merge makefile changes from branch

2005-11-22 22:07:12 +00:00 · 2005-11-22 22:07:12 +00:00 · c767b14c94
parent 31b7c0551d
commit c767b14c94
6 changed files with 138 additions and 85 deletions
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@ -1,3 +1,10 @@
+- Fix labeling targets to use installed file_contexts rather
+  than partial file_contexts in the policy source directory.
+- Fix build process to use make's internal vpath functions
+  to detect modules rather than using subshells and find.
+- Add install target for modular policy.
+- Add load target for modular policy.
+- Add appconfig dependency to the load target.
 - Miscellaneous fixes from Dan Walsh.
 - Fix corenetwork gen_context()'s to expand during the policy
  build phase instead of during the generation phase.  
--- a/refpolicy/INSTALL
+++ b/refpolicy/INSTALL
@ -5,7 +5,12 @@ To install Reference Policy sources into /etc/selinux/refpolicy/src/policy:
 This will back up a pre-existing source policy to the
 /etc/selinux/refpolicy/src/policy.bak directory.

-After installing the policy sources, the old Make targets have been maintained:
+If you do not have a modules.conf, one can be generated:
+
+	make conf
+
+This will create a default modules.conf.  After installing the policy sources,
+the old Make targets have been maintained for the monolithic policy:

 Local policy development:

--- a/refpolicy/Makefile
+++ b/refpolicy/Makefile
@ -23,7 +23,8 @@
 # Policy version
 # By default, checkpolicy will create the highest
 # version policy it supports.  Setting this will
-# override the version.
+# override the version.  This only affects
+# monolithic policies.
 #OUTPUT_POLICY = 18

 # Policy Type
@ -73,6 +74,7 @@ BINDIR := $(PREFIX)/bin
 SBINDIR := $(PREFIX)/sbin
 CHECKPOLICY := $(BINDIR)/checkpolicy
 CHECKMODULE := $(BINDIR)/checkmodule
+SEMODULE := $(SBINDIR)/semodule
 SEMOD_PKG := $(BINDIR)/semodule_package
 LOADPOLICY := $(SBINDIR)/load_policy
 SETFILES := $(SBINDIR)/setfiles
@ -119,19 +121,11 @@ INSTALLDIR = $(TOPDIR)/$(NAME)
 SRCPATH = $(INSTALLDIR)/src
 USERPATH = $(INSTALLDIR)/users
 CONTEXTPATH = $(INSTALLDIR)/contexts
+MODPKGDIR = $(DESTDIR)/usr/share/selinux/$(NAME)

-# enable MLS if requested.
-ifneq ($(findstring -mls,$(TYPE)),)
-	override M4PARAM += -D enable_mls
-	CHECKPOLICY += -M
-	CHECKMODULE += -M
-endif
-
-# enable MLS if MCS requested.
-ifneq ($(findstring -mcs,$(TYPE)),)
-	override M4PARAM += -D enable_mcs
-	CHECKPOLICY += -M
-	CHECKMODULE += -M
+# compile strict policy if requested.
+ifneq ($(findstring strict,$(TYPE)),)
+	override M4PARAM += -D strict_policy
 endif

 # compile targeted policy if requested.
@ -139,13 +133,27 @@ ifneq ($(findstring targeted,$(TYPE)),)
 	override M4PARAM += -D targeted_policy
 endif

+# enable MLS if requested.
+ifneq ($(findstring -mls,$(TYPE)),)
+	override M4PARAM += -D enable_mls
+	override CHECKPOLICY += -M
+	override CHECKMODULE += -M
+endif
+
+# enable MLS if MCS requested.
+ifneq ($(findstring -mcs,$(TYPE)),)
+	override M4PARAM += -D enable_mcs
+	override CHECKPOLICY += -M
+	override CHECKMODULE += -M
+endif
+
 # enable distribution-specific policy
 ifneq ($(DISTRO),)
 	override M4PARAM += -D distro_$(DISTRO)
 endif

 ifneq ($(OUTPUT_POLICY),)
-	CHECKPOLICY += -c $(OUTPUT_POLICY)
+	override CHECKPOLICY += -c $(OUTPUT_POLICY)
 endif

 ifeq ($(NAME),)
@ -168,14 +176,11 @@ ifeq ($(KV),)
 	KV := $(PV)
 endif

-FC := file_contexts
-POLVER := policy.$(PV)
-
 M4SUPPORT = $(wildcard $(POLDIR)/support/*.spt)

 APPCONF := config/appconfig-$(TYPE)
 APPDIR := $(CONTEXTPATH)
-APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(CONTEXTPATH)/files/media
+APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts) $(CONTEXTPATH)/files/media
 CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media
 USER_FILES := $(POLDIR)/systemuser $(POLDIR)/users

