add headers and outside tree building support
This commit is contained in:
parent
6259d8e857
commit
9b3756bfa8
@ -1,3 +1,7 @@
|
|||||||
|
- Changed QUIET build option to a yes or no option.
|
||||||
|
- Add a Makefile used for compiling loadable modules in a
|
||||||
|
user's development environment, building against policy headers.
|
||||||
|
- Add Make target for installing policy headers.
|
||||||
- Separate per-userdomain template expansion from the userdomain
|
- Separate per-userdomain template expansion from the userdomain
|
||||||
module and add infrastructure to expand templates in the modules
|
module and add infrastructure to expand templates in the modules
|
||||||
that own the template.
|
that own the template.
|
||||||
|
@ -74,12 +74,14 @@ BOOLEANS := $(POLDIR)/booleans.conf
|
|||||||
ROLEMAP := $(POLDIR)/rolemap
|
ROLEMAP := $(POLDIR)/rolemap
|
||||||
|
|
||||||
# install paths
|
# install paths
|
||||||
TOPDIR = $(DESTDIR)/etc/selinux
|
TOPDIR := $(DESTDIR)/etc/selinux
|
||||||
INSTALLDIR = $(TOPDIR)/$(NAME)
|
INSTALLDIR := $(TOPDIR)/$(NAME)
|
||||||
SRCPATH = $(INSTALLDIR)/src
|
SRCPATH := $(INSTALLDIR)/src
|
||||||
USERPATH = $(INSTALLDIR)/users
|
USERPATH := $(INSTALLDIR)/users
|
||||||
CONTEXTPATH = $(INSTALLDIR)/contexts
|
CONTEXTPATH := $(INSTALLDIR)/contexts
|
||||||
MODPKGDIR = $(DESTDIR)/usr/share/selinux/$(NAME)
|
SHAREDIR := $(DESTDIR)$(PREFIX)/share/selinux
|
||||||
|
MODPKGDIR := $(SHAREDIR)/$(NAME)
|
||||||
|
HEADERDIR := $(SHAREDIR)/refpolicy/include
|
||||||
|
|
||||||
# compile strict policy if requested.
|
# compile strict policy if requested.
|
||||||
ifneq ($(findstring strict,$(TYPE)),)
|
ifneq ($(findstring strict,$(TYPE)),)
|
||||||
@ -126,6 +128,10 @@ ifeq ($(DIRECT_INITRC),y)
|
|||||||
M4PARAM += -D direct_sysadm_daemon
|
M4PARAM += -D direct_sysadm_daemon
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
ifeq ($(QUIET),y)
|
||||||
|
verbose = @
|
||||||
|
endif
|
||||||
|
|
||||||
M4PARAM += -D hide_broken_symptoms
|
M4PARAM += -D hide_broken_symptoms
|
||||||
|
|
||||||
# we need exuberant ctags; unfortunately it is named
|
# we need exuberant ctags; unfortunately it is named
|
||||||
@ -189,15 +195,15 @@ OFF_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 ==
|
|||||||
|
|
||||||
# parse-rolemap modulename,outputfile
|
# parse-rolemap modulename,outputfile
|
||||||
define parse-rolemap
|
define parse-rolemap
|
||||||
$(QUIET) m4 $(M4PARAM) $(ROLEMAP) | \
|
$(verbose) m4 $(M4PARAM) $(ROLEMAP) | \
|
||||||
awk '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
|
awk '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
|
||||||
endef
|
endef
|
||||||
|
|
||||||
# peruser-expansion modulename,outputfile
|
# peruser-expansion modulename,outputfile
|
||||||
define peruser-expansion
|
define peruser-expansion
|
||||||
$(QUIET) echo "ifdef(\`""$1""_per_userdomain_template',\`" > $2
|
$(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" > $2
|
||||||
$(call parse-rolemap,$1,$2)
|
$(call parse-rolemap,$1,$2)
|
||||||
$(QUIET) echo "')" >> $2
|
$(verbose) echo "')" >> $2
|
||||||
endef
|
endef
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -220,8 +226,8 @@ $(MODDIR)/kernel/corenetwork.if: $(MODDIR)/kernel/corenetwork.if.m4 $(MODDIR)/ke
|
|||||||
@echo "# This is a generated file! Instead of modifying this file, the" >> $@
|
@echo "# This is a generated file! Instead of modifying this file, the" >> $@
|
||||||
@echo "# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
|
@echo "# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
|
||||||
@echo "#" >> $@
|
@echo "#" >> $@
|
||||||
$(QUIET) cat $(MODDIR)/kernel/corenetwork.if.in >> $@
|
$(verbose) cat $(MODDIR)/kernel/corenetwork.if.in >> $@
|
||||||
$(QUIET) egrep "^[[:blank:]]*network_(interface|node|port)\(.*\)" $(@:.if=.te).in \
|
$(verbose) egrep "^[[:blank:]]*network_(interface|node|port)\(.*\)" $(@:.if=.te).in \
|
||||||
| m4 -D self_contained_policy $(M4PARAM) $(MODDIR)/kernel/corenetwork.if.m4 - \
|
| m4 -D self_contained_policy $(M4PARAM) $(MODDIR)/kernel/corenetwork.if.m4 - \
|
||||||
| sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
|
| sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
|
||||||
|
|
||||||
@ -230,7 +236,7 @@ $(MODDIR)/kernel/corenetwork.te: $(MODDIR)/kernel/corenetwork.te.m4 $(MODDIR)/ke
|
|||||||
@echo "# This is a generated file! Instead of modifying this file, the" >> $@
|
@echo "# This is a generated file! Instead of modifying this file, the" >> $@
|
||||||
@echo "# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
|
@echo "# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
