[people/stevee/selinux-policy.git] / support / Makefile.devel


# helper tools
AWK ?= gawk
INSTALL ?= install
M4 ?= m4
SED ?= sed
EINFO ?= echo
PYTHON ?= python
CUT ?= cut

NAME ?= $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config)
SHAREDIR ?= /usr/share/selinux
HEADERDIR ?= $(SHAREDIR)/$(NAME)/include

include $(HEADERDIR)/build.conf

# executables
PREFIX := /usr
BINDIR := $(PREFIX)/bin
SBINDIR := $(PREFIX)/sbin
CHECKMODULE := $(BINDIR)/checkmodule
SEMODULE := $(SBINDIR)/semodule
SEMOD_PKG := $(BINDIR)/semodule_package
XMLLINT := $(BINDIR)/xmllint

# set default build options if missing
TYPE ?= strict
DIRECT_INITRC ?= n
POLY ?= n
QUIET ?= y

genxml := $(PYTHON) $(HEADERDIR)/support/segenxml.py

docs := doc
polxml := $(docs)/policy.xml
xmldtd := $(HEADERDIR)/support/policy.dtd
metaxml := metadata.xml

globaltun = $(HEADERDIR)/global_tunables.xml
globalbool = $(HEADERDIR)/global_booleans.xml

# compile strict policy if requested.
ifneq ($(findstring strict,$(TYPE)),)
	M4PARAM += -D strict_policy
endif

# compile targeted policy if requested.
ifneq ($(findstring targeted,$(TYPE)),)
	M4PARAM += -D targeted_policy
endif

# enable MLS if requested.
ifneq ($(findstring -mls,$(TYPE)),)
	M4PARAM += -D enable_mls
	CHECKPOLICY += -M
	CHECKMODULE += -M
endif

# enable MLS if MCS requested.
ifneq ($(findstring -mcs,$(TYPE)),)
	M4PARAM += -D enable_mcs
	CHECKPOLICY += -M
	CHECKMODULE += -M
endif

# enable distribution-specific policy
ifneq ($(DISTRO),)
	M4PARAM += -D distro_$(DISTRO)
endif

ifeq ($(DIRECT_INITRC),y)
	M4PARAM += -D direct_sysadm_daemon
endif

# default MLS/MCS sensitivity and category settings.
MLS_SENS ?= 16
MLS_CATS ?= 256
MCS_CATS ?= 256

ifeq ($(QUIET),y)
	verbose := @
endif

M4PARAM += -D hide_broken_symptoms -D mls_num_sens=$(MLS_SENS) -D mls_num_cats=$(MLS_CATS) -D mcs_num_cats=$(MCS_CATS)

# policy headers
m4support = $(wildcard $(HEADERDIR)/support/*.spt)

header_layers := $(filter-out $(HEADERDIR)/support,$(shell find $(wildcard $(HEADERDIR)/*) -maxdepth 0 -type d))
header_xml := $(addsuffix .xml,$(header_layers))
header_interfaces := $(foreach layer,$(header_layers),$(wildcard $(layer)/*.if))

rolemap := $(HEADERDIR)/rolemap

local_layers := $(filter-out CVS tmp $(docs),$(shell find $(wildcard *) -maxdepth 0 -type d))
local_xml := $(addprefix tmp/, $(addsuffix .xml,$(local_layers)))

all_layer_names := $(sort $(notdir $(header_layers) $(local_layers)))

3rd_party_mods := $(wildcard *.te)
detected_mods := $(3rd_party_mods) $(foreach layer,$(local_layers),$(wildcard $(layer)/*.te))

detected_ifs := $(detected_mods:.te=.if)
detected_fcs := $(detected_mods:.te=.fc)
all_packages := $(notdir $(detected_mods:.te=.pp))

# figure out what modules we may want to reload
loaded_mods = $(addsuffix .pp,$(shell $(SEMODULE) -l | $(CUT) -f1))
sys_mods = $(wildcard $(SHAREDIR)/$(NAME)/*.pp)
match_sys = $(filter $(addprefix $(SHAREDIR)/$(NAME)/,$(loaded_mods)),$(sys_mods))
match_loc = $(filter $(all_packages),$(loaded_mods))

vpath %.te $(local_layers)
vpath %.if $(local_layers)
vpath %.fc $(local_layers)

########################################
#
# Functions
#

# parse-rolemap-compat modulename,outputfile
define parse-rolemap-compat
	$(verbose) $(M4) $(M4PARAM) $(rolemap) | \
		$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
endef

