Changes in Makefile

c5e3cdbf - tomoyo: revert CONFIG_SECURITY_TOMOYO_LKM support

Thu, 03 Oct 2024 20:43:39 +0000

tomoyo: revert CONFIG_SECURITY_TOMOYO_LKM supportThis patch reverts two TOMOYO patches that were merged into Linus' treeduring the v6.12 merge window:8b985bbfabbe ("tomoyo: allow building as a loadable LSM module")268225a1de1a ("tomoyo: preparation step for building as a loadable LSM module")Together these two patches introduced the CONFIG_SECURITY_TOMOYO_LKMKconfig build option which enabled a TOMOYO specific dynamic LSM loadingmechanism (see the original commits for more details). Unfortunately,this approach was widely rejected by the LSM community as well as somemembers of the general kernel community. Objections included concernsover setting a bad precedent regarding individual LSMs managing theirLSM callback registrations as well as general kernel symbol exportingpractices. With little to no support for the CONFIG_SECURITY_TOMOYO_LKMapproach outside of Tetsuo, and multiple objections, we need to revertthese changes.Link: https://lore.kernel.org/all/0c4b443a-9c72-4800-97e8-a3816b6a9ae2@I-love.SAKURA.ne.jpLink: https://lore.kernel.org/all/CAHC9VhR=QjdoHG3wJgHFJkKYBg7vkQH2MpffgVzQ0tAByo_wRg@mail.gmail.comAcked-by: John Johansen Signed-off-by: Paul Moore List of files: /linux-6.15/security/tomoyo/Makefile

8b985bbf - tomoyo: allow building as a loadable LSM module

Mon, 23 Sep 2024 10:55:50 +0000

tomoyo: allow building as a loadable LSM moduleOne of concerns for enabling TOMOYO in prebuilt kernels is that distributorwants to avoid bloating kernel packages. Although boot-time kernel commandline options allows selecting built-in LSMs to enable, file size increaseof vmlinux and memory footprint increase of vmlinux caused by builtin-but-not-enabled LSMs remains. If it becomes possible to make LSMs dynamicallyappendable after boot using loadable kernel modules, these problems willgo away.Another of concerns for enabling TOMOYO in prebuilt kernels is that who canprovide support when distributor cannot provide support. Due to "those whocompiled kernel code is expected to provide support for that kernel code"spell, TOMOYO is failing to get enabled in Fedora distribution [1]. Thepoint of loadable kernel module is to share the workload. If it becomespossible to make LSMs dynamically appendable after boot using loadablekernel modules, as with people can use device drivers not supported bydistributors but provided by third party device vendors, we can breakthis spell and can lower the barrier for using TOMOYO.This patch is intended for demonstrating that there is nothing difficultfor supporting TOMOYO-like loadable LSM modules. For now we need to livewith a mixture of built-in part and loadable part because fully loadableLSM modules are not supported since Linux 2.6.24 [2] and number of LSMswhich can reserve static call slots is determined at compile time inLinux 6.12.Major changes in this patch are described below.There are no behavior changes as long as TOMOYO is built into vmlinux.Add CONFIG_SECURITY_TOMOYO_LKM as "bool" instead of changingCONFIG_SECURITY_TOMOYO from "bool" to "tristate", for something wentwrong with how Makefile is evaluated if I choose "tristate".Add proxy.c for serving as a bridge between vmlinux and tomoyo.ko .Move callback functions from init.c to proxy.c when building as a loadableLSM module. init.c is built-in part and remains for reserving static callslots. proxy.c contains module's init function and tells init.c location ofcallback functions, making it possible to use static call for tomoyo.ko .By deferring initialization of "struct tomoyo_task" until tomoyo.ko isloaded, threads created between init.c reserved LSM hooks and proxy.cupdates LSM hooks will have NULL "struct tomoyo_task" instances. Assumingthat tomoyo.ko is loaded by the moment when the global init process starts,initialize "struct tomoyo_task" instance for current thread as a kernelthread when tomoyo_task(current) is called for the first time.There is a hack for exporting currently not-exported functions.This hack will be removed after all relevant functions are exported.Link: https://bugzilla.redhat.com/show_bug.cgi?id=542986 [1]Link: https://lkml.kernel.org/r/caafb609-8bef-4840-a080-81537356fc60@I-love.SAKURA.ne.jp [2]Signed-off-by: Tetsuo Handa List of files: /linux-6.15/security/tomoyo/Makefile

