2 # Makefile for the security policy.
6 # install - compile and install the policy configuration, and context files.
7 # load - compile, install, and load the policy configuration.
8 # reload - compile, install, and load/reload the policy configuration.
9 # relabel - relabel filesystems based on the file contexts configuration.
10 # checklabels - check filesystems against the file context configuration
11 # restorelabels - check filesystems against the file context configuration
12 # and restore the label of files with incorrect labels
13 # policy - compile the policy configuration locally for testing/development.
15 # The default target is 'policy'.
18 # Please see build.conf for policy build options.
21 ########################################
23 # NO OPTIONS BELOW HERE
26 # Include the local build.conf if it exists, otherwise
27 # include the configuration of the root directory.
31 -include $(LOCAL_ROOT
)/build.conf
35 version
= $(shell cat VERSION
)
38 builddir
:= $(LOCAL_ROOT
)/
39 tmpdir
:= $(LOCAL_ROOT
)/tmp
40 tags := $(LOCAL_ROOT
)/tags
50 tc_usrbindir
:= env LD_LIBRARY_PATH
="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN
)$(BINDIR
)
51 tc_usrsbindir
:= env LD_LIBRARY_PATH
="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN
)$(SBINDIR
)
52 tc_sbindir
:= env LD_LIBRARY_PATH
="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN
)/sbin
54 tc_usrbindir
:= $(BINDIR
)
55 tc_usrsbindir
:= $(SBINDIR
)
58 CHECKPOLICY ?
= $(tc_usrbindir
)/checkpolicy
59 CHECKMODULE ?
= $(tc_usrbindir
)/checkmodule
60 SEMODULE ?
= $(tc_usrsbindir
)/semodule
61 SEMOD_PKG ?
= $(tc_usrbindir
)/semodule_package
62 SEMOD_LNK ?
= $(tc_usrbindir
)/semodule_link
63 SEMOD_EXP ?
= $(tc_usrbindir
)/semodule_expand
64 SEPOLGEN ?
= $(tc_usrbindir
)/sepolgen-ifgen
65 LOADPOLICY ?
= $(tc_usrsbindir
)/load_policy
66 SETFILES ?
= $(tc_sbindir
)/setfiles
67 XMLLINT ?
= $(BINDIR
)/xmllint
68 SECHECK ?
= $(BINDIR
)/sechecker
70 # interpreters and aux tools
81 # policy source layout
83 moddir
:= $(poldir
)/modules
84 flaskdir
:= $(poldir
)/flask
85 secclass
:= $(flaskdir
)/security_classes
86 isids
:= $(flaskdir
)/initial_sids
87 avs
:= $(flaskdir
)/access_vectors
91 local_poldir
:= $(LOCAL_ROOT
)/policy
92 local_moddir
:= $(local_poldir
)/modules
95 # policy building support tools
97 genxml
:= $(PYTHON
) -E
$(support
)/segenxml.py
98 gendoc
:= $(PYTHON
) -E
$(support
)/sedoctool.py
99 genperm
:= $(PYTHON
) -E
$(support
)/genclassperms.py
100 fcsort
:= $(tmpdir
)/fc_sort
101 setbools
:= $(AWK
) -f
$(support
)/set_bools_tuns.awk
102 get_type_attr_decl
:= $(SED
) -r
-f
$(support
)/get_type_attr_decl.sed
103 comment_move_decl
:= $(SED
) -r
-f
$(support
)/comment_move_decl.sed
104 gennetfilter
:= $(PYTHON
) -E
$(support
)/gennetfilter.py
105 m4iferror
:= $(support
)/iferror.m4
106 m4divert
:= $(support
)/divert.m4
107 m4undivert
:= $(support
)/undivert.m4
108 # use our own genhomedircon to make sure we have a known usable one,
109 # so policycoreutils updates are not required (RHEL4)
110 genhomedircon
:= $(PYTHON
) -E
$(support
)/genhomedircon
112 # documentation paths
114 xmldtd
= $(docs
)/policy.dtd
115 metaxml
= metadata.xml
116 doctemplate
= $(docs
)/templates
117 docfiles
= $(docs
)/Makefile.example
$(addprefix $(docs
)/,example.te example.if example.
