diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/tomoyo/.gitignore | 2 | ||||
| -rw-r--r-- | security/tomoyo/Makefile | 30 | ||||
| -rw-r--r-- | security/tomoyo/policy/exception_policy.conf.default | 2 |
3 files changed, 5 insertions, 29 deletions
diff --git a/security/tomoyo/.gitignore b/security/tomoyo/.gitignore index 5caf1a6f5907..dc0f220a210b 100644 --- a/security/tomoyo/.gitignore +++ b/security/tomoyo/.gitignore | |||
| @@ -1,2 +1,2 @@ | |||
| 1 | builtin-policy.h | 1 | builtin-policy.h |
| 2 | policy/ | 2 | policy/*.conf |
diff --git a/security/tomoyo/Makefile b/security/tomoyo/Makefile index ecdefb583fcf..65dbcb2fd850 100644 --- a/security/tomoyo/Makefile +++ b/security/tomoyo/Makefile | |||
| @@ -1,41 +1,15 @@ | |||
| 1 | obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o | 1 | obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o |
| 2 | 2 | ||
| 3 | $(obj)/policy/profile.conf: | ||
| 4 | @mkdir -p $(obj)/policy/ | ||
| 5 | @echo Creating an empty policy/profile.conf | ||
| 6 | @touch $@ | ||
| 7 | |||
| 8 | $(obj)/policy/exception_policy.conf: | ||
| 9 | @mkdir -p $(obj)/policy/ | ||
| 10 | @echo Creating a default policy/exception_policy.conf | ||
| 11 | @echo initialize_domain /sbin/modprobe from any >> $@ | ||
| 12 | @echo initialize_domain /sbin/hotplug from any >> $@ | ||
| 13 | |||
| 14 | $(obj)/policy/domain_policy.conf: | ||
| 15 | @mkdir -p $(obj)/policy/ | ||
| 16 | @echo Creating an empty policy/domain_policy.conf | ||
| 17 | @touch $@ | ||
| 18 | |||
| 19 | $(obj)/policy/manager.conf: | ||
| 20 | @mkdir -p $(obj)/policy/ | ||
| 21 | @echo Creating an empty policy/manager.conf | ||
| 22 | @touch $@ | ||
| 23 | |||
| 24 | $(obj)/policy/stat.conf: | ||
| 25 | @mkdir -p $(obj)/policy/ | ||
| 26 | @echo Creating an empty policy/stat.conf | ||
| 27 | @touch $@ | ||
| 28 | |||
| 29 | targets += builtin-policy.h | 3 | targets += builtin-policy.h |
| 30 | define do_policy | 4 | define do_policy |
| 31 | echo "static char tomoyo_builtin_$(1)[] __initdata ="; \ | 5 | echo "static char tomoyo_builtin_$(1)[] __initdata ="; \ |
| 32 | $(objtree)/scripts/basic/bin2c <$(obj)/policy/$(1).conf; \ | 6 | $(objtree)/scripts/basic/bin2c <$(firstword $(wildcard $(obj)/policy/$(1).conf $(srctree)/$(src)/policy/$(1).conf.default) /dev/null); \ |
| 33 | echo ";" | 7 | echo ";" |
| 34 | endef | 8 | endef |
| 35 | quiet_cmd_policy = POLICY $@ | 9 | quiet_cmd_policy = POLICY $@ |
| 36 | cmd_policy = ($(call do_policy,profile); $(call do_policy,exception_policy); $(call do_policy,domain_policy); $(call do_policy,manager); $(call do_policy,stat)) >$@ | 10 | cmd_policy = ($(call do_policy,profile); $(call do_policy,exception_policy); $(call do_policy,domain_policy); $(call do_policy,manager); $(call do_policy,stat)) >$@ |
| 37 | 11 | ||
| 38 | $(obj)/builtin-policy.h: $(obj)/policy/profile.conf $(obj)/policy/exception_policy.conf $(obj)/policy/domain_policy.conf $(obj)/policy/manager.conf $(obj)/policy/stat.conf FORCE | 12 | $(obj)/builtin-policy.h: $(wildcard $(obj)/policy/*.conf $(src)/policy/*.conf.default) FORCE |
| 39 | $(call if_changed,policy) | 13 | $(call if_changed,policy) |
| 40 | 14 | ||
| 41 | $(obj)/common.o: $(obj)/builtin-policy.h | 15 | $(obj)/common.o: $(obj)/builtin-policy.h |
diff --git a/security/tomoyo/policy/exception_policy.conf.default b/security/tomoyo/policy/exception_policy.conf.default new file mode 100644 index 000000000000..2678df4964ee --- /dev/null +++ b/security/tomoyo/policy/exception_policy.conf.default | |||
| @@ -0,0 +1,2 @@ | |||
| 1 | initialize_domain /sbin/modprobe from any | ||
| 2 | initialize_domain /sbin/hotplug from any | ||