268225a1 - tomoyo: preparation step for building as a loadable LSM module

Mon, 23 Sep 2024 10:00:21 +0000

tomoyo: preparation step for building as a loadable LSM moduleIn order to allow Makefile to generate tomoyo.ko as output, renametomoyo.c to hooks.h and cut out LSM hook registration part that will bebuilt into vmlinux from hooks.h to init.c . Also, update comments andrelocate some variables. No behavior changes.Signed-off-by: Tetsuo Handa List of files: /linux-6.15/security/tomoyo/Makefile

b1992c37 - kbuild: use $(src) instead of $(srctree)/$(src) for source directory

Sat, 27 Apr 2024 14:55:02 +0000

kbuild: use $(src) instead of $(srctree)/$(src) for source directoryKbuild conventionally uses $(obj)/ for generated files, and $(src)/ forchecked-in source files. It is merely a convention without any functionaldifference. In fact, $(obj) and $(src) are exactly the same, as definedin scripts/Makefile.build: src := $(obj)When the kernel is built in a separate output directory, $(src) doesnot accurately reflect the source directory location. While Kbuildresolves this discrepancy by specifying VPATH=$(srctree) to search forsource files, it does not cover all cases. For example, when adding aheader search path for local headers, -I$(srctree)/$(src) is typicallypassed to the compiler.This introduces inconsistency between upstream and downstream Makefilesbecause $(src) is used instead of $(srctree)/$(src) for the latter.To address this inconsistency, this commit changes the semantics of$(src) so that it always points to the directory in the source tree.Going forward, the variables used in Makefiles will have the followingmeanings: $(obj) - directory in the object tree $(src) - directory in the source tree (changed by this commit) $(objtree) - the top of the kernel object tree $(srctree) - the top of the kernel source treeConsequently, $(srctree)/$(src) in upstream Makefiles need to be replacedwith $(src).Signed-off-by: Masahiro Yamada Reviewed-by: Nicolas Schier List of files: /linux-6.15/security/tomoyo/Makefile

80f8be7a - tomoyo: Omit use of bin2c

Sun, 08 Jan 2023 13:47:26 +0000

tomoyo: Omit use of bin2cbin2c was, as its name implies, introduced to convert a binary file toC code.However, I did not see any good reason ever for using this tool becauseusing the .incbin directive is much faster, and often results in simplercode.Most of the uses of bin2c have been killed, for example: - 13610aa908dc ("kernel/configs: use .incbin directive to embed config_data.gz") - 4c0f032d4963 ("s390/purgatory: Omit use of bin2c")security/tomoyo/Makefile has even less reason for using bin2c becausethe policy files are text data. So, sed is enough for converting themto C string literals, and what is nicer, generates human-readablebuiltin-policy.h.This is the last user of bin2c. After this commit lands, bin2c will beremoved.Signed-off-by: Masahiro Yamada [penguin-kernel: Update sed script to also escape backslash and quote ]Signed-off-by: Tetsuo Handa List of files: /linux-6.15/security/tomoyo/Makefile

df4840c1 - tomoyo: avoid unneeded creation of builtin-policy.h

Sat, 07 Jan 2023 07:47:42 +0000

tomoyo: avoid unneeded creation of builtin-policy.hWhen CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y,builtin-policy.h is unneeded.Signed-off-by: Masahiro Yamada Signed-off-by: Tetsuo Handa List of files: /linux-6.15/security/tomoyo/Makefile

