[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v2 3/6] xen: flask: Restrict generated header to xen + tools



This isn't strictly necessary but since it is going to be exposed via
tools/include in a later patch this will help prevent accidental
leakage beyond the tools.

Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
---
 xen/xsm/flask/policy/mkflask.sh |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/xen/xsm/flask/policy/mkflask.sh b/xen/xsm/flask/policy/mkflask.sh
index 9e24020..989a323 100644
--- a/xen/xsm/flask/policy/mkflask.sh
+++ b/xen/xsm/flask/policy/mkflask.sh
@@ -28,6 +28,7 @@ BEGIN {
 
                printf("#ifndef _SELINUX_FLASK_H_\n") > outfile;
                printf("#define _SELINUX_FLASK_H_\n") > outfile;
+               printf("\n#if defined(__XEN__) || defined(__XEN_TOOLS__)\n") > 
outfile;
                printf("\n/*\n * Security object class definitions\n */\n") > 
outfile;
                printf("/* This file is automatically generated.  Do not edit. 
*/\n") > debugfile;
                printf("/*\n * Security object class definitions\n */\n") > 
debugfile;
@@ -91,6 +92,7 @@ END   {
                for (i = 0; i < 34; i++) 
                        printf(" ") > outfile; 
                printf("%d\n", sid_value) > outfile; 
+               printf("\n#endif /* __XEN__ || __XEN_TOOLS__ */\n") > outfile;
                printf("\n#endif\n") > outfile;
                printf("};\n\n") > debugfile2;
        }'
-- 
1.7.10.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.