@ -196,10 +201,8 @@ MODBASE := base
 MODMOD := module

 # extract settings from modules.conf
-BASE_MODS := $(foreach mod,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODBASE)") print $$1 }' $(MOD_CONF) 2> /dev/null),$(subst ./,,$(shell find -iname $(mod).te)))
-MOD_MODS := $(foreach mod,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODMOD)") print $$1 }' $(MOD_CONF) 2> /dev/null),$(subst ./,,$(shell find -iname $(mod).te)))
-
-HOMEDIR_TEMPLATE = tmp/homedir_template
+BASE_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODBASE)") print $$1 }' $(MOD_CONF) 2> /dev/null))
+MOD_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODMOD)") print $$1 }' $(MOD_CONF) 2> /dev/null))

 ########################################
 #
@ -364,14 +367,14 @@ bare: clean
 	rm -f $(MOD_CONF)
 	rm -f $(BOOLEANS)
 	rm -fR $(HTMLDIR)
-#ifneq ($(GENERATED_TE),)
-#	rm -f $(GENERATED_TE)
-#endif
-#ifneq ($(GENERATED_IF),)
-#	rm -f $(GENERATED_IF)
-#endif
-#ifneq ($(GENERATED_FC),)
-#	rm -f $(GENERATED_FC)
-#endif
+ifneq ($(GENERATED_TE),)
+	rm -f $(GENERATED_TE)
+endif
+ifneq ($(GENERATED_IF),)
+	rm -f $(GENERATED_IF)
+endif
+ifneq ($(GENERATED_FC),)
+	rm -f $(GENERATED_FC)
+endif

 .PHONY: install-src install-appconfig conf html bare
--- a/refpolicy/README
+++ b/refpolicy/README
@ -37,6 +37,19 @@ modules			Compile and package all Reference Policy modules
 MODULENAME.pp		Compile and package the MODULENAME Reference Policy
 			module.

+all			Compile and package the base module and all Reference
+			Policy modules configured to be built as loadable
+			modules.
+
+install			Compile, package, and install the base module and
+			Reference Policy modules configured to be built as
+			loadable modules.
+
+load			Compile, package, and install the base module and
+			Reference Policy modules configured to be built as
+			loadable modules, then insert them into the module
+			store.
+
 Make targets specific to monolithic policies:

 policy			Compile a policy locally for development and testing.
--- a/refpolicy/Rules.modular
+++ b/refpolicy/Rules.modular
@ -3,7 +3,7 @@
 # Rules and Targets for building modular policies
 #

-ALL_MODULES := $(filter $(BASE_MODS) $(MOD_MODS),$(DETECTED_MODS))
+ALL_MODULES := $(BASE_MODS) $(MOD_MODS)
 ALL_INTERFACES := $(ALL_MODULES:.te=.if)

 BASE_PKG := base.pp
@ -19,6 +19,9 @@ BASE_FC_FILES := $(BASE_MODS:.te=.fc)
 MOD_MODULES := $(MOD_MODS:.te=.mod)
 MOD_PKGS := $(notdir $(MOD_MODS:.te=.pp))

+# policy packages to install
+INSTPKG := $(addprefix $(MODPKGDIR)/,$(BASE_PKG) $(MOD_PKGS))
+
 # search layer dirs for source files
 vpath %.te $(ALL_LAYERS)
 vpath %.if $(ALL_LAYERS)
@ -36,9 +39,40 @@ base: $(BASE_PKG)

 modules: $(MOD_PKGS)

-#policy: $(POLVER)
-#install: $(LOADPATH) $(FCPATH) $(APPFILES) $(USERPATH)/local.users
-#load: tmp/load
+install: $(INSTPKG) $(APPFILES)
+
+########################################
+#
+# Load all configured modules
+#
+load: $(INSTPKG) $(APPFILES)
+	@echo "Loading configured modules."
+	$(QUIET) $(SEMODULE) -s $(NAME) -b $(MODPKGDIR)/$(BASE_PKG) $(foreach mod,$(MOD_PKGS),-i $(MODPKGDIR)/$(mod))
+
+########################################
+#
+# Install policy packages
+#
+$(MODPKGDIR)/%.pp: %.pp
+	@mkdir -p $(MODPKGDIR)
+	@echo "Installing $(@F) policy package."
+	$(QUIET) install -m 0644 $^ $(MODPKGDIR)
+
+########################################
+#
+# Build module packages
+#
+tmp/%.mod: $(M4SUPPORT) tmp/generated_definitions.conf tmp/all_interfaces.conf %.te
+	@echo "Compliling $(NAME) $(@F) module"
+	$(QUIET) m4 $(M4PARAM) -s $^ > $(@:.mod=.tmp)
+	$(QUIET) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
+
+tmp/%.mod.fc: $(M4SUPPORT) %.fc
+	$(QUIET) m4 $(M4PARAM) $(M4SUPPORT) $^ > $@
+
+%.pp: tmp/%.mod tmp/%.mod.fc
+	@echo "Creating $(NAME) $(@F) policy package"
+	$(QUIET) $(SEMOD_PKG) -o $@ -m $< -f $<.fc

