Re: [Xen-devel] [PATCH v2 3/6] xen: flask: Restrict generated header to xen + tools

[Wei Liu <wei.liu2@xxxxxxxxxx>]

On Tue, May 19, 2015 at 02:44:35PM +0100, Ian Campbell wrote:
> This isn't strictly necessary but since it is going to be exposed via
> tools/include in a later patch this will help prevent accidental
> leakage beyond the tools.
> 
> Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>

Acked-by: Wei Liu <wei.liu2@xxxxxxxxxx>

> ---
>  xen/xsm/flask/policy/mkflask.sh |    2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/xen/xsm/flask/policy/mkflask.sh b/xen/xsm/flask/policy/mkflask.sh
> index 9e24020..989a323 100644
> --- a/xen/xsm/flask/policy/mkflask.sh
> +++ b/xen/xsm/flask/policy/mkflask.sh
> @@ -28,6 +28,7 @@ BEGIN       {
>  
>               printf("#ifndef _SELINUX_FLASK_H_\n") > outfile;
>               printf("#define _SELINUX_FLASK_H_\n") > outfile;
> +             printf("\n#if defined(__XEN__) || defined(__XEN_TOOLS__)\n") > 
> outfile;
>               printf("\n/*\n * Security object class definitions\n */\n") > 
> outfile;
>               printf("/* This file is automatically generated.  Do not edit. 
> */\n") > debugfile;
>               printf("/*\n * Security object class definitions\n */\n") > 
> debugfile;
> @@ -91,6 +92,7 @@ END {
>               for (i = 0; i < 34; i++) 
>                       printf(" ") > outfile; 
>               printf("%d\n", sid_value) > outfile; 
> +             printf("\n#endif /* __XEN__ || __XEN_TOOLS__ */\n") > outfile;
>               printf("\n#endif\n") > outfile;
>               printf("};\n\n") > debugfile2;
>       }'
> -- 
> 1.7.10.4

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel