tomoyo: Do not generate empty policy files
The Makefile automatically generates the tomoyo policy files, which are not removed by make clean (because they could have been provided by the user). Instead of generating the missing files, use /dev/null if a given file is not provided. Store the default exception_policy in exception_policy.conf.default. Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Michal Marek <mmarek@suse.cz>
This commit is contained in:
Michal Marek
Родитель
bf7a9ab43c
Коммит
f02dee2d14
|
|
@ -1,2 +1,2 @@
|
|||
builtin-policy.h
|
||||
policy/
|
||||
policy/*.conf
|
||||
|
|
|
|||
|
|
@ -1,41 +1,15 @@
|
|||
obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o
|
||||
|
||||
$(obj)/policy/profile.conf:
|
||||
@mkdir -p $(obj)/policy/
|
||||
@echo Creating an empty policy/profile.conf
|
||||
@touch $@
|
||||
|
||||
$(obj)/policy/exception_policy.conf:
|
||||
@mkdir -p $(obj)/policy/
|
||||
@echo Creating a default policy/exception_policy.conf
|
||||
@echo initialize_domain /sbin/modprobe from any >> $@
|
||||
@echo initialize_domain /sbin/hotplug from any >> $@
|
||||
|
||||
$(obj)/policy/domain_policy.conf:
|
||||
@mkdir -p $(obj)/policy/
|
||||
@echo Creating an empty policy/domain_policy.conf
|
||||
@touch $@
|
||||
|
||||
$(obj)/policy/manager.conf:
|
||||
@mkdir -p $(obj)/policy/
|
||||
@echo Creating an empty policy/manager.conf
|
||||
@touch $@
|
||||
|
||||
$(obj)/policy/stat.conf:
|
||||
@mkdir -p $(obj)/policy/
|
||||
@echo Creating an empty policy/stat.conf
|
||||
@touch $@
|
||||
|
||||
targets += builtin-policy.h
|
||||
define do_policy
|
||||
echo "static char tomoyo_builtin_$(1)[] __initdata ="; \
|
||||
$(objtree)/scripts/basic/bin2c <$(obj)/policy/$(1).conf; \
|
||||
$(objtree)/scripts/basic/bin2c <$(firstword $(wildcard $(obj)/policy/$(1).conf $(srctree)/$(src)/policy/$(1).conf.default) /dev/null); \
|
||||
echo ";"
|
||||
endef
|
||||
quiet_cmd_policy = POLICY $@
|
||||
cmd_policy = ($(call do_policy,profile); $(call do_policy,exception_policy); $(call do_policy,domain_policy); $(call do_policy,manager); $(call do_policy,stat)) >$@
|
||||
|
||||
$(obj)/builtin-policy.h: $(obj)/policy/profile.conf $(obj)/policy/exception_policy.conf $(obj)/policy/domain_policy.conf $(obj)/policy/manager.conf $(obj)/policy/stat.conf FORCE
|
||||
$(obj)/builtin-policy.h: $(wildcard $(obj)/policy/*.conf $(src)/policy/*.conf.default) FORCE
|
||||
$(call if_changed,policy)
|
||||
|
||||
$(obj)/common.o: $(obj)/builtin-policy.h
|
||||
|
|
|
|||
|
|
@ -0,0 +1,2 @@
|
|||
initialize_domain /sbin/modprobe from any
|
||||
initialize_domain /sbin/hotplug from any
|
||||
Загрузка…
Ссылка в новой задаче