# parse-rolemap modulename,outputfile
define parse-rolemap
	$(verbose) $(M4) $(M4PARAM) $(rolemap) | \
		$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_role_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
endef

# peruser-expansion modulename,outputfile
define peruser-expansion
	$(verbose) echo "ifdef(\`""$1""_per_role_template',\`" > $2
	$(call parse-rolemap,$1,$2)
	$(verbose) echo "')" >> $2

	$(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" >> $2
	$(verbose) echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$1""_per_userdomain_template)'__endline__)" >> $2
	$(call parse-rolemap-compat,$1,$2)
	$(verbose) echo "')" >> $2
endef

.PHONY: clean all xml load reload
.SUFFIXES:
.SUFFIXES: .pp
# broken in make 3.81:
#.SECONDARY:

########################################
#
# Main targets
#

all: $(all_packages)

xml: $(polxml)

########################################
#
# Attempt to reinstall all installed packages
#
refresh:
	@$(EINFO) "Refreshing $(NAME) modules"
	$(verbose) $(SEMODULE) -b $(SHAREDIR)/$(NAME)/base.pp $(foreach mod,$(match_sys) $(match_loc),-i $(mod))

########################################
#
# Load module packages
#

load: tmp/loaded
tmp/loaded: $(all_packages)
	@$(EINFO) "Loading $(NAME) modules: $(basename $(notdir $?))"
	$(verbose) $(SEMODULE) $(foreach mod,$?,-i $(mod))
	@mkdir -p tmp
	@touch tmp/loaded

reload: $(all_packages)
	@$(EINFO) "Loading $(NAME) modules: $(basename $(notdir $^))"
	$(verbose) $(SEMODULE) $(foreach mod,$^,-i $(mod))
	@mkdir -p tmp
	@touch tmp/loaded

########################################
#
# Build module packages
#
tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
	@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
	@test -d $(@D) || mkdir -p $(@D)
	$(call peruser-expansion,$(basename $(@F)),$@.role)
	$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
	$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@

tmp/%.mod.fc: $(m4support) %.fc
	$(verbose) $(M4) $(M4PARAM) $^ > $@

%.pp: tmp/%.mod tmp/%.mod.fc
	@echo "Creating $(NAME) $(@F) policy package"
	$(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc

tmp/all_interfaces.conf: $(m4support) $(header_interfaces) $(detected_ifs)
	@test -d $(@D) || mkdir -p $(@D)
	@echo "ifdef(\`__if_error',\`m4exit(1)')" > tmp/iferror.m4
	@echo "divert(-1)" > $@
	$(verbose) $(M4) $^ tmp/iferror.m4 | sed -e s/dollarsstar/\$$\*/g >> $@
	@echo "divert" >> $@

# so users dont have to make empty .fc and .if files
$(detected_fcs):
	@touch $@
	
$(detected_ifs):
	@echo "## <summary>$(basename $(@D))</summary>" > $@

########################################
#
# Documentation generation
#
tmp/%.xml: %/*.te %/*.if
	@test -d $(@D) || mkdir -p $(@D)
	$(verbose) test -f $(HEADERDIR)/$*.xml || cat $*/$(metaxml) > $@
	$(verbose) $(genxml) -w -m $(sort $(basename $^)) >> $@

vars: $(local_xml)

$(polxml): $(header_xml) $(local_xml) $(globaltun) $(globalbool) $(detected_mods) $(detected_ifs)
	@echo "Creating $(@F)"
	@test -d $(@D) || mkdir -p $(@D)
	$(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
	$(verbose) echo '<!DOCTYPE policy SYSTEM "$(notdir $(xmldtd))">' >> $@
	$(verbose) echo '<policy>' >> $@
	$(verbose) for i in $(all_layer_names); do \
		echo "<layer name=\"$$i\">" >> $@ ;\
		test -f $(HEADERDIR)/$$i.xml && cat $(HEADERDIR)/$$i.xml >> $@ ;\
		test -f tmp/$$i.xml && cat tmp/$$i.xml >> $@ ;\
		echo "</layer>" >> $@ ;\
	done
ifneq "$(strip $(3rd_party_mods))" ""
	$(verbose) echo "<layer name=\"third_party\">" >> $@
	$(verbose) echo "<summary>These are all third-party modules.</summary>" >> $@
	$(verbose) $(genxml) -w -m $(addprefix ./,$(basename $(3rd_party_mods))) >> $@
	$(verbose) echo "</layer>" >> $@
endif
	$(verbose) cat $(globaltun) $(globalbool) >> $@
	$(verbose) echo '</policy>' >> $@
	$(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \
		$(XMLLINT) --noout --path $(dir $(xmldtd)) --dtdvalid $(xmldtd) $@ ;\
	fi

