diff --git a/Changelog b/Changelog
index 57756700..1908de9d 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Fix XML building for external reference builds and headers builds.
- Patch to add missing requirements in userdomain interfaces from Shintaro
Fujiwara.
- Add tcpd_wrapped_domain() for services that use tcp wrappers.
diff --git a/Makefile b/Makefile
index 7848f0aa..e0b190a4 100644
--- a/Makefile
+++ b/Makefile
@@ -241,9 +241,9 @@ user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _defaul
appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(contextpath)/files/media $(user_default_contexts_names)
net_contexts := $(builddir)net_contexts
-all_layers := $(filter-out $(moddir)/CVS,$(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d))
+all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
ifdef LOCAL_ROOT
-all_layers += $(filter-out $(local_moddir)/CVS,$(shell find $(wildcard $(local_moddir)/*) -maxdepth 0 -type d))
+all_layers += $(shell find $(wildcard $(local_moddir)/*) -maxdepth 0 -type d)
endif
generated_te := $(basename $(foreach dir,$(all_layers),$(wildcard $(dir)/*.te.in)))
@@ -254,9 +254,10 @@ generated_fc := $(basename $(foreach dir,$(all_layers),$(wildcard $(dir)/*.fc.in
# when a generated file is already generated
detected_mods := $(sort $(foreach dir,$(all_layers),$(wildcard $(dir)/*.te)) $(generated_te))
-modxml := $(detected_mods:.te=.xml)
-layerxml := $(addprefix $(tmpdir)/, $(notdir $(addsuffix .xml,$(all_layers))))
-all_metaxml := $(addsuffix /$(metaxml), $(all_layers))
+modxml := $(addprefix $(tmpdir)/, $(detected_mods:.te=.xml))
+layerxml := $(sort $(addprefix $(tmpdir)/, $(notdir $(addsuffix .xml,$(all_layers)))))
+layer_names := $(sort $(notdir $(all_layers)))
+all_metaxml = $(call detect-metaxml, $(layer_names))
# modules.conf setting for base module
configbase := base
@@ -345,6 +346,29 @@ define create-base-per-role-tmpl
endef
+# detect-metaxml layer_names
+ifdef LOCAL_ROOT
+define detect-metaxml
+ $(shell for i in $1; do \
+ if [ -d $(moddir)/$$i -a -d $(local_moddir)/$$i ]; then \
+ if [ -f $(local_moddir)/$$i/$(metaxml) ]; then \
+ echo $(local_moddir)/$$i/$(metaxml) ;\
+ else \
+ echo $(moddir)/$$i/$(metaxml) ;\
+ fi \
+ elif [ -d $(local_moddir)/$$i ]; then
+ echo $(local_moddir)/$$i/$(metaxml) ;\
+ else \
+ echo $(moddir)/$$i/$(metaxml) ;\
+ fi \
+ done )
+endef
+else
+define detect-metaxml
+ $(shell for i in $1; do echo $(moddir)/$$i/$(metaxml); done)
+endef
+endif
+
########################################
#
# Load appropriate rules
@@ -405,22 +429,19 @@ $(mod_conf) $(booleans): $(polxml)
# Generate the fc_sort program
#
$(fcsort) : $(support)/fc_sort.c
- $(verbose) $(CC) $(CFLAGS) $(support)/fc_sort.c -o $(fcsort)
+ $(verbose) $(CC) $(CFLAGS) $^ -o $@
########################################
#
# Documentation generation
#
-
-$(modxml): %.xml: %.if %.te
- $(verbose) $(genxml) -w -m $* > $@
-
-$(layerxml): %.xml: $(modxml) $(all_metaxml)
+$(layerxml): %.xml: $(all_metaxml) $(filter $(addprefix $(moddir)/, $(notdir $*))%, $(detected_mods)) $(subst .te,.if, $(filter $(addprefix $(moddir)/, $(notdir $*))%, $(detected_mods)))
@test -d $(tmpdir) || mkdir -p $(tmpdir)
- $(verbose) echo '' > $@
- $(verbose) cat $(addprefix $(moddir)/, $(notdir $*))/$(metaxml) >> $@
- $(verbose) cat $(filter-out $(addprefix $(moddir)/, $(notdir $*))/$(metaxml), $(filter $(addprefix $(moddir)/, $(notdir $*))/%, $(modxml))) >> $@
- $(verbose) echo '' >> $@
+ $(verbose) cat $(filter %$(notdir $*)/$(metaxml), $(all_metaxml)) > $@
+ $(verbose) for i in $(basename $(filter $(addprefix $(moddir)/, $(notdir $*))%, $(detected_mods))); do $(genxml) -w -m $$i >> $@; done
+ifdef LOCAL_ROOT
+ $(verbose) for i in $(basename $(filter $(addprefix $(local_moddir)/, $(notdir $*))%, $(detected_mods))); do $(genxml) -w -m $$i >> $@; done
+endif
$(tunxml): $(globaltun)
$(verbose) $(genxml) -w -t $< > $@
@@ -435,7 +456,8 @@ $(polxml): $(layerxml) $(tunxml) $(boolxml)
$(verbose) echo '' > $@
$(verbose) echo '' >> $@
$(verbose) echo '' >> $@
- $(verbose) cat $(layerxml) $(tunxml) $(boolxml) >> $@
+ $(verbose) for i in $(basename $(notdir $(layerxml))); do echo "" >> $@; cat $(tmpdir)/$$i.xml >> $@; echo "" >> $@; done
+ $(verbose) cat $(tunxml) $(boolxml) >> $@
$(verbose) echo '' >> $@
$(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \
$(XMLLINT) --noout --path $(dir $(xmldtd)) --dtdvalid $(xmldtd) $@ ;\
@@ -537,16 +559,14 @@ $(contextpath)/users/%: $(appconf)/%_default_contexts
install-headers: $(layerxml) $(tunxml) $(boolxml)
@mkdir -p $(headerdir)
@echo "Installing $(TYPE) policy headers."
