From 6f78aaa41190cd1e1b925f72c1da295b8470b8f8 Mon Sep 17 00:00:00 2001
From: Dan Mihai <dmihai@microsoft.com>
Date: Wed, 18 Dec 2024 01:10:16 +0000
Subject: [PATCH] genpolicy: use process inputs for allow_process()

Using process data inputs for allow_process() is easier to
read/understand compared with the older OCI data inputs.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
---
 src/tools/genpolicy/rules.rego | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
index e5bf78bafa..5fb5f8a2ec 100644
--- a/src/tools/genpolicy/rules.rego
+++ b/src/tools/genpolicy/rules.rego
@@ -292,7 +292,7 @@ allow_by_sandbox_name(p_oci, i_oci, p_storages, i_storages, s_name) {
 
     allow_by_container_types(p_oci, i_oci, s_name, i_namespace)
     allow_by_bundle_or_sandbox_id(p_oci, i_oci, p_storages, i_storages)
-    allow_process(p_oci, i_oci, s_name)
+    allow_process(p_oci.Process, i_oci.Process, s_name)
 
     print("allow_by_sandbox_name: true")
 }
@@ -668,10 +668,7 @@ allow_by_bundle_or_sandbox_id(p_oci, i_oci, p_storages, i_storages) {
     print("allow_by_bundle_or_sandbox_id: true")
 }
 
-allow_process(p_oci, i_oci, s_name) {
-    p_process := p_oci.Process
-    i_process := i_oci.Process
-
+allow_process(p_process, i_process, s_name) {
     print("allow_process: i terminal =", i_process.Terminal, "p terminal =", p_process.Terminal)
     p_process.Terminal == i_process.Terminal