########################################
#
# Clean the environment
#

clean:
	rm -fR tmp
	rm -f *.pp
Commit	Line	Data
885b83ec	1
794a56cc CP	2	# helper tools
	3	AWK ?= gawk
	4	INSTALL ?= install
	5	M4 ?= m4
	6	SED ?= sed
	7	EINFO ?= echo
	8	PYTHON ?= python
dde00d4e	9	CUT ?= cut
794a56cc CP	10
	11	NAME ?= $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config)
	12	SHAREDIR ?= /usr/share/selinux
	13	HEADERDIR ?= $(SHAREDIR)/$(NAME)/include
	14
885b83ec CP	15	include $(HEADERDIR)/build.conf
	16
	17	# executables
	18	PREFIX := /usr
	19	BINDIR := $(PREFIX)/bin
	20	SBINDIR := $(PREFIX)/sbin
	21	CHECKMODULE := $(BINDIR)/checkmodule
	22	SEMODULE := $(SBINDIR)/semodule
	23	SEMOD_PKG := $(BINDIR)/semodule_package
	24	XMLLINT := $(BINDIR)/xmllint
	25
885b83ec CP	26	# set default build options if missing
885b83ec CP	27	TYPE ?= strict
885b83ec CP	28	DIRECT_INITRC ?= n
	29	POLY ?= n
	30	QUIET ?= y
	31
	32	genxml := $(PYTHON) $(HEADERDIR)/support/segenxml.py
	33
96fc0a45 CP	34	docs := doc
	35	polxml := $(docs)/policy.xml
	36	xmldtd := $(HEADERDIR)/support/policy.dtd
	37	metaxml := metadata.xml
885b83ec CP	38
	39	globaltun = $(HEADERDIR)/global_tunables.xml
	40	globalbool = $(HEADERDIR)/global_booleans.xml
	41
	42	# compile strict policy if requested.
	43	ifneq ($(findstring strict,$(TYPE)),)
	44	M4PARAM += -D strict_policy
	45	endif
	46
	47	# compile targeted policy if requested.
	48	ifneq ($(findstring targeted,$(TYPE)),)
	49	M4PARAM += -D targeted_policy
	50	endif
	51
	52	# enable MLS if requested.
	53	ifneq ($(findstring -mls,$(TYPE)),)
	54	M4PARAM += -D enable_mls
	55	CHECKPOLICY += -M
	56	CHECKMODULE += -M
	57	endif
	58
	59	# enable MLS if MCS requested.
	60	ifneq ($(findstring -mcs,$(TYPE)),)
	61	M4PARAM += -D enable_mcs
	62	CHECKPOLICY += -M
	63	CHECKMODULE += -M
	64	endif
	65
	66	# enable distribution-specific policy
	67	ifneq ($(DISTRO),)
	68	M4PARAM += -D distro_$(DISTRO)
	69	endif
	70
885b83ec CP	71	ifeq ($(DIRECT_INITRC),y)
	72	M4PARAM += -D direct_sysadm_daemon
	73	endif
	74
e070dd2d CP	75	# default MLS/MCS sensitivity and category settings.
	76	MLS_SENS ?= 16
	77	MLS_CATS ?= 256
	78	MCS_CATS ?= 256
	79
885b83ec CP	80	ifeq ($(QUIET),y)
	81	verbose := @
	82	endif
	83
e070dd2d	84	M4PARAM += -D hide_broken_symptoms -D mls_num_sens=$(MLS_SENS) -D mls_num_cats=$(MLS_CATS) -D mcs_num_cats=$(MCS_CATS)
885b83ec CP	85
	86	# policy headers
	87	m4support = $(wildcard $(HEADERDIR)/support/*.spt)
56e1b3d2	88
96fc0a45 CP	89	header_layers := $(filter-out $(HEADERDIR)/support,$(shell find $(wildcard $(HEADERDIR)/*) -maxdepth 0 -type d))
	90	header_xml := $(addsuffix .xml,$(header_layers))
	91	header_interfaces := $(foreach layer,$(header_layers),$(wildcard $(layer)/*.if))
885b83ec	92
96fc0a45	93	rolemap := $(HEADERDIR)/rolemap
56e1b3d2	94
96fc0a45 CP	95	local_layers := $(filter-out CVS tmp $(docs),$(shell find $(wildcard *) -maxdepth 0 -type d))
96fc0a45 CP	96	local_xml := $(addprefix tmp/, $(addsuffix .xml,$(local_layers)))
56e1b3d2	97
96fc0a45	98	all_layer_names := $(sort $(notdir $(header_layers) $(local_layers)))
56e1b3d2	99
96fc0a45 CP	100	3rd_party_mods := $(wildcard *.te)
