linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 1/3] tomoyo: fix broken dependency on *.conf.default
@ 2023-01-07  7:47 Masahiro Yamada
  2023-01-07  7:47 ` [PATCH 2/3] tomoyo: avoid unneeded creation of builtin-policy.h Masahiro Yamada
  2023-01-07  7:47 ` [PATCH 3/3] tomoyo: Omit use of bin2c Masahiro Yamada
  0 siblings, 2 replies; 3+ messages in thread
From: Masahiro Yamada @ 2023-01-07  7:47 UTC (permalink / raw)
  To: linux-kernel, Kentaro Takeda, Tetsuo Handa
  Cc: linux-kbuild, Masahiro Yamada, James Morris, Michal Marek,
	Paul Moore, Serge E. Hallyn, linux-security-module

If *.conf.default is updated, builtin-policy.h should be rebuilt,
but this does not work when compiled with O= option.

[Without this commit]

  $ touch security/tomoyo/policy/exception_policy.conf.default
  $ make O=/tmp security/tomoyo/
  make[1]: Entering directory '/tmp'
    GEN     Makefile
    CALL    /home/masahiro/ref/linux/scripts/checksyscalls.sh
    DESCEND objtool
  make[1]: Leaving directory '/tmp'

[With this commit]

  $ touch security/tomoyo/policy/exception_policy.conf.default
  $ make O=/tmp security/tomoyo/
  make[1]: Entering directory '/tmp'
    GEN     Makefile
    CALL    /home/masahiro/ref/linux/scripts/checksyscalls.sh
    DESCEND objtool
    POLICY  security/tomoyo/builtin-policy.h
    CC      security/tomoyo/common.o
    AR      security/tomoyo/built-in.a
  make[1]: Leaving directory '/tmp'

$(srctree)/ is essential because $(wildcard ) does not follow VPATH.

Fixes: f02dee2d148b ("tomoyo: Do not generate empty policy files")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
---

 security/tomoyo/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/tomoyo/Makefile b/security/tomoyo/Makefile
index cca5a3012fee..221eaadffb09 100644
--- a/security/tomoyo/Makefile
+++ b/security/tomoyo/Makefile
@@ -10,7 +10,7 @@ endef
 quiet_cmd_policy  = POLICY  $@
       cmd_policy  = ($(call do_policy,profile); $(call do_policy,exception_policy); $(call do_policy,domain_policy); $(call do_policy,manager); $(call do_policy,stat)) >$@
 
-$(obj)/builtin-policy.h: $(wildcard $(obj)/policy/*.conf $(src)/policy/*.conf.default) FORCE
+$(obj)/builtin-policy.h: $(wildcard $(obj)/policy/*.conf $(srctree)/$(src)/policy/*.conf.default) FORCE
 	$(call if_changed,policy)
 
 $(obj)/common.o: $(obj)/builtin-policy.h
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [PATCH 2/3] tomoyo: avoid unneeded creation of builtin-policy.h
  2023-01-07  7:47 [PATCH 1/3] tomoyo: fix broken dependency on *.conf.default Masahiro Yamada
@ 2023-01-07  7:47 ` Masahiro Yamada
  2023-01-07  7:47 ` [PATCH 3/3] tomoyo: Omit use of bin2c Masahiro Yamada
  1 sibling, 0 replies; 3+ messages in thread
From: Masahiro Yamada @ 2023-01-07  7:47 UTC (permalink / raw)
  To: linux-kernel, Kentaro Takeda, Tetsuo Handa
  Cc: linux-kbuild, Masahiro Yamada, James Morris, Paul Moore,
	Serge E. Hallyn, linux-security-module

When CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y,
builtin-policy.h is unneeded.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
---

 security/tomoyo/Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/security/tomoyo/Makefile b/security/tomoyo/Makefile
index 221eaadffb09..1b18a02ccd2e 100644
--- a/security/tomoyo/Makefile
+++ b/security/tomoyo/Makefile
@@ -13,4 +13,6 @@ quiet_cmd_policy  = POLICY  $@
 $(obj)/builtin-policy.h: $(wildcard $(obj)/policy/*.conf $(srctree)/$(src)/policy/*.conf.default) FORCE
 	$(call if_changed,policy)
 
