From 7e114bbf51fbb015dc25d8123e090afcce5b5048 Mon Sep 17 00:00:00 2001
From: Michal Marek <mmarek@suse.cz>
Date: Fri, 9 Jan 2015 14:08:26 +0100
Subject: tomoyo: Use bin2c to generate builtin-policy.h

Simplify the Makefile by using a readily available tool instead of a
custom sed script. The downside is that builtin-policy.h becomes
unreadable for humans, but it is only a generated file.

Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Michal Marek <mmarek@suse.cz>
---
 security/tomoyo/Makefile | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

(limited to 'security/tomoyo/Makefile')

diff --git a/security/tomoyo/Makefile b/security/tomoyo/Makefile
index 56a0c7be409e..a6c02a5948b6 100644
--- a/security/tomoyo/Makefile
+++ b/security/tomoyo/Makefile
@@ -29,20 +29,20 @@ $(obj)/policy/stat.conf:
 $(obj)/builtin-policy.h: $(obj)/policy/profile.conf $(obj)/policy/exception_policy.conf $(obj)/policy/domain_policy.conf $(obj)/policy/manager.conf $(obj)/policy/stat.conf
 	@echo Generating built-in policy for TOMOYO 2.5.x.
 	@echo "static char tomoyo_builtin_profile[] __initdata =" > $@.tmp
-	@sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/profile.conf >> $@.tmp
-	@echo "\"\";" >> $@.tmp
+	@$(objtree)/scripts/basic/bin2c < $(obj)/policy/profile.conf >> $@.tmp
+	@echo ";" >> $@.tmp
 	@echo "static char tomoyo_builtin_exception_policy[] __initdata =" >> $@.tmp
-	@sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/exception_policy.conf >> $@.tmp
-	@echo "\"\";" >> $@.tmp
+	@$(objtree)/scripts/basic/bin2c < $(obj)/policy/exception_policy.conf >> $@.tmp
+	@echo ";" >> $@.tmp
 	@echo "static char tomoyo_builtin_domain_policy[] __initdata =" >> $@.tmp
-	@sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/domain_policy.conf >> $@.tmp
-	@echo "\"\";" >> $@.tmp
+	@$(objtree)/scripts/basic/bin2c < $(obj)/policy/domain_policy.conf >> $@.tmp
+	@echo ";" >> $@.tmp
 	@echo "static char tomoyo_builtin_manager[] __initdata =" >> $@.tmp
-	@sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/manager.conf >> $@.tmp
-	@echo "\"\";" >> $@.tmp
+	@$(objtree)/scripts/basic/bin2c < $(obj)/policy/manager.conf >> $@.tmp
+	@echo ";" >> $@.tmp
 	@echo "static char tomoyo_builtin_stat[] __initdata =" >> $@.tmp
-	@sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/stat.conf >> $@.tmp
-	@echo "\"\";" >> $@.tmp
+	@$(objtree)/scripts/basic/bin2c < $(obj)/policy/stat.conf >> $@.tmp
+	@echo ";" >> $@.tmp
 	@mv $@.tmp $@
 
 $(obj)/common.o: $(obj)/builtin-policy.h
-- 
cgit v1.2.3-59-g8ed1b


From bf7a9ab43c2f692bce4ee3ed1456f42c77eb1346 Mon Sep 17 00:00:00 2001
From: Michal Marek <mmarek@suse.cz>
Date: Fri, 9 Jan 2015 14:36:27 +0100
Subject: tomoyo: Use if_changed when generating builtin-policy.h

Combine the generation of builtin-policy.h into a single command and use
if_changed, so that the file is regenerated each time the command
changes. The next patch will make use of this.

Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Michal Marek <mmarek@suse.cz>
---
 security/tomoyo/Makefile | 29 +++++++++++------------------
 1 file changed, 11 insertions(+), 18 deletions(-)

(limited to 'security/tomoyo/Makefile')

diff --git a/security/tomoyo/Makefile b/security/tomoyo/Makefile
index a6c02a5948b6..ecdefb583fcf 100644
--- a/security/tomoyo/Makefile
+++ b/security/tomoyo/Makefile
@@ -26,23 +26,16 @@ $(obj)/policy/stat.conf:
 	@echo Creating an empty policy/stat.conf
 	@touch $@
 
-$(obj)/builtin-policy.h: $(obj)/policy/profile.conf $(obj)/policy/exception_policy.conf $(obj)/policy/domain_policy.conf $(obj)/policy/manager.conf $(obj)/policy/stat.conf
-	@echo Generating built-in policy for TOMOYO 2.5.x.
-	@echo "static char tomoyo_builtin_profile[] __initdata =" > $@.tmp
-	@$(objtree)/scripts/basic/bin2c < $(obj)/policy/profile.conf >> $@.tmp
-	@echo ";" >> $@.tmp
-	@echo "static char tomoyo_builtin_exception_policy[] __initdata =" >> $@.tmp
-	@$(objtree)/scripts/basic/bin2c < $(obj)/policy/exception_policy.conf >> $@.tmp
-	@echo ";" >> $@.tmp
-	@echo "static char tomoyo_builtin_domain_policy[] __initdata =" >> $@.tmp
-	@$(objtree)/scripts/basic/bin2c < $(obj)/policy/domain_policy.conf >> $@.tmp
-	@echo ";" >> $@.tmp
-	@echo "static char tomoyo_builtin_manager[] __initdata =" >> $@.tmp
-	@$(objtree)/scripts/basic/bin2c < $(obj)/policy/manager.conf >> $@.tmp
-	@echo ";" >> $@.tmp
-	@echo "static char tomoyo_builtin_stat[] __initdata =" >> $@.tmp
-	@$(objtree)/scripts/basic/bin2c < $(obj)/policy/stat.conf >> $@.tmp
-	@echo ";" >> $@.tmp
-	@mv $@.tmp $@
+targets += builtin-policy.h
+define do_policy
+echo "static char tomoyo_builtin_$(1)[] __initdata ="; \
+$(objtree)/scripts/basic/bin2c <$(obj)/policy/$(1).conf; \
+echo ";"
+endef
+quiet_cmd_policy  = POLICY  $@
+      cmd_policy  = ($(call do_policy,profile); $(call do_policy,exception_policy); $(call do_policy,domain_policy); $(call do_policy,manager); $(call do_policy,stat)) >$@
+
+$(obj)/builtin-policy.h: $(obj)/policy/profile.conf $(obj)/policy/exception_policy.conf $(obj)/policy/domain_policy.conf $(obj)/policy/manager.conf $(obj)/policy/stat.conf FORCE
+	$(call if_changed,policy)
 
