trunk: Fix XML building for external reference builds and headers builds.

This commit is contained in:
Chris PeBenito 2007-09-21 15:06:58 +00:00
parent ff4085dacc
commit 96fc0a45be
5 changed files with 94 additions and 88 deletions

View File

@ -1,3 +1,4 @@
- Fix XML building for external reference builds and headers builds.
- Patch to add missing requirements in userdomain interfaces from Shintaro - Patch to add missing requirements in userdomain interfaces from Shintaro
Fujiwara. Fujiwara.
- Add tcpd_wrapped_domain() for services that use tcp wrappers. - Add tcpd_wrapped_domain() for services that use tcp wrappers.

View File

@ -241,9 +241,9 @@ user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _defaul
appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(contextpath)/files/media $(user_default_contexts_names) appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(contextpath)/files/media $(user_default_contexts_names)
net_contexts := $(builddir)net_contexts net_contexts := $(builddir)net_contexts
all_layers := $(filter-out $(moddir)/CVS,$(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)) all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
ifdef LOCAL_ROOT ifdef LOCAL_ROOT
all_layers += $(filter-out $(local_moddir)/CVS,$(shell find $(wildcard $(local_moddir)/*) -maxdepth 0 -type d)) all_layers += $(shell find $(wildcard $(local_moddir)/*) -maxdepth 0 -type d)
endif endif
generated_te := $(basename $(foreach dir,$(all_layers),$(wildcard $(dir)/*.te.in))) generated_te := $(basename $(foreach dir,$(all_layers),$(wildcard $(dir)/*.te.in)))
@ -254,9 +254,10 @@ generated_fc := $(basename $(foreach dir,$(all_layers),$(wildcard $(dir)/*.fc.in
# when a generated file is already generated # when a generated file is already generated
detected_mods := $(sort $(foreach dir,$(all_layers),$(wildcard $(dir)/*.te)) $(generated_te)) detected_mods := $(sort $(foreach dir,$(all_layers),$(wildcard $(dir)/*.te)) $(generated_te))
modxml := $(detected_mods:.te=.xml) modxml := $(addprefix $(tmpdir)/, $(detected_mods:.te=.xml))
layerxml := $(addprefix $(tmpdir)/, $(notdir $(addsuffix .xml,$(all_layers)))) layerxml := $(sort $(addprefix $(tmpdir)/, $(notdir $(addsuffix .xml,$(all_layers)))))
all_metaxml := $(addsuffix /$(metaxml), $(all_layers)) layer_names := $(sort $(notdir $(all_layers)))
all_metaxml = $(call detect-metaxml, $(layer_names))
# modules.conf setting for base module # modules.conf setting for base module
configbase := base configbase := base
@ -345,6 +346,29 @@ define create-base-per-role-tmpl
endef endef
# detect-metaxml layer_names
ifdef LOCAL_ROOT
define detect-metaxml
$(shell for i in $1; do \
if [ -d $(moddir)/$$i -a -d $(local_moddir)/$$i ]; then \
if [ -f $(local_moddir)/$$i/$(metaxml) ]; then \
echo $(local_moddir)/$$i/$(metaxml) ;\
else \
echo $(moddir)/$$i/$(metaxml) ;\
fi \
elif [ -d $(local_moddir)/$$i ]; then
echo $(local_moddir)/$$i/$(metaxml) ;\
else \
echo $(moddir)/$$i/$(metaxml) ;\
fi \
done )
endef
else
define detect-metaxml
$(shell for i in $1; do echo $(moddir)/$$i/$(metaxml); done)
endef
endif
######################################## ########################################
# #
# Load appropriate rules # Load appropriate rules
@ -405,22 +429,19 @@ $(mod_conf) $(booleans): $(polxml)
# Generate the fc_sort program # Generate the fc_sort program
# #
$(fcsort) : $(support)/fc_sort.c $(fcsort) : $(support)/fc_sort.c
$(verbose) $(CC) $(CFLAGS) $(support)/fc_sort.c -o $(fcsort) $(verbose) $(CC) $(CFLAGS) $^ -o $@
######################################## ########################################
# #
# Documentation generation # Documentation generation
# #
$(layerxml): %.xml: $(all_metaxml) $(filter $(addprefix $(moddir)/, $(notdir $*))%, $(detected_mods)) $(subst .te,.if, $(filter $(addprefix $(moddir)/, $(notdir $*))%, $(detected_mods)))
