tomoyo: Do not generate empty policy files

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The Makefile automatically generates the tomoyo policy files, which are
not removed by make clean (because they could have been provided by the
user). Instead of generating the missing files, use /dev/null if a
given file is not provided. Store the default exception_policy in
exception_policy.conf.default.

Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Michal Marek <mmarek@suse.cz>

Michal Marek 11 years ago f02dee2d bf7a9ab4

+5 -29

3 changed files

expand all

security

tomoyo

.gitignore

Makefile

policy

exception_policy.conf.default

+1 -1

security/tomoyo/.gitignore

··· 1 1 builtin-policy.h 2 - policy/ 2 + policy/*.conf

+2 -28

security/tomoyo/Makefile

··· 1 1 obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o 2 2 3 - $(obj)/policy/profile.conf: 4 - @mkdir -p $(obj)/policy/ 5 - @echo Creating an empty policy/profile.conf 6 - @touch $@ 7 - 8 - $(obj)/policy/exception_policy.conf: 9 - @mkdir -p $(obj)/policy/ 10 - @echo Creating a default policy/exception_policy.conf 11 - @echo initialize_domain /sbin/modprobe from any >> $@ 12 - @echo initialize_domain /sbin/hotplug from any >> $@ 13 - 14 - $(obj)/policy/domain_policy.conf: 15 - @mkdir -p $(obj)/policy/ 16 - @echo Creating an empty policy/domain_policy.conf 17 - @touch $@ 18 - 19 - $(obj)/policy/manager.conf: 20 - @mkdir -p $(obj)/policy/ 21 - @echo Creating an empty policy/manager.conf 22 - @touch $@ 23 - 24 - $(obj)/policy/stat.conf: 25 - @mkdir -p $(obj)/policy/ 26 - @echo Creating an empty policy/stat.conf 27 - @touch $@ 28 - 29 3 targets += builtin-policy.h 30 4 define do_policy 31 5 echo "static char tomoyo_builtin_$(1)[] __initdata ="; \ 32 - $(objtree)/scripts/basic/bin2c <$(obj)/policy/$(1).conf; \ 6 + $(objtree)/scripts/basic/bin2c <$(firstword $(wildcard $(obj)/policy/$(1).conf $(srctree)/$(src)/policy/$(1).conf.default) /dev/null); \ 33 7 echo ";" 34 8 endef 35 9 quiet_cmd_policy = POLICY $@ 36 10 cmd_policy = ($(call do_policy,profile); $(call do_policy,exception_policy); $(call do_policy,domain_policy); $(call do_policy,manager); $(call do_policy,stat)) >$@ 37 11 38 - $(obj)/builtin-policy.h: $(obj)/policy/profile.conf $(obj)/policy/exception_policy.conf $(obj)/policy/domain_policy.conf $(obj)/policy/manager.conf $(obj)/policy/stat.conf FORCE 12 + $(obj)/builtin-policy.h: $(wildcard $(obj)/policy/*.conf $(src)/policy/*.conf.default) FORCE 39 13 $(call if_changed,policy) 40 14 41 15 $(obj)/common.o: $(obj)/builtin-policy.h

security/tomoyo/policy/exception_policy.conf.default

··· 1 + initialize_domain /sbin/modprobe from any 2 + initialize_domain /sbin/hotplug from any