- $(verbose) $(INSTALL) -m 644 $(tunxml) $(boolxml) $(headerdir)
+ $(verbose) $(INSTALL) -m 644 $^ $(headerdir)
$(verbose) $(M4) $(M4PARAM) $(rolemap) > $(headerdir)/$(notdir $(rolemap))
$(verbose) mkdir -p $(headerdir)/support
$(verbose) $(INSTALL) -m 644 $(m4support) $(word $(words $(genxml)),$(genxml)) $(xmldtd) $(headerdir)/support
$(verbose) $(genperm) $(avs) $(secclass) > $(headerdir)/support/all_perms.spt
$(verbose) for i in $(notdir $(all_layers)); do \
mkdir -p $(headerdir)/$$i ;\
- $(INSTALL) -m 644 $(moddir)/$$i/*.if \
- $(moddir)/$$i/*.xml \
- $(headerdir)/$$i ;\
+ $(INSTALL) -m 644 $(moddir)/$$i/*.if $(headerdir)/$$i ;\
done
$(verbose) echo "TYPE ?= $(TYPE)" > $(headerdir)/build.conf
$(verbose) echo "NAME ?= $(NAME)" >> $(headerdir)/build.conf
@@ -661,6 +681,6 @@ ifneq ($(generated_fc),)
endif
endif
-.PHONY: install-src install-appconfig generate xml conf html bare tags
+.PHONY: install-src install-appconfig install-headers generate xml conf html bare tags
.SUFFIXES:
.SUFFIXES: .c
diff --git a/Rules.modular b/Rules.modular
index 4d31fdbf..4a4ebc56 100644
--- a/Rules.modular
+++ b/Rules.modular
@@ -144,6 +144,7 @@ $(tmpdir)/all_interfaces.conf: $(m4support) $(all_interfaces)
$(tmpdir)/rolemap.conf: M4PARAM += -D self_contained_policy
$(tmpdir)/rolemap.conf: $(rolemap)
+ $(verbose) echo "" > $@
$(call parse-rolemap,base,$@)
$(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
diff --git a/Rules.monolithic b/Rules.monolithic
index 2b78c8dd..c6973fbc 100644
--- a/Rules.monolithic
+++ b/Rules.monolithic
@@ -127,6 +127,7 @@ $(tmpdir)/all_interfaces.conf: $(m4support) $(all_interfaces)
@echo "divert" >> $@
$(tmpdir)/rolemap.conf: $(rolemap)
+ $(verbose) echo "" > $@
$(call parse-rolemap,base,$@)
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(all_te_files) $(tmpdir)/rolemap.conf
diff --git a/support/Makefile.devel b/support/Makefile.devel
index db8f6de5..34fd708b 100644
--- a/support/Makefile.devel
+++ b/support/Makefile.devel
@@ -31,10 +31,10 @@ QUIET ?= y
genxml := $(PYTHON) $(HEADERDIR)/support/segenxml.py
-docs = doc
-polxml = $(docs)/policy.xml
-xmldtd = $(HEADERDIR)/support/policy.dtd
-metaxml = metadata.xml
+docs := doc
+polxml := $(docs)/policy.xml
+xmldtd := $(HEADERDIR)/support/policy.dtd
+metaxml := metadata.xml
globaltun = $(HEADERDIR)/global_tunables.xml
globalbool = $(HEADERDIR)/global_booleans.xml
@@ -86,35 +86,23 @@ M4PARAM += -D hide_broken_symptoms -D mls_num_sens=$(MLS_SENS) -D mls_num_cats=$
# policy headers
m4support = $(wildcard $(HEADERDIR)/support/*.spt)
-all_layers = $(filter-out $(HEADERDIR)/support,$(shell find $(wildcard $(HEADERDIR)/*) -maxdepth 0 -type d))
-all_interfaces = $(foreach layer,$(all_layers),$(wildcard $(layer)/*.if))
-rolemap = $(HEADERDIR)/rolemap
+header_layers := $(filter-out $(HEADERDIR)/support,$(shell find $(wildcard $(HEADERDIR)/*) -maxdepth 0 -type d))
+header_xml := $(addsuffix .xml,$(header_layers))
+header_interfaces := $(foreach layer,$(header_layers),$(wildcard $(layer)/*.if))
-detected_layers = $(filter-out CVS tmp $(docs),$(shell find $(wildcard *) -maxdepth 0 -type d))
