]> git.ipfire.org Git - people/stevee/selinux-policy.git/blob - Makefile
projects / people / stevee / selinux-policy.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
trunk: add core xselinux support.
[people/stevee/selinux-policy.git] / Makefile
1 #
2 # Makefile for the security policy.
3 #
4 # Targets:
5 #
6 # install - compile and install the policy configuration, and context files.
7 # load - compile, install, and load the policy configuration.
8 # reload - compile, install, and load/reload the policy configuration.
9 # relabel - relabel filesystems based on the file contexts configuration.
10 # checklabels - check filesystems against the file context configuration
11 # restorelabels - check filesystems against the file context configuration
12 # and restore the label of files with incorrect labels
13 # policy - compile the policy configuration locally for testing/development.
14 #
15 # The default target is 'policy'.
16 #
17 #
18 # Please see build.conf for policy build options.
19 #
20
21 ########################################
22 #
23 # NO OPTIONS BELOW HERE
24 #
25
26 # Include the local build.conf if it exists, otherwise
27 # include the configuration of the root directory.
28 include build.conf
29
30 ifdef LOCAL_ROOT
31 -include $(LOCAL_ROOT)/build.conf
32 endif
33
34 # refpolicy version
35 version = $(shell cat VERSION)
36
37 ifdef LOCAL_ROOT
38 builddir := $(LOCAL_ROOT)/
39 tmpdir := $(LOCAL_ROOT)/tmp
40 tags := $(LOCAL_ROOT)/tags
41 else
42 tmpdir := tmp
43 tags := tags
44 endif
45
46 # executable paths
47 BINDIR ?= /usr/bin
48 SBINDIR ?= /usr/sbin
49 ifdef TEST_TOOLCHAIN
50 tc_usrbindir := env LD_LIBRARY_PATH="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN)$(BINDIR)
51 tc_usrsbindir := env LD_LIBRARY_PATH="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN)$(SBINDIR)
52 tc_sbindir := env LD_LIBRARY_PATH="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN)/sbin
53 else
54 tc_usrbindir := $(BINDIR)
55 tc_usrsbindir := $(SBINDIR)
56 tc_sbindir := /sbin
57 endif
58 CHECKPOLICY ?= $(tc_usrbindir)/checkpolicy
59 CHECKMODULE ?= $(tc_usrbindir)/checkmodule
60 SEMODULE ?= $(tc_usrsbindir)/semodule
61 SEMOD_PKG ?= $(tc_usrbindir)/semodule_package
62 SEMOD_LNK ?= $(tc_usrbindir)/semodule_link
63 SEMOD_EXP ?= $(tc_usrbindir)/semodule_expand
64 LOADPOLICY ?= $(tc_usrsbindir)/load_policy
65 SETFILES ?= $(tc_sbindir)/setfiles
66 XMLLINT ?= $(BINDIR)/xmllint
67 SECHECK ?= $(BINDIR)/sechecker
68
69 # interpreters and aux tools
70 AWK ?= gawk
71 GREP ?= egrep
72 INSTALL ?= install
73 M4 ?= m4
74 PYTHON ?= python
75 SED ?= sed
76 SORT ?= LC_ALL=C sort
77
78 CFLAGS += -Wall
79
80 # policy source layout
81 poldir := policy
82 moddir := $(poldir)/modules
83 flaskdir := $(poldir)/flask
84 secclass := $(flaskdir)/security_classes
85 isids := $(flaskdir)/initial_sids
86 avs := $(flaskdir)/access_vectors
87
88 # local source layout
89 ifdef LOCAL_ROOT
90 local_poldir := $(LOCAL_ROOT)/policy
91 local_moddir := $(local_poldir)/modules
92 endif
93
94 # policy building support tools
95 support := support
96 genxml := $(PYTHON) -E $(support)/segenxml.py
97 gendoc := $(PYTHON) -E $(support)/sedoctool.py
98 genperm := $(PYTHON) -E $(support)/genclassperms.py
99 fcsort := $(tmpdir)/fc_sort
