[people/stevee/selinux-policy.git] / Rules.monolithic

########################################
#
# Rules and Targets for building monolithic policies
#

# determine the policy version and current kernel version if possible
pv := $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
kv := $(shell cat /selinux/policyvers)

# dont print version warnings if we are unable to determine
# the currently running kernel's policy version
ifeq "$(kv)" ""
	kv := $(pv)
endif

policy_conf = $(builddir)policy.conf
fc = $(builddir)file_contexts
polver = $(builddir)policy.$(pv)
homedir_template = $(builddir)homedir_template

M4PARAM += -D self_contained_policy

# install paths
policypath = $(installdir)/policy
loadpath = $(policypath)/$(notdir $(polver))
homedirpath = $(contextpath)/files/homedir_template

appfiles += $(installdir)/booleans $(userpath)/local.users

# for monolithic policy use all base and module to create policy
all_modules := $(strip $(base_mods) $(mod_mods))
# off module interfaces included to make sure all interfaces are expanded.
all_interfaces := $(all_modules:.te=.if) $(off_mods:.te=.if)
all_te_files := $(all_modules)
all_fc_files := $(all_modules:.te=.fc)

pre_te_files := $(secclass) $(isids) $(avs) $(m4support) $(poldir)/mls $(poldir)/mcs
post_te_files := $(user_files) $(poldir)/constraints

policy_sections := $(tmpdir)/pre_te_files.conf $(tmpdir)/all_attrs_types.conf $(tmpdir)/global_bools.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf

# search layer dirs for source files
vpath %.te $(all_layers)
vpath %.if $(all_layers)
vpath %.fc $(all_layers)

########################################
#
# default action: build policy locally
#
default: policy

policy: $(polver)

install: $(loadpath) $(fcpath) $(ncpath) $(appfiles)

load: $(tmpdir)/load

checklabels: $(fcpath)
restorelabels: $(fcpath)
relabel:  $(fcpath)
resetlabels:  $(fcpath)

########################################
#
# Build a binary policy locally
#
$(polver): $(policy_conf)
	@echo "Compiling $(NAME) $(polver)"
ifneq ($(pv),$(kv))
	@echo
	@echo "WARNING: Policy version mismatch!  Is your OUTPUT_POLICY set correctly?"
	@echo
endif
	$(verbose) $(CHECKPOLICY) $^ -o $@

########################################
#
# Install a binary policy
#
$(loadpath): $(policy_conf)
	@mkdir -p $(policypath)
	@echo "Compiling and installing $(NAME) $(loadpath)"
ifneq ($(pv),$(kv))
	@echo
	@echo "WARNING: Policy version mismatch!  Is your OUTPUT_POLICY set correctly?"
	@echo
endif
	$(verbose) $(CHECKPOLICY) $^ -o $@

########################################
#
# Load the binary policy
#
reload $(tmpdir)/load: $(loadpath) $(fcpath) $(ncpath) $(appfiles)
	@echo "Loading $(NAME) $(loadpath)"
	$(verbose) $(LOADPOLICY) -q $(loadpath)
	@touch $(tmpdir)/load

########################################
#
# Construct a monolithic policy.conf
#
$(policy_conf): $(policy_sections)
	@echo "Creating $(NAME) $(@F)"
	@test -d $(@D) || mkdir -p $(@D)
	$(verbose) cat $^ > $@

$(tmpdir)/pre_te_files.conf: $(pre_te_files)
	@test -d $(tmpdir) || mkdir -p $(tmpdir)
	$(verbose) $(M4) $(M4PARAM) $^ > $@

$(tmpdir)/generated_definitions.conf: $(all_te_files)
	@test -d $(tmpdir) || mkdir -p $(tmpdir)
# define all available object classes
	$(verbose) $(genperm) $(avs) $(secclass) > $@
# per-userdomain templates:
	$(verbose) echo "define(\`base_per_userdomain_template',\`" >> $@
	$(verbose) $(foreach mod,$(basename $(notdir $(all_modules))), \
		echo "ifdef(\`""$(mod)""_per_userdomain_template',\`""$(mod)""_per_userdomain_template("'$$*'")')" >> $@ ;)
	$(verbose) echo "')" >> $@
	$(verbose) test -f $(booleans) && $(setbools) $(booleans) >> $@ || true