$(modxml): %.xml: %.if %.te
$(verbose) $(genxml) -w -m $* > $@
$(layerxml): %.xml: $(modxml) $(all_metaxml)
@test -d $(tmpdir) || mkdir -p $(tmpdir) @test -d $(tmpdir) || mkdir -p $(tmpdir)
$(verbose) echo '<layer name="$(*F)">' > $@ $(verbose) cat $(filter %$(notdir $*)/$(metaxml), $(all_metaxml)) > $@
$(verbose) cat $(addprefix $(moddir)/, $(notdir $*))/$(metaxml) >> $@ $(verbose) for i in $(basename $(filter $(addprefix $(moddir)/, $(notdir $*))%, $(detected_mods))); do $(genxml) -w -m $$i >> $@; done
$(verbose) cat $(filter-out $(addprefix $(moddir)/, $(notdir $*))/$(metaxml), $(filter $(addprefix $(moddir)/, $(notdir $*))/%, $(modxml))) >> $@ ifdef LOCAL_ROOT
$(verbose) echo '</layer>' >> $@ $(verbose) for i in $(basename $(filter $(addprefix $(local_moddir)/, $(notdir $*))%, $(detected_mods))); do $(genxml) -w -m $$i >> $@; done
endif
$(tunxml): $(globaltun) $(tunxml): $(globaltun)
$(verbose) $(genxml) -w -t $< > $@ $(verbose) $(genxml) -w -t $< > $@
@ -435,7 +456,8 @@ $(polxml): $(layerxml) $(tunxml) $(boolxml)
$(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@ $(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
$(verbose) echo '<!DOCTYPE policy SYSTEM "$(notdir $(xmldtd))">' >> $@ $(verbose) echo '<!DOCTYPE policy SYSTEM "$(notdir $(xmldtd))">' >> $@
$(verbose) echo '<policy>' >> $@ $(verbose) echo '<policy>' >> $@
$(verbose) cat $(layerxml) $(tunxml) $(boolxml) >> $@ $(verbose) for i in $(basename $(notdir $(layerxml))); do echo "<layer name=\"$$i\">" >> $@; cat $(tmpdir)/$$i.xml >> $@; echo "</layer>" >> $@; done
$(verbose) cat $(tunxml) $(boolxml) >> $@
$(verbose) echo '</policy>' >> $@ $(verbose) echo '</policy>' >> $@
$(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \ $(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \
$(XMLLINT) --noout --path $(dir $(xmldtd)) --dtdvalid $(xmldtd) $@ ;\ $(XMLLINT) --noout --path $(dir $(xmldtd)) --dtdvalid $(xmldtd) $@ ;\
@ -537,16 +559,14 @@ $(contextpath)/users/%: $(appconf)/%_default_contexts
install-headers: $(layerxml) $(tunxml) $(boolxml) install-headers: $(layerxml) $(tunxml) $(boolxml)
@mkdir -p $(headerdir) @mkdir -p $(headerdir)
@echo "Installing $(TYPE) policy headers." @echo "Installing $(TYPE) policy headers."
$(verbose) $(INSTALL) -m 644 $(tunxml) $(boolxml) $(headerdir) $(verbose) $(INSTALL) -m 644 $^ $(headerdir)
$(verbose) $(M4) $(M4PARAM) $(rolemap) > $(headerdir)/$(notdir $(rolemap)) $(verbose) $(M4) $(M4PARAM) $(rolemap) > $(headerdir)/$(notdir $(rolemap))
$(verbose) mkdir -p $(headerdir)/support $(verbose) mkdir -p $(headerdir)/support
$(verbose) $(INSTALL) -m 644 $(m4support) $(word $(words $(genxml)),$(genxml)) $(xmldtd) $(headerdir)/support $(verbose) $(INSTALL) -m 644 $(m4support) $(word $(words $(genxml)),$(genxml)) $(xmldtd) $(headerdir)/support
$(verbose) $(genperm) $(avs) $(secclass) > $(headerdir)/support/all_perms.spt $(verbose) $(genperm) $(avs) $(secclass) > $(headerdir)/support/all_perms.spt
$(verbose) for i in $(notdir $(all_layers)); do \ $(verbose) for i in $(notdir $(all_layers)); do \
mkdir -p $(headerdir)/$$i ;\ mkdir -p $(headerdir)/$$i ;\
$(INSTALL) -m 644 $(moddir)/$$i/*.if \ $(INSTALL) -m 644 $(moddir)/$$i/*.if $(headerdir)/$$i ;\
$(moddir)/$$i/*.xml \
$(headerdir)/$$i ;\
done done
$(verbose) echo "TYPE ?= $(TYPE)" > $(headerdir)/build.conf $(verbose) echo "TYPE ?= $(TYPE)" > $(headerdir)/build.conf
$(verbose) echo "NAME ?= $(NAME)" >> $(headerdir)/build.conf $(verbose) echo "NAME ?= $(NAME)" >> $(headerdir)/build.conf
@ -661,6 +681,6 @@ ifneq ($(generated_fc),)
endif endif
endif endif
.PHONY: install-src install-appconfig generate xml conf html bare tags .PHONY: install-src install-appconfig install-headers generate xml conf html bare tags
.SUFFIXES: .SUFFIXES:
.SUFFIXES: .c .SUFFIXES: .c

