|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Makefile for the security policy.
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Targets:
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# install - compile and install the policy configuration, and context files.
|
|
Chris PeBenito |
0fbfa5 |
# load - compile, install, and load the policy configuration.
|
|
Chris PeBenito |
0fbfa5 |
# reload - compile, install, and load/reload the policy configuration.
|
|
Chris PeBenito |
0fbfa5 |
# relabel - relabel filesystems based on the file contexts configuration.
|
|
Chris PeBenito |
0fbfa5 |
# policy - compile the policy configuration locally for testing/development.
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# The default target is 'install'.
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Set to y if MLS is enabled in the policy.
|
|
Chris PeBenito |
0fbfa5 |
MLS=n
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
a08248 |
# Set to y if MCS is enabled in the policy
|
|
Chris PeBenito |
a08248 |
MCS=n
|
|
Chris PeBenito |
a08248 |
|
|
Chris PeBenito |
0fbfa5 |
FLASKDIR = flask/
|
|
Chris PeBenito |
0fbfa5 |
PREFIX = /usr
|
|
Chris PeBenito |
0fbfa5 |
BINDIR = $(PREFIX)/bin
|
|
Chris PeBenito |
0fbfa5 |
SBINDIR = $(PREFIX)/sbin
|
|
Chris PeBenito |
0fbfa5 |
LOADPOLICY = $(SBINDIR)/load_policy
|
|
Chris PeBenito |
0fbfa5 |
CHECKPOLICY = $(BINDIR)/checkpolicy
|
|
Chris PeBenito |
0fbfa5 |
GENHOMEDIRCON = $(SBINDIR)/genhomedircon
|
|
Chris PeBenito |
0fbfa5 |
SETFILES = $(SBINDIR)/setfiles
|
|
Chris PeBenito |
0fbfa5 |
VERS := $(shell $(CHECKPOLICY) $(POLICYCOMPAT) -V |cut -f 1 -d ' ')
|
|
Chris PeBenito |
a08248 |
PREVERS := 19
|
|
Chris PeBenito |
0fbfa5 |
KERNVERS := $(shell cat /selinux/policyvers)
|
|
Chris PeBenito |
0fbfa5 |
POLICYVER := policy.$(VERS)
|
|
Chris PeBenito |
0fbfa5 |
TOPDIR = $(DESTDIR)/etc/selinux
|
|
Chris PeBenito |
a08248 |
TYPE=strict
|
|
Chris PeBenito |
0fbfa5 |
ifeq ($(MLS),y)
|
|
Chris PeBenito |
0fbfa5 |
TYPE=mls
|
|
Chris PeBenito |
0fbfa5 |
endif
|
|
Chris PeBenito |
a08248 |
ifeq ($(MCS),y)
|
|
Chris PeBenito |
a08248 |
TYPE=mcs
|
|
Chris PeBenito |
a08248 |
endif
|
|
Chris PeBenito |
a08248 |
|
|
Chris PeBenito |
0fbfa5 |
INSTALLDIR = $(TOPDIR)/$(TYPE)
|
|
Chris PeBenito |
0fbfa5 |
POLICYPATH = $(INSTALLDIR)/policy
|
|
Chris PeBenito |
0fbfa5 |
SRCPATH = $(INSTALLDIR)/src
|
|
Chris PeBenito |
0fbfa5 |
USERPATH = $(INSTALLDIR)/users
|
|
Chris PeBenito |
0fbfa5 |
CONTEXTPATH = $(INSTALLDIR)/contexts
|
|
Chris PeBenito |
0fbfa5 |
LOADPATH = $(POLICYPATH)/$(POLICYVER)
|
|
Chris PeBenito |
0fbfa5 |
FCPATH = $(CONTEXTPATH)/files/file_contexts
|
|
Chris PeBenito |
0fbfa5 |
HOMEDIRPATH = $(CONTEXTPATH)/files/homedir_template
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
ALL_PROGRAM_MACROS := $(wildcard macros/program/*.te)