fc)
120 polxml
= $(docs
)/policy.xml
121 tunxml
= $(docs
)/global_tunables.xml
122 boolxml
= $(docs
)/global_booleans.xml
123 htmldir
= $(docs
)/html
125 polxml
= $(LOCAL_ROOT
)/doc
/policy.xml
126 tunxml
= $(LOCAL_ROOT
)/doc
/global_tunables.xml
127 boolxml
= $(LOCAL_ROOT
)/doc
/global_booleans.xml
128 htmldir
= $(LOCAL_ROOT
)/doc
/html
132 globaltun
= $(poldir
)/global_tunables
133 globalbool
= $(poldir
)/global_booleans
134 rolemap
= $(poldir
)/rolemap
135 user_files
:= $(poldir
)/users
136 policycaps
:= $(poldir
)/policy_capabilities
138 # local config file paths
140 mod_conf
= $(poldir
)/modules.conf
141 booleans
= $(poldir
)/booleans.conf
142 tunables
= $(poldir
)/tunables.conf
144 mod_conf
= $(local_poldir
)/modules.conf
145 booleans
= $(local_poldir
)/booleans.conf
146 tunables
= $(local_poldir
)/tunables.conf
150 PKGNAME ?
= refpolicy-
$(version
)
151 prefix = $(DESTDIR
)/usr
152 topdir
= $(DESTDIR
)/etc
/selinux
153 installdir
= $(topdir
)/$(strip $(NAME
))
154 srcpath
= $(installdir
)/src
155 userpath
= $(installdir
)/users
156 policypath
= $(installdir
)/policy
157 contextpath
= $(installdir
)/contexts
158 homedirpath
= $(contextpath
)/files
/homedir_template
159 fcpath
= $(contextpath
)/files
/file_contexts
160 ncpath
= $(contextpath
)/netfilter_contexts
161 sharedir
= $(prefix)/share
/selinux
162 modpkgdir
= $(sharedir
)/$(strip $(NAME
))
163 headerdir
= $(modpkgdir
)/include
164 docsdir
= $(prefix)/share
/doc
/$(PKGNAME
)
166 # enable MLS if requested.
168 M4PARAM
+= -D enable_mls
174 # enable MLS if MCS requested.
176 M4PARAM
+= -D enable_mcs
182 # enable distribution-specific policy
184 M4PARAM
+= -D distro_
$(DISTRO
)
187 # rhel4 also implies redhat
188 ifeq "$(DISTRO)" "rhel4"
189 M4PARAM
+= -D distro_redhat
192 ifeq "$(DISTRO)" "ubuntu"
193 M4PARAM
+= -D distro_debian
196 ifneq ($(OUTPUT_POLICY
),)
197 CHECKPOLICY
+= -c
$(OUTPUT_POLICY
)
200 ifneq "$(CUSTOM_BUILDOPT)" ""
201 M4PARAM
+= $(foreach opt
,$(CUSTOM_BUILDOPT
),-D
$(opt
))
204 # if not set, use the type as the name.
207 # default unknown permissions setting
210 ifeq ($(DIRECT_INITRC
),y
)
211 M4PARAM
+= -D direct_sysadm_daemon
215 M4PARAM
+= -D enable_ubac
218 # default MLS/MCS sensitivity and category settings.
227 M4PARAM
+= -D mls_num_sens
=$(MLS_SENS
) -D mls_num_cats
=$(MLS_CATS
) -D mcs_num_cats
=$(MCS_CATS
) -D hide_broken_symptoms
229 # we need exuberant ctags; unfortunately it is named
230 # differently on different distros
231 ifeq ($(DISTRO
),debian
)
232 CTAGS
:= ctags-exuberant
235 ifeq ($(DISTRO
),gentoo
)
236 CTAGS
:= exuberant-ctags
241 m4support
:= $(m4divert
) $(wildcard $(poldir
)/support
/*.spt
)
243 m4support
+= $(wildcard $(local_poldir
)/support
/*.spt
)
245 m4support
+= $(m4undivert
)
247 appconf
:= config
/appconfig-
$(TYPE
)
248 seusers
:= $(appconf
)/seusers
249 appdir
:= $(contextpath
)
250 user_default_contexts
:= $(wildcard config
/appconfig-
$(TYPE
)/*_default_contexts
)
251 user_default_contexts_names
:= $(addprefix $(contextpath
)/users
/,$(subst _default_contexts
,,$(notdir $(user_default_contexts
))))
252 appfiles
:= $(addprefix $(appdir
)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types virtual_image_context virtual_domain_context
) $(contextpath
)/files
/media
$(user_default_contexts_names
)
253 net_contexts
:= $(builddir
)net_contexts
255 all_layers
:= $(shell find
$(wildcard $(moddir
)/*) -maxdepth
0 -type d
)
257 all_layers
+= $(shell find
$(wildcard $(local_moddir
)/*) -maxdepth
0 -type d
)
260 generated_te
:= $(basename $(foreach dir,$(all_layers
),$(wildcard $(dir)/*.te.in
)))
261 generated_if
:= $(basename $(foreach dir,$(all_layers
),$(wildcard $(dir)/*.if.in
)))
262 generated_fc
:= $(basename $(foreach dir,$(all_layers
),$(wildcard $(dir)/*.
fc.in
)))
264 # sort here since it removes duplicates, which can happen
265 # when a generated file is already generated
266 detected_mods
:= $(sort $(foreach dir,$(all_layers
),$(wildcard $(dir)/*.te
)) $(generated_te
))
268 modxml
:= $(addprefix $(tmpdir
)/, $(detected_mods
:.te
=.xml
))
269 layerxml
:= $(sort $(addprefix $(tmpdir
)/, $(notdir $(addsuffix .xml
,$(all_layers
)))))
270 layer_names
:= $(sort $(notdir $(all_layers
)))
271 all_metaxml
= $(call detect-metaxml
, $(layer_names
))
273 # modules.conf setting for base module
276 # modules.conf setting for loadable module
279 # modules.conf setting for unused module
282 # test for module overrides from command line
283 mod_test
= $(filter $(APPS_OFF
), $(APPS_BASE
) $(APPS_MODS
))
284 mod_test
+= $(filter $(APPS_MODS
), $(APPS_BASE
))
285 ifneq "$(strip $(mod_test))" ""
286 $(error Applications must be base
, module
, or off
, and not in more than one list
! $(strip $(mod_test
)) found in multiple lists
!)
289 # add on suffix to modules specified on command line
290 cmdline_base
:= $(addsuffix .te
,$(APPS_BASE
))
291 cmdline_mods
:= $(addsuffix .te
,$(APPS_MODS
))
292 cmdline_off
:= $(addsuffix .te
,$(APPS_OFF
))
294 # extract settings from modules.conf
295 mod_conf_base
:= $(addsuffix .te
,$(sort $(shell awk
'/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configbase)") print $$1 }' $(mod_conf
) 2> /dev
/null
)))
296 mod_conf_mods
:= $(addsuffix .te
,$(sort $(shell awk
'/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configmod)") print $$1 }' $(mod_conf
) 2> /dev
/null
)))
297 mod_conf_off
:= $(addsuffix .te
,$(sort $(shell awk
