selinux: generate flask headers during kernel build Add a simple utility (scripts/selinux/genheaders) and invoke it to generate the kernel-private class and permission indices in flask.h and av_permissions.h automatically during the kernel build from the security class mapping definitions in classmap.h. Adding new kernel classes and permissions can then be done just by adding them to classmap.h. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>

commit: 8753f6bec352392b52ed9b5e290afb34379f4612 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Wed Sep 30 13:41:02 2009 -0400
committer: James Morris <jmorris@namei.org> Wed Oct 07 21:56:44 2009 +1100
tree: b5f381be9f56125309bfbfcaa73d68e08c309747
parent: c6d3aaa4e35c71a32a86ececacd4eea7ecfc316c [diff] [blame]
diff --git a/security/selinux/Makefile b/security/selinux/Makefile
index d47fc5e..f013982 100644
--- a/security/selinux/Makefile
+++ b/security/selinux/Makefile

@@ -18,5 +18,13 @@
 
 selinux-$(CONFIG_NETLABEL) += netlabel.o
 
-EXTRA_CFLAGS += -Isecurity/selinux/include
+EXTRA_CFLAGS += -Isecurity/selinux -Isecurity/selinux/include
 
+$(obj)/avc.o: $(obj)/flask.h
+
+quiet_cmd_flask = GEN     $(obj)/flask.h $(obj)/av_permissions.h
+      cmd_flask = scripts/selinux/genheaders/genheaders $(obj)/flask.h $(obj)/av_permissions.h
+
+targets += flask.h
+$(obj)/flask.h: $(src)/include/classmap.h FORCE
+	$(call if_changed,flask)
commit	8753f6bec352392b52ed9b5e290afb34379f4612	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Wed Sep 30 13:41:02 2009 -0400
committer	James Morris <jmorris@namei.org>	Wed Oct 07 21:56:44 2009 +1100
tree	b5f381be9f56125309bfbfcaa73d68e08c309747
parent	c6d3aaa4e35c71a32a86ececacd4eea7ecfc316c [diff] [blame]