2005-04-19 13:53:51 +00:00
#
# Makefile for the security policy.
#
# Targets:
#
# install - compile and install the policy configuration, and context files.
# load - compile, install, and load the policy configuration.
# reload - compile, install, and load/reload the policy configuration.
# relabel - relabel filesystems based on the file contexts configuration.
# checklabels - check filesystems against the file context configuration
# restorelabels - check filesystems against the file context configuration
# and restore the label of files with incorrect labels
# policy - compile the policy configuration locally for testing/development.
#
# The default target is 'policy'.
#
2005-04-14 20:18:17 +00:00
#
2005-12-01 19:04:57 +00:00
# Please see build.conf for policy build options.
2005-04-14 20:18:17 +00:00
#
########################################
#
2005-06-06 18:13:38 +00:00
# NO OPTIONS BELOW HERE
2005-04-14 20:18:17 +00:00
#
2006-02-15 17:59:58 +00:00
# Include the local build.conf if it exists, otherwise
# include the configuration of the root directory.
2006-02-17 14:26:39 +00:00
i n c l u d e b u i l d . c o n f
i f d e f L O C A L _ R O O T
-include $( LOCAL_ROOT) /build.conf
2006-02-15 17:59:58 +00:00
e n d i f
2005-12-01 19:04:57 +00:00
2006-02-01 13:22:14 +00:00
# refpolicy version
2006-08-31 17:28:35 +00:00
version = $( shell cat VERSION)
2006-02-01 13:22:14 +00:00
2006-02-15 17:59:58 +00:00
i f d e f L O C A L _ R O O T
2006-08-31 17:28:35 +00:00
builddir := $( LOCAL_ROOT) /
tmpdir := $( LOCAL_ROOT) /tmp
tags := $( LOCAL_ROOT) /tags
2006-02-15 17:59:58 +00:00
e l s e
2006-08-31 17:28:35 +00:00
tmpdir := tmp
tags := tags
2006-02-15 17:59:58 +00:00
e n d i f
2005-04-14 20:18:17 +00:00
# executable paths
2006-06-28 14:42:36 +00:00
BINDIR ?= /usr/bin
SBINDIR ?= /usr/sbin
2006-07-03 18:03:16 +00:00
i f d e f T E S T _ T O O L C H A I N
2006-09-06 16:36:23 +00:00
tc_usrbindir := env LD_LIBRARY_PATH = " $( TEST_TOOLCHAIN) /lib " $( TEST_TOOLCHAIN) $( BINDIR)
tc_usrsbindir := env LD_LIBRARY_PATH = " $( TEST_TOOLCHAIN) /lib " $( TEST_TOOLCHAIN) $( SBINDIR)
tc_sbindir := env LD_LIBRARY_PATH = " $( TEST_TOOLCHAIN) /lib " $( TEST_TOOLCHAIN) /sbin
2006-07-03 18:03:16 +00:00
e l s e
2006-09-06 16:36:23 +00:00
tc_usrbindir := $( BINDIR)
tc_usrsbindir := $( SBINDIR)
tc_sbindir := /sbin
2006-07-03 18:03:16 +00:00
e n d i f
2006-09-06 16:36:23 +00:00
CHECKPOLICY ?= $( tc_usrbindir) /checkpolicy
CHECKMODULE ?= $( tc_usrbindir) /checkmodule
SEMODULE ?= $( tc_usrsbindir) /semodule
SEMOD_PKG ?= $( tc_usrbindir) /semodule_package
SEMOD_LNK ?= $( tc_usrbindir) /semodule_link
SEMOD_EXP ?= $( tc_usrbindir) /semodule_expand
LOADPOLICY ?= $( tc_usrsbindir) /load_policy
2006-07-03 18:03:16 +00:00
SETFILES ?= $( tc_sbindir) /setfiles
2006-06-28 14:42:36 +00:00
XMLLINT ?= $( BINDIR) /xmllint
SECHECK ?= $( BINDIR) /sechecker
2005-06-01 19:01:00 +00:00
2006-02-13 20:06:05 +00:00
# interpreters and aux tools
AWK ?= gawk
GREP ?= egrep
2006-08-08 21:56:45 +00:00
INSTALL ?= install
2006-02-13 20:06:05 +00:00
M4 ?= m4
PYTHON ?= python
SED ?= sed
2006-03-21 18:14:48 +00:00
SORT ?= LC_ALL = C sort
2006-02-13 20:06:05 +00:00
CFLAGS += -Wall
2005-06-15 14:08:18 +00:00
2005-08-18 21:27:20 +00:00
# policy source layout
2006-08-31 17:28:35 +00:00
poldir := policy
moddir := $( poldir) /modules
flaskdir := $( poldir) /flask
secclass := $( flaskdir) /security_classes
isids := $( flaskdir) /initial_sids
avs := $( flaskdir) /access_vectors
2005-08-18 21:27:20 +00:00
2006-02-15 17:59:58 +00:00
# local source layout
i f d e f L O C A L _ R O O T
2006-08-31 17:28:35 +00:00
local_poldir := $( LOCAL_ROOT) /policy
local_moddir := $( local_poldir) /modules
2006-02-15 17:59:58 +00:00
e n d i f
2005-08-18 21:27:20 +00:00
# policy building support tools
2006-08-31 17:28:35 +00:00
support := support
2006-09-13 19:10:53 +00:00
genxml := $( PYTHON) -E $( support) /segenxml.py
gendoc := $( PYTHON) -E $( support) /sedoctool.py
genperm := $( PYTHON) -E $( support) /genclassperms.py
2006-08-31 17:28:35 +00:00
fcsort := $( tmpdir) /fc_sort
setbools := $( AWK) -f $( support) /set_bools_tuns.awk
get_type_attr_decl := $( SED) -r -f $( support) /get_type_attr_decl.sed
