aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/tomoyo/.gitignore2
-rw-r--r--security/tomoyo/Kconfig1
-rw-r--r--security/tomoyo/Makefile55
-rw-r--r--security/tomoyo/policy/exception_policy.conf.default2
4 files changed, 15 insertions, 45 deletions
diff --git a/security/tomoyo/.gitignore b/security/tomoyo/.gitignore
index 5caf1a6f5907..dc0f220a210b 100644
--- a/security/tomoyo/.gitignore
+++ b/security/tomoyo/.gitignore
@@ -1,2 +1,2 @@
1builtin-policy.h 1builtin-policy.h
2policy/ 2policy/*.conf
diff --git a/security/tomoyo/Kconfig b/security/tomoyo/Kconfig
index 604e718d68d3..404dce66952a 100644
--- a/security/tomoyo/Kconfig
+++ b/security/tomoyo/Kconfig
@@ -6,6 +6,7 @@ config SECURITY_TOMOYO
6 select SECURITY_PATH 6 select SECURITY_PATH
7 select SECURITY_NETWORK 7 select SECURITY_NETWORK
8 select SRCU 8 select SRCU
9 select BUILD_BIN2C
9 default n 10 default n
10 help 11 help
11 This selects TOMOYO Linux, pathname-based access control. 12 This selects TOMOYO Linux, pathname-based access control.
diff --git a/security/tomoyo/Makefile b/security/tomoyo/Makefile
index 56a0c7be409e..65dbcb2fd850 100644
--- a/security/tomoyo/Makefile
+++ b/security/tomoyo/Makefile
@@ -1,48 +1,15 @@
1obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o 1obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o
2 2
3$(obj)/policy/profile.conf: 3targets += builtin-policy.h
4 @mkdir -p $(obj)/policy/ 4define do_policy
5 @echo Creating an empty policy/profile.conf 5echo "static char tomoyo_builtin_$(1)[] __initdata ="; \
6 @touch $@ 6$(objtree)/scripts/basic/bin2c <$(firstword $(wildcard $(obj)/policy/$(1).conf $(srctree)/$(src)/policy/$(1).conf.default) /dev/null); \
7 7echo ";"
8$(obj)/policy/exception_policy.conf: 8endef
9 @mkdir -p $(obj)/policy/ 9quiet_cmd_policy = POLICY $@
10 @echo Creating a default policy/exception_policy.conf 10 cmd_policy = ($(call do_policy,profile); $(call do_policy,exception_policy); $(call do_policy,domain_policy); $(call do_policy,manager); $(call do_policy,stat)) >$@
11 @echo initialize_domain /sbin/modprobe from any >> $@ 11
12 @echo initialize_domain /sbin/hotplug from any >> $@ 12$(obj)/builtin-policy.h: $(wildcard $(obj)/policy/*.conf $(src)/policy/*.conf.default) FORCE
13 13 $(call if_changed,policy)
14$(obj)/policy/domain_policy.conf:
15 @mkdir -p $(obj)/policy/
16 @echo Creating an empty policy/domain_policy.conf
17 @touch $@
18
19$(obj)/policy/manager.conf:
20 @mkdir -p $(obj)/policy/
21 @echo Creating an empty policy/manager.conf
22 @touch $@
23
24$(obj)/policy/stat.conf:
25 @mkdir -p $(obj)/policy/
26 @echo Creating an empty policy/stat.conf
27 @touch $@
28
29$(obj)/builtin-policy.h: $(obj)/policy/profile.conf $(obj)/policy/exception_policy.conf $(obj)/policy/domain_policy.conf $(obj)/policy/manager.conf $(obj)/policy/stat.conf
30 @echo Generating built-in policy for TOMOYO 2.5.x.
31 @echo "static char tomoyo_builtin_profile[] __initdata =" > $@.tmp
32 @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/profile.conf >> $@.tmp
33 @echo "\"\";" >> $@.tmp
34 @echo "static char tomoyo_builtin_exception_policy[] __initdata =" >> $@.tmp
35 @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/exception_policy.conf >> $@.tmp
36 @echo "\"\";" >> $@.tmp
37 @echo "static char tomoyo_builtin_domain_policy[] __initdata =" >> $@.tmp
38 @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/domain_policy.conf >> $@.tmp
39 @echo "\"\";" >> $@.tmp
40 @echo "static char tomoyo_builtin_manager[] __initdata =" >> $@.tmp
41 @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/manager.conf >> $@.tmp
42 @echo "\"\";" >> $@.tmp
43 @echo "static char tomoyo_builtin_stat[] __initdata =" >> $@.tmp
44 @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/stat.conf >> $@.tmp
45 @echo "\"\";" >> $@.tmp
46 @mv $@.tmp $@
47 14
48$(obj)/common.o: $(obj)/builtin-policy.h 15$(obj)/common.o: $(obj)/builtin-policy.h
diff --git a/security/tomoyo/policy/exception_policy.conf.default b/security/tomoyo/policy/exception_policy.conf.default
new file mode 100644
index 000000000000..2678df4964ee
--- /dev/null
+++ b/security/tomoyo/policy/exception_policy.conf.default
@@ -0,0 +1,2 @@
1initialize_domain /sbin/modprobe from any
2initialize_domain /sbin/hotplug from any