|
|
Chris PeBenito |
0fbfa5 |
ALL_MACROS := $(ALL_PROGRAM_MACROS) $(wildcard macros/*.te)
|
|
Chris PeBenito |
0fbfa5 |
ALL_TYPES := $(wildcard types/*.te)
|
|
Chris PeBenito |
0fbfa5 |
ALL_DOMAINS := $(wildcard domains/*.te domains/misc/*.te domains/program/*.te)
|
|
Chris PeBenito |
0fbfa5 |
ALLTEFILES := attrib.te tmp/program_used_flags.te $(ALL_MACROS) $(ALL_TYPES) $(ALL_DOMAINS) assert.te
|
|
Chris PeBenito |
0fbfa5 |
TE_RBAC_FILES := $(ALLTEFILES) rbac
|
|
Chris PeBenito |
0fbfa5 |
ALL_TUNABLES := $(wildcard tunables/*.tun )
|
|
Chris PeBenito |
0fbfa5 |
USER_FILES := users
|
|
Chris PeBenito |
0fbfa5 |
POLICYFILES = $(addprefix $(FLASKDIR),security_classes initial_sids access_vectors)
|
|
Chris PeBenito |
0fbfa5 |
ifeq ($(MLS),y)
|
|
Chris PeBenito |
0fbfa5 |
POLICYFILES += mls
|
|
Chris PeBenito |
0fbfa5 |
CHECKPOLMLS += -M
|
|
Chris PeBenito |
0fbfa5 |
endif
|
|
Chris PeBenito |
a08248 |
ifeq ($(MCS), y)
|
|
Chris PeBenito |
a08248 |
POLICYFILES += mcs
|
|
Chris PeBenito |
a08248 |
CHECKPOLMLS += -M
|
|
Chris PeBenito |
a08248 |
endif
|
|
Chris PeBenito |
0fbfa5 |
DEFCONTEXTFILES = initial_sid_contexts fs_use genfs_contexts net_contexts
|
|
Chris PeBenito |
0fbfa5 |
POLICYFILES += $(ALL_TUNABLES) $(TE_RBAC_FILES)
|
|
Chris PeBenito |
0fbfa5 |
POLICYFILES += $(USER_FILES)
|
|
Chris PeBenito |
0fbfa5 |
POLICYFILES += constraints
|
|
Chris PeBenito |
0fbfa5 |
POLICYFILES += $(DEFCONTEXTFILES)
|
|
Chris PeBenito |
0fbfa5 |
CONTEXTFILES = $(DEFCONTEXTFILES)
|
|
Chris PeBenito |
5493c2 |
POLICY_DIRS = domains domains/program domains/misc macros macros/program
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
UNUSED_TE_FILES := $(wildcard domains/program/unused/*.te)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
FC = file_contexts/file_contexts
|
|
Chris PeBenito |
0fbfa5 |
HOMEDIR_TEMPLATE = file_contexts/homedir_template
|
|
Chris PeBenito |
0fbfa5 |
FCFILES=file_contexts/types.fc $(patsubst domains/program/%.te,file_contexts/program/%.fc, $(wildcard domains/program/*.te)) file_contexts/distros.fc $(wildcard file_contexts/misc/*.fc)
|
|
Chris PeBenito |
0fbfa5 |
CONTEXTFILES += $(FCFILES)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
APPDIR=$(CONTEXTPATH)
|
|
Chris PeBenito |
5493c2 |
APPFILES = $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types port_types) $(CONTEXTPATH)/files/media
|
|
Chris PeBenito |
0fbfa5 |
CONTEXTFILES += $(wildcard appconfig/*_context*) appconfig/media
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
ROOTFILES = $(addprefix $(APPDIR)/users/,root)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
all: policy
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
5493c2 |
tmp/valid_fc: $(LOADPATH) $(FC)
|
|
Chris PeBenito |
5493c2 |
@echo "Validating file contexts files ..."