eaf2213b - tomoyo: fix broken dependency on *.conf.default

Sat, 07 Jan 2023 07:47:41 +0000

tomoyo: fix broken dependency on *.conf.defaultIf *.conf.default is updated, builtin-policy.h should be rebuilt,but this does not work when compiled with O= option.[Without this commit] $ touch security/tomoyo/policy/exception_policy.conf.default $ make O=/tmp security/tomoyo/ make[1]: Entering directory '/tmp' GEN Makefile CALL /home/masahiro/ref/linux/scripts/checksyscalls.sh DESCEND objtool make[1]: Leaving directory '/tmp'[With this commit] $ touch security/tomoyo/policy/exception_policy.conf.default $ make O=/tmp security/tomoyo/ make[1]: Entering directory '/tmp' GEN Makefile CALL /home/masahiro/ref/linux/scripts/checksyscalls.sh DESCEND objtool POLICY security/tomoyo/builtin-policy.h CC security/tomoyo/common.o AR security/tomoyo/built-in.a make[1]: Leaving directory '/tmp'$(srctree)/ is essential because $(wildcard ) does not follow VPATH.Fixes: f02dee2d148b ("tomoyo: Do not generate empty policy files")Signed-off-by: Masahiro Yamada Signed-off-by: Tetsuo Handa List of files: /linux-6.15/security/tomoyo/Makefile

c417fbce - kbuild: move bin2c back to scripts/ from scripts/basic/

Mon, 25 Jun 2018 16:40:23 +0000

kbuild: move bin2c back to scripts/ from scripts/basic/Commit 8370edea81e3 ("bin2c: move bin2c in scripts/basic") moved bin2cto the scripts/basic/ directory, incorrectly stating "Kexec wants touse bin2c and it wants to use it really early in the build process.See arch/x86/purgatory/ code in later patches."Commit bdab125c9301 ("Revert "kexec/purgatory: Add clean-up forpurgatory directory"") and commit d6605b6bbee8 ("x86/build: Removeunnecessary preparation for purgatory") removed the redundantpurgatory build magic entirely.That means that the move of bin2c was unnecessary in the first place.fixdep is the only host program that deserves to sit in thescripts/basic/ directory.Signed-off-by: Masahiro Yamada List of files: /linux-6.15/security/tomoyo/Makefile

b2441318 - License cleanup: add SPDX GPL-2.0 license identifier to files with no license