comment_move_decl := $( SED) -r -f $( support) /comment_move_decl.sed
2006-09-13 19:10:53 +00:00
gennetfilter := $( PYTHON) -E $( support) /gennetfilter.py
2006-05-15 15:21:43 +00:00
# use our own genhomedircon to make sure we have a known usable one,
# so policycoreutils updates are not required (RHEL4)
2006-09-13 19:10:53 +00:00
genhomedircon := $( PYTHON) -E $( support) /genhomedircon
2005-06-07 18:35:18 +00:00
2005-08-18 21:27:20 +00:00
# documentation paths
2006-08-31 17:28:35 +00:00
docs := doc
xmldtd = $( docs) /policy.dtd
2007-03-26 18:41:45 +00:00
metaxml = metadata.xml
2006-08-31 17:28:35 +00:00
doctemplate = $( docs) /templates
docfiles = $( docs) /Makefile.example $( addprefix $( docs) /,example.te example.if example.fc)
2005-08-18 21:27:20 +00:00
2006-02-15 17:59:58 +00:00
i f n d e f L O C A L _ R O O T
2006-08-31 17:28:35 +00:00
polxml = $( docs) /policy.xml
tunxml = $( docs) /global_tunables.xml
boolxml = $( docs) /global_booleans.xml
htmldir = $( docs) /html
2006-02-15 17:59:58 +00:00
e l s e
2006-08-31 17:28:35 +00:00
polxml = $( LOCAL_ROOT) /doc/policy.xml
tunxml = $( LOCAL_ROOT) /doc/global_tunables.xml
boolxml = $( LOCAL_ROOT) /doc/global_booleans.xml
htmldir = $( LOCAL_ROOT) /doc/html
2006-02-15 17:59:58 +00:00
e n d i f
2005-08-18 21:27:20 +00:00
# config file paths
2006-08-31 17:28:35 +00:00
globaltun = $( poldir) /global_tunables
globalbool = $( poldir) /global_booleans
rolemap = $( poldir) /rolemap
user_files := $( poldir) /users
2005-08-18 21:27:20 +00:00
2006-02-15 17:59:58 +00:00
# local config file paths
i f n d e f L O C A L _ R O O T
2006-08-31 17:28:35 +00:00
mod_conf = $( poldir) /modules.conf
booleans = $( poldir) /booleans.conf
tunables = $( poldir) /tunables.conf
2006-02-15 17:59:58 +00:00
e l s e
2006-08-31 17:28:35 +00:00
mod_conf = $( local_poldir) /modules.conf
booleans = $( local_poldir) /booleans.conf
tunables = $( local_poldir) /tunables.conf
2006-02-15 17:59:58 +00:00
e n d i f
2005-08-18 21:27:20 +00:00
# install paths
2006-08-31 17:28:35 +00:00
PKGNAME ?= refpolicy-$( version)
prefix = $( DESTDIR) /usr
topdir = $( DESTDIR) /etc/selinux
installdir = $( topdir) /$( strip $( NAME) )
srcpath = $( installdir) /src
userpath = $( installdir) /users
2006-10-10 15:09:59 +00:00
policypath = $( installdir) /policy
2006-08-31 17:28:35 +00:00
contextpath = $( installdir) /contexts
2006-10-10 15:09:59 +00:00
homedirpath = $( contextpath) /files/homedir_template
2006-08-31 17:28:35 +00:00
fcpath = $( contextpath) /files/file_contexts
ncpath = $( contextpath) /netfilter_contexts
sharedir = $( prefix) /share/selinux
modpkgdir = $( sharedir) /$( strip $( NAME) )
headerdir = $( modpkgdir) /include
docsdir = $( prefix) /share/doc/$( PKGNAME)
2005-11-22 22:07:12 +00:00
# compile strict policy if requested.
i f n e q ( $( findstring strict ,$ ( TYPE ) ) , )
2006-01-25 19:29:55 +00:00
M4PARAM += -D strict_policy
2005-11-22 22:07:12 +00:00
e n d i f
# compile targeted policy if requested.
i f n e q ( $( findstring targeted ,$ ( TYPE ) ) , )
2006-01-25 19:29:55 +00:00
M4PARAM += -D targeted_policy
2005-11-22 22:07:12 +00:00
e n d i f
2005-04-14 20:18:17 +00:00
2005-06-01 15:40:37 +00:00
# enable MLS if requested.
2005-09-16 13:36:26 +00:00
i f n e q ( $( findstring -mls ,$ ( TYPE ) ) , )
2006-01-25 19:29:55 +00:00
M4PARAM += -D enable_mls
CHECKPOLICY += -M
CHECKMODULE += -M
2006-05-25 15:14:19 +00:00
gennetfilter += -m
2005-06-01 15:40:37 +00:00
e n d i f
2005-09-16 13:36:26 +00:00
# enable MLS if MCS requested.
i f n e q ( $( findstring -mcs ,$ ( TYPE ) ) , )
2006-01-25 19:29:55 +00:00
M4PARAM += -D enable_mcs
CHECKPOLICY += -M
CHECKMODULE += -M
2006-05-25 15:14:19 +00:00
gennetfilter += -c
2005-06-06 18:13:38 +00:00
e n d i f
2005-07-13 18:08:12 +00:00
# enable distribution-specific policy
i f n e q ( $( DISTRO ) , )
2006-01-25 19:29:55 +00:00
M4PARAM += -D distro_$( DISTRO)
2005-07-13 18:08:12 +00:00
e n d i f
2006-03-31 14:28:45 +00:00
# rhel4 also implies redhat
i f e q "$(DISTRO)" "rhel4"
M4PARAM += -D distro_redhat
e n d i f
2005-06-06 18:13:38 +00:00
i f n e q ( $( OUTPUT_POLICY ) , )
2006-01-25 19:29:55 +00:00
CHECKPOLICY += -c $( OUTPUT_POLICY)
