Chris PeBenito 88d14a
Chris PeBenito 88d14a
# Makefile for the security policy.
Chris PeBenito 88d14a
Chris PeBenito 88d14a
# Targets:
Chris PeBenito 88d14a
Chris PeBenito 88d14a
# install       - compile and install the policy configuration, and context files.
Chris PeBenito 88d14a
# load          - compile, install, and load the policy configuration.
Chris PeBenito 88d14a
# reload        - compile, install, and load/reload the policy configuration.
Chris PeBenito 88d14a
# relabel       - relabel filesystems based on the file contexts configuration.
Chris PeBenito 88d14a
# checklabels   - check filesystems against the file context configuration
Chris PeBenito 88d14a
# restorelabels - check filesystems against the file context configuration
Chris PeBenito 88d14a
#                 and restore the label of files with incorrect labels
Chris PeBenito 88d14a
# policy        - compile the policy configuration locally for testing/development.
Chris PeBenito 88d14a
Chris PeBenito 88d14a
# The default target is 'policy'.
Chris PeBenito 88d14a
Chris PeBenito b4cd15
Chris PeBenito 8e0ef1
# Please see build.conf for policy build options.
Chris PeBenito b4cd15
Chris PeBenito b4cd15
Chris PeBenito b4cd15
Chris PeBenito b4cd15
Chris PeBenito b67488
Chris PeBenito b4cd15
Chris PeBenito b4cd15
Chris PeBenito 8e0ef1
include build.conf
Chris PeBenito 8e0ef1
Chris PeBenito 120988
# refpolicy version
Chris PeBenito 120988
VERSION = $(shell cat VERSION)
Chris PeBenito 120988
Chris PeBenito b4cd15
# executable paths
Chris PeBenito 120988
BINDIR := /usr/bin
Chris PeBenito 120988
SBINDIR := /usr/sbin
Chris PeBenito 40a1f3
CHECKPOLICY := $(BINDIR)/checkpolicy
Chris PeBenito fb0a3a
CHECKMODULE := $(BINDIR)/checkmodule
Chris PeBenito c767b1
SEMODULE := $(SBINDIR)/semodule
Chris PeBenito fb0a3a
SEMOD_PKG := $(BINDIR)/semodule_package
Chris PeBenito 547283
LOADPOLICY := $(SBINDIR)/load_policy
Chris PeBenito b4cd15
SETFILES := $(SBINDIR)/setfiles
Chris PeBenito 1beba1
GENHOMEDIRCON := $(SBINDIR)/genhomedircon
Chris PeBenito fb0a3a
XMLLINT := $(BINDIR)/xmllint
Chris PeBenito 8df65f
SECHECK := $(BINDIR)/sechecker
Chris PeBenito 044735
Chris PeBenito 0e686f
# interpreters and aux tools
Chris PeBenito 0e686f
AWK ?= gawk
Chris PeBenito 0e686f
GREP ?= egrep
Chris PeBenito 0e686f
M4 ?= m4
Chris PeBenito 0e686f
PYTHON ?= python
Chris PeBenito 0e686f
SED ?= sed
Chris PeBenito 0e686f
SH ?= sh
Chris PeBenito 0e686f
Chris PeBenito 0e686f
CFLAGS += -Wall
Chris PeBenito c7b41e
Chris PeBenito fb0a3a
# policy source layout
Chris PeBenito c04f2a
POLDIR := policy
Chris PeBenito c04f2a
MODDIR := $(POLDIR)/modules
Chris PeBenito c04f2a
Chris PeBenito c04f2a
SECCLASS := $(FLASKDIR)/security_classes
Chris PeBenito c04f2a
ISIDS := $(FLASKDIR)/initial_sids
Chris PeBenito c04f2a
AVS := $(FLASKDIR)/access_vectors
Chris PeBenito fb0a3a
Chris PeBenito fb0a3a
# policy building support tools
Chris PeBenito 3a80ec
SUPPORT := support
Chris PeBenito 0e686f