$(tmpdir)/global_bools.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(globalbool) $(globaltun)
	$(verbose) $(M4) $(M4PARAM) $^ > $@

$(tmpdir)/all_interfaces.conf: $(m4support) $(all_interfaces)
	@test -d $(tmpdir) || mkdir -p $(tmpdir)
	@echo "ifdef(\`__if_error',\`m4exit(1)')" > $(tmpdir)/iferror.m4
	@echo "divert(-1)" > $@
	$(verbose) $(M4) $^ $(tmpdir)/iferror.m4 >> $(tmpdir)/$(@F).tmp
	$(verbose) $(SED) -e s/dollarsstar/\$$\*/g $(tmpdir)/$(@F).tmp >> $@
	@echo "divert" >> $@

$(tmpdir)/rolemap.conf: $(rolemap)
	$(call parse-rolemap,base,$@)

$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(all_te_files) $(tmpdir)/rolemap.conf
ifeq "$(strip $(all_te_files))" ""
	$(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf")
endif
	@test -d $(tmpdir) || mkdir -p $(tmpdir)
	$(verbose) $(M4) $(M4PARAM) -s $^ > $@

$(tmpdir)/post_te_files.conf: $(m4support) $(post_te_files)
	@test -d $(tmpdir) || mkdir -p $(tmpdir)
	$(verbose) $(M4) $(M4PARAM) $^ > $@

# extract attributes and put them first. extract post te stuff
# like genfscon and put last.
$(tmpdir)/all_attrs_types.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf: $(tmpdir)/all_te_files.conf $(tmpdir)/post_te_files.conf
	$(verbose) $(get_type_attr_decl) $(tmpdir)/all_te_files.conf | $(SORT) > $(tmpdir)/all_attrs_types.conf
	$(verbose) cat $(tmpdir)/post_te_files.conf > $(tmpdir)/all_post.conf
# these have to run individually because order matters:
	$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
	$(verbose) $(GREP) '^fs_use_(xattr|task|trans)' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
	$(verbose) $(GREP) ^genfscon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
	$(verbose) $(GREP) ^portcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
	$(verbose) $(GREP) ^netifcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
	$(verbose) $(GREP) ^nodecon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
	$(verbose) $(comment_move_decl) $(tmpdir)/all_te_files.conf > $(tmpdir)/only_te_rules.conf

########################################
#
# Remove the dontaudit rules from the policy.conf
#
enableaudit: $(policy_conf)
	@test -d $(tmpdir) || mkdir -p $(tmpdir)
	@echo "Removing dontaudit rules from $(notdir $(policy_conf))"
	$(verbose) $(GREP) -v dontaudit $^ > $(tmpdir)/policy.audit
	$(verbose) mv $(tmpdir)/policy.audit $(policy_conf)

########################################
#
# Construct file_contexts
#
$(fc): $(tmpdir)/$(notdir $(fc)).tmp $(fcsort)
	$(verbose) $(fcsort) $< $@
	$(verbose) $(GREP) -e HOME -e ROLE $@ > $(homedir_template)
	$(verbose) $(SED) -i -e /HOME/d -e /ROLE/d $@

$(tmpdir)/$(notdir $(fc)).tmp: $(m4support) $(tmpdir)/generated_definitions.conf $(all_fc_files)
ifeq ($(all_fc_files),)
	$(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf")
endif
	@echo "Creating $(NAME) file_contexts."
	@test -d $(tmpdir) || mkdir -p $(tmpdir)
	$(verbose) $(M4) $(M4PARAM) $^ > $@

$(homedir_template): $(fc)

