In August 2006 I posted a patch generating a minimal SELinux policy.  This
week, David P. Quigley posted an updated version of that as a patch against
the kernel.  It also had nice logic for auto-installing the policy.

Following is David's original patch intro (preserved especially
bc it has stats on the generated policies):

se interested in the changes there were only two significant
changes. The first is that the iteration through the list of classes
used NULL as a sentinel value. The problem with this is that the
class_to_string array actually has NULL entries in its table as place
holders for the user space object classes.

The second change was that it would seem at some point the initial sids
table was NULL terminated. This is no longer the case so that iteration
has to be done on array length instead of looking for NULL.

Some statistics on the policy that it generates:

The policy consists of 523 lines which contain no blank lines. Of those
523 lines 453 of them are class, permission, and initial sid
definitions. These lines are usually little to no concern to the policy
developer since they will not be adding object classes or permissions.
Of the remaining 70 lines there is one type, one role, and one user
statement. The remaining lines are broken into three portions. The first
group are TE allow rules which make up 29 of the remaining lines, the
second is assignment of labels to the initial sids which consist of 27
lines, and file system labeling statements which are the remaining 11.

In addition to the policy.conf generated there is a single file_contexts
file containing two lines which labels the entire system with base_t.

This policy generates a policy.23 binary that is 7920 bytes.

(then a few versions later...):

The new policy is 587 lines (stripped of blank lines) with 476 of those
lines being the boilerplate that I mentioned last time. The remaining
111 lines have the 3 lines for type, user, and role, 70 lines for the
allow rules (one for each object class including user space object
classes), 27 lines to assign types to the initial sids, and 11 lines for
file system labeling. The policy binary is 9194 bytes.

Changelog:

	Aug 26: Added Documentation/SELinux.txt
	Aug 26: Incorporated a set of comments by Stephen Smalley:
		1. auto-setup SELINUXTYPE=dummy
		2. don't auto-install if selinux is enabled with
			non-dummy policy
		3. don't re-compute policy version
		4. /sbin/setfiles not /usr/sbin/setfiles
	Aug 22: As per JMorris comments, made sure make distclean
		cleans up the mdp directory.
		Removed a check for file_contexts which is now
		created in the same file as the check, making it
		superfluous.
Signed-off-by: NSerge Hallyn <serue@us.ibm.com>
Signed-off-by: NDavid Quigley <dpquigl@tycho.nsa.gov>
Signed-off-by: NJames Morris <jmorris@namei.org>

It would have saved both a bug submitter and me a few hours if
scripts/ver_linux had picked the same gcc as the build.

Since I can't see any reason why it fiddles with PATH at all this patch
therefore removes the PATH setting.
Signed-off-by: NAdrian Bunk <bunk@kernel.org>
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>

The extern flag currently is not included in type dump files
(genksyms --dump-types). Include that flag there for completeness.
Signed-off-by: NAndreas Gruenbacher <agruen@suse.de>
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>

We are having two kinds of problems with genksyms today: fake checksum
changes without actual ABI changes, and changes which we would rather like
to ignore (such as an additional field at the end of a structure that
modules are not supposed to touch, for example).

I have thought about ways to improve genksyms and compute checksums
differently to avoid those problems, but in the end I don't see a
fundamentally better way.  So here are some genksyms patches for at least
making the checksums more easily manageable, if we cannot fully fix them.

In addition to the bugfixes (the first two patches), this allows genksyms
to track checksum changes and report why a checksum changed (third patch),
and to selectively ignore changes (fourth patch).

This patch:

Gcc __attribute__ definitions may occur repeatedly, e.g.,

	static int foo __attribute__((__used__))
		       __attribute__((aligned (16)));

The genksyms parser does not understand this, and generates a syntax error.
Fix this case.
Signed-off-by: NAndreas Gruenbacher <agruen@suse.de>
Cc: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>

gcc 4.3 correctly determines that input() is unused and gives the
following warning:

<--  snip  -->

...
  HOSTCC  scripts/genksyms/lex.o
scripts/genksyms/lex.c:1487: warning: ‘input’ defined but not used
...

<--  snip  -->

Fix it by adding %option noinput to scripts/genksyms/lex.l and
regeneration of scripts/genksyms/lex.c_shipped.
Signed-off-by: NAdrian Bunk <bunk@kernel.org>
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>

gcc 4.3 correctly determines that input() is unused and gives the
following warning:

<--  snip  -->

...
  HOSTCC  scripts/kconfig/zconf.tab.o
scripts/kconfig/lex.zconf.c:1628: warning: ‘input’ defined but not used
...