Chris PeBenito 0e686f
Chris PeBenito 0e686f
Chris PeBenito 254bbc
FCSORT := $(SUPPORT)/fc_sort
Chris PeBenito 0e686f
SETTUN := $(SH) $(SUPPORT)/set_tunables
Chris PeBenito 3a80ec
Chris PeBenito fb0a3a
# documentation paths
Chris PeBenito fb0a3a
DOCS = doc
Chris PeBenito fb0a3a
POLXML = $(DOCS)/policy.xml
Chris PeBenito fb0a3a
XMLDTD = $(DOCS)/policy.dtd
Chris PeBenito fb0a3a
LAYERXML = metadata.xml
Chris PeBenito fb0a3a
HTMLDIR = $(DOCS)/html
Chris PeBenito fb0a3a
DOCTEMPLATE = $(DOCS)/templates
Chris PeBenito 5bd1a7
DOCFILES = $(DOCS)/Makefile.example $(addprefix $(DOCS)/,example.te example.if example.fc)
Chris PeBenito fb0a3a
Chris PeBenito fb0a3a
# config file paths
Chris PeBenito 120988
GLOBALTUN = $(POLDIR)/global_tunables
Chris PeBenito 120988
GLOBALBOOL = $(POLDIR)/global_booleans
Chris PeBenito 120988
MOD_CONF = $(POLDIR)/modules.conf
Chris PeBenito 120988
TUNABLES = $(POLDIR)/tunables.conf
Chris PeBenito 120988
BOOLEANS = $(POLDIR)/booleans.conf
Chris PeBenito 120988
ROLEMAP = $(POLDIR)/rolemap
Chris PeBenito fb0a3a
Chris PeBenito fb0a3a
# install paths
Chris PeBenito 120988
PKGNAME ?= refpolicy-$(VERSION)
Chris PeBenito 120988
Chris PeBenito 120988
TOPDIR = $(DESTDIR)/etc/selinux
Chris PeBenito 120988
Chris PeBenito 120988
Chris PeBenito 120988
Chris PeBenito 120988
Chris PeBenito 120988
FCPATH = $(CONTEXTPATH)/files/file_contexts
Chris PeBenito 120988
SHAREDIR = $(PREFIX)/share/selinux
Chris PeBenito 120988
Chris PeBenito 120988
HEADERDIR = $(SHAREDIR)/refpolicy/include
Chris PeBenito 120988
DOCSDIR = $(PREFIX)/share/doc/$(PKGNAME)
Chris PeBenito c767b1
Chris PeBenito c767b1
# compile strict policy if requested.
Chris PeBenito c767b1
ifneq ($(findstring strict,$(TYPE)),)
Chris PeBenito 3f026a
	M4PARAM += -D strict_policy
Chris PeBenito c767b1
Chris PeBenito c767b1
Chris PeBenito c767b1
# compile targeted policy if requested.
Chris PeBenito c767b1
ifneq ($(findstring targeted,$(TYPE)),)
Chris PeBenito 3f026a
	M4PARAM += -D targeted_policy
Chris PeBenito c767b1
Chris PeBenito b4cd15
Chris PeBenito 134191
# enable MLS if requested.
Chris PeBenito a08248
ifneq ($(findstring -mls,$(TYPE)),)
Chris PeBenito 3f026a
	M4PARAM += -D enable_mls
Chris PeBenito 3f026a
Chris PeBenito 3f026a
Chris PeBenito 134191
Chris PeBenito 134191
Chris PeBenito a08248
# enable MLS if MCS requested.
Chris PeBenito a08248
ifneq ($(findstring -mcs,$(TYPE)),)
Chris PeBenito 3f026a
	M4PARAM += -D enable_mcs
Chris PeBenito 3f026a
Chris PeBenito 3f026a
Chris PeBenito b67488
Chris PeBenito b67488
Chris PeBenito 25a0c6
# enable distribution-specific policy
Chris PeBenito 25a0c6
ifneq ($(DISTRO),)
Chris PeBenito 3f026a
	M4PARAM += -D distro_$(DISTRO)
Chris PeBenito 25a0c6
Chris PeBenito 25a0c6
Chris PeBenito b07eae
# enable polyinstantiation
Chris PeBenito b07eae
ifeq ($(POLY),y)
Chris PeBenito 3f026a
	M4PARAM += -D enable_polyinstantiation
Chris PeBenito b07eae
Chris PeBenito b07eae
Chris PeBenito b67488
ifneq ($(OUTPUT_POLICY),)