|
||||||
@echo "#" >> $@
|
@echo "#" >> $@
|
||||||
$(QUIET) m4 -D self_contained_policy $(M4PARAM) $^ \
|
$(verbose) m4 -D self_contained_policy $(M4PARAM) $^ \
|
||||||
| sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
|
| sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -241,7 +247,7 @@ conf: $(MOD_CONF) $(BOOLEANS) $(GENERATED_TE) $(GENERATED_IF) $(GENERATED_FC)
|
|||||||
|
|
||||||
$(MOD_CONF) $(BOOLEANS): $(POLXML)
|
$(MOD_CONF) $(BOOLEANS): $(POLXML)
|
||||||
@echo "Updating $(MOD_CONF) and $(BOOLEANS)"
|
@echo "Updating $(MOD_CONF) and $(BOOLEANS)"
|
||||||
$(QUIET) cd $(DOCS) && ../$(GENDOC) -t ../$(BOOLEANS) -m ../$(MOD_CONF) -x ../$(POLXML)
|
$(verbose) cd $(DOCS) && ../$(GENDOC) -t ../$(BOOLEANS) -m ../$(MOD_CONF) -x ../$(POLXML)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -255,18 +261,18 @@ $(MOD_CONF) $(BOOLEANS): $(POLXML)
|
|||||||
$(POLXML): $(DETECTED_MODS:.te=.if) $(foreach dir,$(ALL_LAYERS),$(dir)/$(LAYERXML))
|
$(POLXML): $(DETECTED_MODS:.te=.if) $(foreach dir,$(ALL_LAYERS),$(dir)/$(LAYERXML))
|
||||||
@echo "Creating $@"
|
@echo "Creating $@"
|
||||||
@mkdir -p tmp
|
@mkdir -p tmp
|
||||||
$(QUIET) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
|
$(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
|
||||||
$(QUIET) echo '<!DOCTYPE policy SYSTEM "$(notdir $(XMLDTD))">' >> $@
|
$(verbose) echo '<!DOCTYPE policy SYSTEM "$(notdir $(XMLDTD))">' >> $@
|
||||||
$(QUIET) $(GENXML) -w -m $(LAYERXML) -t $(GLOBALTUN) -b $(GLOBALBOOL) $(ALL_LAYERS) >> $@
|
$(verbose) $(GENXML) -w -m $(LAYERXML) -t $(GLOBALTUN) -b $(GLOBALBOOL) $(ALL_LAYERS) >> $@
|
||||||
$(QUIET) if test -x $(XMLLINT) && test -f $(XMLDTD); then \
|
$(verbose) if test -x $(XMLLINT) && test -f $(XMLDTD); then \
|
||||||
$(XMLLINT) --noout --dtdvalid $(XMLDTD) $@ ;\
|
$(XMLLINT) --noout --dtdvalid $(XMLDTD) $@ ;\
|
||||||
fi
|
fi
|
||||||
|
|
||||||
html: $(POLXML)
|
html: $(POLXML)
|
||||||
@echo "Building html interface reference documentation in $(HTMLDIR)"
|
@echo "Building html interface reference documentation in $(HTMLDIR)"
|
||||||
@mkdir -p $(HTMLDIR)
|
@mkdir -p $(HTMLDIR)
|
||||||
$(QUIET) cd $(DOCS) && ../$(GENDOC) -d ../$(HTMLDIR) -T ../$(DOCTEMPLATE) -x ../$(POLXML)
|
$(verbose) cd $(DOCS) && ../$(GENDOC) -d ../$(HTMLDIR) -T ../$(DOCTEMPLATE) -x ../$(POLXML)
|
||||||
$(QUIET) cp $(DOCTEMPLATE)/*.css $(HTMLDIR)
|
$(verbose) cp $(DOCTEMPLATE)/*.css $(HTMLDIR)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -280,14 +286,14 @@ $(USERPATH)/system.users: $(M4SUPPORT) tmp/generated_definitions.conf $(USER_FIL
|
|||||||
@echo "# This file is replaced on reinstalls of this policy." >> tmp/system.users
|
@echo "# This file is replaced on reinstalls of this policy." >> tmp/system.users
|
||||||
@echo "# Please edit local.users to make local changes." >> tmp/system.users
|
@echo "# Please edit local.users to make local changes." >> tmp/system.users
|
||||||
@echo "#" >> tmp/system.users
|
@echo "#" >> tmp/system.users
|
||||||
$(QUIET) m4 -D self_contained_policy $(M4PARAM) $^ | sed -r -e 's/^[[:blank:]]+//' \
|
$(verbose) m4 -D self_contained_policy $(M4PARAM) $^ | sed -r -e 's/^[[:blank:]]+//' \
|
||||||
-e '/^[[:blank:]]*($$|#)/d' >> tmp/system.users
|
-e '/^[[:blank:]]*($$|#)/d' >> tmp/system.users
|
||||||
$(QUIET) install -m 644 tmp/system.users $@
|
$(verbose) install -m 644 tmp/system.users $@
|
||||||
|
|
||||||
$(USERPATH)/local.users: config/local.users
|
$(USERPATH)/local.users: config/local.users
|
||||||
@mkdir -p $(USERPATH)
|
@mkdir -p $(USERPATH)
|
||||||
@echo "Installing local.users"
|
@echo "Installing local.users"
|
||||||
$(QUIET) install -b -m 644 $< $@
|
$(verbose) install -b -m 644 $< $@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -297,45 +303,54 @@ install-appconfig: $(APPFILES)
|
|||||||
|
|
||||||
$(INSTALLDIR)/booleans: $(BOOLEANS)
|
$(INSTALLDIR)/booleans: $(BOOLEANS)
|
||||||
@mkdir -p $(INSTALLDIR)
|
@mkdir -p $(INSTALLDIR)
|
||||||
$(QUIET) sed -r -e 's/false/0/g' -e 's/true/1/g' \
|
$(verbose) sed -r -e 's/false/0/g' -e 's/true/1/g' \
|
||||||
-e '/^[[:blank:]]*($$|#)/d' $(BOOLEANS) | sort > tmp/booleans
|
-e '/^[[:blank:]]*($$|#)/d' $(BOOLEANS) | sort > tmp/booleans
|
||||||
$(QUIET) install -m 644 tmp/booleans $@
|
$(verbose) install -m 644 tmp/booleans $@
|
||||||
|
|
||||||
$(CONTEXTPATH)/files/media: $(APPCONF)/media
|
$(CONTEXTPATH)/files/media: $(APPCONF)/media
|
||||||
@mkdir -p $(CONTEXTPATH)/files/
|
@mkdir -p $(CONTEXTPATH)/files/
|
||||||
$(QUIET) install -m 644 $< $@
|
$(verbose) install -m 644 $< $@
|
||||||
|
|
||||||