2005-06-06 18:13:38 +00:00
e n d i f
2006-01-25 19:29:55 +00:00
# if not set, use the type as the name.
NAME ?= $( TYPE)
2005-06-01 15:40:37 +00:00
2007-09-27 13:41:09 +00:00
# default unknown permissions setting
#UNK_PERMS ?= deny
2005-09-21 14:49:41 +00:00
i f e q ( $( DIRECT_INITRC ) , y )
2006-01-25 19:29:55 +00:00
M4PARAM += -D direct_sysadm_daemon
2005-09-21 14:49:41 +00:00
e n d i f
2006-10-04 17:25:34 +00:00
# default MLS/MCS sensitivity and category settings.
MLS_SENS ?= 16
MLS_CATS ?= 256
MCS_CATS ?= 256
2006-01-26 20:35:55 +00:00
i f e q ( $( QUIET ) , y )
verbose = @
e n d i f
2006-10-04 17:25:34 +00:00
M4PARAM += -D mls_num_sens = $( MLS_SENS) -D mls_num_cats = $( MLS_CATS) -D mcs_num_cats = $( MCS_CATS) -D hide_broken_symptoms
2005-10-24 22:49:26 +00:00
2006-01-25 18:30:27 +00:00
# we need exuberant ctags; unfortunately it is named
# differently on different distros
i f e q ( $( DISTRO ) , d e b i a n )
CTAGS := ctags-exuberant
e n d i f
i f e q ( $( DISTRO ) , g e n t o o )
CTAGS := exuberant-ctags
e n d i f
2006-01-25 19:02:48 +00:00
CTAGS ?= ctags
2006-01-25 18:30:27 +00:00
2006-08-31 17:28:35 +00:00
m4support := $( wildcard $( poldir) /support/*.spt)
2006-04-11 18:23:53 +00:00
i f d e f L O C A L _ R O O T
2006-08-31 17:28:35 +00:00
m4support += $( wildcard $( local_poldir) /support/*.spt)
2006-04-11 18:23:53 +00:00
e n d i f
2005-06-07 15:11:47 +00:00
2006-08-31 17:28:35 +00:00
appconf := config/appconfig-$( TYPE)
seusers := $( appconf) /seusers
appdir := $( contextpath)
2006-10-12 13:18:21 +00:00
user_default_contexts := $( wildcard config/appconfig-$( TYPE) /*_default_contexts)
user_default_contexts_names := $( addprefix $( contextpath) /users/,$( subst _default_contexts,,$( notdir $( user_default_contexts) ) ) )
appfiles := $( addprefix $( appdir) /,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $( contextpath) /files/media $( user_default_contexts_names)
2006-08-31 17:28:35 +00:00
net_contexts := $( builddir) net_contexts
2005-05-25 20:58:09 +00:00
2007-09-21 15:06:58 +00:00
all_layers := $( shell find $( wildcard $( moddir) /*) -maxdepth 0 -type d)
2006-02-15 17:59:58 +00:00
i f d e f L O C A L _ R O O T
2007-09-21 15:06:58 +00:00
all_layers += $( shell find $( wildcard $( local_moddir) /*) -maxdepth 0 -type d)
2006-02-15 17:59:58 +00:00
e n d i f
2005-06-08 22:14:26 +00:00
2006-08-31 17:28:35 +00:00
generated_te := $( basename $( foreach dir,$( all_layers) ,$( wildcard $( dir) /*.te.in) ) )
generated_if := $( basename $( foreach dir,$( all_layers) ,$( wildcard $( dir) /*.if.in) ) )
generated_fc := $( basename $( foreach dir,$( all_layers) ,$( wildcard $( dir) /*.fc.in) ) )
2005-06-08 22:14:26 +00:00
2005-06-14 18:39:55 +00:00
# sort here since it removes duplicates, which can happen
# when a generated file is already generated
2006-08-31 17:28:35 +00:00
detected_mods := $( sort $( foreach dir,$( all_layers) ,$( wildcard $( dir) /*.te) ) $( generated_te) )
2005-06-28 17:31:18 +00:00
2007-09-21 15:06:58 +00:00
modxml := $( addprefix $( tmpdir) /, $( detected_mods:.te= .xml) )
layerxml := $( sort $( addprefix $( tmpdir) /, $( notdir $( addsuffix .xml,$( all_layers) ) ) ) )
layer_names := $( sort $( notdir $( all_layers) ) )
all_metaxml = $( call detect-metaxml, $( layer_names) )
2007-03-26 18:41:45 +00:00
2005-08-18 21:27:20 +00:00
# modules.conf setting for base module
2006-08-31 17:28:35 +00:00
configbase := base
2005-08-18 21:27:20 +00:00
2006-01-12 16:07:59 +00:00
# modules.conf setting for loadable module
2006-08-31 17:28:35 +00:00
configmod := module
2005-08-18 21:27:20 +00:00
2006-01-12 16:07:59 +00:00
# modules.conf setting for unused module
2006-08-31 17:28:35 +00:00
configoff := off
2006-01-12 16:07:59 +00:00
2006-02-15 17:59:58 +00:00
# test for module overrides from command line
2006-08-31 17:28:35 +00:00
mod_test = $( filter $( APPS_OFF) , $( APPS_BASE) $( APPS_MODS) )
mod_test += $( filter $( APPS_MODS) , $( APPS_BASE) )
i f n e q "$(strip $(mod_test))" ""
$( error Applications must be base, module, or off, and not in more than one list! $( strip $( mod_test) ) found in multiple lists!)