100 setbools := $(AWK) -f $(support)/set_bools_tuns.awk
101 get_type_attr_decl := $(SED) -r -f $(support)/get_type_attr_decl.sed
102 comment_move_decl := $(SED) -r -f $(support)/comment_move_decl.sed
103 gennetfilter := $(PYTHON) -E $(support)/gennetfilter.py
104 m4iferror := $(support)/iferror.m4
105 # use our own genhomedircon to make sure we have a known usable one,
106 # so policycoreutils updates are not required (RHEL4)
107 genhomedircon := $(PYTHON) -E $(support)/genhomedircon
108
109 # documentation paths
110 docs := doc
111 xmldtd = $(docs)/policy.dtd
112 metaxml = metadata.xml
113 doctemplate = $(docs)/templates
114 docfiles = $(docs)/Makefile.example $(addprefix $(docs)/,example.te example.if example.fc)
115
116 ifndef LOCAL_ROOT
117 polxml = $(docs)/policy.xml
118 tunxml = $(docs)/global_tunables.xml
119 boolxml = $(docs)/global_booleans.xml
120 htmldir = $(docs)/html
121 else
122 polxml = $(LOCAL_ROOT)/doc/policy.xml
123 tunxml = $(LOCAL_ROOT)/doc/global_tunables.xml
124 boolxml = $(LOCAL_ROOT)/doc/global_booleans.xml
125 htmldir = $(LOCAL_ROOT)/doc/html
126 endif
127
128 # config file paths
129 globaltun = $(poldir)/global_tunables
130 globalbool = $(poldir)/global_booleans
131 rolemap = $(poldir)/rolemap
132 user_files := $(poldir)/users
133
134 # local config file paths
135 ifndef LOCAL_ROOT
136 mod_conf = $(poldir)/modules.conf
137 booleans = $(poldir)/booleans.conf
138 tunables = $(poldir)/tunables.conf
139 else
140 mod_conf = $(local_poldir)/modules.conf
141 booleans = $(local_poldir)/booleans.conf
142 tunables = $(local_poldir)/tunables.conf
143 endif
144
145 # install paths
146 PKGNAME ?= refpolicy-$(version)
147 prefix = $(DESTDIR)/usr
148 topdir = $(DESTDIR)/etc/selinux
149 installdir = $(topdir)/$(strip $(NAME))
150 srcpath = $(installdir)/src
151 userpath = $(installdir)/users
152 policypath = $(installdir)/policy
153 contextpath = $(installdir)/contexts
154 homedirpath = $(contextpath)/files/homedir_template
155 fcpath = $(contextpath)/files/file_contexts
156 ncpath = $(contextpath)/netfilter_contexts
157 sharedir = $(prefix)/share/selinux
158 modpkgdir = $(sharedir)/$(strip $(NAME))
159 headerdir = $(modpkgdir)/include
160 docsdir = $(prefix)/share/doc/$(PKGNAME)
161
162 # enable MLS if requested.
163 ifeq "$(TYPE)" "mls"
164 M4PARAM += -D enable_mls
165 CHECKPOLICY += -M
166 CHECKMODULE += -M
167 gennetfilter += -m
168 endif
169
170 # enable MLS if MCS requested.
171 ifeq "$(TYPE)" "mcs"
172 M4PARAM += -D enable_mcs
173 CHECKPOLICY += -M
174 CHECKMODULE += -M
175 gennetfilter += -c
176 endif
177
178 # enable distribution-specific policy
179 ifneq ($(DISTRO),)
180 M4PARAM += -D distro_$(DISTRO)
181 endif
182
183 # rhel4 also implies redhat
184 ifeq "$(DISTRO)" "rhel4"
185 M4PARAM += -D distro_redhat
186 endif
187
188 ifeq "$(DISTRO)" "ubuntu"
189 M4PARAM += -D distro_debian
190 endif
191
192 ifneq ($(OUTPUT_POLICY),)
193 CHECKPOLICY += -c $(OUTPUT_POLICY)
194 endif
195
196 # if not set, use the type as the name.
197 NAME ?= $(TYPE)
198
199 # default unknown permissions setting
200 #UNK_PERMS ?= deny
201
202 ifeq ($(DIRECT_INITRC),y)
203 M4PARAM += -D direct_sysadm_daemon
204 endif
205
206 # default MLS/MCS sensitivity and category settings.