$(APPDIR)/default_contexts: $(APPCONF)/default_contexts
|
$(APPDIR)/default_contexts: $(APPCONF)/default_contexts
|
||||||
@mkdir -p $(APPDIR)
|
@mkdir -p $(APPDIR)
|
||||||
$(QUIET) install -m 644 $< $@
|
$(verbose) install -m 644 $< $@
|
||||||
|
|
||||||
$(APPDIR)/removable_context: $(APPCONF)/removable_context
|
$(APPDIR)/removable_context: $(APPCONF)/removable_context
|
||||||
@mkdir -p $(APPDIR)
|
@mkdir -p $(APPDIR)
|
||||||
$(QUIET) install -m 644 $< $@
|
$(verbose) install -m 644 $< $@
|
||||||
|
|
||||||
$(APPDIR)/default_type: $(APPCONF)/default_type
|
$(APPDIR)/default_type: $(APPCONF)/default_type
|
||||||
@mkdir -p $(APPDIR)
|
@mkdir -p $(APPDIR)
|
||||||
$(QUIET) install -m 644 $< $@
|
$(verbose) install -m 644 $< $@
|
||||||
|
|
||||||
$(APPDIR)/userhelper_context: $(APPCONF)/userhelper_context
|
$(APPDIR)/userhelper_context: $(APPCONF)/userhelper_context
|
||||||
@mkdir -p $(APPDIR)
|
@mkdir -p $(APPDIR)
|
||||||
$(QUIET) install -m 644 $< $@
|
$(verbose) install -m 644 $< $@
|
||||||
|
|
||||||
$(APPDIR)/initrc_context: $(APPCONF)/initrc_context
|
$(APPDIR)/initrc_context: $(APPCONF)/initrc_context
|
||||||
@mkdir -p $(APPDIR)
|
@mkdir -p $(APPDIR)
|
||||||
$(QUIET) install -m 644 $< $@
|
$(verbose) install -m 644 $< $@
|
||||||
|
|
||||||
$(APPDIR)/failsafe_context: $(APPCONF)/failsafe_context
|
$(APPDIR)/failsafe_context: $(APPCONF)/failsafe_context
|
||||||
@mkdir -p $(APPDIR)
|
@mkdir -p $(APPDIR)
|
||||||
$(QUIET) install -m 644 $< $@
|
$(verbose) install -m 644 $< $@
|
||||||
|
|
||||||
$(APPDIR)/dbus_contexts: $(APPCONF)/dbus_contexts
|
$(APPDIR)/dbus_contexts: $(APPCONF)/dbus_contexts
|
||||||
@mkdir -p $(APPDIR)
|
@mkdir -p $(APPDIR)
|
||||||
$(QUIET) install -m 644 $< $@
|
$(verbose) install -m 644 $< $@
|
||||||
|
|
||||||
$(APPDIR)/users/root: $(APPCONF)/root_default_contexts
|
$(APPDIR)/users/root: $(APPCONF)/root_default_contexts
|
||||||
@mkdir -p $(APPDIR)/users
|
@mkdir -p $(APPDIR)/users
|
||||||
$(QUIET) install -m 644 $< $@
|
$(verbose) install -m 644 $< $@
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# Install policy headers
|
||||||
|
#
|
||||||
|
install-headers: $(DETECTED_MODS:.te=.if) $(ROLEMAP) $(M4SUPPORT) $(SUPPORT)/Makefile.devel build.conf
|
||||||
|
mkdir -p $(HEADERDIR)
|
||||||
|
$(verbose) install -m 644 $^ $(HEADERDIR)
|
||||||
|
$(verbose) $(GENPERM) $(AVS) $(SECCLASS) > $(HEADERDIR)/all_perms.spt
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -47,7 +47,7 @@ install: $(INSTPKG) $(APPFILES)
|
|||||||
#
|
#
|
||||||
load: $(INSTPKG) $(APPFILES)
|
load: $(INSTPKG) $(APPFILES)
|
||||||
@echo "Loading configured modules."
|
@echo "Loading configured modules."
|
||||||
$(QUIET) $(SEMODULE) -s $(NAME) -b $(MODPKGDIR)/$(BASE_PKG) $(foreach mod,$(MOD_PKGS),-i $(MODPKGDIR)/$(mod))
|
$(verbose) $(SEMODULE) -s $(NAME) -b $(MODPKGDIR)/$(BASE_PKG) $(foreach mod,$(MOD_PKGS),-i $(MODPKGDIR)/$(mod))
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -56,7 +56,7 @@ load: $(INSTPKG) $(APPFILES)
|
|||||||
$(MODPKGDIR)/%.pp: %.pp
|
$(MODPKGDIR)/%.pp: %.pp
|
||||||
@mkdir -p $(MODPKGDIR)
|
@mkdir -p $(MODPKGDIR)
|
||||||
@echo "Installing $(NAME) $(@F) policy package."
|
@echo "Installing $(NAME) $(@F) policy package."
|
||||||
$(QUIET) install -m 0644 $^ $(MODPKGDIR)
|
$(verbose) install -m 0644 $^ $(MODPKGDIR)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -65,15 +65,15 @@ $(MODPKGDIR)/%.pp: %.pp
|
|||||||
tmp/%.mod: $(M4SUPPORT) tmp/generated_definitions.conf tmp/all_interfaces.conf %.te
|
tmp/%.mod: $(M4SUPPORT) tmp/generated_definitions.conf tmp/all_interfaces.conf %.te
|
||||||
@echo "Compliling $(NAME) $(@F) module"
|
@echo "Compliling $(NAME) $(@F) module"
|
||||||
$(call peruser-expansion,$(basename $(@F)),$@.role)
|
$(call peruser-expansion,$(basename $(@F)),$@.role)
|
||||||
$(QUIET) m4 $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
|
$(verbose) m4 $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
|
||||||
$(QUIET) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
|
$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
|
||||||
|
|
||||||
tmp/%.mod.fc: $(M4SUPPORT) %.fc
|
tmp/%.mod.fc: $(M4SUPPORT) %.fc
|
||||||
$(QUIET) m4 $(M4PARAM) $(M4SUPPORT) $^ > $@
|
$(verbose) m4 $(M4PARAM) $(M4SUPPORT) $^ > $@
|
||||||
|
|
||||||
%.pp: tmp/%.mod tmp/%.mod.fc
|
%.pp: tmp/%.mod tmp/%.mod.fc
|
||||||
@echo "Creating $(NAME) $(@F) policy package"
|
@echo "Creating $(NAME) $(@F) policy package"
|
||||||
$(QUIET) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
|
$(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -81,11 +81,11 @@ tmp/%.mod.fc: $(M4SUPPORT) %.fc