+rolemap := $(HEADERDIR)/rolemap
-clayers = $(addprefix $(CURDIR)/, $(filter $(notdir $(detected_layers)), $(notdir $(all_layers))))
-all_layers_subset = $(addprefix $(HEADERDIR)/, $(filter-out $(notdir $(detected_layers)), $(notdir $(all_layers))))
-detected_layers_subset = $(addprefix $(CURDIR)/, $(filter-out $(notdir $(clayers)), $(notdir $(detected_layers))))
+local_layers := $(filter-out CVS tmp $(docs),$(shell find $(wildcard *) -maxdepth 0 -type d))
+local_xml := $(addprefix tmp/, $(addsuffix .xml,$(local_layers)))
-3rd_party_mods = $(wildcard *.te)
-detected_mods = $(3rd_party_mods) $(foreach layer,$(detected_layers),$(wildcard $(layer)/*.te))
-detected_mods_subset = $(3rd_party_mods) $(foreach layer,$(detected_layers_subset),$(wildcard $(layer)/*.te))
+all_layer_names := $(sort $(notdir $(header_layers) $(local_layers)))
-detected_ifs = $(detected_mods:.te=.if)
-detected_fcs = $(detected_mods:.te=.fc)
-all_packages = $(notdir $(detected_mods:.te=.pp))
+3rd_party_mods := $(wildcard *.te)
+detected_mods := $(3rd_party_mods) $(foreach layer,$(local_layers),$(wildcard $(layer)/*.te))
-modxml = $(addprefix $(CURDIR)/, $(detected_mods_subset:.te=.xml))
-layerxml = $(addprefix tmp/, $(notdir $(addsuffix .xml, $(detected_layers_subset) $(CURDIR))))
-
-hmodxml = $(all_interfaces:.if=.xml)
-hlayerxml = $(addsuffix .xml, $(addprefix tmp/, $(notdir $(all_layers_subset))))
-hmetaxml = $(foreach layer, $(all_layers_subset), $(layer)/$(metaxml))
-
-cmods = $(foreach layer, $(clayers), $(wildcard $(layer)/*.te))
-cmodxml = $(cmods:.te=.xml)
-clayerxml= $(addsuffix .xml, $(addprefix tmp/, $(notdir $(clayers))))
-cmetaxml = $(foreach layer, $(notdir $(clayers)), $(HEADERDIR)/$(layer)/$(metaxml))
+detected_ifs := $(detected_mods:.te=.if)
+detected_fcs := $(detected_mods:.te=.fc)
+all_packages := $(notdir $(detected_mods:.te=.pp))
# figure out what modules we may want to reload
loaded_mods = $(addsuffix .pp,$(shell $(SEMODULE) -l | $(CUT) -f1))
@@ -122,9 +110,9 @@ sys_mods = $(wildcard $(SHAREDIR)/$(NAME)/*.pp)
match_sys = $(filter $(addprefix $(SHAREDIR)/$(NAME)/,$(loaded_mods)),$(sys_mods))
match_loc = $(filter $(all_packages),$(loaded_mods))
-vpath %.te $(detected_layers)
-vpath %.if $(detected_layers)
-vpath %.fc $(detected_layers)
+vpath %.te $(local_layers)
+vpath %.if $(local_layers)
+vpath %.fc $(local_layers)
########################################
#
@@ -202,7 +190,7 @@ reload: $(all_packages)
#
tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
- @test -d tmp || mkdir -p tmp
+ @test -d $(@D) || mkdir -p $(@D)
$(call peruser-expansion,$(basename $(@F)),$@.role)
$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
@@ -214,55 +202,50 @@ tmp/%.mod.fc: $(m4support) %.fc
@echo "Creating $(NAME) $(@F) policy package"
$(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
-tmp/all_interfaces.conf: $(m4support) $(all_interfaces) $(detected_ifs)
- @test -d tmp || mkdir -p tmp
- $(verbose) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@
