| Message ID | 20240727-tomoyo-gen-file-v1-1-eb6439e837a1@suse.com (mailing list archive) |
|---|---|
| State | Handled Elsewhere |
| Headers | show |
| Series | [RFC] security: tomoyo: Add default builtin-policy.h for default policy | expand |
Hello, Michal and Masahiro. What do you think on this proposal? I guess that .gitignore needs to keep builtin-policy.h included, or "git diff" will complain if builtin-policy.h was rebuilt due to changes in policy/*.conf files. Regarding having default security/tomoyo/builtin-policy.h , is there a pitfall with modification time of security/tomoyo/builtin-policy.h and files involved in generating security/tomoyo/builtin-policy.h ? On 2024/07/28 9:51, Marcos Paulo de Souza wrote: > When checking tomoyo code there is an include for a file that is not > included on kernel-source since it's generated at build time, and the > kernel-source uses git archive to create the tarball. > > Having the source code referencing a file that is not included in the > tarball can confuse tools that inspect/parse code, since the file is not > there. > > The builtin-policy.h added is generated from the same default policy > that already exists on policy/ directory, so it doesn't break the > current usage of that file. > > Signed-off-by: Marcos Paulo de Souza <mpdesouza@suse.com> > --- > Hello, I sent this patch because we saw some issues while running > clang-extract[1] on tomoyo given CVE 2024-26622. Since clang-extract > parses the C files it failed to find builtin-policy.h. As a bandaid, I > had to add > -DCONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING > > to clang-extract (we feed the gcc arguments used to compile common.c got > from compile_commands.json on kernel-source). > > Per my tests it works with my patch, and I don't see why this would hurt > to have builtin-policy.h on git, since it would regenerate the file if > the policy scripts are changed. > > Please let me know if I'm missing something here. > > Thanks! > > [1]: https://github.com/SUSE/clang-extract > --- > security/tomoyo/.gitignore | 1 - > security/tomoyo/builtin-policy.h | 13 +++++++++++++ > 2 files changed, 13 insertions(+), 1 deletion(-) > > diff --git a/security/tomoyo/.gitignore b/security/tomoyo/.gitignore > index 9f300cdce362..85d086c6502d 100644 > --- a/security/tomoyo/.gitignore > +++ b/security/tomoyo/.gitignore > @@ -1,3 +1,2 @@ > # SPDX-License-Identifier: GPL-2.0-only > -builtin-policy.h > policy/*.conf > diff --git a/security/tomoyo/builtin-policy.h b/security/tomoyo/builtin-policy.h > new file mode 100644 > index 000000000000..781d35b3ccb3 > --- /dev/null > +++ b/security/tomoyo/builtin-policy.h > @@ -0,0 +1,13 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > +static char tomoyo_builtin_profile[] __initdata = > + ""; > +static char tomoyo_builtin_exception_policy[] __initdata = > + "initialize_domain /sbin/modprobe from any\n" > + "initialize_domain /sbin/hotplug from any\n" > + ""; > +static char tomoyo_builtin_domain_policy[] __initdata = > + ""; > +static char tomoyo_builtin_manager[] __initdata = > + ""; > +static char tomoyo_builtin_stat[] __initdata = > + ""; > > --- > base-commit: 910bfc26d16d07df5a2bfcbc63f0aa9d1397e2ef > change-id: 20240727-tomoyo-gen-file-fcfc3a0c0f46 > > Best regards,
diff --git a/security/tomoyo/.gitignore b/security/tomoyo/.gitignore index 9f300cdce362..85d086c6502d 100644 --- a/security/tomoyo/.gitignore +++ b/security/tomoyo/.gitignore @@ -1,3 +1,2 @@ # SPDX-License-Identifier: GPL-2.0-only -builtin-policy.h policy/*.conf diff --git a/security/tomoyo/builtin-policy.h b/security/tomoyo/builtin-policy.h new file mode 100644 index 000000000000..781d35b3ccb3 --- /dev/null +++ b/security/tomoyo/builtin-policy.h @@ -0,0 +1,13 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +static char tomoyo_builtin_profile[] __initdata = + ""; +static char tomoyo_builtin_exception_policy[] __initdata = + "initialize_domain /sbin/modprobe from any\n" + "initialize_domain /sbin/hotplug from any\n" + ""; +static char tomoyo_builtin_domain_policy[] __initdata = + ""; +static char tomoyo_builtin_manager[] __initdata = + ""; +static char tomoyo_builtin_stat[] __initdata = + "";
When checking tomoyo code there is an include for a file that is not included on kernel-source since it's generated at build time, and the kernel-source uses git archive to create the tarball. Having the source code referencing a file that is not included in the tarball can confuse tools that inspect/parse code, since the file is not there. The builtin-policy.h added is generated from the same default policy that already exists on policy/ directory, so it doesn't break the current usage of that file. Signed-off-by: Marcos Paulo de Souza <mpdesouza@suse.com> --- Hello, I sent this patch because we saw some issues while running clang-extract[1] on tomoyo given CVE 2024-26622. Since clang-extract parses the C files it failed to find builtin-policy.h. As a bandaid, I had to add -DCONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING to clang-extract (we feed the gcc arguments used to compile common.c got from compile_commands.json on kernel-source). Per my tests it works with my patch, and I don't see why this would hurt to have builtin-policy.h on git, since it would regenerate the file if the policy scripts are changed. Please let me know if I'm missing something here. Thanks! [1]: https://github.com/SUSE/clang-extract --- security/tomoyo/.gitignore | 1 - security/tomoyo/builtin-policy.h | 13 +++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) --- base-commit: 910bfc26d16d07df5a2bfcbc63f0aa9d1397e2ef change-id: 20240727-tomoyo-gen-file-fcfc3a0c0f46 Best regards,