|
|
Chris PeBenito |
5493c2 |
$(SETFILES) -q -c $(LOADPATH) $(FC)
|
|
Chris PeBenito |
0fbfa5 |
@touch tmp/valid_fc
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
5493c2 |
install: $(FCPATH) $(APPFILES) $(ROOTFILES) $(USERPATH)/local.users
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
$(USERPATH)/system.users: $(ALL_TUNABLES) $(USER_FILES) policy.conf
|
|
Chris PeBenito |
0fbfa5 |
@mkdir -p $(USERPATH)
|
|
Chris PeBenito |
0fbfa5 |
@echo "# " > tmp/system.users
|
|
Chris PeBenito |
0fbfa5 |
@echo "# Do not edit this file. " >> tmp/system.users
|
|
Chris PeBenito |
0fbfa5 |
@echo "# This file is replaced on reinstalls of this policy." >> tmp/system.users
|
|
Chris PeBenito |
0fbfa5 |
@echo "# Please edit local.users to make local changes." >> tmp/system.users
|
|
Chris PeBenito |
0fbfa5 |
@echo "#" >> tmp/system.users
|
|
Chris PeBenito |
5493c2 |
@m4 $(ALL_TUNABLES) tmp/program_used_flags.te $(USER_FILES) | grep -v "^#" >> tmp/system.users
|
|
Chris PeBenito |
0fbfa5 |
install -m 644 tmp/system.users $@
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
$(USERPATH)/local.users: local.users
|
|
Chris PeBenito |
0fbfa5 |
@mkdir -p $(USERPATH)
|
|
Chris PeBenito |
5493c2 |
install -b -m 644 $< $@
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
$(CONTEXTPATH)/files/media: appconfig/media
|
|
Chris PeBenito |
5493c2 |
@mkdir -p $(CONTEXTPATH)/files/
|
|
Chris PeBenito |
0fbfa5 |
install -m 644 $< $@
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
$(APPDIR)/default_contexts: appconfig/default_contexts
|
|
Chris PeBenito |
5493c2 |
@mkdir -p $(APPDIR)
|
|
Chris PeBenito |
0fbfa5 |
install -m 644 $< $@
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
$(APPDIR)/removable_context: appconfig/removable_context
|
|
Chris PeBenito |
5493c2 |
@mkdir -p $(APPDIR)
|
|
Chris PeBenito |
0fbfa5 |
install -m 644 $< $@
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
$(APPDIR)/customizable_types: policy.conf
|
|
Chris PeBenito |
5493c2 |
@mkdir -p $(APPDIR)
|
|
Chris PeBenito |
0fbfa5 |
@grep "^type .*customizable" $< | cut -d',' -f1 | cut -d' ' -f2 > tmp/customizable_types
|
|
Chris PeBenito |
0fbfa5 |
install -m 644 tmp/customizable_types $@
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
5493c2 |
$(APPDIR)/port_types: policy.conf
|
|
Chris PeBenito |
5493c2 |
@mkdir -p $(APPDIR)
|
|
Chris PeBenito |
5493c2 |
@grep "^type .*port_type" $< | cut -d',' -f1 | cut -d' ' -f2 > tmp/port_types
|
|
Chris PeBenito |
5493c2 |
install -m 644 tmp/port_types $@
|
|
Chris PeBenito |
5493c2 |
|
|
Chris PeBenito |
0fbfa5 |
$(APPDIR)/default_type: appconfig/default_type
|
|
Chris PeBenito |
5493c2 |
@mkdir -p $(APPDIR)
|
|
Chris PeBenito |
0fbfa5 |
install -m 644 $< $@
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
$(APPDIR)/userhelper_context: appconfig/userhelper_context
|
|
Chris PeBenito |
5493c2 |
@mkdir -p $(APPDIR)
|
|
Chris PeBenito |
0fbfa5 |
install -m 644 $< $@
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
$(APPDIR)/initrc_context: appconfig/initrc_context
|
|
Chris PeBenito |
5493c2 |
@mkdir -p $(APPDIR)
|
|
Chris PeBenito |
0fbfa5 |
install -m 644 $< $@
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
$(APPDIR)/failsafe_context: appconfig/failsafe_context
|
|
Chris PeBenito |
5493c2 |
@mkdir -p $(APPDIR)
|
|
Chris PeBenito |
0fbfa5 |
install -m 644 $< $@
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
$(APPDIR)/dbus_contexts: appconfig/dbus_contexts
|
|
Chris PeBenito |
5493c2 |
@mkdir -p $(APPDIR)
|
|
Chris PeBenito |
0fbfa5 |
install -m 644 $< $@
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
$(APPDIR)/users/root: appconfig/root_default_contexts
|
|
Chris PeBenito |
5493c2 |
@mkdir -p $(APPDIR)/users
|
|
Chris PeBenito |
0fbfa5 |
install -m 644 $< $@
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
5493c2 |
$(LOADPATH): policy.conf $(CHECKPOLICY)
|
|
Chris PeBenito |
5493c2 |
@echo "Compiling policy ..."
