Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security layer updates from James Morris: "Highlights: - Smack adds secmark support for Netfilter - /proc/keys is now mandatory if CONFIG_KEYS=y - TPM gets its own device class - Added TPM 2.0 support - Smack file hook rework (all Smack users should review this!)" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (64 commits) cipso: don't use IPCB() to locate the CIPSO IP option SELinux: fix error code in policydb_init() selinux: add security in-core xattr support for pstore and debugfs selinux: quiet the filesystem labeling behavior message selinux: Remove unused function avc_sidcmp() ima: /proc/keys is now mandatory Smack: Repair netfilter dependency X.509: silence asn1 compiler debug output X.509: shut up about included cert for silent build KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y MAINTAINERS: email update tpm/tpm_tis: Add missing ifdef CONFIG_ACPI for pnp_acpi_device smack: fix possible use after frees in task_security() callers smack: Add missing logging in bidirectional UDS connect check Smack: secmark support for netfilter Smack: Rework file hooks tpm: fix format string error in tpm-chip.c char/tpm/tpm_crb: fix build error smack: Fix a bidirectional UDS connect check typo smack: introduce a special case for tmpfs in smack_d_instantiate() ...
This commit is contained in:
Linus Torvalds
commit
8cc748aa76
45 changed files with 2661 additions and 1085 deletions
|
|
@ -311,6 +311,9 @@ struct token {
|
|||
|
||||
static struct token *token_list;
|
||||
static unsigned nr_tokens;
|
||||
static _Bool verbose;
|
||||
|
||||
#define debug(fmt, ...) do { if (verbose) printf(fmt, ## __VA_ARGS__); } while (0)
|
||||
|
||||
static int directive_compare(const void *_key, const void *_pdir)
|
||||
{
|
||||
|
|
@ -322,21 +325,21 @@ static int directive_compare(const void *_key, const void *_pdir)
|
|||
dlen = strlen(dir);
|
||||
clen = (dlen < token->size) ? dlen : token->size;
|
||||
|
||||
//printf("cmp(%*.*s,%s) = ",
|
||||
//debug("cmp(%*.*s,%s) = ",
|
||||
// (int)token->size, (int)token->size, token->value,
|
||||
// dir);
|
||||
|
||||
val = memcmp(token->value, dir, clen);
|
||||
if (val != 0) {
|
||||
//printf("%d [cmp]\n", val);
|
||||
//debug("%d [cmp]\n", val);
|
||||
return val;
|
||||
}
|
||||
|
||||
if (dlen == token->size) {
|
||||
//printf("0\n");
|
||||
//debug("0\n");
|
||||
return 0;
|
||||
}
|
||||
//printf("%d\n", (int)dlen - (int)token->size);
|
||||
//debug("%d\n", (int)dlen - (int)token->size);
|
||||
return dlen - token->size; /* shorter -> negative */
|
||||
}
|
||||
|
||||
|
|
@ -515,13 +518,13 @@ static void tokenise(char *buffer, char *end)
|
|||
}
|
||||
|
||||
nr_tokens = tix;
|
||||
printf("Extracted %u tokens\n", nr_tokens);
|
||||
debug("Extracted %u tokens\n", nr_tokens);
|
||||
|
||||
#if 0
|
||||
{
|
||||
int n;
|
||||
for (n = 0; n < nr_tokens; n++)
|
||||
printf("Token %3u: '%*.*s'\n",
|
||||
debug("Token %3u: '%*.*s'\n",
|
||||
n,
|
||||
(int)token_list[n].size, (int)token_list[n].size,
|
||||
token_list[n].value);
|
||||
|
|
@ -542,6 +545,7 @@ int main(int argc, char **argv)
|
|||
ssize_t readlen;
|
||||
FILE *out, *hdr;
|
||||
char *buffer, *p;
|
||||
char *kbuild_verbose;
|
||||
int fd;
|
||||
|
||||
if (argc != 4) {
|
||||
|
|
@ -550,6 +554,10 @@ int main(int argc, char **argv)
|
|||
exit(2);
|
||||
}
|
||||
|
||||
kbuild_verbose = getenv("KBUILD_VERBOSE");
|
||||
if (kbuild_verbose)
|
||||
verbose = atoi(kbuild_verbose);
|
||||
|
||||
filename = argv[1];
|
||||
outputname = argv[2];
|
||||
headername = argv[3];
|
||||
|
|
@ -748,11 +756,11 @@ static void build_type_list(void)
|
|||
|
||||
qsort(type_index, nr, sizeof(type_index[0]), type_index_compare);
|
||||
|
||||
printf("Extracted %u types\n", nr_types);
|
||||
debug("Extracted %u types\n", nr_types);
|
||||
#if 0
|
||||
for (n = 0; n < nr_types; n++) {
|
||||
struct type *type = type_index[n];
|
||||
printf("- %*.*s\n",
|
||||
debug("- %*.*s\n",
|
||||
(int)type->name->size,
|
||||
(int)type->name->size,
|
||||
type->name->value);
|
||||
|
|
@ -793,7 +801,7 @@ static void parse(void)
|
|||
|
||||
} while (type++, !(type->flags & TYPE_STOP_MARKER));
|
||||
|
||||
printf("Extracted %u actions\n", nr_actions);
|
||||
debug("Extracted %u actions\n", nr_actions);
|
||||
}
|
||||
|
||||
static struct element *element_list;
|
||||
|
|
@ -1284,7 +1292,7 @@ static void render(FILE *out, FILE *hdr)
|
|||
}
|
||||
|
||||
/* We do two passes - the first one calculates all the offsets */
|
||||
printf("Pass 1\n");
|
||||
debug("Pass 1\n");
|
||||
nr_entries = 0;
|
||||
root = &type_list[0];
|
||||
render_element(NULL, root->element, NULL);
|
||||
|
|
@ -1295,7 +1303,7 @@ static void render(FILE *out, FILE *hdr)
|
|||
e->flags &= ~ELEMENT_RENDERED;
|
||||
|
||||
/* And then we actually render */
|
||||
printf("Pass 2\n");
|
||||
debug("Pass 2\n");
|
||||
fprintf(out, "\n");
|
||||
fprintf(out, "static const unsigned char %s_machine[] = {\n",
|
||||
grammar_name);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue