|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
-include build.conf
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
# executables
|
|
Chris PeBenito |
9b3756 |
PREFIX := /usr
|
|
Chris PeBenito |
9b3756 |
BINDIR := $(PREFIX)/bin
|
|
Chris PeBenito |
9b3756 |
SBINDIR := $(PREFIX)/sbin
|
|
Chris PeBenito |
9b3756 |
CHECKMODULE := $(BINDIR)/checkmodule
|
|
Chris PeBenito |
9b3756 |
SEMODULE := $(SBINDIR)/semodule
|
|
Chris PeBenito |
9b3756 |
SEMOD_PKG := $(BINDIR)/semodule_package
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
# helper tools
|
|
Chris PeBenito |
9b3756 |
AWK ?= gawk
|
|
Chris PeBenito |
9b3756 |
INSTALL ?= install
|
|
Chris PeBenito |
9b3756 |
M4 ?= m4
|
|
Chris PeBenito |
9b3756 |
SED ?= sed
|
|
Chris PeBenito |
9b3756 |
EINFO ?= echo
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
# installation paths
|
|
Chris PeBenito |
9b3756 |
SHAREDIR := $(PREFIX)/share/selinux
|
|
Chris PeBenito |
9b3756 |
MODPKGDIR := $(SHAREDIR)/$(NAME)
|
|
Chris PeBenito |
9b3756 |
HEADERDIR := $(SHAREDIR)/refpolicy/include
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
# set default build options
|
|
Chris PeBenito |
9b3756 |
TYPE ?= strict
|
|
Chris PeBenito |
9b3756 |
NAME ?= $(TYPE)
|
|
Chris PeBenito |
9b3756 |
DIRECT_INITRC ?= n
|
|
Chris PeBenito |
9b3756 |
POLY ?= n
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
# compile strict policy if requested.
|
|
Chris PeBenito |
9b3756 |
ifneq ($(findstring strict,$(TYPE)),)
|
|
Chris PeBenito |
9b3756 |
M4PARAM += -D strict_policy
|
|
Chris PeBenito |
9b3756 |
endif
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
# compile targeted policy if requested.
|
|
Chris PeBenito |
9b3756 |
ifneq ($(findstring targeted,$(TYPE)),)
|
|
Chris PeBenito |
9b3756 |
M4PARAM += -D targeted_policy
|
|
Chris PeBenito |
9b3756 |
endif
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
# enable MLS if requested.
|
|
Chris PeBenito |
9b3756 |
ifneq ($(findstring -mls,$(TYPE)),)
|
|
Chris PeBenito |
9b3756 |
M4PARAM += -D enable_mls
|
|
Chris PeBenito |
9b3756 |
CHECKPOLICY += -M
|
|
Chris PeBenito |
9b3756 |
CHECKMODULE += -M
|
|
Chris PeBenito |
9b3756 |
endif
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
# enable MLS if MCS requested.
|
|
Chris PeBenito |
9b3756 |
ifneq ($(findstring -mcs,$(TYPE)),)
|
|
Chris PeBenito |
9b3756 |
M4PARAM += -D enable_mcs
|
|
Chris PeBenito |
9b3756 |
CHECKPOLICY += -M
|
|
Chris PeBenito |
9b3756 |
CHECKMODULE += -M
|
|
Chris PeBenito |
9b3756 |
endif
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
# enable distribution-specific policy
|
|
Chris PeBenito |
9b3756 |
ifneq ($(DISTRO),)
|
|
Chris PeBenito |
9b3756 |
M4PARAM += -D distro_$(DISTRO)
|
|
Chris PeBenito |
9b3756 |
endif
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
# enable polyinstantiation
|
|
Chris PeBenito |
9b3756 |
ifeq ($(POLY),y)
|
|
Chris PeBenito |
9b3756 |
M4PARAM += -D enable_polyinstantiation
|
|
Chris PeBenito |
9b3756 |
endif
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
ifeq ($(DIRECT_INITRC),y)
|
|
Chris PeBenito |
9b3756 |
M4PARAM += -D direct_sysadm_daemon
|
|
Chris PeBenito |
9b3756 |
endif
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
ifneq ($(VERBOSE),y)
|
|
Chris PeBenito |
9b3756 |
quiet := @
|
|
Chris PeBenito |
9b3756 |
endif
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
M4PARAM += -D hide_broken_symptoms
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
# policy headers
|
|
Chris PeBenito |
9b3756 |
m4support := $(wildcard $(HEADERDIR)/*.spt)
|
|
Chris PeBenito |
9b3756 |
all_interfaces := $(wildcard $(HEADERDIR)/*.if)
|
|
Chris PeBenito |
9b3756 |
rolemap := $(HEADERDIR)/rolemap
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
detected_mods := $(wildcard *.te)
|
|
Chris PeBenito |
9b3756 |
detected_ifs := $(detected_mods:.te=.if)
|
|
Chris PeBenito |
9b3756 |
all_packages := $(detected_mods:.te=.pp)
|
|
Chris PeBenito |
9b3756 |
install_mods := $(MODPKGDIR)/$(all_packages)
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
########################################
|
|
Chris PeBenito |
9b3756 |
#
|
|
Chris PeBenito |
9b3756 |
# Functions
|
|
Chris PeBenito |
9b3756 |
#
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
# parse-rolemap modulename,outputfile
|
|
Chris PeBenito |
9b3756 |
define parse-rolemap
|
|
Chris PeBenito |
9b3756 |
$(verbose) $(M4) $(M4PARAM) $(rolemap) | \
|
|
Chris PeBenito |
9b3756 |
$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
|
|
Chris PeBenito |
9b3756 |
endef
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
# peruser-expansion modulename,outputfile
|
|
Chris PeBenito |
9b3756 |
define peruser-expansion
|
|
Chris PeBenito |
9b3756 |
$(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" > $2
|
|
Chris PeBenito |
9b3756 |
$(call parse-rolemap,$1,$2)
|
|
Chris PeBenito |
9b3756 |
$(verbose) echo "')" >> $2
|
|
Chris PeBenito |
9b3756 |
endef
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
########################################
|
|
Chris PeBenito |
9b3756 |
#
|
|
Chris PeBenito |
9b3756 |
# Main targets
|
|
Chris PeBenito |
9b3756 |
#
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
all: $(all_packages)
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
########################################
|
|
Chris PeBenito |
9b3756 |
#
|
|
Chris PeBenito |
9b3756 |
# Build module packages
|
|
Chris PeBenito |
9b3756 |
#
|
|
Chris PeBenito |
9b3756 |
tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
|
|
Chris PeBenito |
9b3756 |
@$(EINFO) "Compliling $(NAME) $(basename $(@F)) module"
|
|
Chris PeBenito |
9b3756 |
@test -d tmp || mkdir -p tmp
|
|
Chris PeBenito |
9b3756 |
$(call peruser-expansion,$(basename $(@F)),$@.role)
|
|
Chris PeBenito |
9b3756 |
$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
|
|
Chris PeBenito |
9b3756 |
$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
tmp/%.mod.fc: $(m4support) %.fc
|
|
Chris PeBenito |
9b3756 |
$(verbose) $(M4) $(M4PARAM) $^ > $@
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
%.pp: tmp/%.mod tmp/%.mod.fc
|
|
Chris PeBenito |
9b3756 |
@echo "Creating $(NAME) $(@F) policy package"
|
|
Chris PeBenito |
9b3756 |
$(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
tmp/all_interfaces.conf: $(m4support) $(all_interfaces) $(detected_ifs)
|
|
Chris PeBenito |
9b3756 |
@test -d tmp || mkdir -p tmp
|
|
Chris PeBenito |
9b3756 |
$(verbose) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
########################################
|
|
Chris PeBenito |
9b3756 |
#
|
|
Chris PeBenito |
9b3756 |
# Clean the environment
|
|
Chris PeBenito |
9b3756 |
#
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
clean:
|
|
Chris PeBenito |
9b3756 |
rm -fR tmp
|
|
Chris PeBenito |
9b3756 |
rm -f *.pp
|
|
Chris PeBenito |
9b3756 |
|
|
Chris PeBenito |
9b3756 |
.PHONY: clean install all default
|