From bfc5e3a6af397dcf9c99a6c1872458e7867c4680 Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Wed, 21 Dec 2016 10:39:25 -0500 Subject: [PATCH] selinux: use the kernel headers when building scripts/selinux Commit 3322d0d64f4e ("selinux: keep SELinux in sync with new capability definitions") added a check on the defined capabilities without explicitly including the capability header file which caused problems when building genheaders for users of clang/llvm. Resolve this by using the kernel headers when building genheaders, which is arguably the right thing to do regardless, and explicitly including the kernel's capability.h header file in classmap.h. We also update the mdp build, even though it wasn't causing an error we really should be using the headers from the kernel we are building. Reported-by: Nicolas Iooss Signed-off-by: Paul Moore --- scripts/selinux/genheaders/Makefile | 4 +++- scripts/selinux/genheaders/genheaders.c | 4 ++++ scripts/selinux/mdp/Makefile | 4 +++- scripts/selinux/mdp/mdp.c | 4 ++++ security/selinux/include/classmap.h | 2 ++ 5 files changed, 16 insertions(+), 2 deletions(-) diff --git a/scripts/selinux/genheaders/Makefile b/scripts/selinux/genheaders/Makefile index 1d1ac51359e3a..6fc2b8789a0bf 100644 --- a/scripts/selinux/genheaders/Makefile +++ b/scripts/selinux/genheaders/Makefile @@ -1,4 +1,6 @@ hostprogs-y := genheaders -HOST_EXTRACFLAGS += -Isecurity/selinux/include +HOST_EXTRACFLAGS += \ + -I$(srctree)/include/uapi -I$(srctree)/include \ + -I$(srctree)/security/selinux/include always := $(hostprogs-y) diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c index 539855ff31f97..f4dd41f900d5c 100644 --- a/scripts/selinux/genheaders/genheaders.c +++ b/scripts/selinux/genheaders/genheaders.c @@ -1,3 +1,7 @@ + +/* NOTE: we really do want to use the kernel headers here */ +#define __EXPORTED_HEADERS__ + #include #include #include diff --git a/scripts/selinux/mdp/Makefile b/scripts/selinux/mdp/Makefile index dba7eff69a009..d6a83cafe59f4 100644 --- a/scripts/selinux/mdp/Makefile +++ b/scripts/selinux/mdp/Makefile @@ -1,5 +1,7 @@ hostprogs-y := mdp -HOST_EXTRACFLAGS += -Isecurity/selinux/include +HOST_EXTRACFLAGS += \ + -I$(srctree)/include/uapi -I$(srctree)/include \ + -I$(srctree)/security/selinux/include always := $(hostprogs-y) clean-files := policy.* file_contexts diff --git a/scripts/selinux/mdp/mdp.c b/scripts/selinux/mdp/mdp.c index e10beb11b696e..c29fa4a6228d6 100644 --- a/scripts/selinux/mdp/mdp.c +++ b/scripts/selinux/mdp/mdp.c @@ -24,6 +24,10 @@ * Authors: Serge E. Hallyn */ + +/* NOTE: we really do want to use the kernel headers here */ +#define __EXPORTED_HEADERS__ + #include #include #include diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index e2d4ad3a4b4c5..13ae49b0baa09 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -1,3 +1,5 @@ +#include + #define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \ "getattr", "setattr", "lock", "relabelfrom", "relabelto", "append" -- 2.47.3