|
|||||||
#
|
#
|
||||||
$(BASE_PKG): tmp/base.mod $(BASE_FC)
|
$(BASE_PKG): tmp/base.mod $(BASE_FC)
|
||||||
@echo "Creating $(NAME) base module package"
|
@echo "Creating $(NAME) base module package"
|
||||||
$(QUIET) $(SEMOD_PKG) -o $@ -m tmp/base.mod -f $(BASE_FC)
|
$(verbose) $(SEMOD_PKG) -o $@ -m tmp/base.mod -f $(BASE_FC)
|
||||||
|
|
||||||
tmp/base.mod: base.conf
|
tmp/base.mod: base.conf
|
||||||
@echo "Compiling $(NAME) base module"
|
@echo "Compiling $(NAME) base module"
|
||||||
$(QUIET) $(CHECKMODULE) $^ -o $@
|
$(verbose) $(CHECKMODULE) $^ -o $@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -94,64 +94,64 @@ tmp/base.mod: base.conf
|
|||||||
base.conf: $(BASE_SECTIONS)
|
base.conf: $(BASE_SECTIONS)
|
||||||
@echo "Creating $(NAME) base module base.conf"
|
@echo "Creating $(NAME) base module base.conf"
|
||||||
# checkpolicy can use the #line directives provided by -s for error reporting:
|
# checkpolicy can use the #line directives provided by -s for error reporting:
|
||||||
$(QUIET) m4 -D self_contained_policy $(M4PARAM) -s $^ > tmp/$@.tmp
|
$(verbose) m4 -D self_contained_policy $(M4PARAM) -s $^ > tmp/$@.tmp
|
||||||
$(QUIET) sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d < tmp/$@.tmp > $@
|
$(verbose) sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d < tmp/$@.tmp > $@
|
||||||
# the ordering of these ocontexts matters:
|
# the ordering of these ocontexts matters:
|
||||||
$(QUIET) grep ^portcon tmp/$@.tmp >> $@ || true
|
$(verbose) grep ^portcon tmp/$@.tmp >> $@ || true
|
||||||
$(QUIET) grep ^netifcon tmp/$@.tmp >> $@ || true
|
$(verbose) grep ^netifcon tmp/$@.tmp >> $@ || true
|
||||||
$(QUIET) grep ^nodecon tmp/$@.tmp >> $@ || true
|
$(verbose) grep ^nodecon tmp/$@.tmp >> $@ || true
|
||||||
|
|
||||||
tmp/pre_te_files.conf: $(BASE_PRE_TE_FILES)
|
tmp/pre_te_files.conf: $(BASE_PRE_TE_FILES)
|
||||||
@test -d tmp || mkdir -p tmp
|
@test -d tmp || mkdir -p tmp
|
||||||
$(QUIET) cat $^ > $@
|
$(verbose) cat $^ > $@
|
||||||
|
|
||||||
tmp/generated_definitions.conf: $(BASE_TE_FILES)
|
tmp/generated_definitions.conf: $(BASE_TE_FILES)
|
||||||
@test -d tmp || mkdir -p tmp
|
@test -d tmp || mkdir -p tmp
|
||||||
# define all available object classes
|
# define all available object classes
|
||||||
$(QUIET) $(GENPERM) $(AVS) $(SECCLASS) > $@
|
$(verbose) $(GENPERM) $(AVS) $(SECCLASS) > $@
|
||||||
# per-userdomain templates
|
# per-userdomain templates
|
||||||
$(QUIET) echo "define(\`base_per_userdomain_template',\`" >> $@
|
$(verbose) echo "define(\`base_per_userdomain_template',\`" >> $@
|
||||||
$(QUIET) for i in $(patsubst %.te,%,$(BASE_MODS)); do \
|
$(verbose) for i in $(patsubst %.te,%,$(BASE_MODS)); do \
|
||||||
echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$*'")')" \
|
echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$*'")')" \
|
||||||
>> $@ ;\
|
>> $@ ;\
|
||||||
done
|
done
|
||||||
$(QUIET) echo "')" >> $@
|
$(verbose) echo "')" >> $@
|
||||||
# define foo.te
|
# define foo.te
|
||||||
$(QUIET) for i in $(notdir $(BASE_TE_FILES)); do \
|
$(verbose) for i in $(notdir $(BASE_TE_FILES)); do \
|
||||||
echo "define(\`$$i')" >> $@ ;\
|
echo "define(\`$$i')" >> $@ ;\
|
||||||
done
|
done
|
||||||
$(QUIET) $(SETTUN) $(BOOLEANS) >> $@
|
$(verbose) $(SETTUN) $(BOOLEANS) >> $@
|
||||||
|
|
||||||
tmp/all_interfaces.conf: $(M4SUPPORT) $(ALL_INTERFACES)
|
tmp/all_interfaces.conf: $(M4SUPPORT) $(ALL_INTERFACES)
|
||||||
ifeq ($(ALL_INTERFACES),)
|
ifeq ($(ALL_INTERFACES),)
|
||||||
$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
|
$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
|
||||||
endif
|
endif
|
||||||
@test -d tmp || mkdir -p tmp
|
@test -d tmp || mkdir -p tmp
|
||||||
$(QUIET) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@
|
$(verbose) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@
|
||||||
|
|
||||||
tmp/all_te_files.conf: $(BASE_TE_FILES)
|
tmp/all_te_files.conf: $(BASE_TE_FILES)
|
||||||
ifeq ($(BASE_TE_FILES),)
|
ifeq ($(BASE_TE_FILES),)
|
||||||
$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
|
$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
|
||||||
endif
|
endif
|
||||||
@test -d tmp || mkdir -p tmp
|
@test -d tmp || mkdir -p tmp
|
||||||
$(QUIET) cat $^ > $@
|
$(verbose) cat $^ > $@
|
||||||
$(call parse-rolemap,base,$@)
|
$(call parse-rolemap,base,$@)
|
||||||
|
|
||||||
tmp/post_te_files.conf: $(BASE_POST_TE_FILES)
|
tmp/post_te_files.conf: $(BASE_POST_TE_FILES)
|
||||||
@test -d tmp || mkdir -p tmp
|
@test -d tmp || mkdir -p tmp
|
||||||
$(QUIET) cat $^ > $@
|
$(verbose) cat $^ > $@
|
||||||
|
|
||||||