2006-02-15 17:59:58 +00:00
e n d i f
2006-04-11 18:23:53 +00:00
# add on suffix to modules specified on command line
2006-08-31 17:28:35 +00:00
cmdline_base := $( addsuffix .te,$( APPS_BASE) )
cmdline_mods := $( addsuffix .te,$( APPS_MODS) )
cmdline_off := $( addsuffix .te,$( APPS_OFF) )
2006-04-11 18:23:53 +00:00
2005-08-18 21:27:20 +00:00
# extract settings from modules.conf
2006-08-31 17:28:35 +00:00
mod_conf_base := $( addsuffix .te,$( sort $( shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configbase)") print $$1 }' $( mod_conf) 2> /dev/null) ) )
mod_conf_mods := $( addsuffix .te,$( sort $( shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configmod)") print $$1 }' $( mod_conf) 2> /dev/null) ) )
mod_conf_off := $( addsuffix .te,$( sort $( shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configoff)") print $$1 }' $( mod_conf) 2> /dev/null) ) )
2006-04-11 18:23:53 +00:00
2006-08-31 17:28:35 +00:00
base_mods := $( cmdline_base)
mod_mods := $( cmdline_mods)
off_mods := $( cmdline_off)
2006-03-06 15:20:12 +00:00
2006-08-31 17:28:35 +00:00
base_mods += $( filter-out $( cmdline_off) $( cmdline_base) $( cmdline_mods) , $( mod_conf_base) )
mod_mods += $( filter-out $( cmdline_off) $( cmdline_base) $( cmdline_mods) , $( mod_conf_mods) )
off_mods += $( filter-out $( cmdline_off) $( cmdline_base) $( cmdline_mods) , $( mod_conf_off) )
2006-03-06 15:20:12 +00:00
# add modules not in modules.conf to the off list
2006-08-31 17:28:35 +00:00
off_mods += $( filter-out $( base_mods) $( mod_mods) $( off_mods) ,$( notdir $( detected_mods) ) )
2005-09-12 15:17:39 +00:00
2006-02-15 19:46:20 +00:00
# filesystems to be used in labeling targets
2006-08-31 17:28:35 +00:00
filesystems = $( shell mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs| jfs).*rw/{print $$3}' ; )
2006-02-01 13:22:14 +00:00
2006-01-26 18:04:57 +00:00
########################################
#
# Functions
#
2006-09-06 22:07:25 +00:00
# parse-rolemap-compat modulename,outputfile
d e f i n e p a r s e - r o l e m a p - c o m p a t
$( verbose) $( M4) $( M4PARAM) $( rolemap) | \
$( AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
e n d e f
2006-01-26 18:04:57 +00:00
# parse-rolemap modulename,outputfile
d e f i n e p a r s e - r o l e m a p
2006-08-31 17:28:35 +00:00
$( verbose) $( M4) $( M4PARAM) $( rolemap) | \
2006-09-06 22:07:25 +00:00
$( AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_role_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
2006-01-26 18:04:57 +00:00
e n d e f
2006-09-06 22:07:25 +00:00
# perrole-expansion modulename,outputfile
d e f i n e p e r r o l e - e x p a n s i o n
$( verbose) echo "ifdef(\`" " $1 " "_per_role_template',\`" > $2
2006-01-26 18:04:57 +00:00
$( call parse-rolemap,$1 ,$2 )
2006-01-26 20:35:55 +00:00
$( verbose) echo "')" >> $2
2006-09-06 22:07:25 +00:00
$( verbose) echo "ifdef(\`" " $1 " "_per_userdomain_template',\`" >> $2
$( verbose) echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (" " $1 " "_per_userdomain_template)'__endline__)" >> $2
$( call parse-rolemap-compat,$1 ,$2 )
$( verbose) echo "')" >> $2
e n d e f
# create-base-per-role-tmpl modulenames,outputfile
d e f i n e c r e a t e - b a s e - p e r - r o l e - t m p l
$( verbose) echo "define(\`base_per_role_template',\`" >> $2
$( verbose) for i in $1 ; do \
echo "ifdef(\`" " $$ i " "_per_role_template',\`" " $$ i " "_per_role_template(" '$$*' ")')" \
>> $2 ; \
done
$( verbose) for i in $1 ; do \
echo "ifdef(\`" " $$ i " "_per_userdomain_template',\`" >> $2 ; \
echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (" " $$ i " "_per_userdomain_template)'__endline__)" >> $2 ; \
echo "" " $$ i " "_per_userdomain_template(" '$$*' ")')" >> $2 ; \
done
$( verbose) echo "')" >> $@
2006-01-26 18:04:57 +00:00
e n d e f
2007-09-21 15:06:58 +00:00
# detect-metaxml layer_names
i f d e f L O C A L _ R O O T
d e f i n e d e t e c t - m e t a x m l
$( shell for i in $1 ; do \
if [ -d $( moddir) /$$ i -a -d $( local_moddir) /$$ i ] ; then \
if [ -f $( local_moddir) /$$ i/$( metaxml) ] ; then \
echo $( local_moddir) /$$ i/$( metaxml) ; \
else \
echo $( moddir) /$$ i/$( metaxml) ; \
fi \
elif [ -d $( local_moddir) /$$ i ] ; then
echo $( local_moddir) /$$ i/$( metaxml) ; \
else \
echo $( moddir) /$$ i/$( metaxml) ; \
fi \
done )
e n d e f
e l s e
d e f i n e d e t e c t - m e t a x m l
$( shell for i in $1 ; do echo $( moddir) /$$ i/$( metaxml) ; done )
e n d e f
e n d i f
2005-04-14 20:18:17 +00:00
########################################
#
2005-08-18 21:27:20 +00:00
# Load appropriate rules
2005-04-14 20:18:17 +00:00
#
2005-08-18 21:27:20 +00:00
i f e q ( $( MONOLITHIC ) , y )