View File

@ -144,6 +144,7 @@ $(tmpdir)/all_interfaces.conf: $(m4support) $(all_interfaces)
$(tmpdir)/rolemap.conf: M4PARAM += -D self_contained_policy $(tmpdir)/rolemap.conf: M4PARAM += -D self_contained_policy
$(tmpdir)/rolemap.conf: $(rolemap) $(tmpdir)/rolemap.conf: $(rolemap)
$(verbose) echo "" > $@
$(call parse-rolemap,base,$@) $(call parse-rolemap,base,$@)
$(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy $(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy

View File

@ -127,6 +127,7 @@ $(tmpdir)/all_interfaces.conf: $(m4support) $(all_interfaces)
@echo "divert" >> $@ @echo "divert" >> $@
$(tmpdir)/rolemap.conf: $(rolemap) $(tmpdir)/rolemap.conf: $(rolemap)
$(verbose) echo "" > $@
$(call parse-rolemap,base,$@) $(call parse-rolemap,base,$@)
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(all_te_files) $(tmpdir)/rolemap.conf $(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(all_te_files) $(tmpdir)/rolemap.conf

View File

@ -31,10 +31,10 @@ QUIET ?= y
genxml := $(PYTHON) $(HEADERDIR)/support/segenxml.py genxml := $(PYTHON) $(HEADERDIR)/support/segenxml.py
docs = doc docs := doc
polxml = $(docs)/policy.xml polxml := $(docs)/policy.xml
xmldtd = $(HEADERDIR)/support/policy.dtd xmldtd := $(HEADERDIR)/support/policy.dtd
metaxml = metadata.xml metaxml := metadata.xml
globaltun = $(HEADERDIR)/global_tunables.xml globaltun = $(HEADERDIR)/global_tunables.xml
globalbool = $(HEADERDIR)/global_booleans.xml globalbool = $(HEADERDIR)/global_booleans.xml
@ -86,35 +86,23 @@ M4PARAM += -D hide_broken_symptoms -D mls_num_sens=$(MLS_SENS) -D mls_num_cats=$
# policy headers # policy headers
m4support = $(wildcard $(HEADERDIR)/support/*.spt) m4support = $(wildcard $(HEADERDIR)/support/*.spt)
all_layers = $(filter-out $(HEADERDIR)/support,$(shell find $(wildcard $(HEADERDIR)/*) -maxdepth 0 -type d)) header_layers := $(filter-out $(HEADERDIR)/support,$(shell find $(wildcard $(HEADERDIR)/*) -maxdepth 0 -type d))
all_interfaces = $(foreach layer,$(all_layers),$(wildcard $(layer)/*.if)) header_xml := $(addsuffix .xml,$(header_layers))
rolemap = $(HEADERDIR)/rolemap header_interfaces := $(foreach layer,$(header_layers),$(wildcard $(layer)/*.if))
detected_layers = $(filter-out CVS tmp $(docs),$(shell find $(wildcard *) -maxdepth 0 -type d)) rolemap := $(HEADERDIR)/rolemap
clayers = $(addprefix $(CURDIR)/, $(filter $(notdir $(detected_layers)), $(notdir $(all_layers)))) local_layers := $(filter-out CVS tmp $(docs),$(shell find $(wildcard *) -maxdepth 0 -type d))
all_layers_subset = $(addprefix $(HEADERDIR)/, $(filter-out $(notdir $(detected_layers)), $(notdir $(all_layers)))) local_xml := $(addprefix tmp/, $(addsuffix .xml,$(local_layers)))
detected_layers_subset = $(addprefix $(CURDIR)/, $(filter-out $(notdir $(clayers)), $(notdir $(detected_layers))))
3rd_party_mods = $(wildcard *.te) all_layer_names := $(sort $(notdir $(header_layers) $(local_layers)))
detected_mods = $(3rd_party_mods) $(foreach layer,$(detected_layers),$(wildcard $(layer)/*.te))
detected_mods_subset = $(3rd_party_mods) $(foreach layer,$(detected_layers_subset),$(wildcard $(layer)/*.te))
detected_ifs = $(detected_mods:.te=.if) 3rd_party_mods := $(wildcard *.te)