# extract attributes and put them first. extract post te stuff
|
# extract attributes and put them first. extract post te stuff
|
||||||
# like genfscon and put last. portcon, nodecon, and netifcon
|
# like genfscon and put last. portcon, nodecon, and netifcon
|
||||||
# is delayed since they are generated by m4
|
# is delayed since they are generated by m4
|
||||||
tmp/all_attrs_types.conf tmp/only_te_rules.conf tmp/all_post.conf: tmp/all_te_files.conf tmp/post_te_files.conf
|
tmp/all_attrs_types.conf tmp/only_te_rules.conf tmp/all_post.conf: tmp/all_te_files.conf tmp/post_te_files.conf
|
||||||
$(QUIET) grep ^attribute tmp/all_te_files.conf > tmp/all_attrs_types.conf || true
|
$(verbose) grep ^attribute tmp/all_te_files.conf > tmp/all_attrs_types.conf || true
|
||||||
$(QUIET) grep '^type ' tmp/all_te_files.conf >> tmp/all_attrs_types.conf
|
$(verbose) grep '^type ' tmp/all_te_files.conf >> tmp/all_attrs_types.conf
|
||||||
$(QUIET) cat tmp/post_te_files.conf > tmp/all_post.conf
|
$(verbose) cat tmp/post_te_files.conf > tmp/all_post.conf
|
||||||
$(QUIET) grep '^sid ' tmp/all_te_files.conf >> tmp/all_post.conf || true
|
$(verbose) grep '^sid ' tmp/all_te_files.conf >> tmp/all_post.conf || true
|
||||||
$(QUIET) egrep '^fs_use_(xattr|task|trans)' tmp/all_te_files.conf >> tmp/all_post.conf || true
|
$(verbose) egrep '^fs_use_(xattr|task|trans)' tmp/all_te_files.conf >> tmp/all_post.conf || true
|
||||||
$(QUIET) grep ^genfscon tmp/all_te_files.conf >> tmp/all_post.conf || true
|
$(verbose) grep ^genfscon tmp/all_te_files.conf >> tmp/all_post.conf || true
|
||||||
$(QUIET) sed -r -e /^attribute/d -e '/^type /d' -e /^genfscon/d \
|
$(verbose) sed -r -e /^attribute/d -e '/^type /d' -e /^genfscon/d \
|
||||||
-e '/^sid /d' -e '/^fs_use_(xattr|task|trans)/d' \
|
-e '/^sid /d' -e '/^fs_use_(xattr|task|trans)/d' \
|
||||||
< tmp/all_te_files.conf > tmp/only_te_rules.conf
|
< tmp/all_te_files.conf > tmp/only_te_rules.conf
|
||||||
|
|
||||||
@ -160,7 +160,7 @@ tmp/all_attrs_types.conf tmp/only_te_rules.conf tmp/all_post.conf: tmp/all_te_fi
|
|||||||
# Construct a base.fc
|
# Construct a base.fc
|
||||||
#
|
#
|
||||||
$(BASE_FC): tmp/$(BASE_FC).tmp $(FCSORT)
|
$(BASE_FC): tmp/$(BASE_FC).tmp $(FCSORT)
|
||||||
$(QUIET) $(FCSORT) $< $@
|
$(verbose) $(FCSORT) $< $@
|
||||||
|
|
||||||
tmp/$(BASE_FC).tmp: $(M4SUPPORT) tmp/generated_definitions.conf $(BASE_FC_FILES)
|
tmp/$(BASE_FC).tmp: $(M4SUPPORT) tmp/generated_definitions.conf $(BASE_FC_FILES)
|
||||||
ifeq ($(BASE_FC_FILES),)
|
ifeq ($(BASE_FC_FILES),)
|
||||||
@ -168,7 +168,7 @@ ifeq ($(BASE_FC_FILES),)
|
|||||||
endif
|
endif
|
||||||
@echo "Creating $(NAME) base module file contexts."
|
@echo "Creating $(NAME) base module file contexts."
|
||||||
@test -d tmp || mkdir -p tmp
|
@test -d tmp || mkdir -p tmp
|
||||||
$(QUIET) m4 $(M4PARAM) $^ > $@
|
$(verbose) m4 $(M4PARAM) $^ > $@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -177,8 +177,8 @@ endif
|
|||||||
enableaudit: base.conf
|
enableaudit: base.conf
|
||||||
@test -d tmp || mkdir -p tmp
|
@test -d tmp || mkdir -p tmp
|
||||||
@echo "Removing dontaudit rules from base.conf"
|
@echo "Removing dontaudit rules from base.conf"
|
||||||
$(QUIET) grep -v dontaudit base.conf > tmp/base.audit
|
$(verbose) grep -v dontaudit base.conf > tmp/base.audit
|
||||||
$(QUIET) mv tmp/base.audit base.conf
|
$(verbose) mv tmp/base.audit base.conf
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -186,8 +186,8 @@ enableaudit: base.conf
|
|||||||
#
|
#
|
||||||
$(APPDIR)/customizable_types: base.conf
|
$(APPDIR)/customizable_types: base.conf
|
||||||
@mkdir -p $(APPDIR)
|
@mkdir -p $(APPDIR)
|
||||||
$(QUIET) grep "^type .*customizable" $< | cut -d',' -f1 | cut -d' ' -f2 > tmp/customizable_types
|
$(verbose) grep "^type .*customizable" $< | cut -d',' -f1 | cut -d' ' -f2 > tmp/customizable_types
|
||||||
$(QUIET) install -m 644 tmp/customizable_types $@
|
$(verbose) install -m 644 tmp/customizable_types $@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -56,7 +56,7 @@ ifneq ($(PV),$(KV))
|
|||||||
@echo "WARNING: Policy version mismatch! Is your OUTPUT_POLICY set correctly?"
|
@echo "WARNING: Policy version mismatch! Is your OUTPUT_POLICY set correctly?"
|
||||||
@echo
|
@echo
|
||||||
endif
|
endif
|
||||||
$(QUIET) $(CHECKPOLICY) $^ -o $@
|
$(verbose) $(CHECKPOLICY) $^ -o $@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -70,7 +70,7 @@ ifneq ($(PV),$(KV))
|
|||||||
@echo "WARNING: Policy version mismatch! Is your OUTPUT_POLICY set correctly?"
|
@echo "WARNING: Policy version mismatch! Is your OUTPUT_POLICY set correctly?"