207 MLS_SENS ?= 16
208 MLS_CATS ?= 256
209 MCS_CATS ?= 256
210
211 ifeq ($(QUIET),y)
212 verbose = @
213 endif
214
215 M4PARAM += -D mls_num_sens=$(MLS_SENS) -D mls_num_cats=$(MLS_CATS) -D mcs_num_cats=$(MCS_CATS) -D hide_broken_symptoms
216
217 # we need exuberant ctags; unfortunately it is named
218 # differently on different distros
219 ifeq ($(DISTRO),debian)
220 CTAGS := ctags-exuberant
221 endif
222
223 ifeq ($(DISTRO),gentoo)
224 CTAGS := exuberant-ctags
225 endif
226
227 CTAGS ?= ctags
228
229 m4support := $(wildcard $(poldir)/support/*.spt)
230 ifdef LOCAL_ROOT
231 m4support += $(wildcard $(local_poldir)/support/*.spt)
232 endif
233
234 appconf := config/appconfig-$(TYPE)
235 seusers := $(appconf)/seusers
236 appdir := $(contextpath)
237 user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
238 user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _default_contexts,,$(notdir $(user_default_contexts))))
239 appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts x_contexts customizable_types securetty_types) $(contextpath)/files/media $(user_default_contexts_names)
240 net_contexts := $(builddir)net_contexts
241
242 all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
243 ifdef LOCAL_ROOT
244 all_layers += $(shell find $(wildcard $(local_moddir)/*) -maxdepth 0 -type d)
245 endif
246
247 generated_te := $(basename $(foreach dir,$(all_layers),$(wildcard $(dir)/*.te.in)))
248 generated_if := $(basename $(foreach dir,$(all_layers),$(wildcard $(dir)/*.if.in)))
249 generated_fc := $(basename $(foreach dir,$(all_layers),$(wildcard $(dir)/*.fc.in)))
250
251 # sort here since it removes duplicates, which can happen
252 # when a generated file is already generated
253 detected_mods := $(sort $(foreach dir,$(all_layers),$(wildcard $(dir)/*.te)) $(generated_te))
254
255 modxml := $(addprefix $(tmpdir)/, $(detected_mods:.te=.xml))
256 layerxml := $(sort $(addprefix $(tmpdir)/, $(notdir $(addsuffix .xml,$(all_layers)))))
257 layer_names := $(sort $(notdir $(all_layers)))
258 all_metaxml = $(call detect-metaxml, $(layer_names))
259
260 # modules.conf setting for base module
261 configbase := base
262
263 # modules.conf setting for loadable module
264 configmod := module
265
266 # modules.conf setting for unused module
267 configoff := off
268
269 # test for module overrides from command line
270 mod_test = $(filter $(APPS_OFF), $(APPS_BASE) $(APPS_MODS))
271 mod_test += $(filter $(APPS_MODS), $(APPS_BASE))
272 ifneq "$(strip $(mod_test))" ""
273 $(error Applications must be base, module, or off, and not in more than one list! $(strip $(mod_test)) found in multiple lists!)
274 endif
275
276 # add on suffix to modules specified on command line
277 cmdline_base := $(addsuffix .te,$(APPS_BASE))
278 cmdline_mods := $(addsuffix .te,$(APPS_MODS))
279 cmdline_off := $(addsuffix .te,$(APPS_OFF))
280
281 # extract settings from modules.conf
282 mod_conf_base := $(addsuffix .te,$(sort $(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configbase)") print $$1 }' $(mod_conf) 2> /dev/null)))
283 mod_conf_mods := $(addsuffix .te,$(sort $(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configmod)") print $$1 }' $(mod_conf) 2> /dev/null)))
284 mod_conf_off := $(addsuffix .te,$(sort $(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configoff)") print $$1 }' $(mod_conf) 2> /dev/null)))
285
286 base_mods := $(cmdline_base)
287 mod_mods := $(cmdline_mods)
288 off_mods := $(cmdline_off)
289
290 base_mods += $(filter-out $(cmdline_off) $(cmdline_base) $(cmdline_mods), $(mod_conf_base))
291 mod_mods += $(filter-out $(cmdline_off) $(cmdline_base) $(cmdline_mods), $(mod_conf_mods))
292 off_mods += $(filter-out $(cmdline_off) $(cmdline_base) $(cmdline_mods), $(mod_conf_off))