2006-02-16 17:11:58 +00:00
include Rules.monolithic
2005-08-18 21:27:20 +00:00
e l s e
2006-02-16 17:11:58 +00:00
include Rules.modular
2005-04-14 20:18:17 +00:00
e n d i f
2005-04-19 13:53:51 +00:00
########################################
#
2005-08-18 21:27:20 +00:00
# Generated files
2005-04-14 20:18:17 +00:00
#
2006-02-15 17:59:58 +00:00
# NOTE: There is no "local" version of these files.
#
2006-08-31 17:28:35 +00:00
generate : $( generated_te ) $( generated_if ) $( generated_fc )
2006-02-16 22:25:09 +00:00
2006-09-05 14:29:37 +00:00
$(moddir)/kernel/corenetwork.if : $( moddir ) /kernel /corenetwork .te .in $( moddir ) /kernel /corenetwork .if .m 4 $( moddir ) /kernel /corenetwork .if .in
2005-06-13 18:40:08 +00:00
@echo "#" > $@
@echo "# This is a generated file! Instead of modifying this file, the" >> $@
@echo " # $( notdir $@ ) .in or $( notdir $@ ) .m4 file should be modified. " >> $@
@echo "#" >> $@
2006-09-05 14:29:37 +00:00
$( verbose) cat $@ .in >> $@
$( verbose) $( GREP) "^[[:blank:]]*network_(interface|node|port|packet)\(.*\)" $< \
| $( M4) -D self_contained_policy $( M4PARAM) $@ .m4 - \
2006-08-08 21:56:45 +00:00
| $( SED) -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
2005-06-08 21:46:39 +00:00
2006-08-31 17:28:35 +00:00
$(moddir)/kernel/corenetwork.te : $( moddir ) /kernel /corenetwork .te .m 4 $( moddir ) /kernel /corenetwork .te .in
2005-06-13 18:40:08 +00:00
@echo "#" > $@
@echo "# This is a generated file! Instead of modifying this file, the" >> $@
@echo " # $( notdir $@ ) .in or $( notdir $@ ) .m4 file should be modified. " >> $@
@echo "#" >> $@
2006-08-08 21:56:45 +00:00
$( verbose) $( M4) -D self_contained_policy $( M4PARAM) $^ \
| $( SED) -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
2005-06-08 21:46:39 +00:00
2006-05-25 15:14:19 +00:00
########################################
#
# Network packet labeling
#
2006-08-31 17:28:35 +00:00
$(net_contexts) : $( moddir ) /kernel /corenetwork .te .in
2006-05-25 15:14:19 +00:00
@echo "Creating netfilter network labeling rules"
$( verbose) $( gennetfilter) $^ > $@
2005-06-08 13:44:23 +00:00
########################################
#
# Create config files
#
2006-08-31 17:28:35 +00:00
conf : $( mod_conf ) $( booleans ) $( generated_te ) $( generated_if ) $( generated_fc )
2005-06-14 15:54:55 +00:00
2006-08-31 17:28:35 +00:00
$(mod_conf) $(booleans) : $( polxml )
@echo " Updating $( mod_conf) and $( booleans) "
$( verbose) $( gendoc) -b $( booleans) -m $( mod_conf) -x $( polxml)
2005-06-08 13:44:23 +00:00
2006-02-15 17:59:58 +00:00
########################################
#
# Generate the fc_sort program
#
2006-08-31 17:28:35 +00:00
$(fcsort) : $( support ) /fc_sort .c
2007-09-21 15:06:58 +00:00
$( verbose) $( CC) $( CFLAGS) $^ -o $@
2006-02-15 17:59:58 +00:00
2005-05-18 20:58:13 +00:00
########################################
#
# Documentation generation
#
2007-09-21 15:06:58 +00:00
$(layerxml) : %.xml : $( all_metaxml ) $( filter $ ( addprefix $ ( moddir ) /, $ ( notdir $ *) ) %, $ ( detected_mods ) ) $( subst .te ,.if , $ ( filter $ ( addprefix $ ( moddir ) /, $ ( notdir $ *) ) %, $ ( detected_mods ) ) )
2007-03-26 18:41:45 +00:00
@test -d $( tmpdir) || mkdir -p $( tmpdir)
2007-09-21 15:06:58 +00:00
$( verbose) cat $( filter %$( notdir $* ) /$( metaxml) , $( all_metaxml) ) > $@
$( verbose) for i in $( basename $( filter $( addprefix $( moddir) /, $( notdir $* ) ) %, $( detected_mods) ) ) ; do $( genxml) -w -m $$ i >> $@ ; done
i f d e f L O C A L _ R O O T
$( verbose) for i in $( basename $( filter $( addprefix $( local_moddir) /, $( notdir $* ) ) %, $( detected_mods) ) ) ; do $( genxml) -w -m $$ i >> $@ ; done
e n d i f
2007-03-26 18:41:45 +00:00
$(tunxml) : $( globaltun )
$( verbose) $( genxml) -w -t $< > $@
$(boolxml) : $( globalbool )
$( verbose) $( genxml) -w -b $< > $@