########################################
#
# Install file_contexts
#
$(fcpath): $(fc) $(loadpath) $(userpath)/system.users
	@echo "Validating $(NAME) file_contexts."
	$(verbose) $(SETFILES) -q -c $(loadpath) $(fc)
	@echo "Installing file_contexts."
	@mkdir -p $(contextpath)/files
	$(verbose) $(INSTALL) -m 644 $(fc) $(fcpath)
	$(verbose) $(INSTALL) -m 644 $(homedir_template) $(homedirpath)
	$(verbose) $(genhomedircon) -d $(topdir) -t $(NAME) $(USEPWD)
ifeq "$(DISTRO)" "rhel4"
# Setfiles in RHEL4 does not look at file_contexts.homedirs.
	$(verbose) cat $@.homedirs >> $@
# Delete the file_contexts.homedirs in case the toolchain has
# been updated, to prevent duplicate match errors.
	$(verbose) rm -f $@.homedirs
endif

########################################
#
# Intall netfilter_contexts
#
$(ncpath): $(net_contexts)
	@echo "Installing $(NAME) netfilter_contexts."
	$(verbose) $(INSTALL) -m 0644 $^ $@

########################################
#
# Run policy source checks
#
check: $(builddir)check.res
$(builddir)check.res: $(policy_conf) $(fc)
	$(SECHECK) -s --profile=development --policy=$(policy_conf) --fcfile=$(fc) > $@

longcheck: $(builddir)longcheck.res
$(builddir)longcheck.res: $(policy_conf) $(fc)
	$(SECHECK) -s --profile=all --policy=$(policy_conf) --fcfile=$(fc) > $@

########################################
#
# Appconfig files
#
$(appdir)/customizable_types: $(policy_conf)
	@mkdir -p $(appdir)
	$(verbose) $(GREP) '^[[:blank:]]*type .*customizable' $< | cut -d';' -f1 | cut -d',' -f1 | cut -d' ' -f2 | $(SORT) -u > $(tmpdir)/customizable_types
	$(verbose) $(INSTALL) -m 644 $(tmpdir)/customizable_types $@ 

########################################
#
# Clean the sources
#
clean:
	rm -f $(policy_conf)
	rm -f $(polver)
	rm -f $(fc)
	rm -f $(homedir_template)
	rm -f $(net_contexts)
	rm -f *.res
	rm -fR $(tmpdir)

