Add macro-expander to sources during creating rhat patches
This commit is contained in:
parent
8ad34683d2
commit
4052eb0456
|
@ -1,81 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
function usage {
|
|
||||||
echo "Usage: $0 [ -c | -t [ -M ] ] <macro>"
|
|
||||||
echo "Options:
|
|
||||||
-c generate CIL output
|
|
||||||
-t generate standard policy source format (.te) allow rules - this is default
|
|
||||||
-M generate complete module .te output
|
|
||||||
"
|
|
||||||
}
|
|
||||||
|
|
||||||
function cleanup {
|
|
||||||
rm -rf $TEMP_STORE
|
|
||||||
}
|
|
||||||
|
|
||||||
while getopts "chMt" opt; do
|
|
||||||
case $opt in
|
|
||||||
c) GENCIL=1
|
|
||||||
;;
|
|
||||||
t) GENTE=1
|
|
||||||
;;
|
|
||||||
M) GENTEMODULE=1
|
|
||||||
;;
|
|
||||||
h) usage
|
|
||||||
exit 0
|
|
||||||
;;
|
|
||||||
\?) usage
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
shift $((OPTIND-1))
|
|
||||||
|
|
||||||
SELINUX_MACRO=$1
|
|
||||||
|
|
||||||
if [ -z "$SELINUX_MACRO" ]
|
|
||||||
then
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
TEMP_STORE="$(mktemp -d)"
|
|
||||||
cd $TEMP_STORE
|
|
||||||
|
|
||||||
IFS="("
|
|
||||||
set $1
|
|
||||||
SELINUX_DOMAIN="${2::-1}"
|
|
||||||
|
|
||||||
echo -e "policy_module(expander, 1.0.0) \n" \
|
|
||||||
"gen_require(\`\n" \
|
|
||||||
"type $SELINUX_DOMAIN ; \n" \
|
|
||||||
"')" > expander.te
|
|
||||||
|
|
||||||
echo "$SELINUX_MACRO" >> expander.te
|
|
||||||
|
|
||||||
make -f /usr/share/selinux/devel/Makefile tmp/all_interfaces.conf &> /dev/null
|
|
||||||
|
|
||||||
if [ "x$GENCIL" = "x1" ]; then
|
|
||||||
|
|
||||||
make -f /usr/share/selinux/devel/Makefile expander.pp &> /dev/null
|
|
||||||
MAKE_RESULT=$?
|
|
||||||
|
|
||||||
if [ $MAKE_RESULT -ne 2 ]
|
|
||||||
then
|
|
||||||
/usr/libexec/selinux/hll/pp < $TEMP_STORE/expander.pp > $TEMP_STORE/expander.cil 2> /dev/null
|
|
||||||
grep -v "cil_gen_require" $TEMP_STORE/expander.cil | sort -u
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$GENTE" = "1" -o "x$GENCIL" != "x1" ]; then
|
|
||||||
m4 -D enable_mcs -D distro_redhat -D hide_broken_symptoms -D mls_num_sens=16 -D mls_num_cats=1024 -D mcs_num_cats=1024 -s /usr/share/selinux/devel/include/support/file_patterns.spt /usr/share/selinux/devel/include/support/ipc_patterns.spt /usr/share/selinux/devel/include/support/obj_perm_sets.spt /usr/share/selinux/devel/include/support/misc_patterns.spt /usr/share/selinux/devel/include/support/misc_macros.spt /usr/share/selinux/devel/include/support/all_perms.spt /usr/share/selinux/devel/include/support/mls_mcs_macros.spt /usr/share/selinux/devel/include/support/loadable_module.spt tmp/all_interfaces.conf expander.te > expander.tmp 2> /dev/null
|
|
||||||
if [ "x$GENTEMODULE" = "x1" ]; then
|
|
||||||
# sed '/^#.*$/d;/^\s*$/d;/^\s*class .*/d;/^\s*category .*/d;s/^\s*//' expander.tmp
|
|
||||||
sed '/^#.*$/d;/^\s*$/d;/^\s*category .*/d;s/^\s*//' expander.tmp
|
|
||||||
else
|
|
||||||
grep '^\s*allow' expander.tmp | sed 's/^\s*//'
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
cd - > /dev/null
|
|
||||||
cleanup
|
|
|
@ -67,7 +67,7 @@ sed -i "s/%global commit0 [^ ]*$/%global commit0 $BASE_HEAD_ID/" selinux-policy.
|
||||||
sed -i "s/%global commit1 [^ ]*$/%global commit1 $CONTRIB_HEAD_ID/" selinux-policy.spec
|
sed -i "s/%global commit1 [^ ]*$/%global commit1 $CONTRIB_HEAD_ID/" selinux-policy.spec
|
||||||
|
|
||||||
# Update sources
|
# Update sources
|
||||||
sha512sum --tag selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz selinux-policy-contrib-${CONTRIB_SHORT_HEAD_ID}.tar.gz container-selinux.tgz > sources
|
sha512sum --tag selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz selinux-policy-contrib-${CONTRIB_SHORT_HEAD_ID}.tar.gz container-selinux.tgz macro-expander > sources
|
||||||
|
|
||||||
echo -e "\nSELinux policy tarballs and container.tgz with container policy files have been created."
|
echo -e "\nSELinux policy tarballs and container.tgz with container policy files have been created."
|
||||||
echo "Commit ids of selinux-policy and selinux-policy-contrib in spec file were changed to:"
|
echo "Commit ids of selinux-policy and selinux-policy-contrib in spec file were changed to:"
|
||||||
|
|
Loading…
Reference in New Issue