293
294 # add modules not in modules.conf to the off list
295 off_mods += $(filter-out $(base_mods) $(mod_mods) $(off_mods),$(notdir $(detected_mods)))
296
297 # filesystems to be used in labeling targets
298 filesystems = $(shell mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs| jfs).*rw/{print $$3}';)
299
300 ########################################
301 #
302 # Functions
303 #
304
305 # parse-rolemap-compat modulename,outputfile
306 define parse-rolemap-compat
307 $(verbose) $(M4) $(M4PARAM) $(rolemap) | \
308 $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
309 endef
310
311 # parse-rolemap modulename,outputfile
312 define parse-rolemap
313 $(verbose) $(M4) $(M4PARAM) $(rolemap) | \
314 $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_role_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
315 endef
316
317 # perrole-expansion modulename,outputfile
318 define perrole-expansion
319 $(verbose) echo "ifdef(\`""$1""_per_role_template',\`" > $2
320 $(call parse-rolemap,$1,$2)
321 $(verbose) echo "')" >> $2
322
323 $(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" >> $2
324 $(verbose) echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$1""_per_userdomain_template)'__endline__)" >> $2
325 $(call parse-rolemap-compat,$1,$2)
326 $(verbose) echo "')" >> $2
327 endef
328
329 # create-base-per-role-tmpl modulenames,outputfile
330 define create-base-per-role-tmpl
331 $(verbose) echo "define(\`base_per_role_template',\`" >> $2
332
333 $(verbose) for i in $1; do \
334 echo "ifdef(\`""$$i""_per_role_template',\`""$$i""_per_role_template("'$$*'")')" \
335 >> $2 ;\
336 done
337
338 $(verbose) for i in $1; do \
339 echo "ifdef(\`""$$i""_per_userdomain_template',\`" >> $2 ;\
340 echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$$i""_per_userdomain_template)'__endline__)" >> $2 ;\
341 echo """$$i""_per_userdomain_template("'$$*'")')" >> $2 ;\
342 done
343 $(verbose) echo "')" >> $@
344
345 endef
346
347 # detect-metaxml layer_names
348 ifdef LOCAL_ROOT
349 define detect-metaxml
350 $(shell for i in $1; do \
351 if [ -d $(moddir)/$$i -a -d $(local_moddir)/$$i ]; then \
352 if [ -f $(local_moddir)/$$i/$(metaxml) ]; then \
353 echo $(local_moddir)/$$i/$(metaxml) ;\
354 else \
355 echo $(moddir)/$$i/$(metaxml) ;\
356 fi \
357 elif [ -d $(local_moddir)/$$i ]; then
358 echo $(local_moddir)/$$i/$(metaxml) ;\
359 else \
360 echo $(moddir)/$$i/$(metaxml) ;\
361 fi \
362 done )
363 endef
364 else
365 define detect-metaxml
366 $(shell for i in $1; do echo $(moddir)/$$i/$(metaxml); done)
367 endef
368 endif
369
370 ########################################
371 #
372 # Load appropriate rules
373 #
374
375 ifeq ($(MONOLITHIC),y)
376 include Rules.monolithic
377 else
378 include Rules.modular
379 endif
380
381 ########################################
382 #
383 # Generated files
384 #
385 # NOTE: There is no "local" version of these files.
386 #
387 generate: $(generated_te) $(generated_if) $(generated_fc)
388
389 $(moddir)/kernel/corenetwork.if: $(moddir)/kernel/corenetwork.te.in $(moddir)/kernel/corenetwork.if.m4 $(moddir)/kernel/corenetwork.if.in
390 @echo "#" > $@
391 @echo "# This is a generated file! Instead of modifying this file, the" >> $@
392 @echo "# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
393 @echo "#" >> $@
394 $(verbose) cat $@.in >> $@
395 $(verbose) $(GREP) "^[[:blank:]]*network_(interface|node|port|packet)\(.*\)" $< \
396 | $(M4) -D self_contained_policy $(M4PARAM) $@.m4 - \
397 | $(SED) -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
398
399 $(moddir)/kernel/corenetwork.te: $(moddir)/kernel/corenetwork.te.m4 $(moddir)/kernel/corenetwork.te.in
