Update old tunables framework document/script.

Since commit 8b9e9c3c0b, security_level replaces
is_secure. There were some old files need to be updated.

2017-03-23  Sunyeop Lee  <sunyeop97@gmail.com>

	* README.tunables: Updated descriptions.
	* elf/dl-tunables.list: Fixed typo: SXID_NONE -> NONE.
	* scripts/gen-tunables.awk: Updated the code related to the commit.

ChangeLog

@@ -1,3 +1,10 @@
+2017-03-24  Sunyeop Lee  <sunyeop97@gmail.com>
+
+	* README.tunables: Updated descriptions.
+	* elf/dl-tunables.list: Fixed typo: SXID_NONE -> NONE.
+	* scripts/gen-tunables.awk: Updated the code related to the
+	commit.
+
 2017-03-23  Wilco Dijkstra  <wdijkstr@arm.com>
 
 	* benchtests/Makefile (string-benchset): Add memcpy-random.

README.tunables

@@ -58,13 +58,13 @@ The list of allowed attributes are:
 
 - env_alias:		An alias environment variable
 
-- is_secure:		Specify whether the tunable should be read for setuid
+- security_level:	Specify security level of the tunable.  Valid values:
-			binaries.  True allows the tunable to be read for
+
-			setuid binaries while false disables it.  Note that
+			SXID_ERASE: (default) Don't read for AT_SECURE binaries and
-			even if this is set as true and the value is read, it
+				    removed so that child processes can't read it.
-			may not be used if it does not validate against the
+			SXID_IGNORE: Don't read for AT_SECURE binaries, but retained for
-			acceptable values or is not considered safe by the
+				     non-AT_SECURE subprocesses.
-			module.
+			NONE: Read all the time.
 
 2. Call either the TUNABLE_SET_VALUE and pass into it the tunable name and a
    pointer to the variable that should be set with the tunable value.

elf/dl-tunables.list

@@ -27,7 +27,7 @@
 # 	     		 removed so that child processes can't read it.
 # 	     SXID_IGNORE: Don't read for AT_SECURE binaries, but retained for
 # 	     		  non-AT_SECURE subprocesses.
-# 	     SXID_NONE: Read all the time.
+# 	     NONE: Read all the time.
 
 glibc {
   malloc {

scripts/gen-tunables.awk

@@ -51,8 +51,8 @@ $1 == "}" {
     if (!env_alias[top_ns][ns][tunable]) {
       env_alias[top_ns][ns][tunable] = "NULL"
     }
-    if (!is_secure[top_ns][ns][tunable]) {
+    if (!security_level[top_ns][ns][tunable]) {
-      is_secure[top_ns][ns][tunable] = "SXID_ERASE"
+      security_level[top_ns][ns][tunable] = "SXID_ERASE"
     }
 
     tunable = ""
@@ -104,12 +104,12 @@ $1 == "}" {
   }
   else if (attr == "security_level") {
     if (val == "SXID_ERASE" || val == "SXID_IGNORE" || val == "NONE") {
-      is_secure[top_ns][ns][tunable] = val
+      security_level[top_ns][ns][tunable] = val
     }
     else {
-      printf("Line %d: Invalid value (%s) for is_secure: %s, ", NR, val,
+      printf("Line %d: Invalid value (%s) for security_level: %s, ", NR, val,
 	     $0)
-      print("Allowed values are 'true' or 'false'")
+      print("Allowed values are 'SXID_ERASE', 'SXID_IGNORE', or 'NONE'")
       exit 1
     }
   }
@@ -148,7 +148,7 @@ END {
         printf ("  {TUNABLE_NAME_S(%s, %s, %s)", t, n, m)
         printf (", {TUNABLE_TYPE_%s, %s, %s}, {.numval = 0}, NULL, TUNABLE_SECLEVEL_%s, %s},\n",
 		types[t][n][m], minvals[t][n][m], maxvals[t][n][m],
-		is_secure[t][n][m], env_alias[t][n][m]);
+		security_level[t][n][m], env_alias[t][n][m]);
       }
     }
   }