|
|
Chris PeBenito |
5493c2 |
@mkdir -p $(POLICYPATH)
|
|
Chris PeBenito |
0fbfa5 |
$(CHECKPOLICY) $(CHECKPOLMLS) -o $@ policy.conf
|
|
Chris PeBenito |
a08248 |
ifneq ($(VERS),$(PREVERS))
|
|
Chris PeBenito |
a08248 |
$(CHECKPOLICY) -c $(PREVERS) -o $(POLICYPATH)/policy.$(PREVERS) policy.conf
|
|
Chris PeBenito |
0fbfa5 |
endif
|
|
Chris PeBenito |
a08248 |
|
|
Chris PeBenito |
0fbfa5 |
# Note: Can't use install, so not sure how to deal with mode, user, and group
|
|
Chris PeBenito |
0fbfa5 |
# other than by default.
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
policy: $(POLICYVER)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
$(POLICYVER): policy.conf $(FC) $(CHECKPOLICY)
|
|
Chris PeBenito |
0fbfa5 |
$(CHECKPOLICY) $(CHECKPOLMLS) -o $@ policy.conf
|
|
Chris PeBenito |
5493c2 |
@echo "Validating file contexts files ..."
|
|
Chris PeBenito |
0fbfa5 |
$(SETFILES) -q -c $(POLICYVER) $(FC)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
5493c2 |
reload tmp/load: $(LOADPATH)
|
|
Chris PeBenito |
5493c2 |
@echo "Loading Policy ..."
|
|
Chris PeBenito |
a08248 |
ifeq ($(VERS), $(KERNVERS))
|
|
Chris PeBenito |
0fbfa5 |
$(LOADPOLICY) $(LOADPATH)
|
|
Chris PeBenito |
a08248 |
else
|
|
Chris PeBenito |
a08248 |
$(LOADPOLICY) $(POLICYPATH)/policy.$(PREVERS)
|
|
Chris PeBenito |
a08248 |
endif
|
|
Chris PeBenito |
0fbfa5 |
touch tmp/load
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
5493c2 |
load: tmp/load $(FCPATH)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
enableaudit: policy.conf
|
|
Chris PeBenito |
0fbfa5 |
grep -v dontaudit policy.conf > policy.audit
|
|
Chris PeBenito |
0fbfa5 |
mv policy.audit policy.conf
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
policy.conf: $(POLICYFILES) $(POLICY_DIRS)
|
|
Chris PeBenito |
5493c2 |
@echo "Building policy.conf ..."
|
|
Chris PeBenito |
5493c2 |
@mkdir -p tmp
|
|
Chris PeBenito |
0fbfa5 |
m4 $(M4PARAM) -Imacros -s $(POLICYFILES) > $@.tmp
|
|
Chris PeBenito |
5493c2 |
@mv $@.tmp $@
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
install-src:
|
|
Chris PeBenito |
0fbfa5 |
rm -rf $(SRCPATH)/policy.old
|
|
Chris PeBenito |
0fbfa5 |
-mv $(SRCPATH)/policy $(SRCPATH)/policy.old
|
|
Chris PeBenito |
5493c2 |
@mkdir -p $(SRCPATH)/policy
|
|
Chris PeBenito |
0fbfa5 |
cp -R . $(SRCPATH)/policy
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
tmp/program_used_flags.te: $(wildcard domains/program/*.te) domains/program
|
|
Chris PeBenito |
5493c2 |
@mkdir -p tmp
|
|
Chris PeBenito |
0fbfa5 |
( cd domains/program/ ; for n in *.te ; do echo "define(\`$$n')"; done ) > $@.tmp
|
|
Chris PeBenito |
0fbfa5 |
( cd domains/misc/ ; for n in *.te ; do echo "define(\`$$n')"; done ) >> $@.tmp
|
|
Chris PeBenito |
0fbfa5 |
mv $@.tmp $@
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
5493c2 |
FILESYSTEMS=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs| jfs | reiserfs ).*rw/{print $$3}';`
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
checklabels: $(SETFILES)
|
|
Chris PeBenito |
0fbfa5 |
$(SETFILES) -v -n $(FC) $(FILESYSTEMS)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
restorelabels: $(SETFILES)
|
|
Chris PeBenito |
0fbfa5 |
$(SETFILES) -v $(FC) $(FILESYSTEMS)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
relabel: $(FC) $(SETFILES)
|
|
Chris PeBenito |
0fbfa5 |
$(SETFILES) $(FC) $(FILESYSTEMS)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
file_contexts/misc:
|
|
Chris PeBenito |
5493c2 |
@mkdir -p file_contexts/misc
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
5493c2 |
$(FCPATH): tmp/valid_fc $(USERPATH)/system.users $(APPDIR)/customizable_types $(APPDIR)/port_types
|
|
Chris PeBenito |
5493c2 |
@echo "Installing file contexts files..."