$(polxml) : $( layerxml ) $( tunxml ) $( boolxml )
2006-02-17 14:26:39 +00:00
@echo " Creating $( @F) "
2006-08-31 17:28:35 +00:00
@test -d $( dir $( polxml) ) || mkdir -p $( dir $( polxml) )
@test -d $( tmpdir) || mkdir -p $( tmpdir)
2006-01-26 20:35:55 +00:00
$( verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
2006-08-31 17:28:35 +00:00
$( verbose) echo '<!DOCTYPE policy SYSTEM "$(notdir $(xmldtd))">' >> $@
2007-03-26 18:41:45 +00:00
$( verbose) echo '<policy>' >> $@
2007-09-21 15:06:58 +00:00
$( verbose) for i in $( basename $( notdir $( layerxml) ) ) ; do echo " <layer name=\" $$ i\"> " >> $@ ; cat $( tmpdir) /$$ i.xml >> $@ ; echo "</layer>" >> $@ ; done
$( verbose) cat $( tunxml) $( boolxml) >> $@
2007-03-26 18:41:45 +00:00
$( verbose) echo '</policy>' >> $@
2006-08-31 17:28:35 +00:00
$( verbose) if test -x $( XMLLINT) && test -f $( xmldtd) ; then \
$( XMLLINT) --noout --path $( dir $( xmldtd) ) --dtdvalid $( xmldtd) $@ ; \
2005-06-01 18:34:34 +00:00
fi
2005-05-18 20:58:13 +00:00
2007-03-26 18:41:45 +00:00
xml : $( polxml )
2006-02-16 20:41:57 +00:00
2006-08-31 17:28:35 +00:00
html $(tmpdir)/html : $( polxml )
@echo " Building html interface reference documentation in $( htmldir) "
@test -d $( htmldir) || mkdir -p $( htmldir)
@test -d $( tmpdir) || mkdir -p $( tmpdir)
$( verbose) $( gendoc) -d $( htmldir) -T $( doctemplate) -x $( polxml)
$( verbose) cp $( doctemplate) /*.css $( htmldir)
@touch $( tmpdir) /html
2005-06-09 19:02:52 +00:00
2005-05-25 20:58:09 +00:00
########################################
#
# Runtime binary policy patching of users
#
2006-08-31 17:28:35 +00:00
$(userpath)/system.users : $( m 4support ) $( tmpdir ) /generated_definitions .conf $( user_files )
@mkdir -p $( tmpdir)
@mkdir -p $( userpath)
2005-05-25 20:58:09 +00:00
@echo "Installing system.users"
2006-08-31 17:28:35 +00:00
@echo "# " > $( tmpdir) /system.users
@echo "# Do not edit this file. " >> $( tmpdir) /system.users
@echo "# This file is replaced on reinstalls of this policy." >> $( tmpdir) /system.users
@echo "# Please edit local.users to make local changes." >> $( tmpdir) /system.users
@echo "#" >> $( tmpdir) /system.users
2006-08-08 21:56:45 +00:00
$( verbose) $( M4) -D self_contained_policy $( M4PARAM) $^ | $( SED) -r -e 's/^[[:blank:]]+//' \
2006-08-31 17:28:35 +00:00
-e '/^[[:blank:]]*($$|#)/d' >> $( tmpdir) /system.users
$( verbose) $( INSTALL) -m 644 $( tmpdir) /system.users $@
2005-05-25 20:58:09 +00:00
2006-08-31 17:28:35 +00:00
$(userpath)/local.users : config /local .users
@mkdir -p $( userpath)
2005-05-25 20:58:09 +00:00
@echo "Installing local.users"
2006-08-08 21:56:45 +00:00
$( verbose) $( INSTALL) -b -m 644 $< $@
2005-05-25 20:58:09 +00:00
########################################
#
2006-10-04 17:25:34 +00:00
# Build Appconfig files
#
$(tmpdir)/initrc_context : $( appconf ) /initrc_context
@mkdir -p $( tmpdir)
$( verbose) $( M4) $( M4PARAM) $( m4support) $^ | $( GREP) '^[a-z]' > $@
########################################
#
# Install Appconfig files
2005-05-25 20:58:09 +00:00
#
2006-08-31 17:28:35 +00:00
install-appconfig : $( appfiles )
2005-05-25 20:58:09 +00:00
2006-08-31 17:28:35 +00:00
$(installdir)/booleans : $( booleans )
@mkdir -p $( tmpdir)
@mkdir -p $( installdir)
2006-08-08 21:56:45 +00:00
$( verbose) $( SED) -r -e 's/false/0/g' -e 's/true/1/g' \
2006-08-31 17:28:35 +00:00
-e '/^[[:blank:]]*($$|#)/d' $( booleans) | $( SORT) > $( tmpdir) /booleans
$( verbose) $( INSTALL) -m 644 $( tmpdir) /booleans $@
2005-06-14 18:13:55 +00:00
2006-08-31 17:28:35 +00:00
$(contextpath)/files/media : $( appconf ) /media
@mkdir -p $( contextpath) /files/
2006-08-08 21:56:45 +00:00
$( verbose) $( INSTALL) -m 644 $< $@
2005-05-25 20:58:09 +00:00
2006-08-31 17:28:35 +00:00
$(appdir)/default_contexts : $( appconf ) /default_contexts
@mkdir -p $( appdir)