'/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configoff)") print $$1 }' $(mod_conf
) 2> /dev
/null
)))
299 base_mods
:= $(cmdline_base
)
300 mod_mods
:= $(cmdline_mods
)
301 off_mods
:= $(cmdline_off
)
303 base_mods
+= $(filter-out $(cmdline_off
) $(cmdline_base
) $(cmdline_mods
), $(mod_conf_base
))
304 mod_mods
+= $(filter-out $(cmdline_off
) $(cmdline_base
) $(cmdline_mods
), $(mod_conf_mods
))
305 off_mods
+= $(filter-out $(cmdline_off
) $(cmdline_base
) $(cmdline_mods
), $(mod_conf_off
))
307 # add modules not in modules.conf to the off list
308 off_mods
+= $(filter-out $(base_mods
) $(mod_mods
) $(off_mods
),$(notdir $(detected_mods
)))
310 # filesystems to be used in labeling targets
311 filesystems
= $(shell mount | grep
-v
"context=" | egrep
-v
'\((|.*,)bind(,.*|)\)' | awk
'/(ext[234]|btrfs| xfs| jfs).*rw/{print $$3}';)
312 fs_names
:= "btrfs ext2 ext3 ext4 xfs jfs"
314 ########################################
319 # parse-rolemap-compat modulename,outputfile
320 define parse-rolemap-compat
321 $(verbose
) $(M4
) $(M4PARAM
) $(rolemap
) | \
322 $(AWK
) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
325 # parse-rolemap modulename,outputfile
327 $(verbose
) $(M4
) $(M4PARAM
) $(rolemap
) | \
328 $(AWK
) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_role_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
331 # perrole-expansion modulename,outputfile
332 define perrole-expansion
333 $(verbose
) echo
"ifdef(\`""$1""_per_role_template',\`" > $2
334 $(call parse-rolemap
,$1,$2)
335 $(verbose
) echo
"')" >> $2
337 $(verbose
) echo
"ifdef(\`""$1""_per_userdomain_template',\`" >> $2
338 $(verbose
) echo
"errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$1""_per_userdomain_template)'__endline__)" >> $2
339 $(call parse-rolemap-compat
,$1,$2)
340 $(verbose
) echo
"')" >> $2
343 # create-base-per-role-tmpl modulenames,outputfile
344 define create-base-per-role-tmpl
345 $(verbose
) echo
"define(\`base_per_role_template',\`" >> $2
347 $(verbose
) for i in
$1; do \
348 echo
"ifdef(\`""$$i""_per_role_template',\`""$$i""_per_role_template("'$$*'")')" \
352 $(verbose
) for i in
$1; do \
353 echo
"ifdef(\`""$$i""_per_userdomain_template',\`" >> $2 ;\
354 echo
"errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$$i""_per_userdomain_template)'__endline__)" >> $2 ;\
355 echo
"""$$i""_per_userdomain_template("'$$*'")')" >> $2 ;\
357 $(verbose
) echo
"')" >> $@
361 # detect-metaxml layer_names
363 define detect-metaxml
364 $(shell for i in
$1; do \
365 if
[ -d
$(moddir
)/$$i -a
-d
$(local_moddir
)/$$i ]; then \
366 if
[ -f
$(local_moddir
)/$$i/$(metaxml
) ]; then \
367 echo
$(local_moddir
)/$$i/$(metaxml
) ;\
369 echo
$(moddir
)/$$i/$(metaxml
) ;\
371 elif
[ -d
$(local_moddir
)/$$i ]; then
372 echo
$(local_moddir
)/$$i/$(metaxml
) ;\
374 echo
$(moddir
)/$$i/$(metaxml
) ;\
379 define detect-metaxml
380 $(shell for i in
$1; do echo
$(moddir
)/$$i/$(metaxml
); done
)
384 ########################################
386 # Load appropriate rules
389 ifeq ($(MONOLITHIC
),y
)
390 include Rules.monolithic
392 include Rules.modular
395 ########################################
399 # NOTE: There is no "local" version of these files.
