Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Makefile: add target rebuild-interface-db #201

Merged
merged 3 commits into from Jun 3, 2020
Merged

Makefile: add target rebuild-interface-db #201

merged 3 commits into from Jun 3, 2020

Conversation

cgzones
Copy link
Contributor

@cgzones cgzones commented Mar 21, 2020

Rebuild the policy interface database with 'sepolgen-ifgen'.
This database is required for reference style policy generation by
'audit2allow --reference'

pebenito
pebenito requested changes Mar 22, 2020
View reviewed changes
Makefile Outdated
Comment on lines 557 to 560
rebuild-interface-db:
$(verbose) rm -rf $(headerdir)
$(verbose) $(MAKE) install-headers
$(verbose) $(SEPOLGEN_IFGEN) $(VERBOSE_FLAG) -i $(headerdir)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should probably be reworked to have build-interface-db and rebuild-interface-db targets which would work like the load and reload targets in the Rules.monolithic.

@cgzones cgzones force-pushed the rebuild-if-db branch 2 times, most recently from 3421690 to bdf6ec0 Compare March 23, 2020 16:37
pebenito
pebenito reviewed Mar 31, 2020
View reviewed changes
Makefile Outdated
Comment on lines 557 to 562
build-interface-db: install-headers
$(verbose) $(SEPOLGEN_IFGEN) $(VERBOSE_FLAG) -i $(headerdir)

rebuild-interface-db:
$(verbose) rm -rf $(headerdir)
$(verbose) $(MAKE) build-interface-db
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't something like this work, without having to recursively call this makefile:

build-interface-db: install-headers $(tmpdir)/load

rebuild-interface-db $(tmpdir)/load:
	$(verbose) $(SEPOLGEN_IFGEN) $(VERBOSE_FLAG) -i $(headerdir)
	@touch $(tmpdir)/load

If something in headerdir needs to be deleted, my preference would be not to delete everything.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does not seem to be addressed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The initial design for the targets was:

  • build-*: generate the interface - always run sepolgen-ifgen, so calling the target twice generates the database twice
  • rebuild-*: generate the interface but assure that no leftover interfaces are in the header directory (after a re-factorization, removal of an module ...)

But since Refpolicy takes backward-compatibility serious the reasons for the rebuild-* target probably do not apply.

Dropped the rebuild-* target.

@cgzones
Copy link
Contributor Author

cgzones commented Apr 11, 2020

sepolgen-ifgen currently dislikes these policy constructs:

refpolicy/include/system/userdomain.if: Syntax error on line 185 ` [type=TICK]

refpolicy/policy/modules/system/userdomain.if

Line 185 in 41963e7

gen_tunable(`$1_read_generic_user_content', true) 

refpolicy/include/kernel/storage.if: Syntax error on line 133 $2 [type=IDENTIFIER]

refpolicy/policy/modules/kernel/storage.if

Line 133 in 41963e7

tunable_policy($2, ` 

refpolicy/include/kernel/devices.if: Syntax error on line 2805 $2 [type=IDENTIFIER]

refpolicy/policy/modules/kernel/devices.if

Line 2805 in 41963e7

tunable_policy($2, ` 

refpolicy/include/kernel/devices.if: Syntax error on line 2883 $2 [type=IDENTIFIER]

refpolicy/policy/modules/kernel/devices.if

Line 2883 in 41963e7

tunable_policy($2, ` 

refpolicy/include/kernel/devices.if: Syntax error on line 2959 $2 [type=IDENTIFIER]

refpolicy/policy/modules/kernel/devices.if

Line 2959 in 41963e7

tunable_policy($2, `

I think it doesn't like a) quoted arguments to gen_tunable and b) non-quoted arguments to tunable_policy

@cgzones cgzones force-pushed the rebuild-if-db branch 2 times, most recently from 938ccc3 to 5990d9f Compare May 28, 2020 12:28
@cgzones
Copy link
Contributor Author

cgzones commented May 28, 2020

With the patches from SELinuxProject/selinux#247, the interfac_info map builds successfully

@cgzones
Makefile: add target build-interface-db
a3811f4 
Build the policy interface database with 'sepolgen-ifgen'.
This database is required for reference style policy generation by
'audit2allow --reference'

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
@cgzones
devices/storage: quote arguments to tunable_policy
dcb01ec 
Match the overall style and please sepolgen-ifgen

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
@cgzones
apache: quote gen_tunable name argument
b418061 
Match the style of tunable_policy and gen_tunable statements in userdomain

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
@pebenito pebenito merged commit e01cd6c into SELinuxProject:master Jun 3, 2020
@cgzones cgzones deleted the rebuild-if-db branch June 5, 2020 13:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pebenito pebenito pebenito approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@cgzones @pebenito