.PHONY: default policy install load reload enableaudit checklabels restorelabels relabel check longcheck clean
Commit	Line	Data
fb0a3a98 CP	1	########################################
	2	#
	3	# Rules and Targets for building monolithic policies
	4	#
	5
c634db20 CP	6	# determine the policy version and current kernel version if possible
	7	pv := $(shell $(CHECKPOLICY) -V \|cut -f 1 -d ' ')
	8	kv := $(shell cat /selinux/policyvers)
	9
	10	# dont print version warnings if we are unable to determine
	11	# the currently running kernel's policy version
	12	ifeq "$(kv)" ""
	13	kv := $(pv)
	14	endif
	15
	16	policy_conf = $(builddir)policy.conf
	17	fc = $(builddir)file_contexts
	18	polver = $(builddir)policy.$(pv)
	19	homedir_template = $(builddir)homedir_template
c9f20d5b	20
3abd5ee8 CP	21	M4PARAM += -D self_contained_policy
3abd5ee8 CP	22
fb0a3a98	23	# install paths
c634db20 CP	24	policypath = $(installdir)/policy
	25	loadpath = $(policypath)/$(notdir $(polver))
	26	homedirpath = $(contextpath)/files/homedir_template
fb0a3a98	27
c634db20	28	appfiles += $(installdir)/booleans $(userpath)/local.users
fb0a3a98	29
c767b14c	30	# for monolithic policy use all base and module to create policy
c634db20	31	all_modules := $(strip $(base_mods) $(mod_mods))
ab23bb90	32	# off module interfaces included to make sure all interfaces are expanded.
c634db20 CP	33	all_interfaces := $(all_modules:.te=.if) $(off_mods:.te=.if)
	34	all_te_files := $(all_modules)
	35	all_fc_files := $(all_modules:.te=.fc)
fb0a3a98	36
c634db20 CP	37	pre_te_files := $(secclass) $(isids) $(avs) $(m4support) $(poldir)/mls $(poldir)/mcs
c634db20 CP	38	post_te_files := $(user_files) $(poldir)/constraints
fb0a3a98	39
c634db20	40	policy_sections := $(tmpdir)/pre_te_files.conf $(tmpdir)/all_attrs_types.conf $(tmpdir)/global_bools.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf
c767b14c CP	41
c767b14c CP	42	# search layer dirs for source files
c634db20 CP	43	vpath %.te $(all_layers)
	44	vpath %.if $(all_layers)
	45	vpath %.fc $(all_layers)
c767b14c	46
fb0a3a98 CP	47	########################################
	48	#
	49	# default action: build policy locally
	50	#
	51	default: policy
	52
c634db20	53	policy: $(polver)
fb0a3a98	54
c634db20	55	install: $(loadpath) $(fcpath) $(ncpath) $(appfiles)
fb0a3a98	56
c634db20	57	load: $(tmpdir)/load
fb0a3a98	58
c634db20 CP	59	checklabels: $(fcpath)
	60	restorelabels: $(fcpath)
	61	relabel: $(fcpath)
	62	resetlabels: $(fcpath)
120988c4	63
fb0a3a98 CP	64	########################################
	65	#
	66	# Build a binary policy locally
	67	#
c634db20 CP	68	$(polver): $(policy_conf)
	69	@echo "Compiling $(NAME) $(polver)"
	70	ifneq ($(pv),$(kv))
fb0a3a98 CP	71	@echo
	72	@echo "WARNING: Policy version mismatch! Is your OUTPUT_POLICY set correctly?"
	73	@echo
	74	endif
5b45ffb0	75	$(verbose) $(CHECKPOLICY) $^ -o $@
fb0a3a98 CP	76
	77	########################################
	78	#
	79	# Install a binary policy
	80	#
c634db20 CP	81	$(loadpath): $(policy_conf)
	82	@mkdir -p $(policypath)
	83	@echo "Compiling and installing $(NAME) $(loadpath)"
	84	ifneq ($(pv),$(kv))
fb0a3a98 CP	85	@echo
	86	@echo "WARNING: Policy version mismatch! Is your OUTPUT_POLICY set correctly?"
	87	@echo
	88	endif
9b3756bf	89	$(verbose) $(CHECKPOLICY) $^ -o $@
fb0a3a98 CP	90
	91	########################################
	92	#
	93	# Load the binary policy
	94	#
c634db20 CP	95	reload $(tmpdir)/load: $(loadpath) $(fcpath) $(ncpath) $(appfiles)
	96	@echo "Loading $(NAME) $(loadpath)"
	97	$(verbose) $(LOADPOLICY) -q $(loadpath)
	98	@touch $(tmpdir)/load
fb0a3a98 CP	99
	100	########################################
	101	#
	102	# Construct a monolithic policy.conf
