tomoyo: Do not generate empty policy files

The Makefile automatically generates the tomoyo policy files, which are not removed by make clean (because they could have been provided by the user). Instead of generating the missing files, use /dev/null if a given file is not provided. Store the default exception_policy in exception_policy.conf.default. Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Michal Marek <mmarek@suse.cz>
author: Michal Marek <mmarek@suse.cz> 2015-01-15 04:39:22 -0500
committer: Michal Marek <mmarek@suse.cz> 2015-04-07 15:27:45 -0400
commit: f02dee2d148ba854464e7dbf09f1241ee159173a (patch)
tree: 6fa1335874239c16a9cce8afe256d52d861ce753 /security
parent: bf7a9ab43c2f692bce4ee3ed1456f42c77eb1346 (diff)
3 files changed, 5 insertions, 29 deletions
diff --git a/security/tomoyo/.gitignore b/security/tomoyo/.gitignore
index 5caf1a6f5907..dc0f220a210b 100644
--- a/security/tomoyo/.gitignore
+++ b/security/tomoyo/.gitignore
@@ -1,2 +1,2 @@
 builtin-policy.h
-policy/
+policy/*.conf
diff --git a/security/tomoyo/Makefile b/security/tomoyo/Makefile
index ecdefb583fcf..65dbcb2fd850 100644
--- a/security/tomoyo/Makefile
+++ b/security/tomoyo/Makefile
@@ -1,41 +1,15 @@
 obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o
-$(obj)/policy/profile.conf:
-        @mkdir -p $(obj)/policy/
-        @echo Creating an empty policy/profile.conf
-        @touch $@
-$(obj)/policy/exception_policy.conf:
-        @mkdir -p $(obj)/policy/
-        @echo Creating a default policy/exception_policy.conf
-        @echo initialize_domain /sbin/modprobe from any >> $@
-        @echo initialize_domain /sbin/hotplug from any >> $@
-$(obj)/policy/domain_policy.conf:
-        @mkdir -p $(obj)/policy/
-        @echo Creating an empty policy/domain_policy.conf
-        @touch $@
-$(obj)/policy/manager.conf:
-        @mkdir -p $(obj)/policy/
-        @echo Creating an empty policy/manager.conf
-        @touch $@
-$(obj)/policy/stat.conf:
-        @mkdir -p $(obj)/policy/
-        @echo Creating an empty policy/stat.conf
-        @touch $@
 targets += builtin-policy.h
 define do_policy
 echo "static char tomoyo_builtin_$(1)[] __initdata ="; \
-$(objtree)/scripts/basic/bin2c <$(obj)/policy/$(1).conf; \
+$(objtree)/scripts/basic/bin2c <$(firstword $(wildcard $(obj)/policy/$(1).conf $(srctree)/$(src)/policy/$(1).conf.default) /dev/null); \
 echo ";"
 endef
 quiet_cmd_policy  = POLICY  $@
      cmd_policy  = ($(call do_policy,profile); $(call do_policy,exception_policy); $(call do_policy,domain_policy); $(call do_policy,manager); $(call do_policy,stat)) >$@
-$(obj)/builtin-policy.h: $(obj)/policy/profile.conf $(obj)/policy/exception_policy.conf $(obj)/policy/domain_policy.conf $(obj)/policy/manager.conf $(obj)/policy/stat.conf FORCE
+$(obj)/builtin-policy.h: $(wildcard $(obj)/policy/*.conf $(src)/policy/*.conf.default) FORCE
        $(call if_changed,policy)
 $(obj)/common.o: $(obj)/builtin-policy.h
diff --git a/security/tomoyo/policy/exception_policy.conf.default b/security/tomoyo/policy/exception_policy.conf.default
new file mode 100644
index 000000000000..2678df4964ee
--- /dev/null
+++ b/security/tomoyo/policy/exception_policy.conf.default
@@ -0,0 +1,2 @@
+initialize_domain /sbin/modprobe from any
+initialize_domain /sbin/hotplug from any
author	Michal Marek <mmarek@suse.cz>	2015-01-15 04:39:22 -0500
committer	Michal Marek <mmarek@suse.cz>	2015-04-07 15:27:45 -0400
commit	f02dee2d148ba854464e7dbf09f1241ee159173a (patch)
tree	6fa1335874239c16a9cce8afe256d52d861ce753 /security
parent	bf7a9ab43c2f692bce4ee3ed1456f42c77eb1346 (diff)