401 generate
: $(generated_te
) $(generated_if
) $(generated_fc
)
403 $(moddir
)/kernel
/corenetwork.if
: $(moddir
)/kernel
/corenetwork.te.in
$(moddir
)/kernel
/corenetwork.if.m4
$(moddir
)/kernel
/corenetwork.if.in
405 @echo
"# This is a generated file! Instead of modifying this file, the" >> $@
406 @echo
"# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
408 $(verbose
) cat
$@.in
>> $@
409 $(verbose
) $(GREP
) "^[[:blank:]]*network_(interface|node|port|packet)(_controlled)?\(.*\)" $< \
410 |
$(M4
) -D self_contained_policy
$(M4PARAM
) $(m4divert
) $@.m4
$(m4undivert
) - \
411 |
$(SED
) -e
's/dollarsone/\$$1/g' -e
's/dollarszero/\$$0/g' >> $@
413 $(moddir
)/kernel
/corenetwork.te
: $(moddir
)/kernel
/corenetwork.te.m4
$(moddir
)/kernel
/corenetwork.te.in
415 @echo
"# This is a generated file! Instead of modifying this file, the" >> $@
416 @echo
"# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
418 $(verbose
) $(M4
) -D self_contained_policy
$(M4PARAM
) $^ \
419 |
$(SED
) -e
's/dollarsone/\$$1/g' -e
's/dollarszero/\$$0/g' >> $@
421 ########################################
423 # Network packet labeling
425 $(net_contexts
): $(moddir
)/kernel
/corenetwork.te.in
426 @echo
"Creating netfilter network labeling rules"
427 $(verbose
) $(gennetfilter
) $^
> $@
429 ########################################
431 # Create config files
433 conf
: $(mod_conf
) $(booleans
) $(generated_te
) $(generated_if
) $(generated_fc
)
435 $(mod_conf
) $(booleans
): $(polxml
)
436 @echo
"Updating $(mod_conf) and $(booleans)"
437 $(verbose
) $(gendoc
) -b
$(booleans
) -m
$(mod_conf
) -x
$(polxml
)
439 ########################################
441 # Generate the fc_sort program
443 $(fcsort
) : $(support
)/fc_sort.c
444 $(verbose
) $(CC
) $(CFLAGS
) $^
-o
$@
446 ########################################
448 # Documentation generation
450 $(layerxml
): %.xml
: $(all_metaxml
) $(filter $(addprefix $(moddir
)/, $(notdir $*))%, $(detected_mods
)) $(subst .te
,.if
, $(filter $(addprefix $(moddir
)/, $(notdir $*))%, $(detected_mods
)))
451 @
test -d
$(tmpdir
) || mkdir
-p
$(tmpdir
)
452 $(verbose
) cat
$(filter %$(notdir $*)/$(metaxml
), $(all_metaxml
)) > $@
453 $(verbose
) for i in
$(basename $(filter $(addprefix $(moddir
)/, $(notdir $*))%, $(detected_mods
))); do
$(genxml
) -w
-m
$$i >> $@
; done
455 $(verbose
) for i in
$(basename $(filter $(addprefix $(local_moddir
)/, $(notdir $*))%, $(detected_mods
))); do
$(genxml
) -w
-m
$$i >> $@
; done
458 $(tunxml
): $(globaltun
)
459 $(verbose
) $(genxml
) -w
-t
$< > $@
461 $(boolxml
): $(globalbool
)
462 $(verbose
) $(genxml
) -w
-b
$< > $@
464 $(polxml
): $(layerxml
) $(tunxml
) $(boolxml
)
465 @echo
"Creating $(@F)"
466 @
test -d
$(dir $(polxml
)) || mkdir
-p
$(dir $(polxml
))
467 @
test -d
$(tmpdir
) || mkdir
-p
$(tmpdir
)
468 $(verbose
) echo
'<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
469 $(verbose
) echo
'<!DOCTYPE policy SYSTEM "$(notdir $(xmldtd))">' >> $@
470 $(verbose
) echo
'<policy>' >> $@
471 $(verbose
) for i in
$(basename $(notdir $(layerxml
))); do echo
"<layer name=\"$$i\">" >> $@
; cat
$(tmpdir
)/$$i.xml
>> $@
; echo
"</layer>" >> $@
; done
472 $(verbose
) cat
$(tunxml
) $(boolxml
) >> $@
473 $(verbose
) echo
'</policy>' >> $@
474 $(verbose
) if