	103	#
c634db20	104	$(policy_conf): $(policy_sections)
c9f20d5b	105	@echo "Creating $(NAME) $(@F)"
3abd5ee8 CP	106	@test -d $(@D) \|\| mkdir -p $(@D)
3abd5ee8 CP	107	$(verbose) cat $^ > $@
fb0a3a98	108
c634db20 CP	109	$(tmpdir)/pre_te_files.conf: $(pre_te_files)
c634db20 CP	110	@test -d $(tmpdir) \|\| mkdir -p $(tmpdir)
3abd5ee8	111	$(verbose) $(M4) $(M4PARAM) $^ > $@
fb0a3a98	112
c634db20 CP	113	$(tmpdir)/generated_definitions.conf: $(all_te_files)
c634db20 CP	114	@test -d $(tmpdir) \|\| mkdir -p $(tmpdir)
70131678	115	# define all available object classes
c634db20	116	$(verbose) $(genperm) $(avs) $(secclass) > $@
70131678 CP	117	# per-userdomain templates:
70131678 CP	118	$(verbose) echo "define(\`base_per_userdomain_template',\`" >> $@
c634db20	119	$(verbose) $(foreach mod,$(basename $(notdir $(all_modules))), \
3abd5ee8	120	echo "ifdef(\`""$(mod)""_per_userdomain_template',\`""$(mod)""_per_userdomain_template("'$$*'")')" >> $@ ;)
9b3756bf	121	$(verbose) echo "')" >> $@
c634db20	122	$(verbose) test -f $(booleans) && $(setbools) $(booleans) >> $@ \|\| true
fb0a3a98	123
c634db20	124	$(tmpdir)/global_bools.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(globalbool) $(globaltun)
3abd5ee8 CP	125	$(verbose) $(M4) $(M4PARAM) $^ > $@
3abd5ee8 CP	126
c634db20 CP	127	$(tmpdir)/all_interfaces.conf: $(m4support) $(all_interfaces)
	128	@test -d $(tmpdir) \|\| mkdir -p $(tmpdir)
	129	@echo "ifdef(\`__if_error',\`m4exit(1)')" > $(tmpdir)/iferror.m4
3abd5ee8	130	@echo "divert(-1)" > $@
c634db20 CP	131	$(verbose) $(M4) $^ $(tmpdir)/iferror.m4 >> $(tmpdir)/$(@F).tmp
c634db20 CP	132	$(verbose) $(SED) -e s/dollarsstar/\$$\*/g $(tmpdir)/$(@F).tmp >> $@
3abd5ee8	133	@echo "divert" >> $@
fb0a3a98	134
c634db20	135	$(tmpdir)/rolemap.conf: $(rolemap)
3abd5ee8 CP	136	$(call parse-rolemap,base,$@)
3abd5ee8 CP	137
c634db20 CP	138	$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(all_te_files) $(tmpdir)/rolemap.conf
	139	ifeq "$(strip $(all_te_files))" ""
	140	$(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf")
fb0a3a98	141	endif
c634db20	142	@test -d $(tmpdir) \|\| mkdir -p $(tmpdir)
3abd5ee8	143	$(verbose) $(M4) $(M4PARAM) -s $^ > $@
fb0a3a98	144
c634db20 CP	145	$(tmpdir)/post_te_files.conf: $(m4support) $(post_te_files)
c634db20 CP	146	@test -d $(tmpdir) \|\| mkdir -p $(tmpdir)
3abd5ee8	147	$(verbose) $(M4) $(M4PARAM) $^ > $@
fb0a3a98 CP	148
fb0a3a98 CP	149	# extract attributes and put them first. extract post te stuff
3abd5ee8	150	# like genfscon and put last.
c634db20 CP	151	$(tmpdir)/all_attrs_types.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf: $(tmpdir)/all_te_files.conf $(tmpdir)/post_te_files.conf
	152	$(verbose) $(get_type_attr_decl) $(tmpdir)/all_te_files.conf \| $(SORT) > $(tmpdir)/all_attrs_types.conf
	153	$(verbose) cat $(tmpdir)/post_te_files.conf > $(tmpdir)/all_post.conf
3abd5ee8	154	# these have to run individually because order matters:
c634db20 CP	155	$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf \|\| true
	156	$(verbose) $(GREP) '^fs_use_(xattr\|task\|trans)' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf \|\| true
	157	$(verbose) $(GREP) ^genfscon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf \|\| true
	158	$(verbose) $(GREP) ^portcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf \|\| true
	159	$(verbose) $(GREP) ^netifcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf \|\| true
	160	$(verbose) $(GREP) ^nodecon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf \|\| true
	161	$(verbose) $(comment_move_decl) $(tmpdir)/all_te_files.conf > $(tmpdir)/only_te_rules.conf
fb0a3a98 CP	162
	163	########################################
	164	#
