diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2011-06-26 10:22:18 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2011-06-28 19:31:22 -0400 |
| commit | efe836ab2b514ae7b59528af36d452978b42d266 (patch) | |
| tree | 5e2434b25b0d53c4852fad7c9c07db9e99a38b07 /security/tomoyo/Makefile | |
| parent | b22b8b9fd90eecfb7133e56b4e113595f09f4492 (diff) | |
TOMOYO: Add built-in policy support.
To be able to start using enforcing mode from the early stage of boot sequence,
this patch adds support for built-in policy configuration (and next patch adds
support for activating access control without calling external policy loader
program).
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/Makefile')
| -rw-r--r-- | security/tomoyo/Makefile | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/security/tomoyo/Makefile b/security/tomoyo/Makefile index b13f7f9fbb52..04f676a940ae 100644 --- a/security/tomoyo/Makefile +++ b/security/tomoyo/Makefile | |||
| @@ -1 +1,48 @@ | |||
| 1 | obj-y = audit.o common.o domain.o file.o gc.o group.o load_policy.o memory.o mount.o realpath.o securityfs_if.o tomoyo.o util.o | 1 | obj-y = audit.o common.o domain.o file.o gc.o group.o load_policy.o memory.o mount.o realpath.o securityfs_if.o tomoyo.o util.o |
| 2 | |||
| 3 | $(obj)/policy/profile.conf: | ||
| 4 | @mkdir -p $(obj)/policy/ | ||
| 5 | @echo Creating an empty policy/profile.conf | ||
| 6 | @touch $@ | ||
| 7 | |||
| 8 | $(obj)/policy/exception_policy.conf: | ||
| 9 | @mkdir -p $(obj)/policy/ | ||
| 10 | @echo Creating a default policy/exception_policy.conf | ||
| 11 | @echo initialize_domain /sbin/modprobe from any >> $@ | ||
| 12 | @echo initialize_domain /sbin/hotplug from any >> $@ | ||
| 13 | |||
| 14 | $(obj)/policy/domain_policy.conf: | ||
| 15 | @mkdir -p $(obj)/policy/ | ||
| 16 | @echo Creating an empty policy/domain_policy.conf | ||
| 17 | @touch $@ | ||
| 18 | |||
| 19 | $(obj)/policy/manager.conf: | ||
| 20 | @mkdir -p $(obj)/policy/ | ||
| 21 | @echo Creating an empty policy/manager.conf | ||
| 22 | @touch $@ | ||
| 23 | |||
| 24 | $(obj)/policy/stat.conf: | ||
| 25 | @mkdir -p $(obj)/policy/ | ||
| 26 | @echo Creating an empty policy/stat.conf | ||
| 27 | @touch $@ | ||
| 28 | |||
| 29 | $(obj)/builtin-policy.h: $(obj)/policy/profile.conf $(obj)/policy/exception_policy.conf $(obj)/policy/domain_policy.conf $(obj)/policy/manager.conf $(obj)/policy/stat.conf | ||
| 30 | @echo Generating built-in policy for TOMOYO 2.4.x. | ||
| 31 | @echo "static char tomoyo_builtin_profile[] __initdata =" > $@.tmp | ||
| 32 | @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/profile.conf >> $@.tmp | ||
| 33 | @echo "\"\";" >> $@.tmp | ||
| 34 | @echo "static char tomoyo_builtin_exception_policy[] __initdata =" >> $@.tmp | ||
| 35 | @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/exception_policy.conf >> $@.tmp | ||
| 36 | @echo "\"\";" >> $@.tmp | ||
| 37 | @echo "static char tomoyo_builtin_domain_policy[] __initdata =" >> $@.tmp | ||
| 38 | @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/domain_policy.conf >> $@.tmp | ||
| 39 | @echo "\"\";" >> $@.tmp | ||
| 40 | @echo "static char tomoyo_builtin_manager[] __initdata =" >> $@.tmp | ||
| 41 | @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/manager.conf >> $@.tmp | ||
| 42 | @echo "\"\";" >> $@.tmp | ||
| 43 | @echo "static char tomoyo_builtin_stat[] __initdata =" >> $@.tmp | ||
| 44 | @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/stat.conf >> $@.tmp | ||
| 45 | @echo "\"\";" >> $@.tmp | ||
| 46 | @mv $@.tmp $@ | ||
| 47 | |||
| 48 | $(obj)/common.o: $(obj)/builtin-policy.h | ||