diff --git a/refpolicy/Makefile b/refpolicy/Makefile index 09661b4..bc1c474 100644 --- a/refpolicy/Makefile +++ b/refpolicy/Makefile @@ -121,7 +121,7 @@ APPCONF = config/appconfig M4SUPPORT = $(wildcard $(POLDIR)/support/*.spt) GLOBALTUN := $(POLDIR)/global_tunables -MOD_DISABLE := $(POLDIR)/modules.conf +MOD_CONF := $(POLDIR)/modules.conf TUNABLES := $(POLDIR)/tunables.conf APPDIR := $(CONTEXTPATH) @@ -129,7 +129,6 @@ APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media USER_FILES := $(POLDIR)/users -DISABLEMOD := $(foreach mod,$(shell egrep -v '^[[:blank:]]*\#' $(MOD_DISABLE)),$(subst ./,,$(shell find -iname $(mod).te))) ALL_LAYERS := $(filter-out $(MODDIR)/CVS,$(shell find $(wildcard $(MODDIR)/*) -maxdepth 0 -type d)) GENERATED_TE := $(basename $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.te.in))) @@ -139,7 +138,10 @@ GENERATED_FC := $(basename $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.fc.in # sort here since it removes duplicates, which can happen # when a generated file is already generated DETECTED_MODS := $(sort $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.te)) $(GENERATED_TE)) -ALL_MODULES := $(filter-out $(DISABLEMOD),$(DETECTED_MODS)) + +MODON = on +ENABLEMOD := $(foreach mod,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODON)") print $$1 }' $(MOD_CONF)),$(subst ./,,$(shell find -iname $(mod).te))) +ALL_MODULES := $(filter $(ENABLEMOD),$(DETECTED_MODS)) PRE_TE_FILES := $(addprefix $(FLASKDIR)/,security_classes initial_sids access_vectors) $(M4SUPPORT) $(POLDIR)/mls ALL_INTERFACES := $(ALL_MODULES:.te=.if) @@ -240,10 +242,16 @@ tmp/generated_definitions.conf: $(ALL_LAYERS) $(ALL_TE_FILES) $(QUIET) $(SETTUN) $(TUNABLES) >> $@ tmp/all_interfaces.conf: $(M4SUPPORT) $(ALL_INTERFACES) +ifeq ($(ALL_INTERFACES),) + $(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf") +endif @test -d tmp || mkdir -p tmp $(QUIET) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@ tmp/all_te_files.conf: $(ALL_TE_FILES) +ifeq ($(ALL_TE_FILES),) + $(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf") +endif @test -d tmp || mkdir -p tmp $(QUIET) cat $^ > $@ @@ -345,11 +353,11 @@ relabel: $(FC) $(SETFILES) # # Create config files # -conf: $(MOD_DISABLE) $(TUNABLES) $(GENERATED_TE) $(GENERATED_IF) $(GENERATED_FC) +conf: $(MOD_CONF) $(TUNABLES) $(GENERATED_TE) $(GENERATED_IF) $(GENERATED_FC) -$(MOD_DISABLE) $(TUNABLES): $(POLXML) - @echo "Creating $(MOD_DISABLE) and $(TUNABLES)" - $(QUIET) cd $(DOCS) && ../$(GENDOC) -t ../$(TUNABLES) -m ../$(MOD_DISABLE) -x ../$(POLXML) +$(MOD_CONF) $(TUNABLES): $(POLXML) + @echo "Updating $(MOD_CONF) and $(TUNABLES)" + $(QUIET) cd $(DOCS) && ../$(GENDOC) -t ../$(TUNABLES) -m ../$(MOD_CONF) -x ../$(POLXML) ######################################## # @@ -358,8 +366,9 @@ $(MOD_DISABLE) $(TUNABLES): $(POLXML) # minimal dependencies here, because we don't want to rebuild # this and its dependents every time the dependencies -# change -$(POLXML): $(ALL_INTERFACES) +# change. Also use all .if files here, rather then just the +# enabled modules. +$(POLXML): $(DETECTED_MODS:.te=.if) @echo "Creating $@" @mkdir -p tmp $(QUIET) echo '' > $@ @@ -476,7 +485,7 @@ bare: clean rm -f $(POLXML) rm -f $(SUPPORT)/*.pyc rm -f $(FCSORT) - rm -f $(MOD_DISABLE) + rm -f $(MOD_CONF) rm -f $(TUNABLES) rm -fR $(HTMLDIR) ifneq ($(GENERATED_TE),)