From d05b3ddfdc8bb4c51c9764a6afaf7a3cce4a15fd Mon Sep 17 00:00:00 2001 From: Daniel De Graaf Date: Thu, 10 Jan 2013 17:30:47 +0000 Subject: flask: move policy headers into hypervisor Rather than keeping around headers that are autogenerated in order to avoid adding build dependencies from xen/ to files in tools/, move the relevant parts of the FLASK policy into the hypervisor tree and generate the headers as part of the hypervisor's build. Signed-off-by: Daniel De Graaf Committed-by: Keir Fraser --- tools/flask/policy/Makefile | 2 +- tools/flask/policy/policy/flask/Makefile | 41 ---------------------- tools/flask/policy/policy/flask/mkaccess_vector.sh | 4 +-- tools/flask/policy/policy/flask/mkflask.sh | 6 ++-- 4 files changed, 6 insertions(+), 47 deletions(-) delete mode 100644 tools/flask/policy/policy/flask/Makefile (limited to 'tools/flask') diff --git a/tools/flask/policy/Makefile b/tools/flask/policy/Makefile index 5c25cbe952..3f5aa38d1c 100644 --- a/tools/flask/policy/Makefile +++ b/tools/flask/policy/Makefile @@ -61,7 +61,7 @@ LOADPOLICY := $(SBINDIR)/flask-loadpolicy # policy source layout POLDIR := policy MODDIR := $(POLDIR)/modules -FLASKDIR := $(POLDIR)/flask +FLASKDIR := ../../../xen/xsm/flask/policy SECCLASS := $(FLASKDIR)/security_classes ISIDS := $(FLASKDIR)/initial_sids AVS := $(FLASKDIR)/access_vectors diff --git a/tools/flask/policy/policy/flask/Makefile b/tools/flask/policy/policy/flask/Makefile deleted file mode 100644 index 5f57e88810..0000000000 --- a/tools/flask/policy/policy/flask/Makefile +++ /dev/null @@ -1,41 +0,0 @@ -# flask needs to know where to export the libselinux headers. -LIBSEL ?= ../../libselinux - -# flask needs to know where to export the kernel headers. -LINUXDIR ?= ../../../linux-2.6 - -AWK = awk - -CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ - else if [ -x /bin/bash ]; then echo /bin/bash; \ - else echo sh; fi ; fi) - -FLASK_H_DEPEND = security_classes initial_sids -AV_H_DEPEND = access_vectors - -FLASK_H_FILES = class_to_string.h flask.h initial_sid_to_string.h -AV_H_FILES = av_perm_to_string.h av_permissions.h -ALL_H_FILES = $(FLASK_H_FILES) $(AV_H_FILES) - -all: $(ALL_H_FILES) - -$(FLASK_H_FILES): $(FLASK_H_DEPEND) - $(CONFIG_SHELL) mkflask.sh $(AWK) $(FLASK_H_DEPEND) - -$(AV_H_FILES): $(AV_H_DEPEND) - $(CONFIG_SHELL) mkaccess_vector.sh $(AWK) $(AV_H_DEPEND) - -tolib: all - install -m 644 flask.h av_permissions.h $(LIBSEL)/include/selinux - install -m 644 class_to_string.h av_inherit.h common_perm_to_string.h av_perm_to_string.h $(LIBSEL)/src - -tokern: all - install -m 644 $(ALL_H_FILES) $(LINUXDIR)/security/selinux/include - -install: all - -relabel: - -clean: - rm -f $(FLASK_H_FILES) - rm -f $(AV_H_FILES) diff --git a/tools/flask/policy/policy/flask/mkaccess_vector.sh b/tools/flask/policy/policy/flask/mkaccess_vector.sh index 43a60a79e3..8ec87f7b8c 100644 --- a/tools/flask/policy/policy/flask/mkaccess_vector.sh +++ b/tools/flask/policy/policy/flask/mkaccess_vector.sh @@ -9,8 +9,8 @@ awk=$1 shift # output files -av_permissions="av_permissions.h" -av_perm_to_string="av_perm_to_string.h" +av_permissions="include/av_permissions.h" +av_perm_to_string="include/av_perm_to_string.h" cat $* | $awk " BEGIN { diff --git a/tools/flask/policy/policy/flask/mkflask.sh b/tools/flask/policy/policy/flask/mkflask.sh index 9c847549e2..e8d8fb5d2c 100644 --- a/tools/flask/policy/policy/flask/mkflask.sh +++ b/tools/flask/policy/policy/flask/mkflask.sh @@ -9,9 +9,9 @@ awk=$1 shift 1 # output file -output_file="flask.h" -debug_file="class_to_string.h" -debug_file2="initial_sid_to_string.h" +output_file="include/flask.h" +debug_file="include/class_to_string.h" +debug_file2="include/initial_sid_to_string.h" cat $* | $awk " BEGIN { -- cgit v1.2.3