forked from Minki/linux
tomoyo: Do not generate empty policy files
The Makefile automatically generates the tomoyo policy files, which are not removed by make clean (because they could have been provided by the user). Instead of generating the missing files, use /dev/null if a given file is not provided. Store the default exception_policy in exception_policy.conf.default. Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Michal Marek <mmarek@suse.cz>
This commit is contained in:
parent
bf7a9ab43c
commit
f02dee2d14
2
security/tomoyo/.gitignore
vendored
2
security/tomoyo/.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
builtin-policy.h
|
||||
policy/
|
||||
policy/*.conf
|
||||
|
@ -1,41 +1,15 @@
|
||||
obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o
|
||||
|
||||
$(obj)/policy/profile.conf:
|
||||
@mkdir -p $(obj)/policy/
|
||||
@echo Creating an empty policy/profile.conf
|
||||
@touch $@
|
||||
|
||||
$(obj)/policy/exception_policy.conf:
|
||||
@mkdir -p $(obj)/policy/
|
||||
@echo Creating a default policy/exception_policy.conf
|
||||
@echo initialize_domain /sbin/modprobe from any >> $@
|
||||
@echo initialize_domain /sbin/hotplug from any >> $@
|
||||
|
||||
$(obj)/policy/domain_policy.conf:
|
||||
@mkdir -p $(obj)/policy/
|
||||
@echo Creating an empty policy/domain_policy.conf
|
||||
@touch $@
|
||||
|
||||
$(obj)/policy/manager.conf:
|
||||
@mkdir -p $(obj)/policy/
|
||||
@echo Creating an empty policy/manager.conf
|
||||
@touch $@
|
||||
|
||||
$(obj)/policy/stat.conf:
|
||||
@mkdir -p $(obj)/policy/
|
||||
@echo Creating an empty policy/stat.conf
|
||||
@touch $@
|
||||
|
||||
targets += builtin-policy.h
|
||||
define do_policy
|
||||
echo "static char tomoyo_builtin_$(1)[] __initdata ="; \
|
||||
$(objtree)/scripts/basic/bin2c <$(obj)/policy/$(1).conf; \
|
||||
$(objtree)/scripts/basic/bin2c <$(firstword $(wildcard $(obj)/policy/$(1).conf $(srctree)/$(src)/policy/$(1).conf.default) /dev/null); \
|
||||
echo ";"
|
||||
endef
|
||||
quiet_cmd_policy = POLICY $@
|
||||
cmd_policy = ($(call do_policy,profile); $(call do_policy,exception_policy); $(call do_policy,domain_policy); $(call do_policy,manager); $(call do_policy,stat)) >$@
|
||||
|
||||
$(obj)/builtin-policy.h: $(obj)/policy/profile.conf $(obj)/policy/exception_policy.conf $(obj)/policy/domain_policy.conf $(obj)/policy/manager.conf $(obj)/policy/stat.conf FORCE
|
||||
$(obj)/builtin-policy.h: $(wildcard $(obj)/policy/*.conf $(src)/policy/*.conf.default) FORCE
|
||||
$(call if_changed,policy)
|
||||
|
||||
$(obj)/common.o: $(obj)/builtin-policy.h
|
||||
|
2
security/tomoyo/policy/exception_policy.conf.default
Normal file
2
security/tomoyo/policy/exception_policy.conf.default
Normal file
@ -0,0 +1,2 @@
|
||||
initialize_domain /sbin/modprobe from any
|
||||
initialize_domain /sbin/hotplug from any
|
Loading…
Reference in New Issue
Block a user