|
||||||
@echo
|
@echo
|
||||||
endif
|
endif
|
||||||
$(QUIET) $(CHECKPOLICY) $^ -o $@
|
$(verbose) $(CHECKPOLICY) $^ -o $@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -78,7 +78,7 @@ endif
|
|||||||
#
|
#
|
||||||
reload tmp/load: $(LOADPATH) $(FCPATH) $(APPFILES)
|
reload tmp/load: $(LOADPATH) $(FCPATH) $(APPFILES)
|
||||||
@echo "Loading $(NAME) $(LOADPATH)"
|
@echo "Loading $(NAME) $(LOADPATH)"
|
||||||
$(QUIET) $(LOADPOLICY) -q $(LOADPATH)
|
$(verbose) $(LOADPOLICY) -q $(LOADPATH)
|
||||||
@touch tmp/load
|
@touch tmp/load
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -88,62 +88,62 @@ reload tmp/load: $(LOADPATH) $(FCPATH) $(APPFILES)
|
|||||||
policy.conf: $(POLICY_SECTIONS)
|
policy.conf: $(POLICY_SECTIONS)
|
||||||
@echo "Creating $(NAME) policy.conf"
|
@echo "Creating $(NAME) policy.conf"
|
||||||
# checkpolicy can use the #line directives provided by -s for error reporting:
|
# checkpolicy can use the #line directives provided by -s for error reporting:
|
||||||
$(QUIET) m4 -D self_contained_policy $(M4PARAM) -s $^ > tmp/$@.tmp
|
$(verbose) m4 -D self_contained_policy $(M4PARAM) -s $^ > tmp/$@.tmp
|
||||||
$(QUIET) sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d < tmp/$@.tmp > $@
|
$(verbose) sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d < tmp/$@.tmp > $@
|
||||||
# the ordering of these ocontexts matters:
|
# the ordering of these ocontexts matters:
|
||||||
$(QUIET) grep ^portcon tmp/$@.tmp >> $@ || true
|
$(verbose) grep ^portcon tmp/$@.tmp >> $@ || true
|
||||||
$(QUIET) grep ^netifcon tmp/$@.tmp >> $@ || true
|
$(verbose) grep ^netifcon tmp/$@.tmp >> $@ || true
|
||||||
$(QUIET) grep ^nodecon tmp/$@.tmp >> $@ || true
|
$(verbose) grep ^nodecon tmp/$@.tmp >> $@ || true
|
||||||
|
|
||||||
tmp/pre_te_files.conf: $(PRE_TE_FILES)
|
tmp/pre_te_files.conf: $(PRE_TE_FILES)
|
||||||
@test -d tmp || mkdir -p tmp
|
@test -d tmp || mkdir -p tmp
|
||||||
$(QUIET) cat $^ > $@
|
$(verbose) cat $^ > $@
|
||||||
|
|
||||||
tmp/generated_definitions.conf: $(ALL_TE_FILES)
|
tmp/generated_definitions.conf: $(ALL_TE_FILES)
|
||||||
# per-userdomain templates:
|
# per-userdomain templates:
|
||||||
@test -d tmp || mkdir -p tmp
|
@test -d tmp || mkdir -p tmp
|
||||||
$(QUIET) echo "define(\`base_per_userdomain_template',\`" > $@
|
$(verbose) echo "define(\`base_per_userdomain_template',\`" > $@
|
||||||
$(QUIET) for i in $(patsubst %.te,%,$(notdir $(ALL_MODULES))); do \
|
$(verbose) for i in $(patsubst %.te,%,$(notdir $(ALL_MODULES))); do \
|
||||||
echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$*'")')" \
|
echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$*'")')" \
|
||||||
>> $@ ;\
|
>> $@ ;\
|
||||||
done
|
done
|
||||||
$(QUIET) echo "')" >> $@
|
$(verbose) echo "')" >> $@
|
||||||
# define foo.te
|
# define foo.te
|
||||||
$(QUIET) for i in $(notdir $(ALL_MODULES)); do \
|
$(verbose) for i in $(notdir $(ALL_MODULES)); do \
|
||||||
echo "define(\`$$i')" >> $@ ;\
|
echo "define(\`$$i')" >> $@ ;\
|
||||||
done
|
done
|
||||||
$(QUIET) $(SETTUN) $(BOOLEANS) >> $@
|
$(verbose) $(SETTUN) $(BOOLEANS) >> $@
|
||||||
|
|
||||||
tmp/all_interfaces.conf: $(M4SUPPORT) $(ALL_INTERFACES)
|
tmp/all_interfaces.conf: $(M4SUPPORT) $(ALL_INTERFACES)
|
||||||
ifeq ($(ALL_INTERFACES),)
|
ifeq ($(ALL_INTERFACES),)
|
||||||
$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
|
$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
|
||||||
endif
|
endif
|
||||||
@test -d tmp || mkdir -p tmp
|
@test -d tmp || mkdir -p tmp
|
||||||
$(QUIET) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@
|
$(verbose) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@
|
||||||
|
|
||||||
tmp/all_te_files.conf: $(ALL_TE_FILES)
|
tmp/all_te_files.conf: $(ALL_TE_FILES)
|
||||||
ifeq ($(ALL_TE_FILES),)
|
ifeq ($(ALL_TE_FILES),)
|
||||||
$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
|
$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
|
||||||
endif
|
endif
|
||||||
@test -d tmp || mkdir -p tmp
|
@test -d tmp || mkdir -p tmp
|
||||||
$(QUIET) cat $^ > $@
|
$(verbose) cat $^ > $@
|
||||||
$(call parse-rolemap,base,$@)
|
$(call parse-rolemap,base,$@)
|
||||||
|
|
||||||
tmp/post_te_files.conf: $(POST_TE_FILES)
|
tmp/post_te_files.conf: $(POST_TE_FILES)
|
||||||
@test -d tmp || mkdir -p tmp
|
@test -d tmp || mkdir -p tmp
|
||||||
$(QUIET) cat $^ > $@
|
$(verbose) cat $^ > $@
|
||||||
|
|
||||||
# extract attributes and put them first. extract post te stuff
|
# extract attributes and put them first. extract post te stuff
|
||||||
# like genfscon and put last. portcon, nodecon, and netifcon
|
# like genfscon and put last. portcon, nodecon, and netifcon
|
||||||
# is delayed since they are generated by m4
|
# is delayed since they are generated by m4
|
||||||
tmp/all_attrs_types.conf tmp/only_te_rules.conf tmp/all_post.conf: tmp/all_te_files.conf tmp/post_te_files.conf
|
tmp/all_attrs_types.conf tmp/only_te_rules.conf tmp/all_post.conf: tmp/all_te_files.conf tmp/post_te_files.conf
|
||||||
$(QUIET) grep ^attribute tmp/all_te_files.conf > tmp/all_attrs_types.conf || true
|
$(verbose) grep ^attribute tmp/all_te_files.conf > tmp/all_attrs_types.conf || true
|
||||||
$(QUIET) grep '^type ' tmp/all_te_files.conf >> tmp/all_attrs_types.conf
|
$(verbose) grep '^type ' tmp/all_te_files.conf >> tmp/all_attrs_types.conf
|
||||||
$(QUIET) cat tmp/post_te_files.conf > tmp/all_post.conf
|
$(verbose) cat tmp/post_te_files.conf > tmp/all_post.conf
|
||||||
$(QUIET) grep '^sid ' tmp/all_te_files.conf >> tmp/all_post.conf || true