 ########################################
 #
@ -48,17 +82,13 @@ $(BASE_PKG): tmp/base.mod $(BASE_FC)
 	@echo "Creating $(NAME) base module package"
 	$(QUIET) $(SEMOD_PKG) -o $@ -m tmp/base.mod -f $(BASE_FC)

-########################################
-#
-# Compile a base module
-#
 tmp/base.mod: base.conf
 	@echo "Compiling $(NAME) base module"
 	$(QUIET) $(CHECKMODULE) $^ -o $@

 ########################################
 #
-# Construct a base module policy.conf
+# Construct a base.conf
 #
 base.conf: $(BASE_SECTIONS)
 	@echo "Creating $(NAME) base module policy.conf"
@ -125,45 +155,27 @@ tmp/all_attrs_types.conf tmp/only_te_rules.conf tmp/all_post.conf: tmp/all_te_fi

 ########################################
 #
-# Construct base module file contexts
+# Construct a base.fc
 #
-$(BASE_FC): $(M4SUPPORT) tmp/generated_definitions.conf $(BASE_FC_FILES) $(FCSORT)
+$(BASE_FC): tmp/$(BASE_FC).tmp $(FCSORT)
+	$(QUIET) $(FCSORT) $< $@
+
+tmp/$(BASE_FC).tmp: $(M4SUPPORT) tmp/generated_definitions.conf $(BASE_FC_FILES)
 ifeq ($(BASE_FC_FILES),)
 	$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
 endif
 	@echo "Creating $(NAME) base module file contexts."
 	@test -d tmp || mkdir -p tmp
-	$(QUIET) m4 $(M4PARAM) $(M4SUPPORT) tmp/generated_definitions.conf $(BASE_FC_FILES) > tmp/$@.tmp
-	$(QUIET) $(FCSORT) tmp/$@.tmp $@
-
-########################################
-#
-# Build module packages
-#
-tmp/%.mod: $(M4SUPPORT) tmp/generated_definitions.conf tmp/all_interfaces.conf %.te
-	@if test -z "$(filter $^,$(MOD_MODS))"; then \
-		echo "The $(notdir $(basename $@)) module is not configured to be compiled as a lodable module." ;\
-		false ;\
-	fi
-	@echo "Compliling $(NAME) $(@F) module"
-	$(QUIET) m4 $(M4PARAM) -s $^ > $(@:.mod=.tmp)
-	$(QUIET) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
-
-tmp/%.mod.fc: $(M4SUPPORT) %.fc
-	$(QUIET) m4 $(M4PARAM) $(M4SUPPORT) $^ > $@
-
-%.pp: tmp/%.mod tmp/%.mod.fc
-	@echo "Creating $(NAME) $(@F) policy package"
-	$(QUIET) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
+	$(QUIET) m4 $(M4PARAM) $^ > $@

 ########################################
 #
 # Clean the sources
 #
 clean:
-	rm -fR tmp
 	rm -f base.conf
 	rm -f *.pp
 	rm -f $(BASE_FC)
+	rm -fR tmp

-.PHONY: default base modules clean
+.PHONY: default all base modules install load clean
--- a/refpolicy/Rules.monolithic
+++ b/refpolicy/Rules.monolithic
@ -9,13 +9,13 @@ LOADPATH = $(POLICYPATH)/$(POLVER)
 FCPATH = $(CONTEXTPATH)/files/file_contexts
 HOMEDIRPATH = $(CONTEXTPATH)/files/homedir_template

-# Monolithic still uses booleans file
-APPFILES += $(INSTALLDIR)/booleans
+FC := file_contexts
+POLVER := policy.$(PV)
+
+APPFILES += $(APPDIR)/customizable_types $(INSTALLDIR)/booleans

 # for monolithic policy use all base and module to create policy
-ENABLEMOD := $(BASE_MODS) $(MOD_MODS)
-
-ALL_MODULES := $(filter $(ENABLEMOD),$(DETECTED_MODS))
+ALL_MODULES := $(BASE_MODS) $(MOD_MODS)

 ALL_INTERFACES := $(ALL_MODULES:.te=.if)
 ALL_TE_FILES := $(ALL_MODULES)
@ -26,6 +26,13 @@ POST_TE_FILES := $(POLDIR)/systemuser $(POLDIR)/users $(POLDIR)/constraints

