diff --git a/.cvsignore b/.cvsignore index eb02359..4fd8058 100644 --- a/.cvsignore +++ b/.cvsignore @@ -34,3 +34,4 @@ serefpolicy-2.2.6.tgz serefpolicy-2.2.7.tgz serefpolicy-2.2.8.tgz serefpolicy-2.2.9.tgz +serefpolicy-2.2.10.tgz diff --git a/Makefile.devel b/Makefile.devel new file mode 100644 index 0000000..4f59b22 --- /dev/null +++ b/Makefile.devel @@ -0,0 +1,146 @@ + +-include build.conf + +# executables +PREFIX := /usr +BINDIR := $(PREFIX)/bin +SBINDIR := $(PREFIX)/sbin +CHECKMODULE := $(BINDIR)/checkmodule +SEMODULE := $(SBINDIR)/semodule +SEMOD_PKG := $(BINDIR)/semodule_package + +# helper tools +AWK ?= gawk +INSTALL ?= install +M4 ?= m4 +SED ?= sed +EINFO ?= echo + +# set default build options +NAME ?= $(shell . /etc/selinux/config; echo $$SELINUXTYPE) +MLSENABLED := $(shell cat /selinux/mls) + +ifeq ($(MLSENABLED),1) +MCSFLAG=-mcs +endif + +TYPE ?= $(NAME)${MCSFLAG} +DIRECT_INITRC ?= n +POLY ?= n + +# installation paths +SHAREDIR := $(PREFIX)/share/selinux +MODPKGDIR := $(SHAREDIR)/$(NAME) +HEADERDIR := $(SHAREDIR)/refpolicy/include + +# compile strict policy if requested. +ifneq ($(findstring strict,$(TYPE)),) + M4PARAM += -D strict_policy +endif + +# compile targeted policy if requested. +ifneq ($(findstring targeted,$(TYPE)),) + M4PARAM += -D targeted_policy +endif + +# enable MLS if requested. +ifneq ($(findstring -mls,$(TYPE)),) + M4PARAM += -D enable_mls + CHECKPOLICY += -M + CHECKMODULE += -M +endif + +# enable MLS if MCS requested. +ifneq ($(findstring -mcs,$(TYPE)),) + M4PARAM += -D enable_mcs + CHECKPOLICY += -M + CHECKMODULE += -M +endif + +# enable distribution-specific policy +ifneq ($(DISTRO),) + M4PARAM += -D distro_$(DISTRO) +endif + +# enable polyinstantiation +ifeq ($(POLY),y) + M4PARAM += -D enable_polyinstantiation +endif + +ifeq ($(DIRECT_INITRC),y) + M4PARAM += -D direct_sysadm_daemon +endif + +ifneq ($(VERBOSE),y) + quiet := @ +endif + +M4PARAM += -D hide_broken_symptoms + +# policy headers +m4support := $(wildcard $(HEADERDIR)/*.spt) +all_interfaces := $(wildcard $(HEADERDIR)/*.if) +rolemap := $(HEADERDIR)/rolemap + +detected_mods := $(wildcard *.te) +detected_ifs := $(detected_mods:.te=.if) +all_packages := $(detected_mods:.te=.pp) +install_mods := $(MODPKGDIR)/$(all_packages) + +######################################## +# +# Functions +# + +# parse-rolemap modulename,outputfile +define parse-rolemap + $(verbose) $(M4) $(M4PARAM) $(rolemap) | \ + $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2 +endef + +# peruser-expansion modulename,outputfile +define peruser-expansion + $(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" > $2 + $(call parse-rolemap,$1,$2) + $(verbose) echo "')" >> $2 +endef + +######################################## +# +# Main targets +# + +all: $(all_packages) + +######################################## +# +# Build module packages +# +tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te + @$(EINFO) "Compliling $(NAME) $(basename $(@F)) module" + @test -d tmp || mkdir -p tmp + $(call peruser-expansion,$(basename $(@F)),$@.role) + $(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp) + $(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@ + +tmp/%.mod.fc: $(m4support) %.fc + $(verbose) $(M4) $(M4PARAM) $^ > $@ + +%.pp: tmp/%.mod tmp/%.mod.fc + @echo "Creating $(NAME) $(@F) policy package" + $(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc + +tmp/all_interfaces.conf: $(m4support) $(all_interfaces) $(detected_ifs) + @test -d tmp || mkdir -p tmp + $(verbose) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@ + +######################################## +# +# Clean the environment +# + +clean: + rm -fR tmp + rm -f *.pp + +.PHONY: clean install all default diff --git a/modules-strict.conf b/modules-strict.conf index cb6ad28..5d7d2b3 100644 --- a/modules-strict.conf +++ b/modules-strict.conf @@ -1127,3 +1127,10 @@ miscfiles = module # ipsec = module +# Layer: admin +# Module: mrtg +# +# System log analyzer and reporter +# +mrtg = module + diff --git a/policygentool b/policygentool new file mode 100644 index 0000000..d3f28a6 --- /dev/null +++ b/policygentool @@ -0,0 +1,148 @@ +#! /usr/bin/env python +# Copyright (C) 2006 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# +# +import os, sys, getopt +import seobject +import re + +########################### Interface File ############################# +interface="\n\ +## TEMPLATETYPE policy\n\ +## \n\ +##

\n\ +## More descriptive text about TEMPLATETYPE. The \n\ +## tag can also use

,