400 @echo "#" > $@
401 @echo "# This is a generated file! Instead of modifying this file, the" >> $@
402 @echo "# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
403 @echo "#" >> $@
404 $(verbose) $(M4) -D self_contained_policy $(M4PARAM) $^ \
405 | $(SED) -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
406
407 ########################################
408 #
409 # Network packet labeling
410 #
411 $(net_contexts): $(moddir)/kernel/corenetwork.te.in
412 @echo "Creating netfilter network labeling rules"
413 $(verbose) $(gennetfilter) $^ > $@
414
415 ########################################
416 #
417 # Create config files
418 #
419 conf: $(mod_conf) $(booleans) $(generated_te) $(generated_if) $(generated_fc)
420
421 $(mod_conf) $(booleans): $(polxml)
422 @echo "Updating $(mod_conf) and $(booleans)"
423 $(verbose) $(gendoc) -b $(booleans) -m $(mod_conf) -x $(polxml)
424
425 ########################################
426 #
427 # Generate the fc_sort program
428 #
429 $(fcsort) : $(support)/fc_sort.c
430 $(verbose) $(CC) $(CFLAGS) $^ -o $@
431
432 ########################################
433 #
434 # Documentation generation
435 #
436 $(layerxml): %.xml: $(all_metaxml) $(filter $(addprefix $(moddir)/, $(notdir $*))%, $(detected_mods)) $(subst .te,.if, $(filter $(addprefix $(moddir)/, $(notdir $*))%, $(detected_mods)))
437 @test -d $(tmpdir) || mkdir -p $(tmpdir)
438 $(verbose) cat $(filter %$(notdir $*)/$(metaxml), $(all_metaxml)) > $@
439 $(verbose) for i in $(basename $(filter $(addprefix $(moddir)/, $(notdir $*))%, $(detected_mods))); do $(genxml) -w -m $$i >> $@; done
440 ifdef LOCAL_ROOT
441 $(verbose) for i in $(basename $(filter $(addprefix $(local_moddir)/, $(notdir $*))%, $(detected_mods))); do $(genxml) -w -m $$i >> $@; done
442 endif
443
444 $(tunxml): $(globaltun)
445 $(verbose) $(genxml) -w -t $< > $@
446
447 $(boolxml): $(globalbool)
448 $(verbose) $(genxml) -w -b $< > $@
449
450 $(polxml): $(layerxml) $(tunxml) $(boolxml)
451 @echo "Creating $(@F)"
452 @test -d $(dir $(polxml)) || mkdir -p $(dir $(polxml))
453 @test -d $(tmpdir) || mkdir -p $(tmpdir)
454 $(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
455 $(verbose) echo '<!DOCTYPE policy SYSTEM "$(notdir $(xmldtd))">' >> $@
456 $(verbose) echo '<policy>' >> $@
457 $(verbose) for i in $(basename $(notdir $(layerxml))); do echo "<layer name=\"$$i\">" >> $@; cat $(tmpdir)/$$i.xml >> $@; echo "</layer>" >> $@; done
458 $(verbose) cat $(tunxml) $(boolxml) >> $@
459 $(verbose) echo '</policy>' >> $@
460 $(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \
461 $(XMLLINT) --noout --path $(dir $(xmldtd)) --dtdvalid $(xmldtd) $@ ;\
462 fi
463
464 xml: $(polxml)
465
466 html $(tmpdir)/html: $(polxml)
467 @echo "Building html interface reference documentation in $(htmldir)"
468 @test -d $(htmldir) || mkdir -p $(htmldir)
469 @test -d $(tmpdir) || mkdir -p $(tmpdir)
470 $(verbose) $(gendoc) -d $(htmldir) -T $(doctemplate) -x $(polxml)
471 $(verbose) cp $(doctemplate)/*.css $(htmldir)
472 @touch $(tmpdir)/html
473
474 ########################################
475 #
476 # Runtime binary policy patching of users
477 #
478 $(userpath)/system.users: $(m4support) $(tmpdir)/generated_definitions.conf $(user_files)
479 @mkdir -p $(tmpdir)
480 @mkdir -p $(userpath)
481 @echo "Installing system.users"
482 @echo "# " > $(tmpdir)/system.users
483 @echo "# Do not edit this file. " >> $(tmpdir)/system.users
484 @echo "# This file is replaced on reinstalls of this policy." >> $(tmpdir)/system.users
485 @echo "# Please edit local.users to make local changes." >> $(tmpdir)/system.users
486 @echo "#" >> $(tmpdir)/system.users
487 $(verbose) $(M4) -D self_contained_policy $(M4PARAM) $^ | $(SED) -r -e 's/^[[:blank:]]+//' \
