Functions and Procedures

The Security Policy Scripting Language supports both functions and procedures. Functions and procedures are stand-alone subroutines that help modularize a company’s security policy files. Functions and procedures are programming building blocks that execute specific tasks. These functions and procedures can be called whenever there is a need to perform that task. Functions and procedures are especially useful for repetitive type tasks.

The difference between functions and procedures is that functions return values while procedures do not.

Privilege Management for Unix and Linux functions and procedures do not support the same notion of scope as C functions. In other words, after a variable is implicitly defined, any function can use it. Its use is global and not limited to the function where it was originally defined.

If a variable is implicitly created in one function and referenced by another function, both functions can access and modify the same variable. The same holds true for procedures.

Privilege Management for Unix and Linux provides a number of built-in functions and procedures to help automate the process of creating security policy files.

When adding user-written functions to a security policy file, the code for inline functions is placed at the top of the security policy file that first uses the function. Beginning with Privilege Management for Unix and Linux 3.0, end statements are no longer required for functions, procedures, and loops. However, Privilege Management for Unix and Linux still supports policy files that use end statements.

For more information, please see the following:

function Statement

A function name can be any length. Its name can consist of any alpha or numeric characters, but it must start with an alphabetic character or an underscore.

The method of returning a value from a function is similar to that used in Pascal. The value is returned in a variable with the same name as the function.

A function must return a value. Otherwise, an error occurs.

function FunctionName (argument-list)
{
statements;
FunctionName = expression;
}
function square (x)
{
square = x * x;
}

For more information, please see procedure Statement.

procedure Statement

A procedure name can be any length. It can consist of any alpha, underscore, or numeric characters, but it must start with an alphabetic character or an underscore.

Procedures do not return a value. If a value is returned, an error occurs.

procedure ProcedureName (argument-list)
{
statements;
}
procedure print_message(message)
{
print(message);
}

For more information, please see function Statement.