96fc0a45 CP	101	detected_mods := $(3rd_party_mods) $(foreach layer,$(local_layers),$(wildcard $(layer)/*.te))
ad8af23a	102
96fc0a45 CP	103	detected_ifs := $(detected_mods:.te=.if)
	104	detected_fcs := $(detected_mods:.te=.fc)
	105	all_packages := $(notdir $(detected_mods:.te=.pp))
56e1b3d2	106
dde00d4e CP	107	# figure out what modules we may want to reload
	108	loaded_mods = $(addsuffix .pp,$(shell $(SEMODULE) -l \| $(CUT) -f1))
	109	sys_mods = $(wildcard $(SHAREDIR)/$(NAME)/*.pp)
	110	match_sys = $(filter $(addprefix $(SHAREDIR)/$(NAME)/,$(loaded_mods)),$(sys_mods))
	111	match_loc = $(filter $(all_packages),$(loaded_mods))
	112
96fc0a45 CP	113	vpath %.te $(local_layers)
	114	vpath %.if $(local_layers)
	115	vpath %.fc $(local_layers)
885b83ec	116
885b83ec CP	117	########################################
	118	#
	119	# Functions
	120	#
	121
bbcd3c97 CP	122	# parse-rolemap-compat modulename,outputfile
	123	define parse-rolemap-compat
	124	$(verbose) $(M4) $(M4PARAM) $(rolemap) \| \
	125	$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
	126	endef
	127
885b83ec CP	128	# parse-rolemap modulename,outputfile
	129	define parse-rolemap
	130	$(verbose) $(M4) $(M4PARAM) $(rolemap) \| \
bbcd3c97	131	$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_role_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
885b83ec CP	132	endef
	133
	134	# peruser-expansion modulename,outputfile
	135	define peruser-expansion
bbcd3c97	136	$(verbose) echo "ifdef(\`""$1""_per_role_template',\`" > $2
885b83ec CP	137	$(call parse-rolemap,$1,$2)
885b83ec CP	138	$(verbose) echo "')" >> $2
bbcd3c97 CP	139
	140	$(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" >> $2
	141	$(verbose) echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$1""_per_userdomain_template)'__endline__)" >> $2
	142	$(call parse-rolemap-compat,$1,$2)
	143	$(verbose) echo "')" >> $2
885b83ec CP	144	endef
885b83ec CP	145
59f85393	146	.PHONY: clean all xml load reload
885b83ec CP	147	.SUFFIXES:
885b83ec CP	148	.SUFFIXES: .pp
4b01e21d CP	149	# broken in make 3.81:
4b01e21d CP	150	#.SECONDARY:
885b83ec CP	151
	152	########################################
	153	#
	154	# Main targets
	155	#
	156
	157	all: $(all_packages)
	158
	159	xml: $(polxml)
	160
dde00d4e CP	161	########################################
	162	#
	163	# Attempt to reinstall all installed packages
	164	#
	165	refresh:
	166	@$(EINFO) "Refreshing $(NAME) modules"
	167	$(verbose) $(SEMODULE) -b $(SHAREDIR)/$(NAME)/base.pp $(foreach mod,$(match_sys) $(match_loc),-i $(mod))
	168
d508474f CP	169	########################################
	170	#
	171	# Load module packages
	172	#
76bac89c CP	173
76bac89c CP	174	load: tmp/loaded
59f85393 CP	175	tmp/loaded: $(all_packages)
	176	@$(EINFO) "Loading $(NAME) modules: $(basename $(notdir $?))"
	177	$(verbose) $(SEMODULE) $(foreach mod,$?,-i $(mod))
	178	@mkdir -p tmp
	179	@touch tmp/loaded
76bac89c	180
59f85393 CP	181	reload: $(all_packages)
59f85393 CP	182	@$(EINFO) "Loading $(NAME) modules: $(basename $(notdir $^))"
d508474f	183	$(verbose) $(SEMODULE) $(foreach mod,$^,-i $(mod))