2006-08-08 21:56:45 +00:00
$( verbose) $( INSTALL) -m 644 $< $@
2005-05-25 20:58:09 +00:00
2006-08-31 17:28:35 +00:00
$(appdir)/removable_context : $( appconf ) /removable_context
@mkdir -p $( appdir)
2006-08-08 21:56:45 +00:00
$( verbose) $( INSTALL) -m 644 $< $@
2005-05-25 20:58:09 +00:00
2006-08-31 17:28:35 +00:00
$(appdir)/default_type : $( appconf ) /default_type
@mkdir -p $( appdir)
2006-08-08 21:56:45 +00:00
$( verbose) $( INSTALL) -m 644 $< $@
2005-05-25 20:58:09 +00:00
2006-08-31 17:28:35 +00:00
$(appdir)/userhelper_context : $( appconf ) /userhelper_context
@mkdir -p $( appdir)
2006-08-08 21:56:45 +00:00
$( verbose) $( INSTALL) -m 644 $< $@
2005-05-25 20:58:09 +00:00
2006-10-04 17:25:34 +00:00
$(appdir)/initrc_context : $( tmpdir ) /initrc_context
2006-08-31 17:28:35 +00:00
@mkdir -p $( appdir)
2006-08-08 21:56:45 +00:00
$( verbose) $( INSTALL) -m 644 $< $@
2005-05-25 20:58:09 +00:00
2006-08-31 17:28:35 +00:00
$(appdir)/failsafe_context : $( appconf ) /failsafe_context
@mkdir -p $( appdir)
2006-08-08 21:56:45 +00:00
$( verbose) $( INSTALL) -m 644 $< $@
2005-05-25 20:58:09 +00:00
2006-08-31 17:28:35 +00:00
$(appdir)/dbus_contexts : $( appconf ) /dbus_contexts
@mkdir -p $( appdir)
2006-08-08 21:56:45 +00:00
$( verbose) $( INSTALL) -m 644 $< $@
2005-05-25 20:58:09 +00:00
2006-10-12 13:18:21 +00:00
$(contextpath)/users/% : $( appconf ) /%_default_contexts
2006-08-31 17:28:35 +00:00
@mkdir -p $( appdir) /users
2006-10-12 13:18:21 +00:00
$( verbose) $( INSTALL) -m 644 $^ $@
2006-01-26 20:35:55 +00:00
########################################
#
# Install policy headers
#
2007-03-26 18:41:45 +00:00
install-headers : $( layerxml ) $( tunxml ) $( boolxml )
2006-08-31 17:28:35 +00:00
@mkdir -p $( headerdir)
2006-02-17 14:26:39 +00:00
@echo " Installing $( TYPE) policy headers. "
2007-09-21 15:06:58 +00:00
$( verbose) $( INSTALL) -m 644 $^ $( headerdir)
2006-08-31 17:28:35 +00:00
$( verbose) $( M4) $( M4PARAM) $( rolemap) > $( headerdir) /$( notdir $( rolemap) )
$( verbose) mkdir -p $( headerdir) /support
$( verbose) $( INSTALL) -m 644 $( m4support) $( word $( words $( genxml) ) ,$( genxml) ) $( xmldtd) $( headerdir) /support
$( verbose) $( genperm) $( avs) $( secclass) > $( headerdir) /support/all_perms.spt
$( verbose) for i in $( notdir $( all_layers) ) ; do \
mkdir -p $( headerdir) /$$ i ; \
2007-09-21 15:06:58 +00:00
$( INSTALL) -m 644 $( moddir) /$$ i/*.if $( headerdir) /$$ i ; \
2006-02-10 18:41:53 +00:00
done
2006-08-31 17:28:35 +00:00
$( verbose) echo " TYPE ?= $( TYPE) " > $( headerdir) /build.conf
$( verbose) echo " NAME ?= $( NAME) " >> $( headerdir) /build.conf
2006-02-10 18:41:53 +00:00
i f n e q "$(DISTRO)" ""
2006-08-31 17:28:35 +00:00
$( verbose) echo " DISTRO ?= $( DISTRO) " >> $( headerdir) /build.conf
2006-02-10 18:41:53 +00:00
e n d i f
2006-08-31 17:28:35 +00:00
$( verbose) echo "MONOLITHIC ?= n" >> $( headerdir) /build.conf
$( verbose) echo " DIRECT_INITRC ?= $( DIRECT_INITRC) " >> $( headerdir) /build.conf
2006-10-04 17:25:34 +00:00
$( verbose) echo " override MLS_SENS := $( MLS_SENS) " >> $( headerdir) /build.conf
$( verbose) echo " override MLS_CATS := $( MLS_CATS) " >> $( headerdir) /build.conf
$( verbose) echo " override MCS_CATS := $( MCS_CATS) " >> $( headerdir) /build.conf
2006-08-31 17:28:35 +00:00
$( verbose) $( INSTALL) -m 644 $( support) /Makefile.devel $( headerdir) /Makefile
2005-05-25 20:58:09 +00:00
2006-02-01 13:22:14 +00:00
########################################
#
# Install policy documentation
#
2006-08-31 17:28:35 +00:00
install-docs : $( tmpdir ) /html
@mkdir -p $( docsdir) /html
2006-02-01 13:22:14 +00:00
@echo "Installing policy documentation"
2006-08-31 17:28:35 +00:00
$( verbose) $( INSTALL) -m 644 $( docfiles) $( docsdir)
$( verbose) $( INSTALL) -m 644 $( wildcard $( htmldir) /*) $( docsdir) /html
2006-02-01 13:22:14 +00:00
