1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
From 71bbc6a4ce79802ad037227382817c5998ffbb2e Mon Sep 17 00:00:00 2001
From: Eric Chiang <ericchiang@google.com>
Date: Thu, 17 Jan 2019 11:02:57 -0800
Subject: [PATCH 09/12] *: ensure make apparmor_parser is cached
This change updates parser/Makefile to respect target dependencies and
not rebuild apparmor_parser if nothing's changed. The goal is to allow
cross-compiled tests #17 to run on a target system without the tests
attempting to rebuild the parser.
Two changes were made:
* Generate af_names.h in a script so the script timestamp is compared.
* Use FORCE instead of PHONY for libapparmor_re/libapparmor_re.a
Changes to list_af_names are intended to exactly replicate the old
behavior.
Signed-off-by: Eric Chiang <ericchiang@google.com>
---
common/Make.rules | 21 ---------------------
common/list_af_names.sh | 19 +++++++++++++++++++
parser/Makefile | 13 +++++--------
utils/vim/create-apparmor.vim.py | 2 +-
4 files changed, 25 insertions(+), 30 deletions(-)
create mode 100755 common/list_af_names.sh
diff --git a/common/Make.rules b/common/Make.rules
index d2149fcd..357bdec8 100644
--- a/common/Make.rules
+++ b/common/Make.rules
@@ -87,27 +87,6 @@ CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C
list_capabilities: /usr/include/linux/capability.h
@echo "$(CAPABILITIES)"
-# =====================
-# generate list of network protocols based on
-# sys/socket.h for use in multiple locations in
-# the source tree
-# =====================
-
-# These are the families that it doesn't make sense for apparmor
-# to mediate. We use PF_ here since that is what is required in
-# bits/socket.h, but we will rewrite these as AF_.
-
-FILTER_FAMILIES=PF_UNIX
-
-__FILTER=$(shell echo $(strip $(FILTER_FAMILIES)) | sed -e 's/ /\\\|/g')
-
-# emits the AF names in a "AF_NAME NUMBER," pattern
-AF_NAMES=$(shell echo "\#include <sys/socket.h>" | cpp -dM | LC_ALL=C sed -n -e '/$(__FILTER)/d' -e 's/PF_LOCAL/PF_UNIX/' -e 's/^\#define[ \t]\+PF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\).*$$/AF_\1 \2,/p' | sort -n -k2)
-
-.PHONY: list_af_names
-list_af_names:
- @echo "$(AF_NAMES)"
-
# =====================
# manpages
# =====================
diff --git a/common/list_af_names.sh b/common/list_af_names.sh
new file mode 100755
index 00000000..d7987537
--- /dev/null
+++ b/common/list_af_names.sh
@@ -0,0 +1,19 @@
+#!/bin/bash -e
+
+# =====================
+# generate list of network protocols based on
+# sys/socket.h for use in multiple locations in
+# the source tree
+# =====================
+
+# It doesn't make sence for AppArmor to mediate PF_UNIX, filter it out. Search
+# for "PF_" constants since that is what is required in bits/socket.h, but
+# rewrite as "AF_".
+
+echo "#include <sys/socket.h>" | \
+ cpp -dM | \
+ LC_ALL=C sed -n \
+ -e '/PF_UNIX/d' \
+ -e 's/PF_LOCAL/PF_UNIX/' \
+ -e 's/^#define[ \t]\+PF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\).*$/AF_\1 \2,/p' | \
+ sort -n -k2
diff --git a/parser/Makefile b/parser/Makefile
index c1ca4b45..aa5ab730 100644
--- a/parser/Makefile
+++ b/parser/Makefile
@@ -281,10 +281,9 @@ parser_version.h: Makefile
# as well as the filtering that occurs for network protocols that
# apparmor should not mediate.
-.PHONY: af_names.h
-af_names.h:
- echo "$(AF_NAMES)" | LC_ALL=C sed -n -e 's/[ \t]\?AF_MAX[ \t]\+[0-9]\+,//g' -e 's/[ \t]\+\?AF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\),/#ifndef AF_\1\n# define AF_\1 \2\n#endif\nAA_GEN_NET_ENT("\L\1", \UAF_\1)\n\n/pg' > $@
- echo "$(AF_NAMES)" | LC_ALL=C sed -n -e 's/.*,[ \t]\+AF_MAX[ \t]\+\([0-9]\+\),\?.*/#define AA_AF_MAX \1\n/p' >> $@
+af_names.h: ../common/list_af_names.sh
+ ../common/list_af_names.sh | LC_ALL=C sed -n -e 's/[ \t]\?AF_MAX[ \t]\+[0-9]\+,//g' -e 's/[ \t]\+\?AF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\),/#ifndef AF_\1\n# define AF_\1 \2\n#endif\nAA_GEN_NET_ENT("\L\1", \UAF_\1)\n/pg' > $@
+ ../common/list_af_names.sh | LC_ALL=C sed -n -e 's/AF_MAX[ \t]\+\([0-9]\+\),\?.*/\n#define AA_AF_MAX \1\n/p' >> $@
# cat $@
cap_names.h: /usr/include/linux/capability.h
@@ -304,10 +303,7 @@ tests: apparmor_parser ${TESTS}
sh -e -c 'for test in ${TESTS} ; do echo "*** running $${test}" && ./$${test}; done'
$(Q)$(MAKE) -s -C tst tests
-# always need to rebuild.
-.SILENT: $(AAREOBJECT)
-.PHONY: $(AAREOBJECT)
-$(AAREOBJECT):
+$(AAREOBJECT): FORCE
$(MAKE) -C $(AAREDIR) CFLAGS="$(EXTRA_CXXFLAGS)"
.PHONY: install-rhel4
@@ -408,3 +404,4 @@ clean: pod_clean
$(MAKE) -s -C po clean
$(MAKE) -s -C tst clean
+FORCE:
diff --git a/utils/vim/create-apparmor.vim.py b/utils/vim/create-apparmor.vim.py
index 10bd5b8d..fea134f6 100644
--- a/utils/vim/create-apparmor.vim.py
+++ b/utils/vim/create-apparmor.vim.py
@@ -57,7 +57,7 @@ for cap in capabilities:
benign_caps.append(cap)
# get network protos list
-(rc, output) = cmd(['make', '-s', '--no-print-directory', 'list_af_names'])
+(rc, output) = cmd(['../../common/list_af_names.sh'])
if rc != 0:
sys.stderr.write("make list_af_names failed: " + output)
exit(rc)
--
2.25.2
|