+ifndef CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
 $(obj)/common.o: $(obj)/builtin-policy.h
+endif
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [PATCH 3/3] tomoyo: Omit use of bin2c
  2023-01-07  7:47 [PATCH 1/3] tomoyo: fix broken dependency on *.conf.default Masahiro Yamada
  2023-01-07  7:47 ` [PATCH 2/3] tomoyo: avoid unneeded creation of builtin-policy.h Masahiro Yamada
@ 2023-01-07  7:47 ` Masahiro Yamada
  1 sibling, 0 replies; 3+ messages in thread
From: Masahiro Yamada @ 2023-01-07  7:47 UTC (permalink / raw)
  To: linux-kernel, Kentaro Takeda, Tetsuo Handa
  Cc: linux-kbuild, Masahiro Yamada, James Morris, Paul Moore,
	Serge E. Hallyn, linux-security-module

bin2c was, as its name implies, introduced to convert a binary file to
C code.

However, I did not see any good reason ever for using this tool because
using the .incbin directive is much faster, and often results in simpler
code.

Most of the uses of bin2c have been killed, for example:

  - 13610aa908dc ("kernel/configs: use .incbin directive to embed config_data.gz")
  - 4c0f032d4963 ("s390/purgatory: Omit use of bin2c")

security/tomoyo/Makefile has even less reason for using bin2c because
the policy files are text data. So, sed is enough for converting them
to C string literals, and what is nicer, generates human-readable
builtin-policy.h.

This is the last user of bin2c. After this commit lands, bin2c will be
removed.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
---

 security/tomoyo/Kconfig  |  1 -
 security/tomoyo/Makefile | 15 ++++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/security/tomoyo/Kconfig b/security/tomoyo/Kconfig
index b9f867100a9f..772d2ab58fd1 100644
--- a/security/tomoyo/Kconfig
+++ b/security/tomoyo/Kconfig
@@ -7,7 +7,6 @@ config SECURITY_TOMOYO
 	select SECURITY_PATH
 	select SECURITY_NETWORK
 	select SRCU
-	select BUILD_BIN2C
 	default n
 	help
 	  This selects TOMOYO Linux, pathname-based access control.
diff --git a/security/tomoyo/Makefile b/security/tomoyo/Makefile
index 1b18a02ccd2e..77358b7655fa 100644
--- a/security/tomoyo/Makefile
+++ b/security/tomoyo/Makefile
@@ -2,13 +2,14 @@
 obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o
 
 targets += builtin-policy.h
-define do_policy
-echo "static char tomoyo_builtin_$(1)[] __initdata ="; \
-$(objtree)/scripts/bin2c <$(firstword $(wildcard $(obj)/policy/$(1).conf $(srctree)/$(src)/policy/$(1).conf.default) /dev/null); \
-echo ";"
-endef
-quiet_cmd_policy  = POLICY  $@
-      cmd_policy  = ($(call do_policy,profile); $(call do_policy,exception_policy); $(call do_policy,domain_policy); $(call do_policy,manager); $(call do_policy,stat)) >$@
+
+quiet_cmd_policy = POLICY  $@
+      cmd_policy = { \
+	$(foreach x, profile exception_policy domain_policy manager stat, \
+	printf 'static char tomoyo_builtin_$x[] __initdata =\n'; \
+	sed 's/\(.*\)/\t"\1\\n"/' $(firstword $(filter %/$x.conf %/$x.conf.default, $^) /dev/null);  \
+	printf '\t"";\n';) \
+	} > $@
 
 $(obj)/builtin-policy.h: $(wildcard $(obj)/policy/*.conf $(srctree)/$(src)/policy/*.conf.default) FORCE
 	$(call if_changed,policy)
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-01-07  7:48 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-07  7:47 [PATCH 1/3] tomoyo: fix broken dependency on *.conf.default Masahiro Yamada
2023-01-07  7:47 ` [PATCH 2/3] tomoyo: avoid unneeded creation of builtin-policy.h Masahiro Yamada
2023-01-07  7:47 ` [PATCH 3/3] tomoyo: Omit use of bin2c Masahiro Yamada

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).