1# SPDX-License-Identifier: GPL-2.0 2# Makefile for AppArmor Linux Security Module 3# 4obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o 5 6apparmor-y := apparmorfs.o audit.o capability.o task.o ipc.o lib.o match.o \ 7 path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \ 8 resource.o secid.o file.o policy_ns.o label.o mount.o net.o 9apparmor-$(CONFIG_SECURITY_APPARMOR_HASH) += crypto.o 10 11obj-$(CONFIG_SECURITY_APPARMOR_KUNIT_TEST) += apparmor_policy_unpack_test.o 12apparmor_policy_unpack_test-objs += policy_unpack_test.o 13 14clean-files := capability_names.h rlim_names.h net_names.h 15 16# Build a lower case string table of address family names 17# Transform lines from 18# #define AF_LOCAL 1 /* POSIX name for AF_UNIX */ 19# #define AF_INET 2 /* Internet IP Protocol */ 20# to 21# [1] = "local", 22# [2] = "inet", 23# 24# and build the securityfs entries for the mapping. 25# Transforms lines from 26# #define AF_INET 2 /* Internet IP Protocol */ 27# to 28# #define AA_SFS_AF_MASK "local inet" 29quiet_cmd_make-af = GEN $@ 30cmd_make-af = echo "static const char *address_family_names[] = {" > $@ ;\ 31 sed $< >>$@ -r -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e "/AF_ROUTE/d" -e \ 32 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+)(.*)/[\2] = "\L\1",/p';\ 33 echo "};" >> $@ ;\ 34 printf '%s' '\#define AA_SFS_AF_MASK "' >> $@ ;\ 35 sed -r -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e "/AF_ROUTE/d" -e \ 36 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+)(.*)/\L\1/p'\ 37 $< | tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@ 38 39# Build a lower case string table of sock type names 40# Transform lines from 41# SOCK_STREAM = 1, 42# to 43# [1] = "stream", 44quiet_cmd_make-sock = GEN $@ 45cmd_make-sock = echo "static const char *sock_type_names[] = {" >> $@ ;\ 46 sed $^ >>$@ -r -n \ 47 -e 's/^\tSOCK_([A-Z0-9_]+)[\t]+=[ \t]+([0-9]+)(.*)/[\2] = "\L\1",/p';\ 48 echo "};" >> $@ 49 50# Build a lower case string table of capability names 51# Transforms lines from 52# #define CAP_DAC_OVERRIDE 1 53# to 54# [1] = "dac_override", 55quiet_cmd_make-caps = GEN $@ 56cmd_make-caps = echo "static const char *const capability_names[] = {" > $@ ;\ 57 sed $< >>$@ -r -n -e '/CAP_FS_MASK/d' \ 58 -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/[\2] = "\L\1",/p';\ 59 echo "};" >> $@ ;\ 60 printf '%s' '\#define AA_SFS_CAPS_MASK "' >> $@ ;\ 61 sed $< -r -n -e '/CAP_FS_MASK/d' \ 62 -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/\L\1/p' | \ 63 tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@ 64 65 66# Build a lower case string table of rlimit names. 67# Transforms lines from 68# #define RLIMIT_STACK 3 /* max stack size */ 69# to 70# [RLIMIT_STACK] = "stack", 71# 72# and build a second integer table (with the second sed cmd), that maps 73# RLIMIT defines to the order defined in asm-generic/resource.h This is 74# required by policy load to map policy ordering of RLIMITs to internal 75# ordering for architectures that redefine an RLIMIT. 76# Transforms lines from 77# #define RLIMIT_STACK 3 /* max stack size */ 78# to 79# RLIMIT_STACK, 80# 81# and build the securityfs entries for the mapping. 82# Transforms lines from 83# #define RLIMIT_FSIZE 1 /* Maximum filesize */ 84# #define RLIMIT_STACK 3 /* max stack size */ 85# to 86# #define AA_SFS_RLIMIT_MASK "fsize stack" 87quiet_cmd_make-rlim = GEN $@ 88cmd_make-rlim = echo "static const char *const rlim_names[RLIM_NLIMITS] = {" \ 89 > $@ ;\ 90 sed $< >> $@ -r -n \ 91 -e 's/^\# ?define[ \t]+(RLIMIT_([A-Z0-9_]+)).*/[\1] = "\L\2",/p';\ 92 echo "};" >> $@ ;\ 93 echo "static const int rlim_map[RLIM_NLIMITS] = {" >> $@ ;\ 94 sed -r -n "s/^\# ?define[ \t]+(RLIMIT_[A-Z0-9_]+).*/\1,/p" $< >> $@ ;\ 95 echo "};" >> $@ ; \ 96 printf '%s' '\#define AA_SFS_RLIMIT_MASK "' >> $@ ;\ 97 sed -r -n 's/^\# ?define[ \t]+RLIMIT_([A-Z0-9_]+).*/\L\1/p' $< | \ 98 tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@ 99 100$(obj)/capability.o : $(obj)/capability_names.h 101$(obj)/net.o : $(obj)/net_names.h 102$(obj)/resource.o : $(obj)/rlim_names.h 103$(obj)/capability_names.h : $(srctree)/include/uapi/linux/capability.h \ 104 $(src)/Makefile 105 $(call cmd,make-caps) 106$(obj)/rlim_names.h : $(srctree)/include/uapi/asm-generic/resource.h \ 107 $(src)/Makefile 108 $(call cmd,make-rlim) 109$(obj)/net_names.h : $(srctree)/include/linux/socket.h \ 110 $(srctree)/include/linux/net.h \ 111 $(src)/Makefile 112 $(call cmd,make-af) 113 $(call cmd,make-sock) 114