projects / people / stevee / selinux-policy.git / blame
| Commit | Line | Data |
|---|---|---|
| fb0a3a98 CP |
1 | ######################################## |
| 2 | # | |
| c3812748 | 3 | # Rules and Targets for building modular policies |
| fb0a3a98 CP |
4 | # |
| 5 | ||
| 6 | ALL_MODULES := $(filter $(BASE_MODS) $(MOD_MODS),$(DETECTED_MODS)) | |
| 7 | ALL_INTERFACES := $(ALL_MODULES:.te=.if) | |
| 8 | ||
| 9 | BASE_PKG := base.pp | |
| 10 | BASE_FC := base.fc | |
| 11 | ||
| 4f9f30c8 | 12 | BASE_SECTIONS := tmp/pre_te_files.conf tmp/generated_definitions.conf tmp/all_interfaces.conf tmp/all_attrs_types.conf $(GLOBALBOOL) $(GLOBALTUN) tmp/only_te_rules.conf tmp/all_post.conf |
| fb0a3a98 | 13 | |
| a0824843 | 14 | BASE_PRE_TE_FILES := $(SECCLASS) $(ISIDS) $(AVS) $(M4SUPPORT) $(POLDIR)/mls $(POLDIR)/mcs |
| fb0a3a98 | 15 | BASE_TE_FILES := $(BASE_MODS) |
| 712566ee | 16 | BASE_POST_TE_FILES := $(POLDIR)/systemuser $(POLDIR)/constraints |
| fb0a3a98 CP |
17 | BASE_FC_FILES := $(BASE_MODS:.te=.fc) |
| 18 | ||
| 19 | MOD_MODULES := $(MOD_MODS:.te=.mod) | |
| c04f2abe CP |
20 | MOD_PKGS := $(notdir $(MOD_MODS:.te=.pp)) |
| 21 | ||
| 22 | # search layer dirs for source files | |
| 23 | vpath %.te $(ALL_LAYERS) | |
| 24 | vpath %.if $(ALL_LAYERS) | |
| 25 | vpath %.fc $(ALL_LAYERS) | |
| fb0a3a98 CP |
26 | |
| 27 | ######################################## | |
| 28 | # | |
| 29 | # default action: create all module packages | |
| 30 | # | |
| fedd3caf | 31 | default: base |
| fb0a3a98 | 32 | |
| 06a5362f CP |
33 | all: base modules |
| 34 | ||
| fb0a3a98 CP |
35 | base: $(BASE_PKG) |
| 36 | ||
| 37 | modules: $(MOD_PKGS) | |
| 38 | ||
| 39 | #policy: $(POLVER) | |
| 40 | #install: $(LOADPATH) $(FCPATH) $(APPFILES) $(USERPATH)/local.users | |
| 41 | #load: tmp/load | |
| 42 | ||
| 43 | ######################################## | |
| 44 | # | |
| 45 | # Create a base module package | |
| 46 | # | |
| 47 | $(BASE_PKG): tmp/base.mod $(BASE_FC) | |
| 48 | @echo "Creating $(NAME) base module package" | |
| 2964dce1 | 49 | $(QUIET) $(SEMOD_PKG) -o $@ -m tmp/base.mod -f $(BASE_FC) |
| fb0a3a98 CP |
50 | |
| 51 | ######################################## | |
| 52 | # | |
| 53 | # Compile a base module | |
| 54 | # | |
| 55 | tmp/base.mod: base.conf | |
| 56 | @echo "Compiling $(NAME) base module" | |
| 57 | $(QUIET) $(CHECKMODULE) $^ -o $@ | |
| 58 | ||
| 59 | ######################################## | |
| 60 | # | |
| 61 | # Construct a base module policy.conf | |
| 62 | # | |
| 63 | base.conf: $(BASE_SECTIONS) | |
| 64 | @echo "Creating $(NAME) base module policy.conf" | |
| 65 | # checkpolicy can use the #line directives provided by -s for error reporting: | |
| 0e15cdfb | 66 | $(QUIET) m4 -D self_contained_policy $(M4PARAM) -s $^ > tmp/$@.tmp |
| fb0a3a98 CP |
67 | $(QUIET) sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d < tmp/$@.tmp > $@ |
| 68 | # the ordering of these ocontexts matters: | |
| 69 | $(QUIET) grep ^portcon tmp/$@.tmp >> $@ || true | |
| 70 | $(QUIET) grep ^netifcon tmp/$@.tmp >> $@ || true | |
| 71 | $(QUIET) grep ^nodecon tmp/$@.tmp >> $@ || true | |
| 72 | ||
| 73 | tmp/pre_te_files.conf: $(BASE_PRE_TE_FILES) | |
| 74 | @test -d tmp || mkdir -p tmp | |
| 75 | $(QUIET) cat $^ > $@ | |
| 76 | ||
| 28f0329c | 77 | tmp/generated_definitions.conf: $(ALL_LAYERS) $(BASE_TE_FILES) |
| fb0a3a98 | 78 | @test -d tmp || mkdir -p tmp |
| c04f2abe CP |
79 | # define all available object classes |
| 80 | $(QUIET) $(GENPERM) $(AVS) $(SECCLASS) > $@ | |
| 71fe0fa4 CP |
81 | # per-userdomain templates |
| 82 | $(QUIET) echo "define(\`per_userdomain_templates',\`" >> $@ | |
| 83 | $(QUIET) for i in $(patsubst %.te,%,$(notdir $(ALL_MODULES))); do \ | |
| 84 | echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$*'")')" \ | |
| 85 | >> $@ ;\ | |
| 86 | done | |
| 87 | $(QUIET) echo "')" >> $@ | |
| fb0a3a98 | 88 | # define foo.te |
| 28f0329c | 89 | $(QUIET) for i in $(notdir $(BASE_TE_FILES)); do \ |
