From patchwork Sat Jan 7 07:47:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahiro Yamada X-Patchwork-Id: 13091987 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 352DAC46467 for ; Sat, 7 Jan 2023 07:47:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229602AbjAGHr6 (ORCPT ); Sat, 7 Jan 2023 02:47:58 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47404 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229468AbjAGHr5 (ORCPT ); Sat, 7 Jan 2023 02:47:57 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D1352848CD; Fri, 6 Jan 2023 23:47:56 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3DD3B608C3; Sat, 7 Jan 2023 07:47:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1F5AAC433D2; Sat, 7 Jan 2023 07:47:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1673077675; bh=ePoHU4GENwIfAdeBcPaqU+CazliNAW/mfkD74kveQSE=; h=From:To:Cc:Subject:Date:From; b=EARISaexCJgsuI1qYC7HkNS6XgtOzyD2kMMUX93hH15nIeJuIURFAkLiPjsDmfJlU JXVymnYlboNjuQb+asz7oHo5XxbVnkaR8KovfE7B7ctrMMxm077UQ9dgzc4JoJCaWA QUYnburKZuINVt5PNTg4Ur4YYvH5WDX3X6tuh+FYUk/tlUCNQLVY4teitmnvLEUDDb ILBFLtQ5zZ6QEpunjc+HNRaVlDHykUL0Q2AX53F+vjb5jmrRz388DQbC/s/dIAH4kb nm9060g5Lzkd5THkKaXfY3/jOmsj5cfS+XYsvCYFht+N2uUTGO73qq1RiPe3RtGgLU ryiLS1qHG60Sw== From: Masahiro Yamada To: linux-kernel@vger.kernel.org, Kentaro Takeda , Tetsuo Handa Cc: linux-kbuild@vger.kernel.org, Masahiro Yamada , James Morris , Michal Marek , Paul Moore , "Serge E. Hallyn" , linux-security-module@vger.kernel.org Subject: [PATCH 1/3] tomoyo: fix broken dependency on *.conf.default Date: Sat, 7 Jan 2023 16:47:41 +0900 Message-Id: <20230107074743.3352242-1-masahiroy@kernel.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org If *.conf.default is updated, builtin-policy.h should be rebuilt, but this does not work when compiled with O= option. [Without this commit] $ touch security/tomoyo/policy/exception_policy.conf.default $ make O=/tmp security/tomoyo/ make[1]: Entering directory '/tmp' GEN Makefile CALL /home/masahiro/ref/linux/scripts/checksyscalls.sh DESCEND objtool make[1]: Leaving directory '/tmp' [With this commit] $ touch security/tomoyo/policy/exception_policy.conf.default $ make O=/tmp security/tomoyo/ make[1]: Entering directory '/tmp' GEN Makefile CALL /home/masahiro/ref/linux/scripts/checksyscalls.sh DESCEND objtool POLICY security/tomoyo/builtin-policy.h CC security/tomoyo/common.o AR security/tomoyo/built-in.a make[1]: Leaving directory '/tmp' $(srctree)/ is essential because $(wildcard ) does not follow VPATH. Fixes: f02dee2d148b ("tomoyo: Do not generate empty policy files") Signed-off-by: Masahiro Yamada --- security/tomoyo/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/tomoyo/Makefile b/security/tomoyo/Makefile index cca5a3012fee..221eaadffb09 100644 --- a/security/tomoyo/Makefile +++ b/security/tomoyo/Makefile @@ -10,7 +10,7 @@ endef quiet_cmd_policy = POLICY $@ cmd_policy = ($(call do_policy,profile); $(call do_policy,exception_policy); $(call do_policy,domain_policy); $(call do_policy,manager); $(call do_policy,stat)) >$@ -$(obj)/builtin-policy.h: $(wildcard $(obj)/policy/*.conf $(src)/policy/*.conf.default) FORCE +$(obj)/builtin-policy.h: $(wildcard $(obj)/policy/*.conf $(srctree)/$(src)/policy/*.conf.default) FORCE $(call if_changed,policy) $(obj)/common.o: $(obj)/builtin-policy.h From