|
|
Chris PeBenito |
0fbfa5 |
@mkdir -p $(CONTEXTPATH)/files
|
|
Chris PeBenito |
0fbfa5 |
install -m 644 $(HOMEDIR_TEMPLATE) $(HOMEDIRPATH)
|
|
Chris PeBenito |
5493c2 |
install -m 644 $(FC) $(FCPATH)
|
|
Chris PeBenito |
0fbfa5 |
@$(GENHOMEDIRCON) -d $(TOPDIR) -t $(TYPE) $(USEPWD)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
$(FC): $(ALL_TUNABLES) tmp/program_used_flags.te $(FCFILES) domains/program domains/misc file_contexts/program file_contexts/misc users /etc/passwd
|
|
Chris PeBenito |
5493c2 |
@echo "Building file contexts files..."
|
|
Chris PeBenito |
0fbfa5 |
@m4 $(M4PARAM) $(ALL_TUNABLES) tmp/program_used_flags.te $(FCFILES) > $@.tmp
|
|
Chris PeBenito |
5493c2 |
@grep -v -e HOME -e ROLE -e USER $@.tmp > $@
|
|
Chris PeBenito |
5493c2 |
@grep -e HOME -e ROLE -e USER $@.tmp > $(HOMEDIR_TEMPLATE)
|
|
Chris PeBenito |
0fbfa5 |
@-rm $@.tmp
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Create a tags-file for the policy:
|
|
Chris PeBenito |
0fbfa5 |
# we need exuberant ctags; unfortunately it is named differently on different distros, sigh...
|
|
Chris PeBenito |
0fbfa5 |
pathsearch = $(firstword $(wildcard $(addsuffix /$(1),$(subst :, ,$(PATH))))) # taken from make-docs
|
|
Chris PeBenito |
0fbfa5 |
CTAGS := $(call pathsearch,ctags-exuberant) # debian naming scheme
|
|
Chris PeBenito |
0fbfa5 |
ifeq ($(strip $(CTAGS)),)
|
|
Chris PeBenito |
0fbfa5 |
CTAGS := $(call pathsearch,ctags) # suse naming scheme
|
|
Chris PeBenito |
0fbfa5 |
endif
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
tags: $(wildcard *.te types/*.te domains/*.te domains/misc/*.te domains/program/*.te domains/program/unused/*.te macros/*.te macros/program/*.te)
|
|
Chris PeBenito |
0fbfa5 |
@($(CTAGS) --version | grep -q Exuberant) || (echo ERROR: Need exuberant-ctags to function!; exit 1)
|
|
Chris PeBenito |
0fbfa5 |
@LC_ALL=C $(CTAGS) --langdef=te --langmap=te:..te \
|
|
Chris PeBenito |
0fbfa5 |
--regex-te='/^[ \t]*type[ \t]+(\w+)(,|;)/\1/t,type/' \
|
|
Chris PeBenito |
0fbfa5 |
--regex-te='/^[ \t]*typealias[ \t]+\w+[ \t+]+alias[ \t]+(\w+);/\1/t,type/' \
|
|
Chris PeBenito |
0fbfa5 |
--regex-te='/^[ \t]*attribute[ \t]+(\w+);/\1/a,attribute/' \
|
|
Chris PeBenito |
0fbfa5 |
--regex-te='/^[ \t]*define\(`(\w+)/\1/d,define/' \
|
|
Chris PeBenito |
0fbfa5 |
--regex-te='/^[ \t]*bool[ \t]+(\w+)/\1/b,bool/' $^
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
clean:
|
|
Chris PeBenito |
5493c2 |
rm -f policy.conf $(POLICYVER)
|
|
Chris PeBenito |
0fbfa5 |
rm -f tags
|
|
Chris PeBenito |
0fbfa5 |
rm -f tmp/*
|
|
Chris PeBenito |
0fbfa5 |
rm -f $(FC)
|
|
Chris PeBenito |
0fbfa5 |
rm -f flask/*.h
|
|
Chris PeBenito |
0fbfa5 |
# for the policy regression tester
|
|
Chris PeBenito |
0fbfa5 |
find "domains/program/" -maxdepth 1 -type l -exec rm {} \; ; \
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Policy regression tester.
