rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Add macro-expander script to selinux-policy-devel package

Browse Source
This commit is contained in:
Lukas Vrabec 2018-12-16 21:31:04 +01:00
parent 22bdc94c2b
commit 7d7414921d
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
2 changed files with 85 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
macro-expander.sh Executable file
View File

@ -0,0 +1,81 @@
#!/bin/bash
function usage {
echo "Usage: $0 [ -c | -t [ -M ] ] <macro>"
echo "Options:
-c generate CIL output
-t generate standard policy source format (.te) allow rules - this is default
-M generate complete module .te output
"
}
function cleanup {
rm -rf $TEMP_STORE
}
while getopts "chMt" opt; do
case $opt in
c) GENCIL=1
;;
t) GENTE=1
;;
M) GENTEMODULE=1
;;
h) usage
exit 0
;;
\?) usage
exit 1
;;
esac
done
shift $((OPTIND-1))
SELINUX_MACRO=$1
if [ -z "$SELINUX_MACRO" ]
then
exit 1
fi
TEMP_STORE="$(mktemp -d)"
cd $TEMP_STORE
IFS="("
set $1
SELINUX_DOMAIN="${2::-1}"
echo -e "policy_module(expander, 1.0.0) \n" \
"gen_require(\`\n" \
"type $SELINUX_DOMAIN ; \n" \
"')" > expander.te
echo "$SELINUX_MACRO" >> expander.te
make -f /usr/share/selinux/devel/Makefile tmp/all_interfaces.conf &> /dev/null
if [ "x$GENCIL" = "x1" ]; then
make -f /usr/share/selinux/devel/Makefile expander.pp &> /dev/null
MAKE_RESULT=$?
if [ $MAKE_RESULT -ne 2 ]
then
/usr/libexec/selinux/hll/pp < $TEMP_STORE/expander.pp > $TEMP_STORE/expander.cil 2> /dev/null
grep -v "cil_gen_require" $TEMP_STORE/expander.cil | sort -u
fi
fi
if [ "$GENTE" = "1" -o "x$GENCIL" != "x1" ]; then
m4 -D enable_mcs -D distro_redhat -D hide_broken_symptoms -D mls_num_sens=16 -D mls_num_cats=1024 -D mcs_num_cats=1024 -s /usr/share/selinux/devel/include/support/file_patterns.spt /usr/share/selinux/devel/include/support/ipc_patterns.spt /usr/share/selinux/devel/include/support/obj_perm_sets.spt /usr/share/selinux/devel/include/support/misc_patterns.spt /usr/share/selinux/devel/include/support/misc_macros.spt /usr/share/selinux/devel/include/support/all_perms.spt /usr/share/selinux/devel/include/support/mls_mcs_macros.spt /usr/share/selinux/devel/include/support/loadable_module.spt tmp/all_interfaces.conf expander.te > expander.tmp 2> /dev/null
if [ "x$GENTEMODULE" = "x1" ]; then
# sed '/^#.*$/d;/^\s*$/d;/^\s*class .*/d;/^\s*category .*/d;s/^\s*//' expander.tmp
sed '/^#.*$/d;/^\s*$/d;/^\s*category .*/d;s/^\s*//' expander.tmp
else
grep '^\s*allow' expander.tmp | sed 's/^\s*//'
fi
fi
cd - > /dev/null
cleanup

4
selinux-policy.spec
View File

@ -57,6 +57,7 @@ Source26: file_contexts.subs_dist
Source27: selinux-policy.conf Source27: selinux-policy.conf
Source28: permissivedomains.cil Source28: permissivedomains.cil
Source30: booleans.subs_dist Source30: booleans.subs_dist
Source33: macro-expander
Source35: container-selinux.tgz Source35: container-selinux.tgz
@ -134,6 +135,7 @@ Requires(post): policycoreutils-devel >= %{POLICYCOREUTILSVER}
SELinux policy development and man page package SELinux policy development and man page package
%files devel %files devel
%{_bindir}/macro-expander
%dir %{_usr}/share/selinux/devel %dir %{_usr}/share/selinux/devel
%dir %{_usr}/share/selinux/devel/include %dir %{_usr}/share/selinux/devel/include
%{_usr}/share/selinux/devel/include/* %{_usr}/share/selinux/devel/include/*
@ -363,6 +365,8 @@ touch %{buildroot}%{_sysconfdir}/selinux/config
touch %{buildroot}%{_sysconfdir}/sysconfig/selinux touch %{buildroot}%{_sysconfdir}/sysconfig/selinux
mkdir -p %{buildroot}%{_usr}/lib/tmpfiles.d/ mkdir -p %{buildroot}%{_usr}/lib/tmpfiles.d/
cp %{SOURCE27} %{buildroot}%{_usr}/lib/tmpfiles.d/ cp %{SOURCE27} %{buildroot}%{_usr}/lib/tmpfiles.d/
mkdir -p %{buildroot}%{_bindir}
cp %{SOURCE33} %{buildroot}%{_bindir}/
# Always create policy module package directories # Always create policy module package directories
mkdir -p %{buildroot}%{_usr}/share/selinux/{targeted,mls,minimum,modules}/ mkdir -p %{buildroot}%{_usr}/share/selinux/{targeted,mls,minimum,modules}/