test -x
$(XMLLINT
) && test -f
$(xmldtd
); then \
475 $(XMLLINT
) --noout
--path
$(dir $(xmldtd
)) --dtdvalid
$(xmldtd
) $@
;\
480 html
$(tmpdir
)/html
: $(polxml
)
481 @echo
"Building html interface reference documentation in $(htmldir)"
482 @
test -d
$(htmldir
) || mkdir
-p
$(htmldir
)
483 @
test -d
$(tmpdir
) || mkdir
-p
$(tmpdir
)
484 $(verbose
) $(gendoc
) -d
$(htmldir
) -T
$(doctemplate
) -x
$(polxml
)
485 $(verbose
) cp
$(doctemplate
)/*.css
$(htmldir
)
486 @touch
$(tmpdir
)/html
488 ########################################
490 # Runtime binary policy patching of users
492 $(userpath
)/system.users
: $(m4support
) $(tmpdir
)/generated_definitions.conf
$(user_files
)
494 @mkdir
-p
$(userpath
)
495 @echo
"Installing system.users"
496 @echo
"# " > $(tmpdir
)/system.users
497 @echo
"# Do not edit this file. " >> $(tmpdir
)/system.users
498 @echo
"# This file is replaced on reinstalls of this policy." >> $(tmpdir
)/system.users
499 @echo
"# Please edit local.users to make local changes." >> $(tmpdir
)/system.users
500 @echo
"#" >> $(tmpdir
)/system.users
501 $(verbose
) $(M4
) -D self_contained_policy
$(M4PARAM
) $^ |
$(SED
) -r
-e
's/^[[:blank:]]+//' \
502 -e
'/^[[:blank:]]*($$|#)/d' >> $(tmpdir
)/system.users
503 $(verbose
) $(INSTALL
) -m
644 $(tmpdir
)/system.users
$@
505 $(userpath
)/local.users
: config
/local.users
506 @mkdir
-p
$(userpath
)
507 @echo
"Installing local.users"
508 $(verbose
) $(INSTALL
) -b
-m
644 $< $@
510 ########################################
512 # Build Appconfig files
514 $(tmpdir
)/initrc_context
: $(appconf
)/initrc_context
516 $(verbose
) $(M4
) $(M4PARAM
) $(m4support
) $^ |
$(GREP
) '^[a-z]' > $@
518 ########################################
520 # Install Appconfig files
522 install-appconfig
: $(appfiles
)
524 $(installdir
)/booleans
: $(booleans
)
526 @mkdir
-p
$(installdir
)
527 $(verbose
) $(SED
) -r
-e
's/false/0/g' -e
's/true/1/g' \
528 -e
'/^[[:blank:]]*($$|#)/d' $(booleans
) |
$(SORT
) > $(tmpdir
)/booleans
529 $(verbose
) $(INSTALL
) -m
644 $(tmpdir
)/booleans
$@
531 $(contextpath
)/files
/media
: $(appconf
)/media
532 @mkdir
-p
$(contextpath
)/files
/
533 $(verbose
) $(INSTALL
) -m
644 $< $@
535 $(contextpath
)/users
/%: $(appconf
)/%_default_contexts
536 @mkdir
-p
$(appdir
)/users
537 $(verbose
) $(INSTALL
) -m
644 $^
$@
539 $(appdir
)/%: $(appconf
)/%
541 $(verbose
) $(M4
) $(M4PARAM
) $(m4support
) $< > $@
543 ########################################
545 # Install policy headers
547 install-headers
: $(layerxml
) $(tunxml
) $(boolxml
)
548 @mkdir
-p
$(headerdir
)
549 @echo
"Installing $(NAME) policy headers."
550 $(verbose
) $(INSTALL
) -m
644 $^
$(headerdir
)
551 $(verbose
) $(M4
) $(M4PARAM
) $(rolemap
) > $(headerdir
)/$(notdir $(rolemap
))
552 $(verbose
) mkdir
-p
$(headerdir
)/support
553 $(verbose
) $(INSTALL
) -m
644 $(m4support
) $(word $(words $(genxml
)),$(genxml
)) $(xmldtd
) $(headerdir
)/support
554 $(verbose
) $(genperm
) $(avs
) $(secclass
) > $(headerdir
)/support
/all_perms.spt
555 $(verbose
) for i in
$(notdir $(all_layers
)); do \
556 mkdir
-p
$(headerdir
)/$$i ;\
557 $(INSTALL
) -m
644 $(moddir
)/$$i/*.if
$(headerdir
)/$$i ;\
559 $(verbose
) echo
"TYPE ?= $(TYPE)" > $(headerdir
)/build.conf
560 $(verbose
) echo
"NAME ?= $(NAME)" >> $(headerdir