Wed, 01 Nov 2017 14:07:57 +0000

License cleanup: add SPDX GPL-2.0 license identifier to files with no licenseMany source files in the tree are missing licensing information, whichmakes it harder for compliance tools to determine the correct license.By default all files without license information are under the defaultlicense of the kernel, which is GPL version 2.Update the files which contain no license information with the 'GPL-2.0'SPDX license identifier. The SPDX identifier is a legally bindingshorthand, which can be used instead of the full boiler plate text.This patch is based on work done by Thomas Gleixner and Kate Stewart andPhilippe Ombredanne.How this work was done:Patches were generated and checked against linux-4.14-rc6 for a subset ofthe use cases: - file had no licensing information it it. - file was a */uapi/* one with no licensing information in it, - file was a */uapi/* one with existing licensing information,Further patches will be generated in subsequent months to fix up caseswhere non-standard license headers were used, and references to licensehad to be inferred by heuristics based on keywords.The analysis to determine which SPDX License Identifier to be applied toa file was done in a spreadsheet of side by side results from of theoutput of two independent scanners (ScanCode & Windriver) producing SPDXtag:value files created by Philippe Ombredanne. Philippe prepared thebase worksheet, and did an initial spot review of a few 1000 files.The 4.13 kernel was the starting point of the analysis with 60,537 filesassessed. Kate Stewart did a file by file comparison of the scannerresults in the spreadsheet to determine which SPDX license identifier(s)to be applied to the file. She confirmed any determination that was notimmediately clear with lawyers working with the Linux Foundation.Criteria used to select files for SPDX license identifier tagging was: - Files considered eligible had to be source code files. - Make and config files were included as candidates if they contained >5 lines of source - File already had some variant of a license header in it (even if <5 lines).All documentation files were explicitly excluded.The following heuristics were used to determine which SPDX licenseidentifiers to apply. - when both scanners couldn't find any license traces, file was considered to have no license information in it, and the top level COPYING file license applied. For non */uapi/* files that summary was: SPDX license identifier # files ---------------------------------------------------|------- GPL-2.0 11139 and resulted in the first patch in this series. If that file was a */uapi/* path one, it was "GPL-2.0 WITH Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was: SPDX license identifier # files ---------------------------------------------------|------- GPL-2.0 WITH Linux-syscall-note 930 and resulted in the second patch in this series. - if a file had some form of licensing information in it, and was one of the */uapi/* ones, it was denoted with the Linux-syscall-note if any GPL family license was found in the file or had no licensing in it (per prior point). Results summary: SPDX license identifier # files ---------------------------------------------------|------ GPL-2.0 WITH Linux-syscall-note 270 GPL-2.0+ WITH Linux-syscall-note 169 ((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21 ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17 LGPL-2.1+ WITH Linux-syscall-note 15 GPL-1.0+ WITH Linux-syscall-note 14 ((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5 LGPL-2.0+ WITH Linux-syscall-note 4 LGPL-2.1 WITH Linux-syscall-note 3 ((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3 ((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1 and that resulted in the third patch in this series. - when the two scanners agreed on the detected license(s), that became the concluded license(s). - when there was disagreement between the two scanners (one detected a license but the other didn't, or they both detected different licenses) a manual inspection of the file occurred. - In most cases a manual inspection of the information in the file resulted in a clear resolution of the license that should apply (and which scanner probably needed to revisit its heuristics). - When it was not immediately clear, the license identifier was confirmed with lawyers working with the Linux Foundation. - If there was any question as to the appropriate license identifier, the file was flagged for further research and to be revisited later in time.In total, over 70 hours of logged manual review was done on thespreadsheet to determine the SPDX license identifiers to apply to thesource files by Kate, Philippe, Thomas and, in some cases, confirmationby lawyers working with the Linux Foundation.Kate also obtained a third independent scan of the 4.13 code base fromFOSSology, and compared selected files where the other two scannersdisagreed against that SPDX file, to see if there was new insights. TheWindriver scanner is based on an older version of FOSSology in part, sothey are related.Thomas did random spot checks in about 500 files from the spreadsheetsfor the uapi headers and agreed with SPDX license identifier in thefiles he inspected. For the non-uapi files Thomas did random spot checksin about 15000 files.In initial set of patches against 4.14-rc6, 3 files were found to havecopy/paste license identifier errors, and have been fixed to reflect thecorrect identifier.Additionally Philippe spent 10 hours this week doing a detailed manualinspection and review of the 12,461 patched files from the initial patchversion early this week with: - a full scancode scan run, collecting the matched texts, detected license ids and scores - reviewing anything where there was a license detected (about 500+ files) to ensure that the applied SPDX license was correct - reviewing anything where there was no detection but the patch license was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied SPDX license was correctThis produced a worksheet with 20 files needing minor correction. Thisworksheet was then exported into 3 different .csv files for thedifferent types of files to be modified.These .csv files were then reviewed by Greg. Thomas wrote a script toparse the csv files and add the proper SPDX tag to the file, in theformat that the file expected. This script was further refined by Gregbased on the output to detect more types of files automatically and todistinguish between header and source .c files (which need differentcomment types.) Finally Greg ran the script using the .csv files togenerate the patches.Reviewed-by: Kate Stewart Reviewed-by: Philippe Ombredanne Reviewed-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman List of files: /linux-6.15/security/tomoyo/Makefile

f02dee2d - tomoyo: Do not generate empty policy files

Thu, 15 Jan 2015 09:39:22 +0000

tomoyo: Do not generate empty policy filesThe Makefile automatically generates the tomoyo policy files, which arenot removed by make clean (because they could have been provided by theuser). Instead of generating the missing files, use /dev/null if agiven file is not provided. Store the default exception_policy inexception_policy.conf.default.Acked-by: Tetsuo Handa Signed-off-by: Michal Marek List of files: /linux-6.15/security/tomoyo/Makefile

bf7a9ab4 - tomoyo: Use if_changed when generating builtin-policy.h

Fri, 09 Jan 2015 13:36:27 +0000

tomoyo: Use if_changed when generating builtin-policy.hCombine the generation of builtin-policy.h into a single command and useif_changed, so that the file is regenerated each time the commandchanges. The next patch will make use of this.Acked-by: Tetsuo Handa Signed-off-by: Michal Marek List of files: /linux-6.15/security/tomoyo/Makefile

7e114bbf - tomoyo: Use bin2c to generate builtin-policy.h

Fri, 09 Jan 2015 13:08:26 +0000

tomoyo: Use bin2c to generate builtin-policy.hSimplify the Makefile by using a readily available tool instead of acustom sed script. The downside is that builtin-policy.h becomesunreadable for humans, but it is only a generated file.Acked-by: Tetsuo Handa Signed-off-by: Michal Marek List of files: /linux-6.15/security/tomoyo/Makefile

843d183c - TOMOYO: Bump version.