Chris PeBenito 3f026a
Chris PeBenito b67488
Chris PeBenito b67488
Chris PeBenito 3f026a
# if not set, use the type as the name.
Chris PeBenito 3f026a
Chris PeBenito 134191
Chris PeBenito 142e9f
ifeq ($(DIRECT_INITRC),y)
Chris PeBenito 3f026a
	M4PARAM += -D direct_sysadm_daemon
Chris PeBenito 142e9f
Chris PeBenito 142e9f
Chris PeBenito 9b3756
ifeq ($(QUIET),y)
Chris PeBenito 9b3756
	verbose = @
Chris PeBenito 9b3756
Chris PeBenito 9b3756
Chris PeBenito 3f026a
M4PARAM += -D hide_broken_symptoms
Chris PeBenito ee7f66
Chris PeBenito 37227d
# we need exuberant ctags; unfortunately it is named
Chris PeBenito 37227d
# differently on different distros
Chris PeBenito 37227d
ifeq ($(DISTRO),debian)
Chris PeBenito 37227d
	CTAGS := ctags-exuberant
Chris PeBenito 37227d
Chris PeBenito 37227d
Chris PeBenito 37227d
ifeq ($(DISTRO),gentoo)
Chris PeBenito 37227d
	CTAGS := exuberant-ctags	
Chris PeBenito 37227d
Chris PeBenito 37227d
Chris PeBenito a4fae7
CTAGS ?= ctags
Chris PeBenito 37227d
Chris PeBenito b4cd15
# determine the policy version and current kernel version if possible
Chris PeBenito 134191
PV := $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
Chris PeBenito b4cd15
KV := $(shell cat /selinux/policyvers)
Chris PeBenito b4cd15
Chris PeBenito b4cd15
# dont print version warnings if we are unable to determine
Chris PeBenito b4cd15
# the currently running kernel's policy version
Chris PeBenito b4cd15
ifeq ($(KV),)
Chris PeBenito 134191
	KV := $(PV)
Chris PeBenito b4cd15
Chris PeBenito b4cd15
Chris PeBenito fb0a3a
M4SUPPORT = $(wildcard $(POLDIR)/support/*.spt)
Chris PeBenito 0fbe15
Chris PeBenito c0e4fe
APPCONF := config/appconfig-$(TYPE)
Chris PeBenito c9a26b
Chris PeBenito 049e11
APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(CONTEXTPATH)/files/media
Chris PeBenito 2926f9
CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media
Chris PeBenito bdb2fa
Chris PeBenito c9a26b
Chris PeBenito 57869a
ALL_LAYERS := $(filter-out $(MODDIR)/CVS,$(shell find $(wildcard $(MODDIR)/*) -maxdepth 0 -type d))
Chris PeBenito e12e57
Chris PeBenito e12e57
GENERATED_TE := $(basename $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*
Chris PeBenito e12e57
GENERATED_IF := $(basename $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*
Chris PeBenito e12e57
GENERATED_FC := $(basename $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*
Chris PeBenito e12e57
Chris PeBenito 8ae194
# sort here since it removes duplicates, which can happen
Chris PeBenito 8ae194
# when a generated file is already generated
Chris PeBenito 8ae194
DETECTED_MODS := $(sort $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.te)) $(GENERATED_TE))
Chris PeBenito 19db6b
Chris PeBenito fb0a3a
# modules.conf setting for base module
Chris PeBenito e8b3e3
MODBASE := base
Chris PeBenito fb0a3a
Chris PeBenito e0a900
# modules.conf setting for loadable module
Chris PeBenito e8b3e3
MODMOD := module
Chris PeBenito fb0a3a
Chris PeBenito e0a900
# modules.conf setting for unused module
Chris PeBenito e0a900
Chris PeBenito e0a900
Chris PeBenito fb0a3a
# extract settings from modules.conf
Chris PeBenito c767b1
BASE_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODBASE)") print $$1 }' $(MOD_CONF) 2> /dev/null))
Chris PeBenito c767b1