| fb0a3a98 CP |
90 | echo "define(\`$$i')" >> $@ ;\ |
| 91 | done | |
| 4f9f30c8 | 92 | $(QUIET) $(SETTUN) $(BOOLEANS) >> $@ |
| fb0a3a98 CP |
93 | |
| 94 | tmp/all_interfaces.conf: $(M4SUPPORT) $(ALL_INTERFACES) | |
| 95 | ifeq ($(ALL_INTERFACES),) | |
| 96 | $(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf") | |
| 97 | endif | |
| 98 | @test -d tmp || mkdir -p tmp | |
| 99 | $(QUIET) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@ | |
| 100 | ||
| 101 | tmp/all_te_files.conf: $(BASE_TE_FILES) | |
| 102 | ifeq ($(BASE_TE_FILES),) | |
| 103 | $(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf") | |
| 104 | endif | |
| 105 | @test -d tmp || mkdir -p tmp | |
| 106 | $(QUIET) cat $^ > $@ | |
| 107 | ||
| 108 | tmp/post_te_files.conf: $(BASE_POST_TE_FILES) | |
| 109 | @test -d tmp || mkdir -p tmp | |
| 110 | $(QUIET) cat $^ > $@ | |
| 111 | ||
| 112 | # extract attributes and put them first. extract post te stuff | |
| 113 | # like genfscon and put last. portcon, nodecon, and netifcon | |
| 114 | # is delayed since they are generated by m4 | |
| 115 | tmp/all_attrs_types.conf tmp/only_te_rules.conf tmp/all_post.conf: tmp/all_te_files.conf tmp/post_te_files.conf | |
| 116 | $(QUIET) grep ^attribute tmp/all_te_files.conf > tmp/all_attrs_types.conf || true | |
| 117 | $(QUIET) grep '^type ' tmp/all_te_files.conf >> tmp/all_attrs_types.conf | |
| 118 | $(QUIET) cat tmp/post_te_files.conf > tmp/all_post.conf | |
| 119 | $(QUIET) grep '^sid ' tmp/all_te_files.conf >> tmp/all_post.conf || true | |
| 120 | $(QUIET) egrep '^fs_use_(xattr|task|trans)' tmp/all_te_files.conf >> tmp/all_post.conf || true | |
| 121 | $(QUIET) grep ^genfscon tmp/all_te_files.conf >> tmp/all_post.conf || true | |
| 122 | $(QUIET) sed -r -e /^attribute/d -e '/^type /d' -e /^genfscon/d \ | |
| 123 | -e '/^sid /d' -e '/^fs_use_(xattr|task|trans)/d' \ | |
| 124 | < tmp/all_te_files.conf > tmp/only_te_rules.conf | |
| 125 | ||
| 126 | ######################################## | |
| 127 | # | |
| 128 | # Construct base module file contexts | |
| 129 | # | |
| 712566ee | 130 | $(BASE_FC): $(M4SUPPORT) tmp/generated_definitions.conf $(BASE_FC_FILES) $(FCSORT) |
| fb0a3a98 CP |
131 | ifeq ($(BASE_FC_FILES),) |
| 132 | $(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf") | |
| 133 | endif | |
| 134 | @echo "Creating $(NAME) base module file contexts." | |
| 135 | @test -d tmp || mkdir -p tmp | |
| 136 | $(QUIET) m4 $(M4PARAM) $(M4SUPPORT) tmp/generated_definitions.conf $(BASE_FC_FILES) > tmp/$@.tmp | |
| fb0a3a98 CP |
137 | $(QUIET) $(FCSORT) tmp/$@.tmp $@ |
| 138 | ||
| 139 | ######################################## | |
| 140 | # | |
| c04f2abe | 141 | # Build module packages |
| fb0a3a98 | 142 | # |
| c04f2abe | 143 | tmp/%.mod: $(M4SUPPORT) tmp/generated_definitions.conf tmp/all_interfaces.conf %.te |
| 84313262 CP |
144 | @if test -z "$(filter $^,$(MOD_MODS))"; then \ |
| 145 | echo "The $(notdir $(basename $@)) module is not configured to be compiled as a lodable module." ;\ | |
| 146 | false ;\ | |
| 147 | fi | |
| c04f2abe CP |
148 | @echo "Compliling $(NAME) $(@F) module" |
| 149 | $(QUIET) m4 $(M4PARAM) -s $^ > $(@:.mod=.tmp) | |
| 150 | $(QUIET) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@ | |
| fb0a3a98 | 151 | |
| ae90172c CP |
152 | tmp/%.mod.fc: $(M4SUPPORT) %.fc |
| 153 | $(QUIET) m4 $(M4PARAM) $(M4SUPPORT) $^ > $@ | |
| 154 | ||
| 155 | %.pp: tmp/%.mod tmp/%.mod.fc | |
| c04f2abe | 156 | @echo "Creating $(NAME) $(@F) policy package" |
| a662d2b7 | 157 | $(QUIET) $(SEMOD_PKG) -o $@ -m $< -f $<.fc |
| fb0a3a98 CP |
158 | |
| 159 | ######################################## | |
| 160 | # | |
| 161 | # Clean the sources | |
| 162 | # | |
| 163 | clean: | |
| 164 | rm -fR tmp | |
| 165 | rm -f base.conf | |
| c04f2abe | 166 | rm -f *.pp |
| 712566ee | 167 | rm -f $(BASE_FC) |
| fb0a3a98 CP |
168 | |
| 169 | .PHONY: default base modules clean |