+tmp/all_interfaces.conf: $(m4support) $(header_interfaces) $(detected_ifs)
+ @test -d $(@D) || mkdir -p $(@D)
+ @echo "ifdef(\`__if_error',\`m4exit(1)')" > tmp/iferror.m4
+ @echo "divert(-1)" > $@
+ $(verbose) $(M4) $^ tmp/iferror.m4 | sed -e s/dollarsstar/\$$\*/g >> $@
+ @echo "divert" >> $@
# so users dont have to make empty .fc and .if files
-$(detected_ifs) $(detected_fcs):
+$(detected_fcs):
@touch $@
+
+$(detected_ifs):
+ @echo "## $(basename $(@D))" > $@
########################################
#
# Documentation generation
#
+tmp/%.xml: %/*.te %/*.if
+ @test -d $(@D) || mkdir -p $(@D)
+ $(verbose) test -f $(HEADERDIR)/$*.xml || cat $*/$(metaxml) > $@
+ $(verbose) $(genxml) -w -m $(sort $(basename $^)) >> $@
-$(clayerxml): %.xml: $(cmodxml) $(hmodxml) $(cmetaxml)
- @test -d tmp || mkdir -p tmp
- $(verbose) echo '' > $@
- $(verbose) cat $(addprefix $(HEADERDIR)/, $(notdir $*)/$(metaxml)) >> $@;
- $(verbose) cat $(filter $(addprefix $(CURDIR)/, $(notdir $*))/%, $(cmodxml)) >> $@
- $(verbose) cat $(filter-out $(addprefix $(HEADERDIR)/, $(notdir $*))/$(metaxml), $(filter $(addprefix $(HEADERDIR)/, $(notdir $*))/%, $(hmodxml))) >> $@
- $(verbose) echo '' >> $@
+vars: $(local_xml)
-$(hlayerxml): %.xml: $(hmodxml) $(hmetaxml)
- @test -d tmp || mkdir -p tmp
- $(verbose) echo '' > $@
- $(verbose) cat $(addprefix $(HEADERDIR)/, $(notdir $*)/$(metaxml)) >> $@;
- $(verbose) cat $(filter-out $(addprefix $(HEADERDIR)/, $(notdir $*))/$(metaxml), $(filter $(addprefix $(HEADERDIR)/, $(notdir $*))/%, $(hmodxml))) >> $@
- $(verbose) echo '' >> $@
-
-$(cmodxml) $(modxml): %.xml: %.if %.te
- $(verbose) $(genxml) -w -m $* > $@
-
-$(layerxml): %.xml: $(modxml)
- @test -d tmp || mkdir -p tmp
- $(verbose) echo '' > $@
- $(verbose) if test -f '$(metaxml)'; then \
- cat $(metaxml) >> $@; \
- else \
- echo 'This is all third-party generated modules.' >> $@; \
- fi
- $(verbose) cat $(filter-out %/$(metaxml), $^) >> $@
- $(verbose) echo '' >> $@
-
-$(polxml): $(clayerxml) $(hlayerxml) $(layerxml) $(globaltun) $(globalbool)
+$(polxml): $(header_xml) $(local_xml) $(globaltun) $(globalbool) $(detected_mods) $(detected_ifs)
@echo "Creating $(@F)"
- @test -d $(dir $(polxml)) || mkdir -p $(dir $(polxml))
+ @test -d $(@D) || mkdir -p $(@D)
$(verbose) echo '' > $@
$(verbose) echo '' >> $@
$(verbose) echo '' >> $@
- $(verbose) cat $(sort $(clayerxml) $(hlayerxml) $(layerxml)) $(globaltun) $(globalbool) >> $@
+ $(verbose) for i in $(all_layer_names); do \
+ echo "" >> $@ ;\
+ test -f $(HEADERDIR)/$$i.xml && cat $(HEADERDIR)/$$i.xml >> $@ ;\
+ test -f tmp/$$i.xml && cat tmp/$$i.xml >> $@ ;\
+ echo "" >> $@ ;\
+ done
+ifneq "$(strip $(3rd_party_mods))" ""
+ $(verbose) echo "" >> $@
+ $(verbose) echo "These are all third-party modules." >> $@
+ $(verbose) $(genxml) -w -m $(addprefix ./,$(basename $(3rd_party_mods))) >> $@
+ $(verbose) echo "" >> $@
+endif
+ $(verbose) cat $(globaltun) $(globalbool) >> $@
$(verbose) echo '' >> $@
$(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \
$(XMLLINT) --noout --path $(dir $(xmldtd)) --dtdvalid $(xmldtd) $@ ;\