MOD_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODMOD)") print $$1 }' $(MOD_CONF) 2> /dev/null))
Chris PeBenito e0a900
OFF_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODUNUSED)") print $$1 }' $(MOD_CONF) 2> /dev/null))
Chris PeBenito 712566
Chris PeBenito 120988
# filesystems to be labeled
Chris PeBenito 120988
FILESYSTEMS = $(shell mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs| jfs).*rw/{print $$3}';)
Chris PeBenito 120988
Chris PeBenito b4cd15
Chris PeBenito b4cd15
Chris PeBenito 4ace0f
# Functions
Chris PeBenito 4ace0f
Chris PeBenito 4ace0f
Chris PeBenito 4ace0f
# parse-rolemap modulename,outputfile
Chris PeBenito 4ace0f
define parse-rolemap
Chris PeBenito 9b3756
	$(verbose) m4 $(M4PARAM) $(ROLEMAP) | \
Chris PeBenito 4ace0f
		awk '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
Chris PeBenito 4ace0f
Chris PeBenito 4ace0f
Chris PeBenito 4ace0f
# peruser-expansion modulename,outputfile
Chris PeBenito 4ace0f
define peruser-expansion
Chris PeBenito 9b3756
	$(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" > $2
Chris PeBenito 4ace0f
	$(call parse-rolemap,$1,$2)
Chris PeBenito 9b3756
	$(verbose) echo "')" >> $2
Chris PeBenito 4ace0f
Chris PeBenito 4ace0f
Chris PeBenito 4ace0f
Chris PeBenito 4ace0f
Chris PeBenito fb0a3a
# Load appropriate rules
Chris PeBenito b4cd15
Chris PeBenito b4cd15
Chris PeBenito fb0a3a
ifeq ($(MONOLITHIC),y)
Chris PeBenito fb0a3a
	include Rules.monolithic
Chris PeBenito fb0a3a
Chris PeBenito fb0a3a
	include Rules.modular
Chris PeBenito b4cd15
Chris PeBenito b4cd15
Chris PeBenito b4cd15
Chris PeBenito b4cd15
Chris PeBenito fb0a3a
# Generated files
Chris PeBenito 88d14a
Chris PeBenito f2e4ab
$(MODDIR)/kernel/corenetwork.if: $(MODDIR)/kernel/corenetwork.if.m4 $(MODDIR)/kernel/
Chris PeBenito 61bbe5
	@echo "#" > $@
Chris PeBenito 61bbe5
	@echo "# This is a generated file!  Instead of modifying this file, the" >> $@
Chris PeBenito 61bbe5
	@echo "# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
Chris PeBenito 61bbe5
	@echo "#" >> $@
Chris PeBenito 9b3756
	$(verbose) cat $(MODDIR)/kernel/ >> $@
Chris PeBenito 9b3756
	$(verbose) egrep "^[[:blank:]]*network_(interface|node|port)\(.*\)" $(@:.if=.te).in \
Chris PeBenito cf6141
		| m4 -D self_contained_policy $(M4PARAM) $(MODDIR)/kernel/corenetwork.if.m4 - \
Chris PeBenito f2e4ab
		| sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
Chris PeBenito f2e4ab
Chris PeBenito f2e4ab
$(MODDIR)/kernel/corenetwork.te: $(MODDIR)/kernel/corenetwork.te.m4 $(MODDIR)/kernel/
Chris PeBenito 61bbe5
	@echo "#" > $@
Chris PeBenito 61bbe5
	@echo "# This is a generated file!  Instead of modifying this file, the" >> $@
Chris PeBenito 61bbe5
	@echo "# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
Chris PeBenito 61bbe5
	@echo "#" >> $@
Chris PeBenito 9b3756
	$(verbose) m4 -D self_contained_policy $(M4PARAM) $^ \
Chris PeBenito 61bbe5
		| sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
Chris PeBenito f2e4ab
Chris PeBenito b4cd15
Chris PeBenito b4cd15
Chris PeBenito 84eb35
# Create config files
Chris PeBenito 84eb35
Chris PeBenito 4f9f30
Chris PeBenito d2d6c8
Chris PeBenito 4f9f30
Chris PeBenito 4f9f30
	@echo "Updating $(MOD_CONF) and $(BOOLEANS)"
Chris PeBenito 0e686f
	$(verbose) $(GENDOC) -t $(BOOLEANS) -m $(MOD_CONF) -x $(POLXML)