<--  snip  -->

Fix it by adding %option noinput to scripts/kconfig/zconf.l and
regeneration of scripts/kconfig/lex.zconf.c_shipped.
Signed-off-by: NAdrian Bunk <bunk@kernel.org>
Cc: Roman Zippel <zippel@linux-m68k.org>
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>

Spelling fixes in scripts/mod/modpost.c
Signed-off-by: NBen Dooks <ben-linux@fluff.org>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Jan Engelhardt wrote:
> Just a note that when you run git-describe, you should probably quiten it.
>
> fatal: cannot describe 'bd7364a0fd5a4a2878fe4a224be1b142a4e6698e'
>
> This happens when tags are not present, which can happen if Linus's tree
> is sent upwards again, IOW:
>
>  machine1$  git-clone torvalds/linux-2.6.git
>  machine1$  git push elsewhere master
>
>  machine2$  git-clone elsewhere:/linux
>  machine2$  git-describe HEAD
>  fatal: cannot describe that
Signed-off-by: NSebastian Siewior <sebastian@breakpoint.cc>
Acked-by: NJan Engelhardt <jengelh@medozas.de>
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>

make defconfig generated a lot of output
then noone actually read.
Use conf_set_all_new_symbols() to generate the default
configuration and avoid the chatty output.

A typical run now looks like this:
$ make  defconfig
*** Default configuration is based on 'i386_defconfig'
arch/x86/configs/i386_defconfig:13:warning: trying to assign nonexistent symbol SEMAPHORE_SLEEPERS
arch/x86/configs/i386_defconfig:176:warning: trying to assign nonexistent symbol PREEMPT_BKL
...
arch/x86/configs/i386_defconfig:1386:warning: trying to assign nonexistent symbol INSTRUMENTATION
$

As an added benefit we now clearly see the warnings generated
in the start of the process.
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>
Cc: Roman Zippel <zippel@linux-m68k.org>

Previously when running "make oldconfig" we saw all the propmt lines
from kconfig and noone actully read this.

With this patch the user will only see output if there is new symbols.
This will be seen as "make oldconfig" runs which does not generate any output.

A typical run now looks like this:

$ make oldconfig
scripts/kconfig/conf -o arch/x86/Kconfig
$

If a new symbol is found then we restart the config process like this:
$ make oldconfig
scripts/kconfig/conf -o arch/x86/Kconfig
*
* Restart config...
*
*
* General setup
*
Prompt for development and/or incomplete code/drivers (EXPERIMENTAL) [Y/n/?] y
Local version - append to kernel release (LOCALVERSION) []
...

The bahaviour is similar to what we know when running the implicit
oldconfig target "make silentoldconfig".
"make silentoldconfig" are run as part of the kernel build process
if the configuration has changed.
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>
Cc: Roman Zippel <zippel@linux-m68k.org>

Drop the chatty mode when we generate the all*config, randconfig
configurations.
Ths speeds up the process considerably and noone looked
at the output anyway.
This patch uses the conf_set_all_new_symbols() function
just added to kconfig.
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>
Cc: Roman Zippel <zippel@linux-m68k.org>

Add conf_set_all_new_symbols() which set all symbols (which don't have a
value yet) to a specifed value.
Signed-off-by: NRoman Zippel <zippel@linux-m68k.org>
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>

Diffconfig is a simple utility for comparing two kernel configuration files.
See usage in the script for more info.
Signed-off-by: NTim Bird <tim.bird@am.sony.com>
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>

Handle __init in functions with kernel-doc notation by stripping the
__init away from the output doc.  This is already being done for
"__devinit".  This patch fixes these kernel-doc error/aborts:

Error(linux-next-20080619//drivers/usb/gadget/config.c:132): cannot understand prototype: 'struct usb_descriptor_header **__init usb_copy_descriptors(struct usb_descriptor_header **src) '
Error(linux-next-20080619//drivers/usb/gadget/config.c:182): cannot understand prototype: 'struct usb_endpoint_descriptor *__init usb_find_endpoint( 	struct usb_descriptor_header **src, 	struct usb_descriptor_header **copy, 	struct usb_endpoint_descriptor *match ) '
Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
Cc: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>

Factor out the headers_*_all support to a seperate
shell script and add support for arch specific
header files can be located in either

    arch/$ARCH/include/asm
or
    include/asm-$ARCH/

In "make help" always display the headers_* targets.
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>

We see some header files that are selected dependent on
the actual architecture so force a reinstallation
of all header files when the arch changes.
This slows down "make headers_check_all" but then
we better reflect reality.
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>

Move the core functionality of headers_install
and headers_check to two small perl scripts.
The makefile is adapted to use the perl scrip and
changed to operate on all files in a directory.
So if one file is changed then all files in the
directory is processed.

perl were chosen for the helper scripts because this
is pure text processing which perl is good at and
especially the headers_check.pl script are expected to
see changes / new checks implmented.

The speed is ~300% faster on this box.
And the output generated to the screen is now down to
two lines per directory (one for install, one for check)
so it is easier to scroll back after a kernel build.

The perl scripts has been brought to sanity by patient
feedback from: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>

Move it to the top-level file to decide if we install/check
the generic headers or the arch specific headers.

This revealed a long standing bug where "make headers_check_all"
relied on the files in asm/ for the current architecture.
So make headers_check_all is now broken by this commit.

