Blob Blame History Raw
# installation paths
SHAREDIR := $(PREFIX)/share/selinux
HEADERDIR := $(SHAREDIR)/refpolicy/include

include $(HEADERDIR)/build.conf

# executables
PREFIX := /usr
BINDIR := $(PREFIX)/bin
SBINDIR := $(PREFIX)/sbin
CHECKMODULE := $(BINDIR)/checkmodule
SEMODULE := $(SBINDIR)/semodule
SEMOD_PKG := $(BINDIR)/semodule_package
XMLLINT := $(BINDIR)/xmllint

# helper tools
AWK ?= gawk
INSTALL ?= install
M4 ?= m4
SED ?= sed
EINFO ?= echo
PYTHON ?= python

# set default build options if missing
NAME ?= $(shell . /etc/selinux/config; echo $$SELINUXTYPE)
MLSENABLED := $(shell cat /selinux/mls)
MODPKGDIR := $(SHAREDIR)/$(NAME)

ifeq ($(MLSENABLED),1)
MCSFLAG=-mcs
endif

TYPE ?= $(NAME)${MCSFLAG}
DIRECT_INITRC ?= n
POLY ?= n
QUIET ?= y

# compile strict policy if requested.
ifneq ($(findstring strict,$(TYPE)),)
	M4PARAM += -D strict_policy
endif

# compile targeted policy if requested.
ifneq ($(findstring targeted,$(TYPE)),)
	M4PARAM += -D targeted_policy
endif

# enable MLS if requested.
ifneq ($(findstring -mls,$(TYPE)),)
	M4PARAM += -D enable_mls
	CHECKPOLICY += -M
	CHECKMODULE += -M
endif

# enable MLS if MCS requested.
ifneq ($(findstring -mcs,$(TYPE)),)
	M4PARAM += -D enable_mcs
	CHECKPOLICY += -M
	CHECKMODULE += -M
endif

# enable distribution-specific policy
ifneq ($(DISTRO),)
	M4PARAM += -D distro_$(DISTRO)
endif

# enable polyinstantiation
ifeq ($(POLY),y)
	M4PARAM += -D enable_polyinstantiation
endif

ifeq ($(DIRECT_INITRC),y)
	M4PARAM += -D direct_sysadm_daemon
endif

ifneq ($(VERBOSE),y)
	quiet := @
endif

M4PARAM += -D hide_broken_symptoms

# policy headers
m4support := $(wildcard $(HEADERDIR)/*.spt)
all_interfaces := $(wildcard $(HEADERDIR)/*.if)
rolemap := $(HEADERDIR)/rolemap

detected_mods := $(wildcard *.te)
detected_ifs := $(detected_mods:.te=.if)
all_packages := $(detected_mods:.te=.pp)
install_mods := $(MODPKGDIR)/$(all_packages)

########################################
#
# Functions
#

# parse-rolemap modulename,outputfile
define parse-rolemap
	$(verbose) $(M4) $(M4PARAM) $(rolemap) | \
		$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
endef

# peruser-expansion modulename,outputfile
define peruser-expansion
	$(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" > $2
	$(call parse-rolemap,$1,$2)
	$(verbose) echo "')" >> $2
endef

########################################
#
# Main targets
#

all: $(all_packages)

########################################
#
# Build module packages
#
tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
	@$(EINFO) "Compliling $(NAME) $(basename $(@F)) module"
	@test -d tmp || mkdir -p tmp
	$(call peruser-expansion,$(basename $(@F)),$@.role)
	$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
	$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@

tmp/%.mod.fc: $(m4support) %.fc
	$(verbose) $(M4) $(M4PARAM) $^ > $@

%.pp: tmp/%.mod tmp/%.mod.fc
	@echo "Creating $(NAME) $(@F) policy package"
	$(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc

tmp/all_interfaces.conf: $(m4support) $(all_interfaces) $(detected_ifs)
	@test -d tmp || mkdir -p tmp
	$(verbose) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@

########################################
#
# Clean the environment
#

clean:
	rm -fR tmp
	rm -f *.pp

.PHONY: clean install all default