Chris PeBenito 84eb35
Chris PeBenito 84eb35
Chris PeBenito 84eb35
Chris PeBenito 6d314f
# Documentation generation
Chris PeBenito 6d314f
Chris PeBenito 6d314f
Chris PeBenito d2d6c8
# minimal dependencies here, because we don't want to rebuild 
Chris PeBenito 84eb35
# this and its dependents every time the dependencies
Chris PeBenito 19db6b
# change.  Also use all .if files here, rather then just the
Chris PeBenito 19db6b
# enabled modules.
Chris PeBenito d233bf
$(POLXML): $(DETECTED_MODS:.te=.if) $(foreach dir,$(ALL_LAYERS),$(dir)/$(LAYERXML))
Chris PeBenito 88c72f
	@echo "Creating $@"
Chris PeBenito 84eb35
	@mkdir -p tmp
Chris PeBenito 9b3756
	$(verbose) echo '' > $@
Chris PeBenito 9b3756
	$(verbose) echo '' >> $@
Chris PeBenito 885b83
	$(verbose) $(GENXML) -m $(LAYERXML) -t $(GLOBALTUN) -b $(GLOBALBOOL) -o tmp $(ALL_LAYERS) >> $@
Chris PeBenito 9b3756
	$(verbose) if test -x $(XMLLINT) && test -f $(XMLDTD); then \
Chris PeBenito 044735
		$(XMLLINT) --noout --dtdvalid $(XMLDTD) $@ ;\
Chris PeBenito 004db9
Chris PeBenito 6d314f
Chris PeBenito 120988
html tmp/html: $(POLXML)
Chris PeBenito 2de03f
	@echo "Building html interface reference documentation in $(HTMLDIR)"
Chris PeBenito 20030e
	@mkdir -p $(HTMLDIR)
Chris PeBenito 0e686f
	$(verbose) $(GENDOC) -d $(HTMLDIR) -T $(DOCTEMPLATE) -x $(POLXML)
Chris PeBenito 9b3756
	$(verbose) cp $(DOCTEMPLATE)/*.css $(HTMLDIR)
Chris PeBenito 120988
	@touch tmp/html
Chris PeBenito 20030e
Chris PeBenito c9a26b
Chris PeBenito c9a26b
Chris PeBenito c9a26b
# Runtime binary policy patching of users
Chris PeBenito c9a26b
Chris PeBenito 1fb83a
$(USERPATH)/system.users: $(M4SUPPORT) tmp/generated_definitions.conf $(USER_FILES)
Chris PeBenito c9a26b
	@mkdir -p $(USERPATH)
Chris PeBenito c9a26b
	@echo "Installing system.users"
Chris PeBenito c9a26b
	@echo "# " > tmp/system.users
Chris PeBenito c9a26b
	@echo "# Do not edit this file. " >> tmp/system.users
Chris PeBenito c9a26b
	@echo "# This file is replaced on reinstalls of this policy." >> tmp/system.users
Chris PeBenito c9a26b
	@echo "# Please edit local.users to make local changes." >> tmp/system.users
Chris PeBenito c9a26b
	@echo "#" >> tmp/system.users
Chris PeBenito 9b3756
	$(verbose) m4 -D self_contained_policy $(M4PARAM) $^ | sed -r -e 's/^[[:blank:]]+//' \
Chris PeBenito 7dca64
		-e '/^[[:blank:]]*($$|#)/d' >> tmp/system.users
Chris PeBenito 9b3756
	$(verbose) install -m 644 tmp/system.users $@
Chris PeBenito c9a26b
Chris PeBenito 1beba1
$(USERPATH)/local.users: config/local.users
Chris PeBenito c9a26b
	@mkdir -p $(USERPATH)
Chris PeBenito c9a26b
	@echo "Installing local.users"
Chris PeBenito 9b3756
	$(verbose) install -b -m 644 $< $@
Chris PeBenito c9a26b
Chris PeBenito c9a26b
Chris PeBenito c9a26b