|
|
Chris PeBenito |
0fbfa5 |
# Written by Colin Walters <walters@debian.org>
|
|
Chris PeBenito |
0fbfa5 |
cur_te = $(filter-out %/,$(subst /,/ ,$@))
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
TESTED_TE_FILES := $(notdir $(UNUSED_TE_FILES))
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
define compute_depends
|
|
Chris PeBenito |
0fbfa5 |
export TE_DEPENDS_$(1) := $(shell egrep '^#[[:space:]]*Depends: ' domains/program/unused/$(1) | head -1 | sed -e 's/^.*Depends: //')
|
|
Chris PeBenito |
0fbfa5 |
endef
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
ifeq ($(TE_DEPENDS_DEFINED),)
|
|
Chris PeBenito |
0fbfa5 |
ifeq ($(MAKECMDGOALS),check-all)
|
|
Chris PeBenito |
0fbfa5 |
GENRULES := $(TESTED_TE_FILES)
|
|
Chris PeBenito |
0fbfa5 |
export TE_DEPENDS_DEFINED := yes
|
|
Chris PeBenito |
0fbfa5 |
else
|
|
Chris PeBenito |
0fbfa5 |
# Handle the case where checkunused/blah.te is run directly.
|
|
Chris PeBenito |
0fbfa5 |
ifneq ($(findstring checkunused/,$(MAKECMDGOALS)),)
|
|
Chris PeBenito |
0fbfa5 |
GENRULES := $(TESTED_TE_FILES)
|
|
Chris PeBenito |
0fbfa5 |
export TE_DEPENDS_DEFINED := yes
|
|
Chris PeBenito |
0fbfa5 |
endif
|
|
Chris PeBenito |
0fbfa5 |
endif
|
|
Chris PeBenito |
0fbfa5 |
endif
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Test for a new enough version of GNU Make.
|
|
Chris PeBenito |
0fbfa5 |
$(eval have_eval := yes)
|
|
Chris PeBenito |
0fbfa5 |
ifneq ($(GENRULES),)
|
|
Chris PeBenito |
0fbfa5 |
ifeq ($(have_eval),)
|
|
Chris PeBenito |
0fbfa5 |
$(error Need GNU Make 3.80 or better!)
|
|
Chris PeBenito |
0fbfa5 |
Need GNU Make 3.80 or better
|
|
Chris PeBenito |
0fbfa5 |
endif
|
|
Chris PeBenito |
0fbfa5 |
endif
|
|
Chris PeBenito |
0fbfa5 |
$(foreach f,$(GENRULES),$(eval $(call compute_depends,$(f))))
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
PHONIES :=
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
define compute_presymlinks
|
|
Chris PeBenito |
0fbfa5 |
PHONIES += presymlink/$(1)
|
|
Chris PeBenito |
0fbfa5 |
presymlink/$(1):: $(patsubst %,presymlink/%,$(TE_DEPENDS_$(1)))
|
|
Chris PeBenito |
0fbfa5 |
@if ! test -L domains/program/$(1); then \
|
|
Chris PeBenito |
0fbfa5 |
cd domains/program && ln -s unused/$(1) .; \
|
|
Chris PeBenito |
0fbfa5 |
fi
|
|
Chris PeBenito |
0fbfa5 |
endef
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Compute dependencies.
