diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/tomoyo/.gitignore | 2 | ||||
-rw-r--r-- | security/tomoyo/Kconfig | 1 | ||||
-rw-r--r-- | security/tomoyo/Makefile | 55 | ||||
-rw-r--r-- | security/tomoyo/policy/exception_policy.conf.default | 2 |
4 files changed, 15 insertions, 45 deletions
diff --git a/security/tomoyo/.gitignore b/security/tomoyo/.gitignore index 5caf1a6f5907..dc0f220a210b 100644 --- a/security/tomoyo/.gitignore +++ b/security/tomoyo/.gitignore | |||
@@ -1,2 +1,2 @@ | |||
1 | builtin-policy.h | 1 | builtin-policy.h |
2 | policy/ | 2 | policy/*.conf |
diff --git a/security/tomoyo/Kconfig b/security/tomoyo/Kconfig index 604e718d68d3..404dce66952a 100644 --- a/security/tomoyo/Kconfig +++ b/security/tomoyo/Kconfig | |||
@@ -6,6 +6,7 @@ config SECURITY_TOMOYO | |||
6 | select SECURITY_PATH | 6 | select SECURITY_PATH |
7 | select SECURITY_NETWORK | 7 | select SECURITY_NETWORK |
8 | select SRCU | 8 | select SRCU |
9 | select BUILD_BIN2C | ||
9 | default n | 10 | default n |
10 | help | 11 | help |
11 | This selects TOMOYO Linux, pathname-based access control. | 12 | This selects TOMOYO Linux, pathname-based access control. |
diff --git a/security/tomoyo/Makefile b/security/tomoyo/Makefile index 56a0c7be409e..65dbcb2fd850 100644 --- a/security/tomoyo/Makefile +++ b/security/tomoyo/Makefile | |||
@@ -1,48 +1,15 @@ | |||
1 | obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o | 1 | obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o |
2 | 2 | ||
3 | $(obj)/policy/profile.conf: | 3 | targets += builtin-policy.h |
4 | @mkdir -p $(obj)/policy/ | 4 | define do_policy |
5 | @echo Creating an empty policy/profile.conf | 5 | echo "static char tomoyo_builtin_$(1)[] __initdata ="; \ |
6 | @touch $@ | 6 | $(objtree)/scripts/basic/bin2c <$(firstword $(wildcard $(obj)/policy/$(1).conf $(srctree)/$(src)/policy/$(1).conf.default) /dev/null); \ |
7 | 7 | echo ";" | |
8 | $(obj)/policy/exception_policy.conf: | 8 | endef |
9 | @mkdir -p $(obj)/policy/ | 9 | quiet_cmd_policy = POLICY $@ |
10 | @echo Creating a default policy/exception_policy.conf | 10 | cmd_policy = ($(call do_policy,profile); $(call do_policy,exception_policy); $(call do_policy,domain_policy); $(call do_policy,manager); $(call do_policy,stat)) >$@ |
11 | @echo initialize_domain /sbin/modprobe from any >> $@ | 11 | |
12 | @echo initialize_domain /sbin/hotplug from any >> $@ | 12 | $(obj)/builtin-policy.h: $(wildcard $(obj)/policy/*.conf $(src)/policy/*.conf.default) FORCE |
13 | 13 | $(call if_changed,policy) | |
14 | $(obj)/policy/domain_policy.conf: | ||
15 | @mkdir -p $(obj)/policy/ | ||
16 | @echo Creating an empty policy/domain_policy.conf | ||
17 | @touch $@ | ||
18 | |||
19 | $(obj)/policy/manager.conf: | ||
20 | @mkdir -p $(obj)/policy/ | ||
21 | @echo Creating an empty policy/manager.conf | ||
22 | @touch $@ | ||
23 | |||
24 | $(obj)/policy/stat.conf: | ||
25 | @mkdir -p $(obj)/policy/ | ||
26 | @echo Creating an empty policy/stat.conf | ||
27 | @touch $@ | ||
28 | |||
29 | $(obj)/builtin-policy.h: $(obj)/policy/profile.conf $(obj)/policy/exception_policy.conf $(obj)/policy/domain_policy.conf $(obj)/policy/manager.conf $(obj)/policy/stat.conf | ||
30 | @echo Generating built-in policy for TOMOYO 2.5.x. | ||
31 | @echo "static char tomoyo_builtin_profile[] __initdata =" > $@.tmp | ||
32 | @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/profile.conf >> $@.tmp | ||
33 | @echo "\"\";" >> $@.tmp | ||
34 | @echo "static char tomoyo_builtin_exception_policy[] __initdata =" >> $@.tmp | ||
35 | @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/exception_policy.conf >> $@.tmp | ||
36 | @echo "\"\";" >> $@.tmp | ||
37 | @echo "static char tomoyo_builtin_domain_policy[] __initdata =" >> $@.tmp | ||
38 | @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/domain_policy.conf >> $@.tmp | ||
39 | @echo "\"\";" >> $@.tmp | ||
40 | @echo "static char tomoyo_builtin_manager[] __initdata =" >> $@.tmp | ||
41 | @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/manager.conf >> $@.tmp | ||
42 | @echo "\"\";" >> $@.tmp | ||
43 | @echo "static char tomoyo_builtin_stat[] __initdata =" >> $@.tmp | ||
44 | @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/stat.conf >> $@.tmp | ||
45 | @echo "\"\";" >> $@.tmp | ||
46 | @mv $@.tmp $@ | ||
47 | 14 | ||
48 | $(obj)/common.o: $(obj)/builtin-policy.h | 15 | $(obj)/common.o: $(obj)/builtin-policy.h |
diff --git a/security/tomoyo/policy/exception_policy.conf.default b/security/tomoyo/policy/exception_policy.conf.default new file mode 100644 index 000000000000..2678df4964ee --- /dev/null +++ b/security/tomoyo/policy/exception_policy.conf.default | |||
@@ -0,0 +1,2 @@ | |||
1 | initialize_domain /sbin/modprobe from any | ||
2 | initialize_domain /sbin/hotplug from any | ||