patchwork Sat Jan 7 07:47:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahiro Yamada X-Patchwork-Id: 13091988 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 14890C46467 for ; Sat, 7 Jan 2023 07:48:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231470AbjAGHsE (ORCPT ); Sat, 7 Jan 2023 02:48:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47426 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230454AbjAGHsA (ORCPT ); Sat, 7 Jan 2023 02:48:00 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 73B5684BD2; Fri, 6 Jan 2023 23:48:00 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 0F6F5601D2; Sat, 7 Jan 2023 07:48:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 527D0C433F1; Sat, 7 Jan 2023 07:47:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1673077679; bh=hqHvkpN/5QY5kQ1YmgQ/2OzEEuyZYjiS1pSN/GVMGhg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YVRk40e/oAnznXDkuXepm//q4JFO2oAB1e9wklbaybrFCFVYoboqTxmYvTCRa7zbb TCRqd/GAyZ5Du2XPDaUTlF60qex5IGiaH/LCXw5SQvQ1VJv766W8rQHBldWZgisgBS 2vGIDCLsk5z1d/w2CW2ZgFM9+n/DqrYL62x0dW5u2t8uBlFngSW7NVhUSYW+hA326/ 2ina9ctKNdaW1W/+lWNxTGDqLvLwNaQaDY1gB1KMJKqaZR/4A/ypMa+P4l4Tcya+lv OhxAR/Pq6k6ZdY4wnPMi1aH46R24/wVOo4jmnZYCkJwgFV08YpKFF7PbKVmftyfiYb IY0SJQlQ16lIQ== From: Masahiro Yamada To: linux-kernel@vger.kernel.org, Kentaro Takeda , Tetsuo Handa Cc: linux-kbuild@vger.kernel.org, Masahiro Yamada , James Morris , Paul Moore , "Serge E. Hallyn" , linux-security-module@vger.kernel.org Subject: [PATCH 2/3] tomoyo: avoid unneeded creation of builtin-policy.h Date: Sat, 7 Jan 2023 16:47:42 +0900 Message-Id: <20230107074743.3352242-2-masahiroy@kernel.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230107074743.3352242-1-masahiroy@kernel.org> References: <20230107074743.3352242-1-masahiroy@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org When CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y, builtin-policy.h is unneeded. Signed-off-by: Masahiro Yamada --- security/tomoyo/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/security/tomoyo/Makefile b/security/tomoyo/Makefile index 221eaadffb09..1b18a02ccd2e 100644 --- a/security/tomoyo/Makefile +++ b/security/tomoyo/Makefile @@ -13,4 +13,6 @@ quiet_cmd_policy = POLICY $@ $(obj)/builtin-policy.h: $(wildcard $(obj)/policy/*.conf $(srctree)/$(src)/policy/*.conf.default) FORCE $(call if_changed,policy) +ifndef CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING $(obj)/common.o: $(obj)/builtin-policy.h +endif From patchwork Sat Jan 7 07:47:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahiro Yamada X-Patchwork-Id: 13091989 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73D8FC46467 for ; Sat, 7 Jan 2023 07:48:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236463AbjAGHsM (ORCPT ); Sat, 7 Jan 2023 02:48:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47538 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231819AbjAGHsI (ORCPT ); Sat, 7 Jan 2023 02:48:08 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A5240848D7; Fri, 6 Jan 2023 23:48:06 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 1760FB81EBD; Sat, 7 Jan 2023 07:48:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0C07CC433A0; Sat, 7 Jan 2023 