Home | History | Annotate | Download | only in docs 
      1 Call / Macro Statements
      2 =======================
      3 
      4 call
      5 ----
      6 
      7 Instantiate a [macro](#macro) within the current namespace. There may be zero or more parameters passed to the macro (with zero parameters this is similar to the [`blockinherit`](cil_container_statements.md#blockinherit) ([`call`](cil_call_macro_statements.md#call)) / [`blockabstract`](cil_container_statements.md#blockabstract) ([`macro`](cil_call_macro_statements.md#macro)) statements).
      8 
      9 Each parameter passed contains an argument to be resolved by the [macro](#macro), these can be named or anonymous but must conform to the parameter types defined in the [`macro`](cil_call_macro_statements.md#macro) statement.
     10 
     11 **Statement definition:**
     12 
     13     (call macro_id [(param ...)])
     14 
     15 **Where:**
     16 
     17 <table>
     18 <colgroup>
     19 <col width="25%" />
     20 <col width="75%" />
     21 </colgroup>
     22 <tbody>
     23 <tr class="odd">
     24 <td align="left"><p><code>call</code></p></td>
     25 <td align="left"><p>The <code>call</code> keyword.</p></td>
     26 </tr>
     27 <tr class="even">
     28 <td align="left"><p><code>macro_id</code></p></td>
     29 <td align="left"><p>The identifier of the <code>macro</code> to be instantiated.</p></td>
     30 </tr>
     31 <tr class="odd">
     32 <td align="left"><p><code>param</code></p></td>
     33 <td align="left"><p>Zero or more parameters that are passed to the macro.</p></td>
     34 </tr>
     35 </tbody>
     36 </table>
     37 
     38 **Example:**
     39 
     40 See the [`macro`](cil_call_macro_statements.md#macro) statement for an example.
     41 
     42 macro
     43 -----
     44 
     45 Declare a macro in the current namespace with its associated parameters. The macro identifier is used by the [`call`](cil_call_macro_statements.md#call) statement to instantiate the macro and resolve any parameters. The call statement may be within the body of a macro.
     46 
     47 Note that when resolving macros the callers namespace is not checked, only the following places:
     48 
     49 -   Items defined inside the macro
     50 
     51 -   Items passed into the macro as arguments
     52 
     53 -   Items defined in the same namespace of the macro
     54 
     55 -   Items defined in the global namespace
     56 
     57 **Statement definition:**
     58 
     59     (macro macro_id ([(param_type param_id) ...])
     60         cil_statements
     61         ...
     62     )
     63 
     64 **Where:**
     65 
     66 <table>
     67 <colgroup>
     68 <col width="25%" />
     69 <col width="75%" />
     70 </colgroup>
     71 <tbody>
     72 <tr class="odd">
     73 <td align="left"><p><code>macro</code></p></td>
     74 <td align="left"><p>The <code>macro</code> keyword.</p></td>
     75 </tr>
     76 <tr class="even">
     77 <td align="left"><p><code>macro_id</code></p></td>
     78 <td align="left"><p>The <code>macro</code> identifier.</p></td>
     79 </tr>
     80 <tr class="odd">
     81 <td align="left"><p><code>param_type</code></p></td>
     82 <td align="left"><p>Zero or more parameters that are passed to the macro. The <code>param_type</code> is a keyword used to determine the declaration type (e.g. <code>type</code>, <code>class</code>, <code>categoryset</code>).</p>
     83 <p>The list of valid <code>param_type</code> entries are: <code>type</code>, <code>typealias</code>, <code>role</code>, <code>user</code>, <code>sensitivity</code>, <code>sensitivityalias</code>, <code>category</code>, <code>categoryalias</code>, <code>categoryset</code> (named or anonymous), <code>level</code> (named or anonymous), <code>levelrange</code> (named or anonymous), <code>class</code>, <code>classpermission</code> (named or anonymous), <code>ipaddr</code> (named or anonymous), <code>block</code>, <code>name</code> (a string), <code>classmap</code></p></td>
     84 </tr>
     85 <tr class="even">
     86 <td align="left"><p><code>param_id</code></p></td>
     87 <td align="left"><p>The parameter identifier used to reference the entry within the macro body (e.g. <code>ARG1</code>).</p></td>
     88 </tr>
     89 <tr class="odd">
     90 <td align="left"><p><code>cil_statement</code></p></td>
     91 <td align="left"><p>Zero or more valid CIL statements.</p></td>
     92 </tr>
     93 </tbody>
     94 </table>
     95 
     96 **Examples:**
     97 
     98 This example will instantiate the `binder_call` macro in the calling namespace (`my_domain`) and replace `ARG1` with `appdomain` and `ARG2` with `binderservicedomain`:
     99 
    100     (block my_domain
    101         (call binder_call (appdomain binderservicedomain))
    102     )
    103 
    104     (macro binder_call ((type ARG1) (type ARG2))
    105         (allow ARG1 ARG2 (binder (call transfer)))
    106         (allow ARG2 ARG1 (binder (transfer)))
    107         (allow ARG1 ARG2 (fd (use)))
    108     )
    109 
    110 This example does not pass any parameters to the macro but adds a [`type`](cil_type_statements.md#type) identifier to the current namespace:
    111 
    112     (block unconfined
    113         (call add_type)
    114         ....
    115 
    116         (macro add_type ()
    117             (type exec)
    118         )
    119     )
    120 
    121 This example passes an anonymous and named IP address to the macro:
    122 
    123     (ipaddr netmask_1 255.255.255.0)
    124     (context netlabel_1 (system.user object_r unconfined.object low_low)
    125 
    126     (call build_nodecon ((192.168.1.64) netmask_1))
    127 
    128     (macro build_nodecon ((ipaddr ARG1) (ipaddr ARG2))
    129         (nodecon ARG1 ARG2  netlabel_1)
    130     )
    131