detected_fcs = $(detected_mods:.te=.fc) detected_mods := $(3rd_party_mods) $(foreach layer,$(local_layers),$(wildcard $(layer)/*.te))
all_packages = $(notdir $(detected_mods:.te=.pp))
modxml = $(addprefix $(CURDIR)/, $(detected_mods_subset:.te=.xml)) detected_ifs := $(detected_mods:.te=.if)
layerxml = $(addprefix tmp/, $(notdir $(addsuffix .xml, $(detected_layers_subset) $(CURDIR)))) detected_fcs := $(detected_mods:.te=.fc)
all_packages := $(notdir $(detected_mods:.te=.pp))
hmodxml = $(all_interfaces:.if=.xml)
hlayerxml = $(addsuffix .xml, $(addprefix tmp/, $(notdir $(all_layers_subset))))
hmetaxml = $(foreach layer, $(all_layers_subset), $(layer)/$(metaxml))
cmods = $(foreach layer, $(clayers), $(wildcard $(layer)/*.te))
cmodxml = $(cmods:.te=.xml)
clayerxml= $(addsuffix .xml, $(addprefix tmp/, $(notdir $(clayers))))
cmetaxml = $(foreach layer, $(notdir $(clayers)), $(HEADERDIR)/$(layer)/$(metaxml))
# figure out what modules we may want to reload # figure out what modules we may want to reload
loaded_mods = $(addsuffix .pp,$(shell $(SEMODULE) -l | $(CUT) -f1)) loaded_mods = $(addsuffix .pp,$(shell $(SEMODULE) -l | $(CUT) -f1))
@ -122,9 +110,9 @@ sys_mods = $(wildcard $(SHAREDIR)/$(NAME)/*.pp)
match_sys = $(filter $(addprefix $(SHAREDIR)/$(NAME)/,$(loaded_mods)),$(sys_mods)) match_sys = $(filter $(addprefix $(SHAREDIR)/$(NAME)/,$(loaded_mods)),$(sys_mods))
match_loc = $(filter $(all_packages),$(loaded_mods)) match_loc = $(filter $(all_packages),$(loaded_mods))
vpath %.te $(detected_layers) vpath %.te $(local_layers)
vpath %.if $(detected_layers) vpath %.if $(local_layers)
vpath %.fc $(detected_layers) vpath %.fc $(local_layers)
######################################## ########################################
# #
@ -202,7 +190,7 @@ reload: $(all_packages)
# #
tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module" @$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
@test -d tmp || mkdir -p tmp @test -d $(@D) || mkdir -p $(@D)
$(call peruser-expansion,$(basename $(@F)),$@.role) $(call peruser-expansion,$(basename $(@F)),$@.role)
$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp) $(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@ $(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
@ -214,55 +202,50 @@ tmp/%.mod.fc: $(m4support) %.fc
@echo "Creating $(NAME) $(@F) policy package" @echo "Creating $(NAME) $(@F) policy package"
$(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc $(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
tmp/all_interfaces.conf: $(m4support) $(all_interfaces) $(detected_ifs) tmp/all_interfaces.conf: $(m4support) $(header_interfaces) $(detected_ifs)
@test -d tmp || mkdir -p tmp @test -d $(@D) || mkdir -p $(@D)
$(verbose) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@ @echo "ifdef(\`__if_error',\`m4exit(1)')" > tmp/iferror.m4
@echo "divert(-1)" > $@
$(verbose) $(M4) $^ tmp/iferror.m4 | sed -e s/dollarsstar/\$$\*/g >> $@
@echo "divert" >> $@
# so users dont have to make empty .fc and .if files # so users dont have to make empty .fc and .if files
$(detected_ifs) $(detected_fcs): $(detected_fcs):
@touch $@ @touch $@
$(detected_ifs):
@echo "## <summary>$(basename $(@D))</summary>" > $@
