]>
Commit | Line | Data |
---|---|---|
fb0a3a98 CP |
1 | ######################################## |
2 | # | |
c3812748 | 3 | # Rules and Targets for building modular policies |
fb0a3a98 CP |
4 | # |
5 | ||
c634db20 CP |
6 | all_modules := $(base_mods) $(mod_mods) $(off_mods) |
7 | all_interfaces := $(all_modules:.te=.if) | |
fb0a3a98 | 8 | |
c634db20 CP |
9 | base_pkg := $(builddir)base.pp |
10 | base_fc := $(builddir)base.fc | |
11 | base_conf := $(builddir)base.conf | |
12 | base_mod := $(tmpdir)/base.mod | |
fb0a3a98 | 13 | |
c634db20 | 14 | users_extra := $(tmpdir)/users_extra |
90b331fa | 15 | |
c634db20 | 16 | base_sections := $(tmpdir)/pre_te_files.conf $(tmpdir)/all_attrs_types.conf $(tmpdir)/global_bools.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf |
fb0a3a98 | 17 | |
c07f9ccd | 18 | base_pre_te_files := $(secclass) $(isids) $(avs) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps) |
c634db20 CP |
19 | base_te_files := $(base_mods) |
20 | base_post_te_files := $(user_files) $(poldir)/constraints | |
21 | base_fc_files := $(base_mods:.te=.fc) | |
fb0a3a98 | 22 | |
c634db20 | 23 | mod_pkgs := $(addprefix $(builddir),$(notdir $(mod_mods:.te=.pp))) |
c04f2abe | 24 | |
c767b14c | 25 | # policy packages to install |
c634db20 | 26 | instpkg := $(addprefix $(modpkgdir)/,$(notdir $(base_pkg)) $(mod_pkgs)) |
c767b14c | 27 | |
c04f2abe | 28 | # search layer dirs for source files |
c634db20 CP |
29 | vpath %.te $(all_layers) |
30 | vpath %.if $(all_layers) | |
31 | vpath %.fc $(all_layers) | |
fb0a3a98 | 32 | |
1a61ce02 | 33 | .SECONDARY: $(addprefix $(tmpdir)/,$(mod_pkgs:.pp=.mod)) $(addprefix $(tmpdir)/,$(mod_pkgs:.pp=.mod.fc)) |
e60b983b | 34 | |
fb0a3a98 CP |
35 | ######################################## |
36 | # | |
37 | # default action: create all module packages | |
38 | # | |
ddb9aafc | 39 | default: policy |
fb0a3a98 | 40 | |
ddb9aafc | 41 | all policy: base modules |
06a5362f | 42 | |
c634db20 | 43 | base: $(base_pkg) |
fb0a3a98 | 44 | |
c634db20 | 45 | modules: $(mod_pkgs) |
fb0a3a98 | 46 | |
c634db20 | 47 | install: $(instpkg) $(appfiles) |
c767b14c CP |
48 | |
49 | ######################################## | |
50 | # | |
51 | # Load all configured modules | |
52 | # | |
c634db20 | 53 | load: $(instpkg) $(appfiles) |
21283237 CP |
54 | # make sure two directories exist since they are not |
55 | # created by semanage | |
56 | @mkdir -p $(policypath) $(dir $(fcpath)) | |
c767b14c | 57 | @echo "Loading configured modules." |
c634db20 | 58 | $(verbose) $(SEMODULE) -s $(NAME) -b $(modpkgdir)/$(notdir $(base_pkg)) $(foreach mod,$(mod_pkgs),-i $(modpkgdir)/$(mod)) |
c767b14c CP |
59 | |
60 | ######################################## | |
61 | # | |
62 | # Install policy packages | |
63 | # | |
c634db20 CP |
64 | $(modpkgdir)/%.pp: $(builddir)%.pp |
65 | @mkdir -p $(modpkgdir) | |
6b1c8ee3 | 66 | @echo "Installing $(NAME) $(@F) policy package." |
c634db20 | 67 | $(verbose) $(INSTALL) -m 0644 $^ $(modpkgdir) |
c767b14c CP |
68 | |
69 | ######################################## | |
70 | # | |
71 | # Build module packages | |
72 | # | |
c634db20 | 73 | $(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te |
c767b14c | 74 | @echo "Compliling $(NAME) $(@F) module" |
c634db20 | 75 | @test -d $(tmpdir) || mkdir -p $(tmpdir) |
bbcd3c97 | 76 | $(call perrole-expansion,$(basename $(@F)),$@.role) |
3abd5ee8 | 77 | $(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp) |
9b3756bf | 78 | $(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@ |
c767b14c | 79 | |
c634db20 CP |
80 | $(tmpdir)/%.mod.fc: $(m4support) %.fc |
81 | @test -d $(tmpdir) || mkdir -p $(tmpdir) | |
82 | $(verbose) $(M4) $(M4PARAM) $(m4support) $^ > $@ | |
c767b14c | 83 | |
c634db20 | 84 | $(builddir)%.pp: $(tmpdir)/%.mod $(tmpdir)/%.mod.fc |
