This patch abstracts out the generation of the lists of capabilities
and network protocol names to the common Make.rules file that is
included in most locations in the build tree, to allow it to be
re-used in the utils/ tree and possibly elsewhere.
It provides the lists in both make variables and as make targets.
It also sorts the resulting lists, which causes it to output differently
than the before case. I did confirm that the results for the generated
files used in the parser build were the same after taking the sorting
into account.
---
common/Make.rules | 34 ++++++++++++++++++++++++++++++++++
parser/Makefile | 16 ++++++----------
2 files changed, 40 insertions(+), 10 deletions(-)
Index: b/common/Make.rules
===================================================================
--- a/common/Make.rules
+++ b/common/Make.rules
@@ -151,6 +151,40 @@ _clean:
-rm -f ${MANPAGES} *.[0-9].gz ${HTMLMANPAGES} pod2htm*.tmp
# =====================
+# generate list of capabilities based on
+# /usr/include/sys/capabilities.h for use in multiple locations in
+# the source tree
+# =====================
+
+# emits defined capabilities in a simple list, e.g. "CAP_NAME CAP_NAME2"
+CAPABILITIES=$(shell echo "\#include <sys/capability.h>" | cpp -dM | LC_ALL=C
sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[
\t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort)
+
+.PHONY: list_capabilities
+list_capabilities: /usr/include/linux/capability.h
+ @echo "$(CAPABILITIES)"
+
+# =====================
+# generate list of network protocols based on
+# sys/socket.h for use in multiple locations in
+# the source tree
+# =====================
+
+# These are the families that it doesn't make sense for apparmor
+# to mediate. We use PF_ here since that is what is required in
+# bits/socket.h, but we will rewrite these as AF_.
+
+FILTER_FAMILIES=PF_UNSPEC PF_UNIX PF_LOCAL PF_NETLINK
+
+__FILTER=$(shell echo $(strip $(FILTER_FAMILIES)) | sed -e 's/ /\\\|/g')
+
+# emits the AF names in a "AF_NAME NUMBER," pattern
+AF_NAMES=$(shell echo "\#include <sys/socket.h>" | cpp -dM | LC_ALL=C sed -n
-e '/$(__FILTER)/d' -e 's/^\#define[ \t]\+PF_\([A-Z0-9_]\+\)[
\t]\+\([0-9]\+\).*$$/AF_\1 \2,/p' | sort -n -k2)
+
+.PHONY: list_af_names
+list_af_names:
+ @echo "$(AF_NAMES)"
+
+# =====================
# manpages
# =====================
Index: b/parser/Makefile
===================================================================
--- a/parser/Makefile
+++ b/parser/Makefile
@@ -207,22 +207,18 @@ parser_version.h: Makefile
@echo \#define PARSER_VERSION \"$(VERSION)\" > .ver
@mv -f .ver $@
-# These are the families that it doesn't make sense for apparmor to mediate.
-# We use PF_ here since that is what is required in bits/socket.h, but we will
-# rewrite these as AF_.
-FILTER_FAMILIES=PF_MAX PF_UNSPEC PF_UNIX PF_LOCAL PF_NETLINK
-
-
-__FILTER=$(shell echo $(strip $(FILTER_FAMILIES)) | sed -e 's/ /\\\|/g')
+# af_names and capabilities generation has moved to common/Make.rules,
+# as well as the filtering that occurs for network protocols that
+# apparmor should not mediate.
.PHONY: af_names.h
af_names.h:
- echo "#include <sys/socket.h>" | cpp -dM | LC_ALL=C sed -n -e
'/$(__FILTER)/d' -e "s/^\#define[ \\t]\\+PF_\\([A-Z0-9_]\\+\\)[
\\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/#ifndef AF_\\1\\n# define AF_\\1
\\2\\n#endif\\nAA_GEN_NET_ENT(\"\\L\\1\", \\UAF_\\1)\\n/p" > $@
- echo "#include <sys/socket.h>" | cpp -dM | LC_ALL=C sed -n -e
"s/^\#define[ \\t]\\+PF_MAX[ \\t]\\+\\([0-9]\\+\\)\\+.*/#define AA_AF_MAX
\\1\n/p" >> $@
+ echo "$(AF_NAMES)" | LC_ALL=C sed -n -e 's/[ \t]\?AF_MAX[
\t]\+[0-9]\+,//g' -e 's/[ \t]\+\?AF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\),/#ifndef
AF_\1\n# define AF_\1 \2\n#endif\nAA_GEN_NET_ENT("\L\1", \UAF_\1)\n\n/pg' > $@
+ echo "$(AF_NAMES)" | LC_ALL=C sed -n -e 's/.*,[ \t]\+AF_MAX[
\t]\+\([0-9]\+\),\?.*/#define AA_AF_MAX \1\n/p' >> $@
# cat $@
cap_names.h: /usr/include/linux/capability.h
- LC_ALL=C sed -n -e "/CAP_EMPTY_SET/d" -e "s/^\#define[
\\t]\\+CAP_\\([A-Z0-9_]\\+\\)[
\\t]\\+\\([0-9xa-f]\\+\\)\\(.*\\)\$$/\{\"\\L\\1\", \\UCAP_\\1\},/p" $< > $@
+ echo "$(CAPABILITIES)" | LC_ALL=C sed -n -e "s/[
\\t]\\?CAP_\\([A-Z0-9_]\\+\\)/\{\"\\L\\1\", \\UCAP_\\1\},\\n/pg" > $@
tst_%: parser_%.c parser.h $(filter-out parser_%.o, ${TEST_OBJECTS})
$(CC) $(TEST_CFLAGS) -o $@ $< $(filter-out $(<:.c=.o), ${TEST_OBJECTS})
$(TEST_LDFLAGS)
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