Chris PeBenito c9a26b
# Appconfig files
Chris PeBenito c9a26b
Chris PeBenito c9a26b
install-appconfig: $(APPFILES)
Chris PeBenito c9a26b
Chris PeBenito 4f9f30
Chris PeBenito 1beba1
	@mkdir -p $(INSTALLDIR)
Chris PeBenito 9b3756
	$(verbose) sed -r -e 's/false/0/g' -e 's/true/1/g' \
Chris PeBenito 7dca64
		-e '/^[[:blank:]]*($$|#)/d' $(BOOLEANS) | sort > tmp/booleans
Chris PeBenito 9b3756
	$(verbose) install -m 644 tmp/booleans $@
Chris PeBenito 1beba1
Chris PeBenito 2926f9
$(CONTEXTPATH)/files/media: $(APPCONF)/media
Chris PeBenito 1beba1
	@mkdir -p $(CONTEXTPATH)/files/
Chris PeBenito 9b3756
	$(verbose) install -m 644 $< $@
Chris PeBenito c9a26b
Chris PeBenito 2926f9
$(APPDIR)/default_contexts: $(APPCONF)/default_contexts
Chris PeBenito 1beba1
	@mkdir -p $(APPDIR)
Chris PeBenito 9b3756
	$(verbose) install -m 644 $< $@
Chris PeBenito c9a26b
Chris PeBenito 2926f9
$(APPDIR)/removable_context: $(APPCONF)/removable_context
Chris PeBenito 1beba1
	@mkdir -p $(APPDIR)
Chris PeBenito 9b3756
	$(verbose) install -m 644 $< $@
Chris PeBenito c9a26b
Chris PeBenito 2926f9
$(APPDIR)/default_type: $(APPCONF)/default_type
Chris PeBenito 1beba1
	@mkdir -p $(APPDIR)
Chris PeBenito 9b3756
	$(verbose) install -m 644 $< $@
Chris PeBenito c9a26b
Chris PeBenito 2926f9
$(APPDIR)/userhelper_context: $(APPCONF)/userhelper_context
Chris PeBenito 1beba1
	@mkdir -p $(APPDIR)
Chris PeBenito 9b3756
	$(verbose) install -m 644 $< $@
Chris PeBenito c9a26b
Chris PeBenito 2926f9
$(APPDIR)/initrc_context: $(APPCONF)/initrc_context
Chris PeBenito 1beba1
	@mkdir -p $(APPDIR)
Chris PeBenito 9b3756
	$(verbose) install -m 644 $< $@
Chris PeBenito c9a26b
Chris PeBenito 2926f9
$(APPDIR)/failsafe_context: $(APPCONF)/failsafe_context
Chris PeBenito 1beba1
	@mkdir -p $(APPDIR)
Chris PeBenito 9b3756
	$(verbose) install -m 644 $< $@
Chris PeBenito c9a26b
Chris PeBenito 2926f9
$(APPDIR)/dbus_contexts: $(APPCONF)/dbus_contexts
Chris PeBenito 1beba1
	@mkdir -p $(APPDIR)
Chris PeBenito 9b3756
	$(verbose) install -m 644 $< $@
Chris PeBenito c9a26b
Chris PeBenito 2926f9
$(APPDIR)/users/root: $(APPCONF)/root_default_contexts
Chris PeBenito 1beba1
	@mkdir -p $(APPDIR)/users
Chris PeBenito 9b3756
	$(verbose) install -m 644 $< $@
Chris PeBenito 9b3756
Chris PeBenito 9b3756
Chris PeBenito 9b3756
Chris PeBenito 9b3756
# Install policy headers
Chris PeBenito 9b3756
Chris PeBenito 885b83
install-headers: doc/policy.xml
Chris PeBenito 120988
	@mkdir -p $(HEADERDIR)
Chris PeBenito 120988
	@echo "Installing policy headers"
Chris PeBenito 885b83
	$(verbose) install -m 644 tmp/global_{tunables,booleans}.xml $(HEADERDIR)
Chris PeBenito 885b83
	$(verbose) m4 $(M4PARAM) $(ROLEMAP) > $(HEADERDIR)/$(notdir $(ROLEMAP))
Chris PeBenito 885b83