Wed, 14 Sep 2011 08:03:19 +0000

TOMOYO: Bump version.Tell userland tools that this is TOMOYO 2.5.Signed-off-by: Tetsuo Handa Signed-off-by: James Morris List of files: /linux-6.15/security/tomoyo/Makefile

059d84db - TOMOYO: Add socket operation restriction support.

Sat, 10 Sep 2011 06:23:54 +0000

TOMOYO: Add socket operation restriction support.This patch adds support for permission checks for PF_INET/PF_INET6/PF_UNIXsocket's bind()/listen()/connect()/send() operations.Signed-off-by: Tetsuo Handa Signed-off-by: James Morris List of files: /linux-6.15/security/tomoyo/Makefile

d58e0da8 - TOMOYO: Add environment variable name restriction support.

Sat, 10 Sep 2011 06:22:48 +0000

TOMOYO: Add environment variable name restriction support.This patch adds support for checking environment variable's names.Although TOMOYO already provides ability to check argv[]/envp[] passed toexecve() requests, file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]="bar"will reject execution of /bin/sh if environment variable LD_LIBRARY_PATH is notdefined. To grant execution of /bin/sh if LD_LIBRARY_PATH is not defined,administrators have to specify like file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]="/system/lib" file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]=NULL. Since there are many environment variables whereas conditional checks areapplied as "&&", it is difficult to cover all combinations. Therefore, thispatch supports conditional checks that are applied as "||", by specifying like file execute /bin/sh misc env LD_LIBRARY_PATH exec.envp["LD_LIBRARY_PATH"]="/system/lib"which means "grant execution of /bin/sh if environment variable is not definedor is defined and its value is /system/lib".Signed-off-by: Tetsuo Handa Signed-off-by: James Morris List of files: /linux-6.15/security/tomoyo/Makefile

2066a361 - TOMOYO: Allow using UID/GID etc. of current thread as conditions.

Fri, 08 Jul 2011 04:21:37 +0000

TOMOYO: Allow using UID/GID etc. of current thread as conditions.This patch adds support for permission checks using current thread's UID/GIDetc. in addition to pathnames.Signed-off-by: Tetsuo Handa Signed-off-by: James Morris List of files: /linux-6.15/security/tomoyo/Makefile

efe836ab - TOMOYO: Add built-in policy support.

Sun, 26 Jun 2011 14:22:18 +0000

TOMOYO: Add built-in policy support.To be able to start using enforcing mode from the early stage of boot sequence,this patch adds support for built-in policy configuration (and next patch addssupport for activating access control without calling external policy loaderprogram).Signed-off-by: Tetsuo Handa Signed-off-by: James Morris List of files: /linux-6.15/security/tomoyo/Makefile

eadd99cc - TOMOYO: Add auditing interface.

Sun, 26 Jun 2011 14:18:58 +0000

TOMOYO: Add auditing interface.Add /sys/kernel/security/tomoyo/audit interface. This interface generates auditlogs in the form of domain policy so that /usr/sbin/tomoyo-auditd can reuseaudit logs for appending to /sys/kernel/security/tomoyo/domain_policyinterface.Signed-off-by: Tetsuo Handa Signed-off-by: James Morris List of files: /linux-6.15/security/tomoyo/Makefile

7c2ea22e - TOMOYO: Merge path_group and number_group.

Thu, 17 Jun 2010 07:55:58 +0000

TOMOYO: Merge path_group and number_group.Use common code for "path_group" and "number_group".Signed-off-by: Tetsuo Handa Signed-off-by: James Morris List of files: /linux-6.15/security/tomoyo/Makefile

c3ef1500 - TOMOYO: Split files into some pieces.

Mon, 17 May 2010 01:12:46 +0000

TOMOYO: Split files into some pieces.security/tomoyo/common.c became too large to read.Signed-off-by: Tetsuo Handa Signed-off-by: James Morris List of files: /linux-6.15/security/tomoyo/Makefile