c767b14c | 85 | @echo "Creating $(NAME) $(@F) policy package" |
c634db20 | 86 | @test -d $(builddir) || mkdir -p $(builddir) |
9b3756bf | 87 | $(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc |
fb0a3a98 CP |
88 | |
89 | ######################################## | |
90 | # | |
91 | # Create a base module package | |
92 | # | |
d17bab02 | 93 | $(base_pkg): $(base_mod) $(base_fc) $(users_extra) $(tmpdir)/seusers |
fb0a3a98 | 94 | @echo "Creating $(NAME) base module package" |
c634db20 | 95 | @test -d $(builddir) || mkdir -p $(builddir) |
d17bab02 | 96 | $(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(tmpdir)/seusers |
fb0a3a98 | 97 | |
8acfcbcc CP |
98 | ifneq "$(UNK_PERMS)" "" |
99 | $(base_mod): CHECKMODULE += -U $(UNK_PERMS) | |
100 | endif | |
c634db20 | 101 | $(base_mod): $(base_conf) |
fb0a3a98 | 102 | @echo "Compiling $(NAME) base module" |
9b3756bf | 103 | $(verbose) $(CHECKMODULE) $^ -o $@ |
fb0a3a98 | 104 | |
e070dd2d CP |
105 | $(tmpdir)/seusers: $(seusers) |
106 | @mkdir -p $(tmpdir) | |
107 | $(verbose) $(M4) $(M4PARAM) $(m4support) $^ | $(GREP) '^[a-z_]' > $@ | |
108 | ||
c634db20 CP |
109 | $(users_extra): $(m4support) $(user_files) |
110 | @test -d $(tmpdir) || mkdir -p $(tmpdir) | |
90b331fa CP |
111 | $(verbose) $(M4) $(M4PARAM) -D users_extra $^ | \ |
112 | $(SED) -r -n -e 's/^[[:blank:]]*//g' -e '/^user/p' > $@ | |
113 | ||
fb0a3a98 CP |
114 | ######################################## |
115 | # | |
c767b14c | 116 | # Construct a base.conf |
fb0a3a98 | 117 | # |
c634db20 | 118 | $(base_conf): $(base_sections) |
58b2a3c7 | 119 | @echo "Creating $(NAME) base module $(@F)" |
3abd5ee8 CP |
120 | @test -d $(@D) || mkdir -p $(@D) |
121 | $(verbose) cat $^ > $@ | |
fb0a3a98 | 122 | |
c634db20 CP |
123 | $(tmpdir)/pre_te_files.conf: M4PARAM += -D self_contained_policy |
124 | $(tmpdir)/pre_te_files.conf: $(base_pre_te_files) | |
125 | @test -d $(tmpdir) || mkdir -p $(tmpdir) | |
3abd5ee8 | 126 | $(verbose) $(M4) $(M4PARAM) $^ > $@ |
fb0a3a98 | 127 | |
9968e25b | 128 | $(tmpdir)/generated_definitions.conf: |
c634db20 | 129 | @test -d $(tmpdir) || mkdir -p $(tmpdir) |
c04f2abe | 130 | # define all available object classes |
c634db20 | 131 | $(verbose) $(genperm) $(avs) $(secclass) > $@ |
bbcd3c97 | 132 | $(verbose) $(call create-base-per-role-tmpl,$(patsubst %.te,%,$(base_mods)),$@) |
c634db20 | 133 | $(verbose) test -f $(booleans) && $(setbools) $(booleans) >> $@ || true |
fb0a3a98 | 134 | |
c634db20 CP |
135 | $(tmpdir)/global_bools.conf: M4PARAM += -D self_contained_policy |
136 | $(tmpdir)/global_bools.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(globalbool) $(globaltun) | |
3abd5ee8 CP |
137 | $(verbose) $(M4) $(M4PARAM) $^ > $@ |
138 | ||
e276d50e | 139 | $(tmpdir)/all_interfaces.conf: $(m4support) $(all_interfaces) $(m4iferror) |
c634db20 | 140 | @test -d $(tmpdir) || mkdir -p $(tmpdir) |
3abd5ee8 | 141 | @echo "divert(-1)" > $@ |
e276d50e | 142 | $(verbose) $(M4) $^ >> $(tmpdir)/$(@F).tmp |
c634db20 | 143 | $(verbose) $(SED) -e s/dollarsstar/\$$\*/g $(tmpdir)/$(@F).tmp >> $@ |
3abd5ee8 CP |
144 | @echo "divert" >> $@ |
145 | ||
c634db20 CP |
146 | $(tmpdir)/rolemap.conf: M4PARAM += -D self_contained_policy |
147 | $(tmpdir)/rolemap.conf: $(rolemap) | |
96fc0a45 | 148 | $(verbose) echo "" > $@ |
3abd5ee8 | 149 | $(call parse-rolemap,base,$@) |
fb0a3a98 | 150 | |
c634db20 CP |
151 | $(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy |
152 | $(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf | |
153 | ifeq "$(strip $(base_te_files))" "" | |
154 | $(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf") | |
fb0a3a98 | 155 | endif |
c634db20 | 156 | @test -d $(tmpdir) || mkdir -p $(tmpdir) |
