1Call / Macro Statements 2======================= 3 4call 5---- 6 7Instantiate a [macro](#macro) within the current namespace. There may be zero or more parameters passed to the macro (with zero parameters this is similar to the [`blockinherit`](cil_container_statements.md#blockinherit) ([`call`](cil_call_macro_statements.md#call)) / [`blockabstract`](cil_container_statements.md#blockabstract) ([`macro`](cil_call_macro_statements.md#macro)) statements). 8 9Each parameter passed contains an argument to be resolved by the [macro](#macro), these can be named or anonymous but must conform to the parameter types defined in the [`macro`](cil_call_macro_statements.md#macro) statement. 10 11Macro rules are resolved by searching in the following order: 12 13- The macro namespace (If found this means that the name was declared in the macro and is now declared in the namespace of one of the parents of the call.) 14 15- The call arguments 16 17- The parent namespaces of the macro being called (if any) with the exception of the global namespace. 18 19- The parent namespaces of the call (if any) with the exception of the global namespace. 20 21- The global namespace 22 23**Statement definition:** 24 25```secil 26 (call macro_id [(param ...)]) 27``` 28 29**Where:** 30 31<table> 32<colgroup> 33<col width="25%" /> 34<col width="75%" /> 35</colgroup> 36<tbody> 37<tr class="odd"> 38<td align="left"><p><code>call</code></p></td> 39<td align="left"><p>The <code>call</code> keyword.</p></td> 40</tr> 41<tr class="even"> 42<td align="left"><p><code>macro_id</code></p></td> 43<td align="left"><p>The identifier of the <code>macro</code> to be instantiated.</p></td> 44</tr> 45<tr class="odd"> 46<td align="left"><p><code>param</code></p></td> 47<td align="left"><p>Zero or more parameters that are passed to the macro.</p></td> 48</tr> 49</tbody> 50</table> 51 52**Example:** 53 54See the [`macro`](cil_call_macro_statements.md#macro) statement for an example. 55 56macro 57----- 58 59Declare a macro in the current namespace with its associated parameters. The macro identifier is used by the [`call`](cil_call_macro_statements.md#call) statement to instantiate the macro and resolve any parameters. The call statement may be within the body of a macro. 60 61[`tunable`](cil_conditional_statements.md#tunable), [`in`](cil_container_statements.md#in), [`block`](cil_container_statements.md#block), [`blockinherit`](cil_container_statements.md#blockinherit), [`blockabstract`](cil_container_statements.md#blockabstract), and other [`macro`](cil_call_macro_statements.md#macro) statements are not allowed in [`macro`](cil_call_macro_statements.md#macro) blocks. 62 63Duplicate [`macro`](cil_call_macro_statements.md#macro) declarations in the same namespace will normally cause an error, but inheriting a macro into a namespace (with [`blockinherit`](cil_container_statements.md#blockinherit)) that already has a macro with the same name will only result in a warning message and not cause an error. This behavior allows inherited macros to be overridden with local ones. 64 65**Statement definition:** 66 67```secil 68 (macro macro_id ([(param_type param_id) ...]) 69 cil_statements 70 ... 71 ) 72``` 73 74**Where:** 75 76<table> 77<colgroup> 78<col width="25%" /> 79<col width="75%" /> 80</colgroup> 81<tbody> 82<tr class="odd"> 83<td align="left"><p><code>macro</code></p></td> 84<td align="left"><p>The <code>macro</code> keyword.</p></td> 85</tr> 86<tr class="even"> 87<td align="left"><p><code>macro_id</code></p></td> 88<td align="left"><p>The <code>macro</code> identifier.</p></td> 89</tr> 90<tr class="odd"> 91<td align="left"><p><code>param_type</code></p></td> 92<td align="left"><p>Zero or more parameters that are passed to the macro. The <code>param_type</code> is a keyword used to determine the declaration type (e.g. <code>type</code>, <code>class</code>, <code>categoryset</code>).</p> 93<p>The list of valid <code>param_type</code> entries are: <code>string</code>, <code>name</code>, <code>type</code>, <code>role</code>, <code>user</code>, <code>sensitivity</code>, <code>category</code>, <code>bool</code>, <code>categoryset</code>, <code>level</code>, <code>levelrange</code>, <code>ipaddr</code>, <code>class</code>, <code>classmap</code>, and <code>classpermission</code>. 94<p>The <code>param_types</code> <code>categoryset</code>, <code>level</code>, <code>levelrange</code>, <code>classpermission</code>, and <code>ipaddr</code> can by named or anonymous.</p> 95<p>The <code>param_types</code> <code>type</code>, <code>role</code>, and <code>user</code> can be used for attributes.</p> 96<p>The <code>param_types</code> <code>type</code>, <code>sensitivity</code> and <code>category</code> can be used for aliases.</p> 97<p>The <code>param_types</code> <code>name</code> and <code>string</node> can be used interchangeably for an <code>object_name</code> in [`typetransition`](cil_type_statements.md#typetransition) and the <code>path</code> in [`filecon`](cil_file_labeling_statements.md#filecon) statements.</p></td> 98</tr> 99<tr class="even"> 100<td align="left"><p><code>param_id</code></p></td> 101<td align="left"><p>The parameter identifier used to reference the entry within the macro body (e.g. <code>ARG1</code>).</p></td> 102</tr> 103<tr class="odd"> 104<td align="left"><p><code>cil_statement</code></p></td> 105<td align="left"><p>Zero or more valid CIL statements.</p></td> 106</tr> 107</tbody> 108</table> 109 110**Examples:** 111 112This example will instantiate the `binder_call` macro in the calling namespace (`my_domain`) and replace `ARG1` with `appdomain` and `ARG2` with `binderservicedomain`: 113 114```secil 115 (block my_domain 116 (call binder_call (appdomain binderservicedomain)) 117 ) 118 119 (macro binder_call ((type ARG1) (type ARG2)) 120 (allow ARG1 ARG2 (binder (call transfer))) 121 (allow ARG2 ARG1 (binder (transfer))) 122 (allow ARG1 ARG2 (fd (use))) 123 ) 124``` 125 126This example does not pass any parameters to the macro but adds a [`type`](cil_type_statements.md#type) identifier to the current namespace: 127 128```secil 129 (block unconfined 130 (call add_type) 131 .... 132 133 (macro add_type () 134 (type exec) 135 ) 136 ) 137``` 138 139This example passes an anonymous and named IP address to the macro: 140 141```secil 142 (ipaddr netmask_1 255.255.255.0) 143 (context netlabel_1 (system.user object_r unconfined.object low_low)) 144 145 (call build_nodecon ((192.168.1.64) netmask_1)) 146 147 (macro build_nodecon ((ipaddr ARG1) (ipaddr ARG2)) 148 (nodecon ARG1 ARG2 netlabel_1) 149 ) 150``` 151