76bac89c CP	184	@mkdir -p tmp
76bac89c CP	185	@touch tmp/loaded
d508474f	186
885b83ec CP	187	########################################
	188	#
	189	# Build module packages
	190	#
	191	tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
0578bf8d	192	@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
96fc0a45	193	@test -d $(@D) \|\| mkdir -p $(@D)
885b83ec CP	194	$(call peruser-expansion,$(basename $(@F)),$@.role)
	195	$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
	196	$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
	197
	198	tmp/%.mod.fc: $(m4support) %.fc
	199	$(verbose) $(M4) $(M4PARAM) $^ > $@
	200
	201	%.pp: tmp/%.mod tmp/%.mod.fc
	202	@echo "Creating $(NAME) $(@F) policy package"
	203	$(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
	204
96fc0a45 CP	205	tmp/all_interfaces.conf: $(m4support) $(header_interfaces) $(detected_ifs)
	206	@test -d $(@D) \|\| mkdir -p $(@D)
	207	@echo "ifdef(\`__if_error',\`m4exit(1)')" > tmp/iferror.m4
	208	@echo "divert(-1)" > $@
	209	$(verbose) $(M4) $^ tmp/iferror.m4 \| sed -e s/dollarsstar/\$$\*/g >> $@
	210	@echo "divert" >> $@
885b83ec	211
0578bf8d	212	# so users dont have to make empty .fc and .if files
96fc0a45	213	$(detected_fcs):
0578bf8d	214	@touch $@
96fc0a45 CP	215
	216	$(detected_ifs):
	217	@echo "## <summary>$(basename $(@D))</summary>" > $@
885b83ec CP	218
	219	########################################
	220	#
	221	# Documentation generation
	222	#
96fc0a45 CP	223	tmp/%.xml: %/.te %/.if
	224	@test -d $(@D) \|\| mkdir -p $(@D)
	225	$(verbose) test -f $(HEADERDIR)/$.xml \|\| cat $/$(metaxml) > $@
	226	$(verbose) $(genxml) -w -m $(sort $(basename $^)) >> $@
885b83ec	227
96fc0a45	228	vars: $(local_xml)
56e1b3d2	229
96fc0a45	230	$(polxml): $(header_xml) $(local_xml) $(globaltun) $(globalbool) $(detected_mods) $(detected_ifs)
56e1b3d2	231	@echo "Creating $(@F)"
96fc0a45	232	@test -d $(@D) \|\| mkdir -p $(@D)
885b83ec	233	$(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
56e1b3d2 CP	234	$(verbose) echo '<!DOCTYPE policy SYSTEM "$(notdir $(xmldtd))">' >> $@
56e1b3d2 CP	235	$(verbose) echo '<policy>' >> $@
96fc0a45 CP	236	$(verbose) for i in $(all_layer_names); do \
	237	echo "<layer name=\"$$i\">" >> $@ ;\
	238	test -f $(HEADERDIR)/$$i.xml && cat $(HEADERDIR)/$$i.xml >> $@ ;\
	239	test -f tmp/$$i.xml && cat tmp/$$i.xml >> $@ ;\
	240	echo "</layer>" >> $@ ;\
	241	done
	242	ifneq "$(strip $(3rd_party_mods))" ""
	243	$(verbose) echo "<layer name=\"third_party\">" >> $@
	244	$(verbose) echo "<summary>These are all third-party modules.</summary>" >> $@
	245	$(verbose) $(genxml) -w -m $(addprefix ./,$(basename $(3rd_party_mods))) >> $@
	246	$(verbose) echo "</layer>" >> $@
	247	endif
	248	$(verbose) cat $(globaltun) $(globalbool) >> $@
56e1b3d2	249	$(verbose) echo '</policy>' >> $@
885b83ec	250	$(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \
56e1b3d2	251	$(XMLLINT) --noout --path $(dir $(xmldtd)) --dtdvalid $(xmldtd) $@ ;\
885b83ec CP	252	fi
	253
	254	########################################
	255	#
	256	# Clean the environment
	257	#
	258
	259	clean:
	260	rm -fR tmp
	261	rm -f *.pp