2005-06-15 14:14:20 +00:00
########################################
#
# Install policy sources
#
install-src :
2006-08-31 17:28:35 +00:00
rm -rf $( srcpath) /policy.old
-mv $( srcpath) /policy $( srcpath) /policy.old
mkdir -p $( srcpath) /policy
cp -R . $( srcpath) /policy
2005-06-15 14:14:20 +00:00
2006-01-25 18:30:27 +00:00
########################################
#
# Generate tags file
#
2006-08-31 17:28:35 +00:00
tags : $( tags )
$(tags) :
2006-01-25 18:30:27 +00:00
@( $( CTAGS) --version | grep -q Exuberant) || ( echo ERROR: Need exuberant-ctags to function !; exit 1)
2006-08-31 17:28:35 +00:00
@LC_ALL= C $( CTAGS) -f $( tags) --langdef= te --langmap= te:..te.if.spt \
2006-01-25 18:30:27 +00:00
--regex-te= '/^type[ \t]+(\w+)(,|;)/\1/t,type/' \
--regex-te= '/^typealias[ \t]+\w+[ \t+]+alias[ \t]+(\w+);/\1/t,type/' \
--regex-te= '/^attribute[ \t]+(\w+);/\1/a,attribute/' \
--regex-te= '/^[ \t]*define\(`(\w+)/\1/d,define/' \
--regex-te= '/^[ \t]*interface\(`(\w+)/\1/i,interface/' \
2007-06-28 13:13:55 +00:00
--regex-te= '/^[ \t]*template\(`(\w+)/\1/i,template/' \
2006-01-25 18:30:27 +00:00
--regex-te= '/^[ \t]*bool[ \t]+(\w+)/\1/b,bool/' policy/modules/*/*.{ if ,te} policy/support/*.spt
2006-02-01 13:22:14 +00:00
########################################
#
# Filesystem labeling
#
checklabels :
@echo "Checking labels on filesystem types: ext2 ext3 xfs jfs"
2006-08-31 17:28:35 +00:00
@if test -z " $( filesystems) " ; then \
2006-02-01 13:22:14 +00:00
echo "No filesystems with extended attributes found!" ; \
false ; \
fi
2006-08-31 17:28:35 +00:00
$( verbose) $( SETFILES) -v -n $( fcpath) $( filesystems)
2006-02-01 13:22:14 +00:00
restorelabels :
@echo "Restoring labels on filesystem types: ext2 ext3 xfs jfs"
2006-08-31 17:28:35 +00:00
@if test -z " $( filesystems) " ; then \
2006-02-01 13:22:14 +00:00
echo "No filesystems with extended attributes found!" ; \
false ; \
fi
2006-08-31 17:28:35 +00:00
$( verbose) $( SETFILES) -v $( fcpath) $( filesystems)
2006-02-01 13:22:14 +00:00
relabel :
@echo "Relabeling filesystem types: ext2 ext3 xfs jfs"
2006-08-31 17:28:35 +00:00
@if test -z " $( filesystems) " ; then \
2006-02-01 13:22:14 +00:00
echo "No filesystems with extended attributes found!" ; \
false ; \
fi
2006-08-31 17:28:35 +00:00
$( verbose) $( SETFILES) $( fcpath) $( filesystems)
2006-02-01 13:22:14 +00:00
resetlabels :
@echo "Resetting labels on filesystem types: ext2 ext3 xfs jfs"
2006-08-31 17:28:35 +00:00
@if test -z " $( filesystems) " ; then \
2006-02-01 13:22:14 +00:00
echo "No filesystems with extended attributes found!" ; \
false ; \
fi
2006-08-31 17:28:35 +00:00
$( verbose) $( SETFILES) -F $( fcpath) $( filesystems)
2006-02-01 13:22:14 +00:00
2005-06-15 15:45:54 +00:00
########################################
#
# Clean everything
#
2005-06-07 15:11:47 +00:00
bare : clean
2006-08-31 17:28:35 +00:00
rm -f $( polxml)
2007-03-26 18:41:45 +00:00
rm -f $( layerxml)
rm -f $( modxml)
2006-08-31 17:28:35 +00:00
rm -f $( tunxml)
rm -f $( boolxml)
rm -f $( mod_conf)
rm -f $( booleans)
rm -fR $( htmldir)
rm -f $( tags)
2006-02-15 17:59:58 +00:00
# don't remove these files if we're given a local root
i f n d e f L O C A L _ R O O T
2006-08-31 17:28:35 +00:00
rm -f $( fcsort)
rm -f $( support) /*.pyc
i f n e q ( $( generated_te ) , )
rm -f $( generated_te)
2005-11-22 22:07:12 +00:00
e n d i f
2006-08-31 17:28:35 +00:00
i f n e q ( $( generated_if ) , )
rm -f $( generated_if)
2005-11-22 22:07:12 +00:00
e n d i f
2006-08-31 17:28:35 +00:00
i f n e q ( $( generated_fc ) , )
rm -f $( generated_fc)
2005-11-22 22:07:12 +00:00
e n d i f
2006-02-15 17:59:58 +00:00
e n d i f
2005-06-07 15:11:47 +00:00
2007-09-21 15:06:58 +00:00
.PHONY : install -src install -appconfig install -headers generate xml conf html bare tags
2006-01-11 20:50:01 +00:00
.SUFFIXES :
.SUFFIXES : .c