)/build.conf
562 $(verbose
) echo
"DISTRO ?= $(DISTRO)" >> $(headerdir
)/build.conf
564 $(verbose
) echo
"MONOLITHIC ?= n" >> $(headerdir
)/build.conf
565 $(verbose
) echo
"DIRECT_INITRC ?= $(DIRECT_INITRC)" >> $(headerdir
)/build.conf
566 $(verbose
) echo
"override UBAC := $(UBAC)" >> $(headerdir
)/build.conf
567 $(verbose
) echo
"override MLS_SENS := $(MLS_SENS)" >> $(headerdir
)/build.conf
568 $(verbose
) echo
"override MLS_CATS := $(MLS_CATS)" >> $(headerdir
)/build.conf
569 $(verbose
) echo
"override MCS_CATS := $(MCS_CATS)" >> $(headerdir
)/build.conf
570 $(verbose
) $(INSTALL
) -m
644 $(support
)/Makefile.devel
$(headerdir
)/Makefile
572 ########################################
574 # Install policy documentation
576 install-docs
: $(tmpdir
)/html
577 @mkdir
-p
$(docsdir
)/html
578 @echo
"Installing policy documentation"
579 $(verbose
) $(INSTALL
) -m
644 $(docfiles
) $(docsdir
)
580 $(verbose
) $(INSTALL
) -m
644 $(wildcard $(htmldir
)/*) $(docsdir
)/html
582 ########################################
584 # Install policy sources
587 rm -rf
$(srcpath
)/policy.old
588 -mv
$(srcpath
)/policy
$(srcpath
)/policy.old
589 mkdir
-p
$(srcpath
)/policy
590 cp
-R .
$(srcpath
)/policy
592 ########################################
598 @
($(CTAGS
) --version | grep
-q Exuberant
) ||
(echo ERROR
: Need exuberant-ctags to function
!; exit
1)
599 @LC_ALL
=C
$(CTAGS
) -f
$(tags) --langdef
=te
--langmap
=te
:..te.if.spt \
600 --regex-te
='/^type[ \t]+(\w+)(,|;)/\1/t,type/' \
601 --regex-te
='/^typealias[ \t]+\w+[ \t+]+alias[ \t]+(\w+);/\1/t,type/' \
602 --regex-te
='/^attribute[ \t]+(\w+);/\1/a,attribute/' \
603 --regex-te
='/^[ \t]*define\(`(\w+)/\1/d,define/' \
604 --regex-te
='/^[ \t]*interface\(`(\w+)/\1/i,interface/' \
605 --regex-te
='/^[ \t]*template\(`(\w+)/\1/i,template/' \
606 --regex-te
='/^[ \t]*bool[ \t]+(\w+)/\1/b,bool/' policy
/modules
/*/*.
{if
,te
} policy
/support
/*.spt
608 ########################################
610 # Filesystem labeling
613 @echo
"Checking labels on filesystem types: $(fs_names)"
614 @if
test -z
"$(filesystems)"; then \
615 echo
"No filesystems with extended attributes found!" ;\
618 $(verbose
) $(SETFILES
) -v
-n
$(fcpath
) $(filesystems
)
621 @echo
"Restoring labels on filesystem types: $(fs_names)"
622 @if
test -z
"$(filesystems)"; then \
623 echo
"No filesystems with extended attributes found!" ;\
626 $(verbose
) $(SETFILES
) -v
$(fcpath
) $(filesystems
)
629 @echo
"Relabeling filesystem types: $(fs_names)"
630 @if
test -z
"$(filesystems)"; then \
631 echo
"No filesystems with extended attributes found!" ;\
634 $(verbose
) $(SETFILES
) $(fcpath
) $(filesystems
)
637 @echo
"Resetting labels on filesystem types: $(fs_names)"
638 @if
test -z
"$(filesystems)"; then \
639 echo
"No filesystems with extended attributes found!" ;\
642 $(verbose
) $(SETFILES
) -F
$(fcpath
) $(filesystems
)
644 ########################################
658 # don't remove these files if we're given a local root
661 rm -f
$(support
)/*.pyc
662 ifneq ($(generated_te
),)
663 rm -f
$(generated_te
)
665 ifneq ($(generated_if
),)
666 rm -f
$(generated_if
)
668 ifneq ($(generated_fc
),)
669 rm -f
$(generated_fc
)
673 .PHONY
: install-src install-appconfig install-headers generate xml conf html bare
tags