######################################## ########################################
# #
# Documentation generation # Documentation generation
# #
tmp/%.xml: %/*.te %/*.if
@test -d $(@D) || mkdir -p $(@D)
$(verbose) test -f $(HEADERDIR)/$*.xml || cat $*/$(metaxml) > $@
$(verbose) $(genxml) -w -m $(sort $(basename $^)) >> $@
$(clayerxml): %.xml: $(cmodxml) $(hmodxml) $(cmetaxml) vars: $(local_xml)
@test -d tmp || mkdir -p tmp
$(verbose) echo '<layer name="$(*F)">' > $@
$(verbose) cat $(addprefix $(HEADERDIR)/, $(notdir $*)/$(metaxml)) >> $@;
$(verbose) cat $(filter $(addprefix $(CURDIR)/, $(notdir $*))/%, $(cmodxml)) >> $@
$(verbose) cat $(filter-out $(addprefix $(HEADERDIR)/, $(notdir $*))/$(metaxml), $(filter $(addprefix $(HEADERDIR)/, $(notdir $*))/%, $(hmodxml))) >> $@
$(verbose) echo '</layer>' >> $@
$(hlayerxml): %.xml: $(hmodxml) $(hmetaxml) $(polxml): $(header_xml) $(local_xml) $(globaltun) $(globalbool) $(detected_mods) $(detected_ifs)
@test -d tmp || mkdir -p tmp
$(verbose) echo '<layer name="$(*F)">' > $@
$(verbose) cat $(addprefix $(HEADERDIR)/, $(notdir $*)/$(metaxml)) >> $@;
$(verbose) cat $(filter-out $(addprefix $(HEADERDIR)/, $(notdir $*))/$(metaxml), $(filter $(addprefix $(HEADERDIR)/, $(notdir $*))/%, $(hmodxml))) >> $@
$(verbose) echo '</layer>' >> $@
$(cmodxml) $(modxml): %.xml: %.if %.te
$(verbose) $(genxml) -w -m $* > $@
$(layerxml): %.xml: $(modxml)
@test -d tmp || mkdir -p tmp
$(verbose) echo '<layer name="$(*F)">' > $@
$(verbose) if test -f '$(metaxml)'; then \
cat $(metaxml) >> $@; \
else \
echo '<summary>This is all third-party generated modules.</summary>' >> $@; \
fi
$(verbose) cat $(filter-out %/$(metaxml), $^) >> $@
$(verbose) echo '</layer>' >> $@
$(polxml): $(clayerxml) $(hlayerxml) $(layerxml) $(globaltun) $(globalbool)
@echo "Creating $(@F)" @echo "Creating $(@F)"
@test -d $(dir $(polxml)) || mkdir -p $(dir $(polxml)) @test -d $(@D) || mkdir -p $(@D)
$(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@ $(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
$(verbose) echo '<!DOCTYPE policy SYSTEM "$(notdir $(xmldtd))">' >> $@ $(verbose) echo '<!DOCTYPE policy SYSTEM "$(notdir $(xmldtd))">' >> $@
$(verbose) echo '<policy>' >> $@ $(verbose) echo '<policy>' >> $@
$(verbose) cat $(sort $(clayerxml) $(hlayerxml) $(layerxml)) $(globaltun) $(globalbool) >> $@ $(verbose) for i in $(all_layer_names); do \
echo "<layer name=\"$$i\">" >> $@ ;\
test -f $(HEADERDIR)/$$i.xml && cat $(HEADERDIR)/$$i.xml >> $@ ;\
test -f tmp/$$i.xml && cat tmp/$$i.xml >> $@ ;\
echo "</layer>" >> $@ ;\
done
ifneq "$(strip $(3rd_party_mods))" ""
$(verbose) echo "<layer name=\"third_party\">" >> $@
$(verbose) echo "<summary>These are all third-party modules.</summary>" >> $@
$(verbose) $(genxml) -w -m $(addprefix ./,$(basename $(3rd_party_mods))) >> $@
$(verbose) echo "</layer>" >> $@
endif
$(verbose) cat $(globaltun) $(globalbool) >> $@
$(verbose) echo '</policy>' >> $@ $(verbose) echo '</policy>' >> $@
$(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \ $(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \
$(XMLLINT) --noout --path $(dir $(xmldtd)) --dtdvalid $(xmldtd) $@ ;\ $(XMLLINT) --noout --path $(dir $(xmldtd)) --dtdvalid $(xmldtd) $@ ;\