 POLICY_SECTIONS := tmp/pre_te_files.conf tmp/generated_definitions.conf tmp/all_interfaces.conf tmp/all_attrs_types.conf $(GLOBALBOOL) $(GLOBALTUN) tmp/only_te_rules.conf tmp/all_post.conf

+HOMEDIR_TEMPLATE = homedir_template
+
+# search layer dirs for source files
+vpath %.te $(ALL_LAYERS)
+vpath %.if $(ALL_LAYERS)
+vpath %.fc $(ALL_LAYERS)
+
 ########################################
 #
 # default action: build policy locally
@ -69,7 +76,7 @@ endif
 #
 # Load the binary policy
 #
-reload tmp/load: $(LOADPATH) $(FCPATH)
+reload tmp/load: $(LOADPATH) $(FCPATH) $(APPFILES)
 	@echo "Loading $(NAME) $(LOADPATH)"
 	$(QUIET) $(LOADPOLICY) -q $(LOADPATH)
 	@touch tmp/load
@ -153,16 +160,18 @@ enableaudit: policy.conf
 #
 # Construct file_contexts
 #
-$(FC): $(M4SUPPORT) tmp/generated_definitions.conf $(ALL_FC_FILES) $(FCSORT)
+$(FC): tmp/$(FC).tmp $(FCSORT)
+	$(QUIET) $(FCSORT) $< $@
+	$(QUIET) grep -e HOME -e ROLE $@ > $(HOMEDIR_TEMPLATE)
+	$(QUIET) sed -i -e /HOME/d -e /ROLE/d $@
+
+tmp/$(FC).tmp: $(M4SUPPORT) tmp/generated_definitions.conf $(ALL_FC_FILES)
 ifeq ($(ALL_FC_FILES),)
 	$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
 endif
 	@echo "Creating $(NAME) file_contexts."
 	@test -d tmp || mkdir -p tmp
-	$(QUIET) m4 $(M4PARAM) $(M4SUPPORT) tmp/generated_definitions.conf $(ALL_FC_FILES) > tmp/$@.tmp
-	$(QUIET) grep -e HOME -e ROLE tmp/$@.tmp > $(HOMEDIR_TEMPLATE)
-	$(QUIET) sed -i -e /HOME/d -e /ROLE/d tmp/$@.tmp
-	$(QUIET) $(FCSORT) tmp/$@.tmp $@
+	$(QUIET) m4 $(M4PARAM) $^ > $@

 ########################################
 #
@ -183,26 +192,29 @@ $(FCPATH): $(FC) $(LOADPATH) $(USERPATH)/system.users
 #
 FILESYSTEMS := `mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs| jfs).*rw/{print $$3}';`

-checklabels: $(FC) $(SETFILES)
+checklabels: $(FCPATH) $(SETFILES)
+	@echo "Checking labels on filesystem types: ext2 ext3 xfs jfs"
 	@if test -z "$(FILESYSTEMS)"; then \
 		echo "No filesystems with extended attributes found!" ;\
 		false ;\
 	fi
-	$(QUIET) $(SETFILES) -v -n $(FC) $(FILESYSTEMS)
+	$(QUIET) $(SETFILES) -v -n $(FCPATH) $(FILESYSTEMS)

-restorelabels: $(FC) $(SETFILES)
+restorelabels: $(FCPATH) $(SETFILES)
+	@echo "Restoring labels on filesystem types: ext2 ext3 xfs jfs"
 	@if test -z "$(FILESYSTEMS)"; then \
 		echo "No filesystems with extended attributes found!" ;\
 		false ;\
 	fi
-	$(QUIET) $(SETFILES) -v $(FC) $(FILESYSTEMS)
+	$(QUIET) $(SETFILES) -v $(FCPATH) $(FILESYSTEMS)

-relabel:  $(FC) $(SETFILES)
+relabel:  $(FCPATH) $(SETFILES)
+	@echo "Relabeling filesystem types: ext2 ext3 xfs jfs"
 	@if test -z "$(FILESYSTEMS)"; then \
 		echo "No filesystems with extended attributes found!" ;\
 		false ;\
 	fi
-	$(QUIET) $(SETFILES) $(FC) $(FILESYSTEMS)
+	$(QUIET) $(SETFILES) $(FCPATH) $(FILESYSTEMS)

 ########################################
 #
@ -219,10 +231,11 @@ longcheck: policy.conf $(FC)
 # Clean the sources
 #
 clean:
-	rm -fR tmp
 	rm -f policy.conf
 	rm -f policy.$(PV)
 	rm -f $(FC)
+	rm -f $(HOMEDIR_TEMPLATE)
 	rm -f *.res
+	rm -fR tmp

 .PHONY: default policy install load reload enableaudit checklabels restorelabels relabel check longcheck clean