	165	# Remove the dontaudit rules from the policy.conf
	166	#
c634db20 CP	167	enableaudit: $(policy_conf)
	168	@test -d $(tmpdir) \|\| mkdir -p $(tmpdir)
	169	@echo "Removing dontaudit rules from $(notdir $(policy_conf))"
	170	$(verbose) $(GREP) -v dontaudit $^ > $(tmpdir)/policy.audit
	171	$(verbose) mv $(tmpdir)/policy.audit $(policy_conf)
fb0a3a98 CP	172
	173	########################################
	174	#
	175	# Construct file_contexts
	176	#
c634db20 CP	177	$(fc): $(tmpdir)/$(notdir $(fc)).tmp $(fcsort)
	178	$(verbose) $(fcsort) $< $@
	179	$(verbose) $(GREP) -e HOME -e ROLE $@ > $(homedir_template)
3abd5ee8	180	$(verbose) $(SED) -i -e /HOME/d -e /ROLE/d $@
c767b14c	181
c634db20 CP	182	$(tmpdir)/$(notdir $(fc)).tmp: $(m4support) $(tmpdir)/generated_definitions.conf $(all_fc_files)
	183	ifeq ($(all_fc_files),)
	184	$(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf")
fb0a3a98 CP	185	endif
fb0a3a98 CP	186	@echo "Creating $(NAME) file_contexts."
c634db20	187	@test -d $(tmpdir) \|\| mkdir -p $(tmpdir)
3abd5ee8	188	$(verbose) $(M4) $(M4PARAM) $^ > $@
fb0a3a98	189
c634db20	190	$(homedir_template): $(fc)
fc47b34c	191
fb0a3a98 CP	192	########################################
	193	#
	194	# Install file_contexts
	195	#
c634db20	196	$(fcpath): $(fc) $(loadpath) $(userpath)/system.users
fb0a3a98	197	@echo "Validating $(NAME) file_contexts."
c634db20	198	$(verbose) $(SETFILES) -q -c $(loadpath) $(fc)
fb0a3a98	199	@echo "Installing file_contexts."
c634db20 CP	200	@mkdir -p $(contextpath)/files
	201	$(verbose) $(INSTALL) -m 644 $(fc) $(fcpath)
	202	$(verbose) $(INSTALL) -m 644 $(homedir_template) $(homedirpath)
	203	$(verbose) $(genhomedircon) -d $(topdir) -t $(NAME) $(USEPWD)
fc47b34c CP	204	ifeq "$(DISTRO)" "rhel4"
	205	# Setfiles in RHEL4 does not look at file_contexts.homedirs.
	206	$(verbose) cat $@.homedirs >> $@
	207	# Delete the file_contexts.homedirs in case the toolchain has
	208	# been updated, to prevent duplicate match errors.
	209	$(verbose) rm -f $@.homedirs
185ab241	210	endif
fb0a3a98	211
8df65f13	212	########################################
5a7c06fd CP	213	#
	214	# Intall netfilter_contexts
	215	#
c634db20	216	$(ncpath): $(net_contexts)
5a7c06fd	217	@echo "Installing $(NAME) netfilter_contexts."
cfd5c5e1	218	$(verbose) $(INSTALL) -m 0644 $^ $@
5a7c06fd CP	219
5a7c06fd CP	220	########################################
8df65f13 CP	221	#
	222	# Run policy source checks
	223	#
c634db20 CP	224	check: $(builddir)check.res
	225	$(builddir)check.res: $(policy_conf) $(fc)
	226	$(SECHECK) -s --profile=development --policy=$(policy_conf) --fcfile=$(fc) > $@
8df65f13	227
c634db20 CP	228	longcheck: $(builddir)longcheck.res
	229	$(builddir)longcheck.res: $(policy_conf) $(fc)
	230	$(SECHECK) -s --profile=all --policy=$(policy_conf) --fcfile=$(fc) > $@
8df65f13	231
049e11af CP	232	########################################
	233	#
	234	# Appconfig files
	235	#
c634db20 CP	236	$(appdir)/customizable_types: $(policy_conf)
	237	@mkdir -p $(appdir)
	238	$(verbose) $(GREP) '^[[:blank:]]type .customizable' $< \| cut -d';' -f1 \| cut -d',' -f1 \| cut -d' ' -f2 \| $(SORT) -u > $(tmpdir)/customizable_types
	239	$(verbose) $(INSTALL) -m 644 $(tmpdir)/customizable_types $@
049e11af	240
fb0a3a98 CP	241	########################################
	242	#
	243	# Clean the sources
	244	#
	245	clean:
c634db20 CP	246	rm -f $(policy_conf)
	247	rm -f $(polver)
	248	rm -f $(fc)
	249	rm -f $(homedir_template)
6962bb32	250	rm -f $(net_contexts)
8df65f13	251	rm -f *.res
c634db20	252	rm -fR $(tmpdir)
fb0a3a98	253
8df65f13	254	.PHONY: default policy install load reload enableaudit checklabels restorelabels relabel check longcheck clean