	$(verbose) mkdir -p $(HEADERDIR)/support
Chris PeBenito 885b83
	$(verbose) install -m 644 $(M4SUPPORT) $(GENXML) $(XMLDTD) $(HEADERDIR)/support
Chris PeBenito 885b83
	$(verbose) $(GENPERM) $(AVS) $(SECCLASS) > $(HEADERDIR)/support/all_perms.spt
Chris PeBenito 885b83
	$(verbose) for i in $(notdir $(ALL_LAYERS)); do \
Chris PeBenito 885b83
		mkdir -p $(HEADERDIR)/$$i ;\
Chris PeBenito 885b83
		install -m 644 $(MODDIR)/$$i/*.if \
Chris PeBenito 885b83
			$(MODDIR)/$$i/metadata.xml \
Chris PeBenito 885b83
			$(HEADERDIR)/$$i ;\
Chris PeBenito 885b83
Chris PeBenito 885b83
	$(verbose) echo "TYPE=$(TYPE)" > $(HEADERDIR)/build.conf
Chris PeBenito 885b83
	$(verbose) echo "NAME=$(NAME)" >> $(HEADERDIR)/build.conf
Chris PeBenito 885b83
ifneq "$(DISTRO)" ""
Chris PeBenito 885b83
	$(verbose) echo "DISTRO=$(DISTRO)" >> $(HEADERDIR)/build.conf
Chris PeBenito 885b83
Chris PeBenito 885b83
	$(verbose) echo "MONOLITHIC=n" >> $(HEADERDIR)/build.conf
Chris PeBenito 885b83
	$(verbose) echo "DIRECT_INITRC=$(DIRECT_INITRC)" >> $(HEADERDIR)/build.conf
Chris PeBenito 885b83
	$(verbose) echo "POLY=$(POLY)" >> $(HEADERDIR)/build.conf
Chris PeBenito 885b83
	$(verbose) install -m 644 $(SUPPORT)/Makefile.devel $(HEADERDIR)/Makefile
Chris PeBenito c9a26b
Chris PeBenito c592e5
Chris PeBenito c592e5
Chris PeBenito 120988
# Install policy documentation
Chris PeBenito 120988
Chris PeBenito 885b83
install-docs: tmp/html
Chris PeBenito 120988
	@mkdir -p $(DOCSDIR)/html
Chris PeBenito 120988
	@echo "Installing policy documentation"
Chris PeBenito 5bd1a7
	$(verbose) install -m 644 $(DOCFILES) $(DOCSDIR)
Chris PeBenito 120988
	$(verbose) install -m 644 $(wildcard $(HTMLDIR)/*) $(DOCSDIR)/html
Chris PeBenito 120988
Chris PeBenito 120988
Chris PeBenito 120988
Chris PeBenito c592e5
# Install policy sources
Chris PeBenito c592e5
Chris PeBenito c592e5
Chris PeBenito c592e5
	rm -rf $(SRCPATH)/policy.old
Chris PeBenito c592e5
	-mv $(SRCPATH)/policy $(SRCPATH)/policy.old
Chris PeBenito c592e5
	mkdir -p $(SRCPATH)/policy
Chris PeBenito c592e5
	cp -R . $(SRCPATH)/policy
Chris PeBenito c592e5
Chris PeBenito 102a59
Chris PeBenito 102a59
Chris PeBenito 37227d
# Generate tags file
Chris PeBenito 37227d
Chris PeBenito 37227d
Chris PeBenito 37227d
	@($(CTAGS) --version | grep -q Exuberant) || (echo ERROR: Need exuberant-ctags to function!; exit 1)
Chris PeBenito 37227d
	@LC_ALL=C $(CTAGS) --langdef=te --langmap=te:..te.if.spt \
Chris PeBenito 37227d
	 --regex-te='/^type[ \t]+(\w+)(,|;)/\1/t,type/' \
Chris PeBenito 37227d
	 --regex-te='/^typealias[ \t]+\w+[ \t+]+alias[ \t]+(\w+);/\1/t,type/' \
Chris PeBenito 37227d
	 --regex-te='/^attribute[ \t]+(\w+);/\1/a,attribute/' \
Chris PeBenito 37227d
	 --regex-te='/^[ \t]*define\(`(\w+)/\1/d,define/' \
