^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) # SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) # Makefile for AppArmor Linux Security Module
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) #
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) apparmor-y := apparmorfs.o audit.o capability.o task.o ipc.o lib.o match.o \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) resource.o secid.o file.o policy_ns.o label.o mount.o net.o
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) apparmor-$(CONFIG_SECURITY_APPARMOR_HASH) += crypto.o
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) clean-files := capability_names.h rlim_names.h net_names.h
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) # Build a lower case string table of address family names
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) # Transform lines from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) # #define AF_LOCAL 1 /* POSIX name for AF_UNIX */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) # #define AF_INET 2 /* Internet IP Protocol */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) # to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) # [1] = "local",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) # [2] = "inet",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) # and build the securityfs entries for the mapping.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) # Transforms lines from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) # #define AF_INET 2 /* Internet IP Protocol */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) # to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) # #define AA_SFS_AF_MASK "local inet"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) quiet_cmd_make-af = GEN $@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) cmd_make-af = echo "static const char *address_family_names[] = {" > $@ ;\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) sed $< >>$@ -r -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e "/AF_ROUTE/d" -e \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+)(.*)/[\2] = "\L\1",/p';\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) echo "};" >> $@ ;\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) printf '%s' '\#define AA_SFS_AF_MASK "' >> $@ ;\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) sed -r -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e "/AF_ROUTE/d" -e \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+)(.*)/\L\1/p'\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) $< | tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) # Build a lower case string table of sock type names
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) # Transform lines from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) # SOCK_STREAM = 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) # to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) # [1] = "stream",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) quiet_cmd_make-sock = GEN $@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) cmd_make-sock = echo "static const char *sock_type_names[] = {" >> $@ ;\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) sed $^ >>$@ -r -n \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) -e 's/^\tSOCK_([A-Z0-9_]+)[\t]+=[ \t]+([0-9]+)(.*)/[\2] = "\L\1",/p';\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) echo "};" >> $@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) # Build a lower case string table of capability names
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) # Transforms lines from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) # #define CAP_DAC_OVERRIDE 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) # to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) # [1] = "dac_override",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) quiet_cmd_make-caps = GEN $@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) cmd_make-caps = echo "static const char *const capability_names[] = {" > $@ ;\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) sed $< >>$@ -r -n -e '/CAP_FS_MASK/d' \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/[\2] = "\L\1",/p';\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) echo "};" >> $@ ;\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) printf '%s' '\#define AA_SFS_CAPS_MASK "' >> $@ ;\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) sed $< -r -n -e '/CAP_FS_MASK/d' \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/\L\1/p' | \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) # Build a lower case string table of rlimit names.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) # Transforms lines from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) # #define RLIMIT_STACK 3 /* max stack size */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) # to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) # [RLIMIT_STACK] = "stack",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) #
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) # and build a second integer table (with the second sed cmd), that maps
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) # RLIMIT defines to the order defined in asm-generic/resource.h This is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) # required by policy load to map policy ordering of RLIMITs to internal
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) # ordering for architectures that redefine an RLIMIT.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) # Transforms lines from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) # #define RLIMIT_STACK 3 /* max stack size */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) # to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) # RLIMIT_STACK,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) #
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) # and build the securityfs entries for the mapping.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) # Transforms lines from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) # #define RLIMIT_FSIZE 1 /* Maximum filesize */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) # #define RLIMIT_STACK 3 /* max stack size */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) # to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) # #define AA_SFS_RLIMIT_MASK "fsize stack"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) quiet_cmd_make-rlim = GEN $@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) cmd_make-rlim = echo "static const char *const rlim_names[RLIM_NLIMITS] = {" \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) > $@ ;\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) sed $< >> $@ -r -n \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) -e 's/^\# ?define[ \t]+(RLIMIT_([A-Z0-9_]+)).*/[\1] = "\L\2",/p';\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) echo "};" >> $@ ;\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) echo "static const int rlim_map[RLIM_NLIMITS] = {" >> $@ ;\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) sed -r -n "s/^\# ?define[ \t]+(RLIMIT_[A-Z0-9_]+).*/\1,/p" $< >> $@ ;\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) echo "};" >> $@ ; \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) printf '%s' '\#define AA_SFS_RLIMIT_MASK "' >> $@ ;\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) sed -r -n 's/^\# ?define[ \t]+RLIMIT_([A-Z0-9_]+).*/\L\1/p' $< | \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) $(obj)/capability.o : $(obj)/capability_names.h
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) $(obj)/net.o : $(obj)/net_names.h
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) $(obj)/resource.o : $(obj)/rlim_names.h
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) $(obj)/capability_names.h : $(srctree)/include/uapi/linux/capability.h \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) $(src)/Makefile
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) $(call cmd,make-caps)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) $(obj)/rlim_names.h : $(srctree)/include/uapi/asm-generic/resource.h \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) $(src)/Makefile
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) $(call cmd,make-rlim)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) $(obj)/net_names.h : $(srctree)/include/linux/socket.h \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) $(srctree)/include/linux/net.h \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) $(src)/Makefile
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) $(call cmd,make-af)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) $(call cmd,make-sock)
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags