to the current namespace:</para> 151 <programlisting><![CDATA[ 152(block unconfined 153 (call add_type) 154 .... 155 156 (macro add_type () 157 (type exec) 158 ) 159)]]> 160 </programlisting> 161 162 <para>This example passes an anonymous and named IP address to the macro:</para> 163 <programlisting><![CDATA[ 164(ipaddr netmask_1 255.255.255.0) 165(context netlabel_1 (system.user object_r unconfined.object low_low) 166 167(call build_nodecon ((192.168.1.64) netmask_1)) 168 169(macro build_nodecon ((ipaddr ARG1) (ipaddr ARG2)) 170 (nodecon ARG1 ARG2 netlabel_1) 171)]]> 172 </programlisting> 173 </sect2> 174 </sect1> 175