diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-01-10 17:30:47 +0000 |
---|---|---|
committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-01-10 17:30:47 +0000 |
commit | d05b3ddfdc8bb4c51c9764a6afaf7a3cce4a15fd (patch) | |
tree | 5de7abcce26a2b07ab1ce61e4ea903ac4345ace0 /tools/flask | |
parent | 58f88f9eb2f2b16f1870c592c3310593039096e8 (diff) | |
download | xen-d05b3ddfdc8bb4c51c9764a6afaf7a3cce4a15fd.tar.gz xen-d05b3ddfdc8bb4c51c9764a6afaf7a3cce4a15fd.tar.bz2 xen-d05b3ddfdc8bb4c51c9764a6afaf7a3cce4a15fd.zip |
flask: move policy headers into hypervisor
Rather than keeping around headers that are autogenerated in order to
avoid adding build dependencies from xen/ to files in tools/, move the
relevant parts of the FLASK policy into the hypervisor tree and
generate the headers as part of the hypervisor's build.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'tools/flask')
-rw-r--r-- | tools/flask/policy/Makefile | 2 | ||||
-rw-r--r-- | tools/flask/policy/policy/flask/Makefile | 41 | ||||
-rw-r--r-- | tools/flask/policy/policy/flask/mkaccess_vector.sh | 4 | ||||
-rw-r--r-- | tools/flask/policy/policy/flask/mkflask.sh | 6 |
4 files changed, 6 insertions, 47 deletions
diff --git a/tools/flask/policy/Makefile b/tools/flask/policy/Makefile index 5c25cbe952..3f5aa38d1c 100644 --- a/tools/flask/policy/Makefile +++ b/tools/flask/policy/Makefile @@ -61,7 +61,7 @@ LOADPOLICY := $(SBINDIR)/flask-loadpolicy # policy source layout POLDIR := policy MODDIR := $(POLDIR)/modules -FLASKDIR := $(POLDIR)/flask +FLASKDIR := ../../../xen/xsm/flask/policy SECCLASS := $(FLASKDIR)/security_classes ISIDS := $(FLASKDIR)/initial_sids AVS := $(FLASKDIR)/access_vectors diff --git a/tools/flask/policy/policy/flask/Makefile b/tools/flask/policy/policy/flask/Makefile deleted file mode 100644 index 5f57e88810..0000000000 --- a/tools/flask/policy/policy/flask/Makefile +++ /dev/null @@ -1,41 +0,0 @@ -# flask needs to know where to export the libselinux headers. -LIBSEL ?= ../../libselinux - -# flask needs to know where to export the kernel headers. -LINUXDIR ?= ../../../linux-2.6 - -AWK = awk - -CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ - else if [ -x /bin/bash ]; then echo /bin/bash; \ - else echo sh; fi ; fi) - -FLASK_H_DEPEND = security_classes initial_sids -AV_H_DEPEND = access_vectors - -FLASK_H_FILES = class_to_string.h flask.h initial_sid_to_string.h -AV_H_FILES = av_perm_to_string.h av_permissions.h -ALL_H_FILES = $(FLASK_H_FILES) $(AV_H_FILES) - -all: $(ALL_H_FILES) - -$(FLASK_H_FILES): $(FLASK_H_DEPEND) - $(CONFIG_SHELL) mkflask.sh $(AWK) $(FLASK_H_DEPEND) - -$(AV_H_FILES): $(AV_H_DEPEND) - $(CONFIG_SHELL) mkaccess_vector.sh $(AWK) $(AV_H_DEPEND) - -tolib: all - install -m 644 flask.h av_permissions.h $(LIBSEL)/include/selinux - install -m 644 class_to_string.h av_inherit.h common_perm_to_string.h av_perm_to_string.h $(LIBSEL)/src - -tokern: all - install -m 644 $(ALL_H_FILES) $(LINUXDIR)/security/selinux/include - -install: all - -relabel: - -clean: - rm -f $(FLASK_H_FILES) - rm -f $(AV_H_FILES) diff --git a/tools/flask/policy/policy/flask/mkaccess_vector.sh b/tools/flask/policy/policy/flask/mkaccess_vector.sh index 43a60a79e3..8ec87f7b8c 100644 --- a/tools/flask/policy/policy/flask/mkaccess_vector.sh +++ b/tools/flask/policy/policy/flask/mkaccess_vector.sh @@ -9,8 +9,8 @@ awk=$1 shift # output files -av_permissions="av_permissions.h" -av_perm_to_string="av_perm_to_string.h" +av_permissions="include/av_permissions.h" +av_perm_to_string="include/av_perm_to_string.h" cat $* | $awk " BEGIN { diff --git a/tools/flask/policy/policy/flask/mkflask.sh b/tools/flask/policy/policy/flask/mkflask.sh index 9c847549e2..e8d8fb5d2c 100644 --- a/tools/flask/policy/policy/flask/mkflask.sh +++ b/tools/flask/policy/policy/flask/mkflask.sh @@ -9,9 +9,9 @@ awk=$1 shift 1 # output file -output_file="flask.h" -debug_file="class_to_string.h" -debug_file2="initial_sid_to_string.h" +output_file="include/flask.h" +debug_file="include/class_to_string.h" +debug_file2="include/initial_sid_to_string.h" cat $* | $awk " BEGIN { |