 $(obj)/common.o: $(obj)/builtin-policy.h
-- 
cgit v1.2.3-59-g8ed1b


From f02dee2d148ba854464e7dbf09f1241ee159173a Mon Sep 17 00:00:00 2001
From: Michal Marek <mmarek@suse.cz>
Date: Thu, 15 Jan 2015 10:39:22 +0100
Subject: tomoyo: Do not generate empty policy files

The Makefile automatically generates the tomoyo policy files, which are
not removed by make clean (because they could have been provided by the
user). Instead of generating the missing files, use /dev/null if a
given file is not provided. Store the default exception_policy in
exception_policy.conf.default.

Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Michal Marek <mmarek@suse.cz>
---
 security/tomoyo/.gitignore                         |  2 +-
 security/tomoyo/Makefile                           | 30 ++--------------------
 .../tomoyo/policy/exception_policy.conf.default    |  2 ++
 3 files changed, 5 insertions(+), 29 deletions(-)
 create mode 100644 security/tomoyo/policy/exception_policy.conf.default

(limited to 'security/tomoyo/Makefile')

diff --git a/security/tomoyo/.gitignore b/security/tomoyo/.gitignore
index 5caf1a6f5907..dc0f220a210b 100644
--- a/security/tomoyo/.gitignore
+++ b/security/tomoyo/.gitignore
@@ -1,2 +1,2 @@
 builtin-policy.h
-policy/
+policy/*.conf
diff --git a/security/tomoyo/Makefile b/security/tomoyo/Makefile
index ecdefb583fcf..65dbcb2fd850 100644
--- a/security/tomoyo/Makefile
+++ b/security/tomoyo/Makefile
@@ -1,41 +1,15 @@
 obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o
 
-$(obj)/policy/profile.conf:
-	@mkdir -p $(obj)/policy/
-	@echo Creating an empty policy/profile.conf
-	@touch $@
-
-$(obj)/policy/exception_policy.conf:
-	@mkdir -p $(obj)/policy/
-	@echo Creating a default policy/exception_policy.conf
-	@echo initialize_domain /sbin/modprobe from any >> $@
-	@echo initialize_domain /sbin/hotplug from any >> $@
-
-$(obj)/policy/domain_policy.conf:
-	@mkdir -p $(obj)/policy/
-	@echo Creating an empty policy/domain_policy.conf
-	@touch $@
-
-$(obj)/policy/manager.conf:
-	@mkdir -p $(obj)/policy/
-	@echo Creating an empty policy/manager.conf
-	@touch $@
-
-$(obj)/policy/stat.conf:
-	@mkdir -p $(obj)/policy/
-	@echo Creating an empty policy/stat.conf
-	@touch $@
-
 targets += builtin-policy.h
 define do_policy
 echo "static char tomoyo_builtin_$(1)[] __initdata ="; \
-$(objtree)/scripts/basic/bin2c <$(obj)/policy/$(1).conf; \
+$(objtree)/scripts/basic/bin2c <$(firstword $(wildcard $(obj)/policy/$(1).conf $(srctree)/$(src)/policy/$(1).conf.default) /dev/null); \
 echo ";"
 endef
 quiet_cmd_policy  = POLICY  $@
       cmd_policy  = ($(call do_policy,profile); $(call do_policy,exception_policy); $(call do_policy,domain_policy); $(call do_policy,manager); $(call do_policy,stat)) >$@
 
-$(obj)/builtin-policy.h: $(obj)/policy/profile.conf $(obj)/policy/exception_policy.conf $(obj)/policy/domain_policy.conf $(obj)/policy/manager.conf $(obj)/policy/stat.conf FORCE
+$(obj)/builtin-policy.h: $(wildcard $(obj)/policy/*.conf $(src)/policy/*.conf.default) FORCE
 	$(call if_changed,policy)
 
 $(obj)/common.o: $(obj)/builtin-policy.h
diff --git a/security/tomoyo/policy/exception_policy.conf.default b/security/tomoyo/policy/exception_policy.conf.default
new file mode 100644
index 000000000000..2678df4964ee
--- /dev/null
+++ b/security/tomoyo/policy/exception_policy.conf.default
@@ -0,0 +1,2 @@
+initialize_domain /sbin/modprobe from any
+initialize_domain /sbin/hotplug from any
-- 
cgit v1.2.3-59-g8ed1b