diff --git a/security/tomoyo/.gitignore b/security/tomoyo/.gitignore index 5caf1a6f5907..dc0f220a210b 100644 --- a/security/tomoyo/.gitignore +++ b/security/tomoyo/.gitignore
@@ -1,2 +1,2 @@
1	builtin-policy.h	1	builtin-policy.h
2	policy/	2	policy/*.conf


diff --git a/security/tomoyo/Makefile b/security/tomoyo/Makefile index ecdefb583fcf..65dbcb2fd850 100644 --- a/security/tomoyo/Makefile +++ b/security/tomoyo/Makefile
@@ -1,41 +1,15 @@
1	obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o	1	obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o
2		2
3	$(obj)/policy/profile.conf:
4	@mkdir -p $(obj)/policy/
5	@echo Creating an empty policy/profile.conf
6	@touch $@
7
8	$(obj)/policy/exception_policy.conf:
9	@mkdir -p $(obj)/policy/
10	@echo Creating a default policy/exception_policy.conf
11	@echo initialize_domain /sbin/modprobe from any >> $@
12	@echo initialize_domain /sbin/hotplug from any >> $@
13
14	$(obj)/policy/domain_policy.conf:
15	@mkdir -p $(obj)/policy/
16	@echo Creating an empty policy/domain_policy.conf
17	@touch $@
18
19	$(obj)/policy/manager.conf:
20	@mkdir -p $(obj)/policy/
21	@echo Creating an empty policy/manager.conf
22	@touch $@
23
24	$(obj)/policy/stat.conf:
25	@mkdir -p $(obj)/policy/
26	@echo Creating an empty policy/stat.conf
27	@touch $@
28
29	targets += builtin-policy.h	3	targets += builtin-policy.h
30	define do_policy	4	define do_policy
31	echo "static char tomoyo_builtin_$(1)[] __initdata ="; \	5	echo "static char tomoyo_builtin_$(1)[] __initdata ="; \
32	$(objtree)/scripts/basic/bin2c <$(obj)/policy/$(1).conf; \	6	$(objtree)/scripts/basic/bin2c <$(firstword $(wildcard $(obj)/policy/$(1).conf $(srctree)/$(src)/policy/$(1).conf.default) /dev/null); \
33	echo ";"	7	echo ";"
34	endef	8	endef
35	quiet_cmd_policy = POLICY $@	9	quiet_cmd_policy = POLICY $@
36	cmd_policy = ($(call do_policy,profile); $(call do_policy,exception_policy); $(call do_policy,domain_policy); $(call do_policy,manager); $(call do_policy,stat)) >$@	10	cmd_policy = ($(call do_policy,profile); $(call do_policy,exception_policy); $(call do_policy,domain_policy); $(call do_policy,manager); $(call do_policy,stat)) >$@
37		11
38	$(obj)/builtin-policy.h: $(obj)/policy/profile.conf $(obj)/policy/exception_policy.conf $(obj)/policy/domain_policy.conf $(obj)/policy/manager.conf $(obj)/policy/stat.conf FORCE	12	$(obj)/builtin-policy.h: $(wildcard $(obj)/policy/.conf $(src)/policy/.conf.default) FORCE
39	$(call if_changed,policy)	13	$(call if_changed,policy)
40		14
41	$(obj)/common.o: $(obj)/builtin-policy.h	15	$(obj)/common.o: $(obj)/builtin-policy.h


diff --git a/security/tomoyo/policy/exception_policy.conf.default b/security/tomoyo/policy/exception_policy.conf.default new file mode 100644 index 000000000000..2678df4964ee --- /dev/null +++ b/security/tomoyo/policy/exception_policy.conf.default
@@ -0,0 +1,2 @@
		1	initialize_domain /sbin/modprobe from any
		2	initialize_domain /sbin/hotplug from any