From c9a26b3e95fc123c5fbe64b9eb2cd35120d820c4 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: May 25 2005 20:58:09 +0000 Subject: add in appconfig files --- diff --git a/refpolicy/Makefile b/refpolicy/Makefile index 27c0576..1f6bdaf 100644 --- a/refpolicy/Makefile +++ b/refpolicy/Makefile @@ -24,7 +24,7 @@ POLICYCOMPAT = -c 18 # set distribution -#override M4PARAM += -D distro_redhat +override M4PARAM += -D distro_redhat # Uncomment this to disable command echoing #QUIET:=@ @@ -71,6 +71,11 @@ BASE_MODULE = kernel FLASKDIR = $(BASE_MODULE)/flask/ MISCDIR = $(BASE_MODULE)/misc/ +APPDIR := $(CONTEXTPATH) +APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(CONTEXTPATH)/files/media +CONTEXTFILES += $(wildcard appconfig/*_context*) appconfig/media +USER_FILES := $(MISCDIR)/users + DETECTED_DIRS := $(shell find $(wildcard *) -maxdepth 0 -type d) ALL_MODULES := $(filter-out tmp appconfig CVS,$(DETECTED_DIRS)) @@ -83,8 +88,6 @@ ALL_FC_FILES := $(foreach dir,$(ALL_MODULES),$(wildcard $(dir)/*.fc)) POLICY_SECTIONS := tmp/pre_te_files.conf tmp/generated_definitions.conf tmp/all_interfaces.conf tmp/all_attrs_types.conf tmp/only_te_rules.conf tmp/all_post.conf -override M4PARAM += -D monolithic_policy - ######################################## # # default action: build policy locally @@ -93,7 +96,9 @@ default: policy policy: $(POLVER) -install: $(LOADPATH) +install: $(LOADPATH) $(FCPATH) $(USERPATH)/local.users + +load: tmp/load ######################################## # @@ -131,8 +136,6 @@ reload tmp/load: $(LOADPATH) $(FCPATH) $(QUIET) $(LOADPOLICY) -q $(LOADPATH) @touch tmp/load -load: tmp/load - ######################################## # # Construct a monolithic policy.conf @@ -140,7 +143,7 @@ load: tmp/load policy.conf: $(POLICY_SECTIONS) @echo "Creating policy.conf" # checkpolicy can use the #line directives provided by -s for error reporting: - $(QUIET) m4 $(M4PARAM) -s $^ > tmp/$@.tmp + $(QUIET) m4 $(M4PARAM) -D monolithic_policy -s $^ > tmp/$@.tmp $(QUIET) sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d < tmp/$@.tmp > $@ # the ordering of these ocontexts matters: $(QUIET) grep ^portcon tmp/$@.tmp >> $@ || true @@ -162,8 +165,8 @@ tmp/generated_definitions.conf: $(ALL_MODULES) $(ALL_TE_FILES) $(BASE_MODULE)/co $(QUIET) for i in $(notdir $(ALL_TE_FILES)); do \ echo "define(\`$$i')" >> $@ ;\ done - $(QUIET) grep -E "^network_(interface|node|port)\(.*\)" $(BASE_MODULE)/corenetwork.te \ - | m4 $(M4PARAM) -D interface_pass $(BASE_MODULE)/global.if $(BASE_MODULE)/corenetwork.if - \ + $(QUIET) egrep "^network_(interface|node|port)\(.*\)" $(BASE_MODULE)/corenetwork.te \ + | m4 $(M4PARAM) -D monolithic_policy -D interface_pass $(BASE_MODULE)/global.if $(BASE_MODULE)/corenetwork.if - \ | sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@ # this is so the xml works: $(QUIET) echo "## " >> $@ @@ -212,8 +215,7 @@ $(FC): kernel/global.if $(ALL_FC_FILES) # # Install file_contexts # -$(FCPATH): $(FC) -#$(FCPATH): $(FC) $(USERPATH)/system.users +$(FCPATH): $(FC) $(USERPATH)/system.users @mkdir -p $(CONTEXTPATH)/files $(QUIET) install -m 644 $(FC) $(FCPATH) # $(QUIET) install -m 644 $(HOMEDIR_TEMPLATE) $(HOMEDIRPATH) @@ -256,9 +258,77 @@ xml: policy.xml policy.xml: $(ALL_INTERFACES) tmp/generated_definitions.conf @echo "Creating $@" $(QUIET) echo "" > $@ - $(QUIET) grep -h -E "^##[[:space:]]" $^ | sed -e 's/^##[[:space:]]//g' >> $@ + $(QUIET) egrep -h "^##[[:space:]]" $^ | sed -e 's/^##[[:space:]]//g' >> $@ $(QUIET) echo "" >> $@ +######################################## +# +# Runtime binary policy patching of users +# +$(USERPATH)/system.users: $(USER_FILES) tmp/generated_definitions.conf + @mkdir -p $(USERPATH) + @echo "Installing system.users" + @echo "# " > tmp/system.users + @echo "# Do not edit this file. " >> tmp/system.users + @echo "# This file is replaced on reinstalls of this policy." >> tmp/system.users + @echo "# Please edit local.users to make local changes." >> tmp/system.users + @echo "#" >> tmp/system.users + $(QUIET) m4 $(M4PARAM) tmp/generated_definitions.conf $(USER_FILES) | \ + egrep -v "^[[:space:]]*($$|#)" >> tmp/system.users + $(QUIET) install -m 644 tmp/system.users $@ + +$(USERPATH)/local.users: local.users + @mkdir -p $(USERPATH) + @echo "Installing local.users" + $(QUIET) install -C -b -m 644 $< $@ + +######################################## +# +# Appconfig files +# +install-appconfig: $(APPFILES) + +$(CONTEXTPATH)/files/media: appconfig/media + mkdir -p $(CONTEXTPATH)/files/ + install -m 644 $< $@ + +$(APPDIR)/default_contexts: appconfig/default_contexts + mkdir -p $(APPDIR) + install -m 644 $< $@ + +$(APPDIR)/removable_context: appconfig/removable_context + mkdir -p $(APPDIR) + install -m 644 $< $@ + +$(APPDIR)/customizable_types: policy.conf + mkdir -p $(APPDIR) + @grep "^type .*customizable" $< | cut -d',' -f1 | cut -d' ' -f2 > tmp/customizable_types + install -m 644 tmp/customizable_types $@ + +$(APPDIR)/default_type: appconfig/default_type + mkdir -p $(APPDIR) + install -m 644 $< $@ + +$(APPDIR)/userhelper_context: appconfig/userhelper_context + mkdir -p $(APPDIR) + install -m 644 $< $@ + +$(APPDIR)/initrc_context: appconfig/initrc_context + mkdir -p $(APPDIR) + install -m 644 $< $@ + +$(APPDIR)/failsafe_context: appconfig/failsafe_context + mkdir -p $(APPDIR) + install -m 644 $< $@ + +$(APPDIR)/dbus_contexts: appconfig/dbus_contexts + mkdir -p $(APPDIR) + install -m 644 $< $@ + +$(APPDIR)/users/root: appconfig/root_default_contexts + mkdir -p $(APPDIR)/users + install -m 644 $< $@ + clean: rm -fR tmp rm -f policy.xml