|
$(verbose) grep '^sid ' tmp/all_te_files.conf >> tmp/all_post.conf || true
|
||||||
$(QUIET) egrep '^fs_use_(xattr|task|trans)' tmp/all_te_files.conf >> tmp/all_post.conf || true
|
$(verbose) egrep '^fs_use_(xattr|task|trans)' tmp/all_te_files.conf >> tmp/all_post.conf || true
|
||||||
$(QUIET) grep ^genfscon tmp/all_te_files.conf >> tmp/all_post.conf || true
|
$(verbose) grep ^genfscon tmp/all_te_files.conf >> tmp/all_post.conf || true
|
||||||
$(QUIET) sed -r -e /^attribute/d -e '/^type /d' -e /^genfscon/d \
|
$(verbose) sed -r -e /^attribute/d -e '/^type /d' -e /^genfscon/d \
|
||||||
-e '/^sid /d' -e '/^fs_use_(xattr|task|trans)/d' \
|
-e '/^sid /d' -e '/^fs_use_(xattr|task|trans)/d' \
|
||||||
< tmp/all_te_files.conf > tmp/only_te_rules.conf
|
< tmp/all_te_files.conf > tmp/only_te_rules.conf
|
||||||
|
|
||||||
@ -154,17 +154,17 @@ tmp/all_attrs_types.conf tmp/only_te_rules.conf tmp/all_post.conf: tmp/all_te_fi
|
|||||||
enableaudit: policy.conf
|
enableaudit: policy.conf
|
||||||
@test -d tmp || mkdir -p tmp
|
@test -d tmp || mkdir -p tmp
|
||||||
@echo "Removing dontaudit rules from policy.conf"
|
@echo "Removing dontaudit rules from policy.conf"
|
||||||
$(QUIET) grep -v dontaudit policy.conf > tmp/policy.audit
|
$(verbose) grep -v dontaudit policy.conf > tmp/policy.audit
|
||||||
$(QUIET) mv tmp/policy.audit policy.conf
|
$(verbose) mv tmp/policy.audit policy.conf
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Construct file_contexts
|
# Construct file_contexts
|
||||||
#
|
#
|
||||||
$(FC): tmp/$(FC).tmp $(FCSORT)
|
$(FC): tmp/$(FC).tmp $(FCSORT)
|
||||||
$(QUIET) $(FCSORT) $< $@
|
$(verbose) $(FCSORT) $< $@
|
||||||
$(QUIET) grep -e HOME -e ROLE $@ > $(HOMEDIR_TEMPLATE)
|
$(verbose) grep -e HOME -e ROLE $@ > $(HOMEDIR_TEMPLATE)
|
||||||
$(QUIET) sed -i -e /HOME/d -e /ROLE/d $@
|
$(verbose) sed -i -e /HOME/d -e /ROLE/d $@
|
||||||
|
|
||||||
tmp/$(FC).tmp: $(M4SUPPORT) tmp/generated_definitions.conf $(ALL_FC_FILES)
|
tmp/$(FC).tmp: $(M4SUPPORT) tmp/generated_definitions.conf $(ALL_FC_FILES)
|
||||||
ifeq ($(ALL_FC_FILES),)
|
ifeq ($(ALL_FC_FILES),)
|
||||||
@ -172,7 +172,7 @@ ifeq ($(ALL_FC_FILES),)
|
|||||||
endif
|
endif
|
||||||
@echo "Creating $(NAME) file_contexts."
|
@echo "Creating $(NAME) file_contexts."
|
||||||
@test -d tmp || mkdir -p tmp
|
@test -d tmp || mkdir -p tmp
|
||||||
$(QUIET) m4 $(M4PARAM) $^ > $@
|
$(verbose) m4 $(M4PARAM) $^ > $@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -180,12 +180,12 @@ endif
|
|||||||
#
|
#
|
||||||
$(FCPATH): $(FC) $(LOADPATH) $(USERPATH)/system.users
|
$(FCPATH): $(FC) $(LOADPATH) $(USERPATH)/system.users
|
||||||
@echo "Validating $(NAME) file_contexts."
|
@echo "Validating $(NAME) file_contexts."
|
||||||
$(QUIET) $(SETFILES) -q -c $(LOADPATH) $(FC)
|
$(verbose) $(SETFILES) -q -c $(LOADPATH) $(FC)
|
||||||
@echo "Installing file_contexts."
|
@echo "Installing file_contexts."
|
||||||
@mkdir -p $(CONTEXTPATH)/files
|
@mkdir -p $(CONTEXTPATH)/files
|
||||||
$(QUIET) install -m 644 $(FC) $(FCPATH)
|
$(verbose) install -m 644 $(FC) $(FCPATH)
|
||||||
$(QUIET) install -m 644 $(HOMEDIR_TEMPLATE) $(HOMEDIRPATH)
|
$(verbose) install -m 644 $(HOMEDIR_TEMPLATE) $(HOMEDIRPATH)
|
||||||
$(QUIET) $(GENHOMEDIRCON) -d $(TOPDIR) -t $(NAME) $(USEPWD)
|
$(verbose) $(GENHOMEDIRCON) -d $(TOPDIR) -t $(NAME) $(USEPWD)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -199,7 +199,7 @@ checklabels: $(FCPATH) $(SETFILES)
|
|||||||
echo "No filesystems with extended attributes found!" ;\
|
echo "No filesystems with extended attributes found!" ;\
|
||||||
false ;\
|
false ;\
|
||||||
fi
|
fi
|
||||||
$(QUIET) $(SETFILES) -v -n $(FCPATH) $(FILESYSTEMS)
|
$(verbose) $(SETFILES) -v -n $(FCPATH) $(FILESYSTEMS)
|
||||||
|
|
||||||
restorelabels: $(FCPATH) $(SETFILES)
|
restorelabels: $(FCPATH) $(SETFILES)
|
||||||
@echo "Restoring labels on filesystem types: ext2 ext3 xfs jfs"
|
@echo "Restoring labels on filesystem types: ext2 ext3 xfs jfs"
|
||||||
@ -207,7 +207,7 @@ restorelabels: $(FCPATH) $(SETFILES)
|
|||||||
echo "No filesystems with extended attributes found!" ;\
|
echo "No filesystems with extended attributes found!" ;\
|
||||||
false ;\
|
false ;\
|
||||||
fi
|
fi
|
||||||
$(QUIET) $(SETFILES) -v $(FCPATH) $(FILESYSTEMS)
|
$(verbose) $(SETFILES) -v $(FCPATH) $(FILESYSTEMS)
|
||||||
|
|
||||||
relabel: $(FCPATH) $(SETFILES)
|
relabel: $(FCPATH) $(SETFILES)
|
||||||
@echo "Relabeling filesystem types: ext2 ext3 xfs jfs"
|
@echo "Relabeling filesystem types: ext2 ext3 xfs jfs"
|
||||||
@ -215,7 +215,7 @@ relabel: $(FCPATH) $(SETFILES)
|
|||||||
echo "No filesystems with extended attributes found!" ;\
|
echo "No filesystems with extended attributes found!" ;\
|
||||||
false ;\
|
false ;\
|
||||||
fi
|
fi
|
||||||
$(QUIET) $(SETFILES) $(FCPATH) $(FILESYSTEMS)
|
$(verbose) $(SETFILES) $(FCPATH) $(FILESYSTEMS)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -233,8 +233,8 @@ longcheck: policy.conf $(FC)
|
|||||||
#
|
#
|
||||||
$(APPDIR)/customizable_types: policy.conf
|
$(APPDIR)/customizable_types: policy.conf
|
||||||
@mkdir -p $(APPDIR)
|
@mkdir -p $(APPDIR)
|
||||||
$(QUIET) grep "^type .*customizable" $< | cut -d',' -f1 | cut -d' ' -f2 > tmp/customizable_types
|
$(verbose) grep "^type .*customizable" $< | cut -d',' -f1 | cut -d' ' -f2 > tmp/customizable_types
|
||||||
$(QUIET) install -m 644 tmp/customizable_types $@
|
$(verbose) install -m 644 tmp/customizable_types $@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -46,5 +46,6 @@ MONOLITHIC=y