07:47:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1673077683; bh=RTLKdjUECYDxN3vnqCPtfGzhyPkDlqfYSeIu5deVu7c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=juaCeWzoPppUgCgLAK5poNkr4NGkQHZChSrHnc6v0NXJUrh/bjqfPkLLJPfoKrS/S Kx2/niq7Ryk1XIu6Vgc7/0AuEl3+yDECZmIlzNMlN0zeSfbGPQngtfly6fFfUy/nmT hVJymkx4kloc6n/XAgK171QkYSC/K0V7H5JzTeuaf1mchFVqjlN6S2lTmr25uAQmym iShi9MiZPF7mrU0/57SbX/qydgO1NYZNsY2Q5z9NAhTWPhb7OnPewDMX3OIlMwJoVf D14jYp1rTpsU65bAx2rjXncUys3JFYCTVcdBINy4xyS5x6YU0gVS5xOBU8e66lT1kV 4fSPQ/T5rKP0A== From: Masahiro Yamada To: linux-kernel@vger.kernel.org, Kentaro Takeda , Tetsuo Handa Cc: linux-kbuild@vger.kernel.org, Masahiro Yamada , James Morris , Paul Moore , "Serge E. Hallyn" , linux-security-module@vger.kernel.org Subject: [PATCH 3/3] tomoyo: Omit use of bin2c Date: Sat, 7 Jan 2023 16:47:43 +0900 Message-Id: <20230107074743.3352242-3-masahiroy@kernel.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230107074743.3352242-1-masahiroy@kernel.org> References: <20230107074743.3352242-1-masahiroy@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org bin2c was, as its name implies, introduced to convert a binary file to C code. However, I did not see any good reason ever for using this tool because using the .incbin directive is much faster, and often results in simpler code. Most of the uses of bin2c have been killed, for example: - 13610aa908dc ("kernel/configs: use .incbin directive to embed config_data.gz") - 4c0f032d4963 ("s390/purgatory: Omit use of bin2c") security/tomoyo/Makefile has even less reason for using bin2c because the policy files are text data. So, sed is enough for converting them to C string literals, and what is nicer, generates human-readable builtin-policy.h. This is the last user of bin2c. After this commit lands, bin2c will be removed. Signed-off-by: Masahiro Yamada --- security/tomoyo/Kconfig | 1 - security/tomoyo/Makefile | 15 ++++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/security/tomoyo/Kconfig b/security/tomoyo/Kconfig index b9f867100a9f..772d2ab58fd1 100644 --- a/security/tomoyo/Kconfig +++ b/security/tomoyo/Kconfig @@ -7,7 +7,6 @@ config SECURITY_TOMOYO select SECURITY_PATH select SECURITY_NETWORK select SRCU - select BUILD_BIN2C default n help This selects TOMOYO Linux, pathname-based access control. diff --git a/security/tomoyo/Makefile b/security/tomoyo/Makefile index 1b18a02ccd2e..77358b7655fa 100644 --- a/security/tomoyo/Makefile +++ b/security/tomoyo/Makefile @@ -2,13 +2,14 @@ obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o targets += builtin-policy.h -define do_policy -echo "static char tomoyo_builtin_$(1)[] __initdata ="; \ -$(objtree)/scripts/bin2c <$(firstword $(wildcard $(obj)/policy/$(1).conf $(srctree)/$(src)/policy/$(1).conf.default) /dev/null); \ -echo ";" -endef -quiet_cmd_policy = POLICY $@ - cmd_policy = ($(call do_policy,profile); $(call do_policy,exception_policy); $(call do_policy,domain_policy); $(call do_policy,manager); $(call do_policy,stat)) >$@ + +quiet_cmd_policy = POLICY $@ + cmd_policy = { \ + $(foreach x, profile exception_policy domain_policy manager stat, \ + printf 'static char tomoyo_builtin_$x[] __initdata =\n'; \ + sed 's/\(.*\)/\t"\1\\n"/' $(firstword $(filter %/$x.conf %/$x.conf.default, $^) /dev/null); \ + printf '\t"";\n';) \ + } > $@ $(obj)/builtin-policy.h: $(wildcard $(obj)/policy/*.conf $(srctree)/$(src)/policy/*.conf.default) FORCE $(call if_changed,policy)