3abd5ee8 | 157 | $(verbose) $(M4) $(M4PARAM) -s $^ > $@ |
fb0a3a98 | 158 | |
c634db20 | 159 | $(tmpdir)/post_te_files.conf: M4PARAM += -D self_contained_policy |
296273a7 | 160 | $(tmpdir)/post_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(base_post_te_files) |
c634db20 | 161 | @test -d $(tmpdir) || mkdir -p $(tmpdir) |
3abd5ee8 | 162 | $(verbose) $(M4) $(M4PARAM) $^ > $@ |
fb0a3a98 CP |
163 | |
164 | # extract attributes and put them first. extract post te stuff | |
3abd5ee8 | 165 | # like genfscon and put last. |
c634db20 CP |
166 | $(tmpdir)/all_attrs_types.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf: $(tmpdir)/all_te_files.conf $(tmpdir)/post_te_files.conf |
167 | $(verbose) $(get_type_attr_decl) $(tmpdir)/all_te_files.conf | $(SORT) > $(tmpdir)/all_attrs_types.conf | |
168 | $(verbose) cat $(tmpdir)/post_te_files.conf > $(tmpdir)/all_post.conf | |
3abd5ee8 | 169 | # these have to run individually because order matters: |
c634db20 CP |
170 | $(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true |
171 | $(verbose) $(GREP) '^fs_use_(xattr|task|trans)' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true | |
172 | $(verbose) $(GREP) ^genfscon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true | |
173 | $(verbose) $(GREP) ^portcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true | |
174 | $(verbose) $(GREP) ^netifcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true | |
175 | $(verbose) $(GREP) ^nodecon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true | |
176 | $(verbose) $(comment_move_decl) $(tmpdir)/all_te_files.conf > $(tmpdir)/only_te_rules.conf | |
fb0a3a98 CP |
177 | |
178 | ######################################## | |
179 | # | |
c767b14c | 180 | # Construct a base.fc |
fb0a3a98 | 181 | # |
c634db20 CP |
182 | $(base_fc): $(tmpdir)/$(notdir $(base_fc)).tmp $(fcsort) |
183 | $(verbose) $(fcsort) $< $@ | |
c767b14c | 184 | |
c634db20 CP |
185 | $(tmpdir)/$(notdir $(base_fc)).tmp: $(m4support) $(tmpdir)/generated_definitions.conf $(base_fc_files) |
186 | ifeq ($(base_fc_files),) | |
187 | $(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf") | |
fb0a3a98 CP |
188 | endif |
189 | @echo "Creating $(NAME) base module file contexts." | |
c634db20 | 190 | @test -d $(tmpdir) || mkdir -p $(tmpdir) |
3abd5ee8 | 191 | $(verbose) $(M4) $(M4PARAM) $^ > $@ |
fb0a3a98 | 192 | |
049e11af CP |
193 | ######################################## |
194 | # | |
195 | # Appconfig files | |
196 | # | |
c634db20 CP |
197 | $(appdir)/customizable_types: $(base_conf) |
198 | @mkdir -p $(appdir) | |
199 | $(verbose) $(GREP) '^[[:blank:]]*type .*customizable' $< | cut -d';' -f1 | cut -d',' -f1 | cut -d' ' -f2 | $(SORT) -u > $(tmpdir)/customizable_types | |
200 | $(verbose) $(INSTALL) -m 644 $(tmpdir)/customizable_types $@ | |
049e11af | 201 | |
ea5333d1 CP |
202 | ######################################## |
203 | # | |
204 | # Validate linking and expanding of modules | |
205 | # | |
c634db20 | 206 | validate: $(base_pkg) $(mod_pkgs) |
ea5333d1 | 207 | @echo "Validating policy linking." |
c634db20 CP |
208 | $(verbose) $(SEMOD_LNK) -o $(tmpdir)/test.lnk $^ |
209 | $(verbose) $(SEMOD_EXP) $(tmpdir)/test.lnk $(tmpdir)/policy.bin | |
e43da3a5 | 210 | $(verbose) $(SEPOLGEN) -p $(tmpdir)/policy.bin -i $(poldir) -o $(tmpdir)/output |
ea5333d1 CP |
211 | @echo "Success." |
212 | ||
fb0a3a98 CP |
213 | ######################################## |
214 | # | |
215 | # Clean the sources | |
216 | # | |
217 | clean: | |
c634db20 CP |
218 | rm -f $(base_conf) |
219 | rm -f $(base_fc) | |
220 | rm -f $(builddir)*.pp | |
6962bb32 | 221 | rm -f $(net_contexts) |
c634db20 | 222 | rm -fR $(tmpdir) |
fb0a3a98 | 223 | |
ea5333d1 | 224 | .PHONY: default all policy base modules install load clean validate |