|
|||||||
# Enable polyinstantiated directory support.
|
# Enable polyinstantiated directory support.
|
||||||
POLY=n
|
POLY=n
|
||||||
|
|
||||||
# Uncomment this to disable command echoing
|
# Set this to y to only display status messages
|
||||||
#QUIET:=@
|
# during build.
|
||||||
|
QUIET=n
|
||||||
|
140
refpolicy/support/Makefile.devel
Normal file
140
refpolicy/support/Makefile.devel
Normal file
@ -0,0 +1,140 @@
|
|||||||
|
|
||||||
|
-include build.conf
|
||||||
|
|
||||||
|
# executables
|
||||||
|
PREFIX := /usr
|
||||||
|
BINDIR := $(PREFIX)/bin
|
||||||
|
SBINDIR := $(PREFIX)/sbin
|
||||||
|
CHECKMODULE := $(BINDIR)/checkmodule
|
||||||
|
SEMODULE := $(SBINDIR)/semodule
|
||||||
|
SEMOD_PKG := $(BINDIR)/semodule_package
|
||||||
|
|
||||||
|
# helper tools
|
||||||
|
AWK ?= gawk
|
||||||
|
INSTALL ?= install
|
||||||
|
M4 ?= m4
|
||||||
|
SED ?= sed
|
||||||
|
EINFO ?= echo
|
||||||
|
|
||||||
|
# installation paths
|
||||||
|
SHAREDIR := $(PREFIX)/share/selinux
|
||||||
|
MODPKGDIR := $(SHAREDIR)/$(NAME)
|
||||||
|
HEADERDIR := $(SHAREDIR)/refpolicy/include
|
||||||
|
|
||||||
|
# set default build options
|
||||||
|
TYPE ?= strict
|
||||||
|
NAME ?= $(TYPE)
|
||||||
|
DIRECT_INITRC ?= n
|
||||||
|
POLY ?= n
|
||||||
|
|
||||||
|
# compile strict policy if requested.
|
||||||
|
ifneq ($(findstring strict,$(TYPE)),)
|
||||||
|
M4PARAM += -D strict_policy
|
||||||
|
endif
|
||||||
|
|
||||||
|
# compile targeted policy if requested.
|
||||||
|
ifneq ($(findstring targeted,$(TYPE)),)
|
||||||
|
M4PARAM += -D targeted_policy
|
||||||
|
endif
|
||||||
|
|
||||||
|
# enable MLS if requested.
|
||||||
|
ifneq ($(findstring -mls,$(TYPE)),)
|
||||||
|
M4PARAM += -D enable_mls
|
||||||
|
CHECKPOLICY += -M
|
||||||
|
CHECKMODULE += -M
|
||||||
|
endif
|
||||||
|
|
||||||
|
# enable MLS if MCS requested.
|
||||||
|
ifneq ($(findstring -mcs,$(TYPE)),)
|
||||||
|
M4PARAM += -D enable_mcs
|
||||||
|
CHECKPOLICY += -M
|
||||||
|
CHECKMODULE += -M
|
||||||
|
endif
|
||||||
|
|
||||||
|
# enable distribution-specific policy
|
||||||
|
ifneq ($(DISTRO),)
|
||||||
|
M4PARAM += -D distro_$(DISTRO)
|
||||||
|
endif
|
||||||
|
|
||||||
|
# enable polyinstantiation
|
||||||
|
ifeq ($(POLY),y)
|
||||||
|
M4PARAM += -D enable_polyinstantiation
|
||||||
|
endif
|
||||||
|
|
||||||
|
ifeq ($(DIRECT_INITRC),y)
|
||||||
|
M4PARAM += -D direct_sysadm_daemon
|
||||||
|
endif
|
||||||
|
|
||||||
|
ifneq ($(VERBOSE),y)
|
||||||
|
quiet := @
|
||||||
|
endif
|
||||||
|
|
||||||
|
M4PARAM += -D hide_broken_symptoms
|
||||||
|
|
||||||
|
# policy headers
|
||||||
|
m4support := $(wildcard $(HEADERDIR)/*.spt)
|
||||||
|
all_interfaces := $(wildcard $(HEADERDIR)/*.if)
|
||||||
|
rolemap := $(HEADERDIR)/rolemap
|
||||||
|
|
||||||
|
detected_mods := $(wildcard *.te)
|
||||||
|
detected_ifs := $(detected_mods:.te=.if)
|
||||||
|
all_packages := $(detected_mods:.te=.pp)
|
||||||
|
install_mods := $(MODPKGDIR)/$(all_packages)
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# Functions
|
||||||
|
#
|
||||||
|
|
||||||
|
# parse-rolemap modulename,outputfile
|
||||||
|
define parse-rolemap
|
||||||
|
$(verbose) $(M4) $(M4PARAM) $(rolemap) | \
|
||||||
|
$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
|
||||||
|
endef
|
||||||
|
|
||||||
|
# peruser-expansion modulename,outputfile
|
||||||
|
define peruser-expansion
|
||||||
|
$(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" > $2
|
||||||
|
$(call parse-rolemap,$1,$2)
|
||||||
|
$(verbose) echo "')" >> $2
|
||||||
|
endef
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# Main targets
|
||||||
|
#
|
||||||
|
|
||||||
|
all: $(all_packages)
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# Build module packages
|
||||||
|
#
|
||||||
|
tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
|
||||||
|
@$(EINFO) "Compliling $(NAME) $(basename $(@F)) module"
|
||||||
|
@test -d tmp || mkdir -p tmp
|
||||||
|
$(call peruser-expansion,$(basename $(@F)),$@.role)
|
||||||
|
$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
|
||||||
|
$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
|
||||||
|
|
||||||
|
tmp/%.mod.fc: $(m4support) %.fc
|
||||||
|
$(verbose) $(M4) $(M4PARAM) $^ > $@
|
||||||
|
|
||||||
|
%.pp: tmp/%.mod tmp/%.mod.fc
|
||||||
|
@echo "Creating $(NAME) $(@F) policy package"
|
||||||
|
$(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
|
||||||
|
|
||||||
|
tmp/all_interfaces.conf: $(m4support) $(all_interfaces) $(detected_ifs)
|
||||||
|
@test -d tmp || mkdir -p tmp
|
||||||
|
$(verbose) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# Clean the environment
|
||||||
|
#
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -fR tmp
|
||||||
|
rm -f *.pp
|
||||||
|
|
||||||
|
.PHONY: clean install all default
|
Loading…
Reference in New Issue
Block a user