Chris PeBenito 37227d
	 --regex-te='/^[ \t]*interface\(`(\w+)/\1/i,interface/' \
Chris PeBenito 37227d
	 --regex-te='/^[ \t]*bool[ \t]+(\w+)/\1/b,bool/' policy/modules/*/*.{if,te} policy/support/*.spt
Chris PeBenito 37227d
Chris PeBenito 37227d
Chris PeBenito 37227d
Chris PeBenito 120988
# Filesystem labeling
Chris PeBenito 120988
Chris PeBenito 120988
Chris PeBenito 120988
	@echo "Checking labels on filesystem types: ext2 ext3 xfs jfs"
Chris PeBenito 120988
	@if test -z "$(FILESYSTEMS)"; then \
Chris PeBenito 120988
		echo "No filesystems with extended attributes found!" ;\
Chris PeBenito 120988
		false ;\
Chris PeBenito 120988
Chris PeBenito 120988
	$(verbose) $(SETFILES) -v -n $(FCPATH) $(FILESYSTEMS)
Chris PeBenito 120988
Chris PeBenito 120988
Chris PeBenito 120988
	@echo "Restoring labels on filesystem types: ext2 ext3 xfs jfs"
Chris PeBenito 120988
	@if test -z "$(FILESYSTEMS)"; then \
Chris PeBenito 120988
		echo "No filesystems with extended attributes found!" ;\
Chris PeBenito 120988
		false ;\
Chris PeBenito 120988
Chris PeBenito 120988
	$(verbose) $(SETFILES) -v $(FCPATH) $(FILESYSTEMS)
Chris PeBenito 120988
Chris PeBenito 120988
Chris PeBenito 120988
	@echo "Relabeling filesystem types: ext2 ext3 xfs jfs"
Chris PeBenito 120988
	@if test -z "$(FILESYSTEMS)"; then \
Chris PeBenito 120988
		echo "No filesystems with extended attributes found!" ;\
Chris PeBenito 120988
		false ;\
Chris PeBenito 120988
Chris PeBenito 120988
Chris PeBenito 120988
Chris PeBenito 120988
Chris PeBenito 120988
	@echo "Resetting labels on filesystem types: ext2 ext3 xfs jfs"
Chris PeBenito 120988
	@if test -z "$(FILESYSTEMS)"; then \
Chris PeBenito 120988
		echo "No filesystems with extended attributes found!" ;\
Chris PeBenito 120988
		false ;\
Chris PeBenito 120988
Chris PeBenito 120988
Chris PeBenito 120988
Chris PeBenito 120988
Chris PeBenito 120988
Chris PeBenito 102a59
# Clean everything
Chris PeBenito 102a59
Chris PeBenito 0fbe15
bare: clean
Chris PeBenito 12b559
	rm -f $(POLXML)
Chris PeBenito 254bbc
	rm -f $(SUPPORT)/*.pyc
Chris PeBenito 254bbc
	rm -f $(FCSORT)
Chris PeBenito 19db6b
	rm -f $(MOD_CONF)
Chris PeBenito 4f9f30
	rm -f $(BOOLEANS)
Chris PeBenito 20030e
	rm -fR $(HTMLDIR)
Chris PeBenito 37227d
	rm -f tags
Chris PeBenito c767b1
ifneq ($(GENERATED_TE),)
Chris PeBenito c767b1
	rm -f $(GENERATED_TE)
Chris PeBenito c767b1
Chris PeBenito c767b1
ifneq ($(GENERATED_IF),)
Chris PeBenito c767b1
	rm -f $(GENERATED_IF)
Chris PeBenito c767b1
Chris PeBenito c767b1
ifneq ($(GENERATED_FC),)
Chris PeBenito c767b1
	rm -f $(GENERATED_FC)
Chris PeBenito c767b1
Chris PeBenito 0fbe15
Chris PeBenito 37227d
.PHONY: install-src install-appconfig conf html bare tags
Chris PeBenito b8c798
Chris PeBenito b8c798