|
|
Chris PeBenito |
0fbfa5 |
$(foreach f,$(TESTED_TE_FILES),$(eval $(call compute_presymlinks,$(f))))
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
PHONIES += $(patsubst %,checkunused/%,$(TESTED_TE_FILES))
|
|
Chris PeBenito |
0fbfa5 |
$(patsubst %,checkunused/%,$(TESTED_TE_FILES)) :: checkunused/% :
|
|
Chris PeBenito |
0fbfa5 |
@$(MAKE) -s clean
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
$(patsubst %,checkunused/%,$(TESTED_TE_FILES)) :: checkunused/% : presymlink/%
|
|
Chris PeBenito |
0fbfa5 |
@if test -n "$(TE_DEPENDS_$(cur_te))"; then \
|
|
Chris PeBenito |
0fbfa5 |
echo "Dependencies for $(cur_te): $(TE_DEPENDS_$(cur_te))"; \
|
|
Chris PeBenito |
0fbfa5 |
fi
|
|
Chris PeBenito |
0fbfa5 |
@echo "Testing $(cur_te)...";
|
|
Chris PeBenito |
0fbfa5 |
@if ! make -s policy 1>/dev/null; then \
|
|
Chris PeBenito |
0fbfa5 |
echo "Testing $(cur_te)...FAILED"; \
|
|
Chris PeBenito |
0fbfa5 |
exit 1; \
|
|
Chris PeBenito |
0fbfa5 |
fi;
|
|
Chris PeBenito |
0fbfa5 |
@echo "Testing $(cur_te)...success."; \
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
check-all:
|
|
Chris PeBenito |
0fbfa5 |
@for goal in $(patsubst %,checkunused/%,$(TESTED_TE_FILES)); do \
|
|
Chris PeBenito |
0fbfa5 |
$(MAKE) --no-print-directory $$goal; \
|
|
Chris PeBenito |
0fbfa5 |
done
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
.PHONY: clean $(PHONIES)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
mlsconvert:
|
|
Chris PeBenito |
0fbfa5 |
@for file in $(CONTEXTFILES); do \
|
|
Chris PeBenito |
0fbfa5 |
echo "Converting $$file"; \
|
|
Chris PeBenito |
0fbfa5 |
sed -e 's/_t\b/_t:s0/g' $$file > $$file.new && \
|
|
Chris PeBenito |
0fbfa5 |
mv $$file.new $$file; \
|
|
Chris PeBenito |
0fbfa5 |
done
|
|
Chris PeBenito |
0fbfa5 |
@for file in $(USER_FILES); do \
|
|
Chris PeBenito |
0fbfa5 |
echo "Converting $$file"; \
|
|
Chris PeBenito |
5493c2 |
sed -e 's/;/ level s0 range s0 - s9:c0.c127;/' $$file > $$file.new && \
|
|
Chris PeBenito |
0fbfa5 |
mv $$file.new $$file; \
|
|
Chris PeBenito |
0fbfa5 |
done
|
|
Chris PeBenito |
5493c2 |
@sed -e '/sid kernel/s/s0/s0 - s9:c0.c127/' initial_sid_contexts > initial_sid_contexts.new && mv initial_sid_contexts.new initial_sid_contexts
|
|
Chris PeBenito |
5493c2 |
@echo "Enabling MLS in the Makefile"
|
|
Chris PeBenito |
5493c2 |
@sed "s/MLS=n/MLS=y/" Makefile > Makefile.new
|
|
Chris PeBenito |
5493c2 |
@mv Makefile.new Makefile
|
|
Chris PeBenito |
0fbfa5 |
@echo "Done"
|
|
Chris PeBenito |
a08248 |
|
|
Chris PeBenito |
a08248 |
mcsconvert:
|
|
Chris PeBenito |
a08248 |
@for file in $(CONTEXTFILES); do \
|
|
Chris PeBenito |
a08248 |
echo "Converting $$file"; \
|
|
Chris PeBenito |
a08248 |
sed -e 's/_t\b/_t:s0/g' $$file > $$file.new && \
|
|
Chris PeBenito |
a08248 |
mv $$file.new $$file; \
|
|
Chris PeBenito |
a08248 |
done
|
|
Chris PeBenito |
a08248 |
@for file in $(USER_FILES); do \
|
|
Chris PeBenito |
a08248 |
echo "Converting $$file"; \
|
|
Chris PeBenito |
a08248 |
sed -r -e 's/\;/ level s0 range s0;/' $$file | \
|
|
Chris PeBenito |
a08248 |
sed -r -e 's/(user (root|system_u).*);/\1 - s0:c0.c127;/' > $$file.new; \
|
|
Chris PeBenito |
a08248 |
mv $$file.new $$file; \
|
|
Chris PeBenito |
a08248 |
done
|
|
Chris PeBenito |
a08248 |
@sed -e '/sid kernel/s/s0/s0 - s0:c0.c127/' initial_sid_contexts > initial_sid_contexts.new && mv initial_sid_contexts.new initial_sid_contexts
|
|
Chris PeBenito |
a08248 |
@echo "Enabling MCS in the Makefile"
|
|
Chris PeBenito |
a08248 |
@sed "s/MCS=y/MCS=y/" Makefile > Makefile.new
|
|
Chris PeBenito |
a08248 |
@mv Makefile.new Makefile
|
|
Chris PeBenito |
a08248 |
@echo "Done"
|
|
Chris PeBenito |
a08248 |
|