In addition:

o add a simpler way to detect if an arch support
  exporting header files.

o add 'set -e;' so we error out early if
  make headers_check_all fails.

o add sparc64 and cris to arch we do not process
  in make headers_*_all because:

    sparc64 - use sparc to export headers
    cris    - is know seriously broken

Includes suggestions from: David Woodhouse
<dwmw2@infradead.org>.
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>
Cc: David Woodhouse <dwmw2@infradead.org>

No functional changes just improved readability
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>

ALTARCH is no longer used by any arch(*) so drop
support for this from Makefile.headerinst

Dropping ALTARCH support simplifies Makefile.headerinst

(*) sparc64 uses it but work is ongoing to drop it
and no furter usage is planned.
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: David Miller <davem@davemloft.net>

unifdef utility is fast enough to warrant that we always
run the scripts through unifdef.

This patch runs all headers listed with header-y and unifdef-y
through unifdef.
Next step is to drop unifdef-y in all Kbuild files and
that can now be done in smaller steps.
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Adrian Bunk <bunk@kernel.org>

This means that we no longer need write access to the source tree while
doing 'make modules_install'.
Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com>

uname -m was leaving a newline in $arch, and not passing the tests.

Also, printing the unknown arch on failure is probably helpful.
Signed-off-by: NEric Sandeen <sandeen@redhat.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Currently, checkstack.pl only looks for fixed subtractions from the stack
pointer.  However, things like this:

void function(int size)
{
        char stackbuster[size << 2];
...

are certainly worth pointing out, I think.

This could perhaps be done more cleanly, and the following patch only
adds "dynamic" REs for x86 and x86_64, but it works:

0x00b0 crypto_cbc_decrypt_inplace [cbc]:                Dynamic (%rax)
0x00ad crypto_pcbc_decrypt_inplace [pcbc]:              Dynamic (%rax)
0x02f6 crypto_pcbc_encrypt_inplace [pcbc]:              Dynamic (%rax)
0x036c _crypto_xcbc_digest_setkey [xcbc]:               Dynamic (%rax)
...

(Inspired by Keith Owens' old stack-check script)
Signed-off-by: NEric Sandeen <sandeen@redhat.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Signed-off-by: NAndy Whitcroft <apw@shadowen.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

When checking spacing for pointer checks the type cannot start in the
middle of a word, ie. this is not 'int * bar':

	x = fooint * bar;
Signed-off-by: NAndy Whitcroft <apw@shadowen.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Ensure we ignore comments in complex macro detection else we incorrectly
report this:

	#define PFM_GROUP_PERM_ANY     -1      /* any user/group */
Signed-off-by: NAndy Whitcroft <apw@shadowen.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Now that we have a variants system, move to using that to carry the
unary/binary designation for +, -, &, and *.
Signed-off-by: NAndy Whitcroft <apw@shadowen.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Add checks for the question mark colon operator spacing, and also check
the other uses of colon.  Colon means a number of things:

 - it introduces the else part of the ?: operator,
 - it terminates a goto label,
 - it terminates the case value,
 - it separates the identifier from the bit size on bit fields, and
 - it is used to introduce option types in asm().
Signed-off-by: NAndy Whitcroft <apw@shadowen.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Add support for multiple modifiers such as:

	int __one __two foo;

Also handle trailing known modifiers when defecting modifiers:

	int __one foo __read_mostly;
Signed-off-by: NAndy Whitcroft <apw@shadowen.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Ensure we do not inadvertantly load known modifiers up as possible types.
Signed-off-by: NAndy Whitcroft <apw@shadowen.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Make sure we correctly mark the return type of the pointer to a function
declaration.

    const void *(*sb_tag)(struct sysfs_tag_info *info);
Signed-off-by: NAndy Whitcroft <apw@shadowen.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Exclude vmlinux.lds.h from the macro complexity checks.  They will never
apply sanely here.
Signed-off-by: NAndy Whitcroft <apw@shadowen.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Although we are finding the added modifier in the declaration below
we are not correctly matching it as a type.  Fix the declaration.

    static void __ref *vmem_alloc_pages(unsigned int order)
    {
    }
Signed-off-by: NAndy Whitcroft <apw@shadowen.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Improve type matcher debug so we can see what it does match.  As part
of this move us to to using the common debug framework.
Signed-off-by: NAndy Whitcroft <apw@shadowen.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Allow for type modifiers mid declaration on multiple declarations:

	struct mxser_mstatus ms, __user *msu = argp;

Reported by Jiri Slaby.
Signed-off-by: NAndy Whitcroft <apw@shadowen.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Correct spelling in the kfree reports.
Signed-off-by: NWolfram Sang <w.sang@pengutronix.de>
Signed-off-by: NAndy Whitcroft <apw@shadowen.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

usb_free_urb() can take a NULL, so let's check and warn about that.
Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: NAndy Whitcroft <apw@shadowen.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Check to see if the block/statement which a condition or loop introduces
is indented correctly.
Signed-off-by: NAndy Whitcroft <apw@shadowen.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Extend the trailing statement checks to report a trailing semi-colon ';'
as we really want it on the next line and indented so it is really really
obvious.  Also extend the tests to include while and for.
Signed-off-by: NAndy Whitcroft <apw@shadowen.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>