On 03/22/2012 10:06 AM, Steve Beattie wrote:
> This patch abstracts out the generation of the lists of capabilities
> and network protocol names to the common Make.rules file that is
> included in most locations in the build tree, to allow it to be
> re-used in the utils/ tree and possibly elsewhere.
>
> It provides the lists in both make variables and as make targets.
>
> It also sorts the resulting lists, which causes it to output differently
> than the before case. I did confirm that the results for the generated
> files used in the parser build were the same after taking the sorting
> into account.
>
Well I can wish that the ordering of af_names was the same to make the
comparison easier but it looks good. So
Acked-by: John Johansen <john.johan...@canonical.com>
> ---
> common/Make.rules | 34 ++++++++++++++++++++++++++++++++++
> parser/Makefile | 16 ++++++----------
> 2 files changed, 40 insertions(+), 10 deletions(-)
>
> Index: b/common/Make.rules
> ===================================================================
> --- a/common/Make.rules
> +++ b/common/Make.rules
> @@ -151,6 +151,40 @@ _clean:
> -rm -f ${MANPAGES} *.[0-9].gz ${HTMLMANPAGES} pod2htm*.tmp
>
> # =====================
> +# generate list of capabilities based on
> +# /usr/include/sys/capabilities.h for use in multiple locations in
> +# the source tree
> +# =====================
> +
> +# emits defined capabilities in a simple list, e.g. "CAP_NAME CAP_NAME2"
> +CAPABILITIES=$(shell echo "\#include <sys/capability.h>" | cpp -dM |
> LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[
> \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort)
> +
> +.PHONY: list_capabilities
> +list_capabilities: /usr/include/linux/capability.h
> + @echo "$(CAPABILITIES)"
> +
> +# =====================
> +# generate list of network protocols based on
> +# sys/socket.h for use in multiple locations in
> +# the source tree
> +# =====================
> +
> +# These are the families that it doesn't make sense for apparmor
> +# to mediate. We use PF_ here since that is what is required in
> +# bits/socket.h, but we will rewrite these as AF_.
> +
> +FILTER_FAMILIES=PF_UNSPEC PF_UNIX PF_LOCAL PF_NETLINK
> +
> +__FILTER=$(shell echo $(strip $(FILTER_FAMILIES)) | sed -e 's/ /\\\|/g')
> +
> +# emits the AF names in a "AF_NAME NUMBER," pattern
> +AF_NAMES=$(shell echo "\#include <sys/socket.h>" | cpp -dM | LC_ALL=C sed -n
> -e '/$(__FILTER)/d' -e 's/^\#define[ \t]\+PF_\([A-Z0-9_]\+\)[
> \t]\+\([0-9]\+\).*$$/AF_\1 \2,/p' | sort -n -k2)
> +
> +.PHONY: list_af_names
> +list_af_names:
> + @echo "$(AF_NAMES)"
> +
> +# =====================
> # manpages
> # =====================
>
> Index: b/parser/Makefile
> ===================================================================
> --- a/parser/Makefile
> +++ b/parser/Makefile
> @@ -207,22 +207,18 @@ parser_version.h: Makefile
> @echo \#define PARSER_VERSION \"$(VERSION)\" > .ver
> @mv -f .ver $@
>
> -# These are the families that it doesn't make sense for apparmor to mediate.
> -# We use PF_ here since that is what is required in bits/socket.h, but we
> will
> -# rewrite these as AF_.
> -FILTER_FAMILIES=PF_MAX PF_UNSPEC PF_UNIX PF_LOCAL PF_NETLINK
> -
> -
> -__FILTER=$(shell echo $(strip $(FILTER_FAMILIES)) | sed -e 's/ /\\\|/g')
> +# af_names and capabilities generation has moved to common/Make.rules,
> +# as well as the filtering that occurs for network protocols that
> +# apparmor should not mediate.
>
> .PHONY: af_names.h
> af_names.h:
> - echo "#include <sys/socket.h>" | cpp -dM | LC_ALL=C sed -n -e
> '/$(__FILTER)/d' -e "s/^\#define[ \\t]\\+PF_\\([A-Z0-9_]\\+\\)[
> \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/#ifndef AF_\\1\\n# define AF_\\1
> \\2\\n#endif\\nAA_GEN_NET_ENT(\"\\L\\1\", \\UAF_\\1)\\n/p" > $@
> - echo "#include <sys/socket.h>" | cpp -dM | LC_ALL=C sed -n -e
> "s/^\#define[ \\t]\\+PF_MAX[ \\t]\\+\\([0-9]\\+\\)\\+.*/#define AA_AF_MAX
> \\1\n/p" >> $@
> + echo "$(AF_NAMES)" | LC_ALL=C sed -n -e 's/[ \t]\?AF_MAX[
> \t]\+[0-9]\+,//g' -e 's/[ \t]\+\?AF_\([A-Z0-9_]\+\)[
> \t]\+\([0-9]\+\),/#ifndef AF_\1\n# define AF_\1
> \2\n#endif\nAA_GEN_NET_ENT("\L\1", \UAF_\1)\n\n/pg' > $@
> + echo "$(AF_NAMES)" | LC_ALL=C sed -n -e 's/.*,[ \t]\+AF_MAX[
> \t]\+\([0-9]\+\),\?.*/#define AA_AF_MAX \1\n/p' >> $@
> # cat $@
>
> cap_names.h: /usr/include/linux/capability.h
> - LC_ALL=C sed -n -e "/CAP_EMPTY_SET/d" -e "s/^\#define[
> \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[
> \\t]\\+\\([0-9xa-f]\\+\\)\\(.*\\)\$$/\{\"\\L\\1\", \\UCAP_\\1\},/p" $< > $@
> + echo "$(CAPABILITIES)" | LC_ALL=C sed -n -e "s/[
> \\t]\\?CAP_\\([A-Z0-9_]\\+\\)/\{\"\\L\\1\", \\UCAP_\\1\},\\n/pg" > $@
>
> tst_%: parser_%.c parser.h $(filter-out parser_%.o, ${TEST_OBJECTS})
> $(CC) $(TEST_CFLAGS) -o $@ $< $(filter-out $(<:.c=.o), ${TEST_OBJECTS})
> $(TEST_LDFLAGS)
>
>
> -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or
> unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