488 -e '/^[[:blank:]]*($$|#)/d' >> $(tmpdir)/system.users
489 $(verbose) $(INSTALL) -m 644 $(tmpdir)/system.users $@
490
491 $(userpath)/local.users: config/local.users
492 @mkdir -p $(userpath)
493 @echo "Installing local.users"
494 $(verbose) $(INSTALL) -b -m 644 $< $@
495
496 ########################################
497 #
498 # Build Appconfig files
499 #
500 $(tmpdir)/initrc_context: $(appconf)/initrc_context
501 @mkdir -p $(tmpdir)
502 $(verbose) $(M4) $(M4PARAM) $(m4support) $^ | $(GREP) '^[a-z]' > $@
503
504 ########################################
505 #
506 # Install Appconfig files
507 #
508 install-appconfig: $(appfiles)
509
510 $(installdir)/booleans: $(booleans)
511 @mkdir -p $(tmpdir)
512 @mkdir -p $(installdir)
513 $(verbose) $(SED) -r -e 's/false/0/g' -e 's/true/1/g' \
514 -e '/^[[:blank:]]*($$|#)/d' $(booleans) | $(SORT) > $(tmpdir)/booleans
515 $(verbose) $(INSTALL) -m 644 $(tmpdir)/booleans $@
516
517 $(contextpath)/files/media: $(appconf)/media
518 @mkdir -p $(contextpath)/files/
519 $(verbose) $(INSTALL) -m 644 $< $@
520
521 $(contextpath)/users/%: $(appconf)/%_default_contexts
522 @mkdir -p $(appdir)/users
523 $(verbose) $(INSTALL) -m 644 $^ $@
524
525 $(appdir)/%: $(appconf)/%
526 @mkdir -p $(appdir)
527 $(verbose) $(INSTALL) -m 644 $< $@
528
529 ########################################
530 #
531 # Install policy headers
532 #
533 install-headers: $(layerxml) $(tunxml) $(boolxml)
534 @mkdir -p $(headerdir)
535 @echo "Installing $(TYPE) policy headers."
536 $(verbose) $(INSTALL) -m 644 $^ $(headerdir)
537 $(verbose) $(M4) $(M4PARAM) $(rolemap) > $(headerdir)/$(notdir $(rolemap))
538 $(verbose) mkdir -p $(headerdir)/support
539 $(verbose) $(INSTALL) -m 644 $(m4support) $(word $(words $(genxml)),$(genxml)) $(xmldtd) $(headerdir)/support
540 $(verbose) $(genperm) $(avs) $(secclass) > $(headerdir)/support/all_perms.spt
541 $(verbose) for i in $(notdir $(all_layers)); do \
542 mkdir -p $(headerdir)/$$i ;\
543 $(INSTALL) -m 644 $(moddir)/$$i/*.if $(headerdir)/$$i ;\
544 done
545 $(verbose) echo "TYPE ?= $(TYPE)" > $(headerdir)/build.conf
546 $(verbose) echo "NAME ?= $(NAME)" >> $(headerdir)/build.conf
547 ifneq "$(DISTRO)" ""
548 $(verbose) echo "DISTRO ?= $(DISTRO)" >> $(headerdir)/build.conf
549 endif
550 $(verbose) echo "MONOLITHIC ?= n" >> $(headerdir)/build.conf
551 $(verbose) echo "DIRECT_INITRC ?= $(DIRECT_INITRC)" >> $(headerdir)/build.conf
552 $(verbose) echo "override MLS_SENS := $(MLS_SENS)" >> $(headerdir)/build.conf
553 $(verbose) echo "override MLS_CATS := $(MLS_CATS)" >> $(headerdir)/build.conf
554 $(verbose) echo "override MCS_CATS := $(MCS_CATS)" >> $(headerdir)/build.conf
555 $(verbose) $(INSTALL) -m 644 $(support)/Makefile.devel $(headerdir)/Makefile
556
557 ########################################
558 #
559 # Install policy documentation
560 #
561 install-docs: $(tmpdir)/html
562 @mkdir -p $(docsdir)/html
563 @echo "Installing policy documentation"
564 $(verbose) $(INSTALL) -m 644 $(docfiles) $(docsdir)
565 $(verbose) $(INSTALL) -m 644 $(wildcard $(htmldir)/*) $(docsdir)/html
566
567 ########################################
568 #
569 # Install policy sources
570 #
571 install-src:
572 rm -rf $(srcpath)/policy.old
573 -mv $(srcpath)/policy $(srcpath)/policy.old
574 mkdir -p $(srcpath)/policy
575 cp -R . $(srcpath)/policy
576
577 ########################################
578 #
579 # Generate tags file
580 #
581 tags: $(tags)
582 $(tags):
583 @($(CTAGS) --version | grep -q Exuberant) || (echo ERROR: Need exuberant-ctags to function!; exit 1)
584 @LC_ALL=C $(CTAGS) -f $(tags) --langdef=te --langmap=te:..te.if.spt \
585 --regex-te='/^type[ \t]+(\w+)(,|;)/\1/t,type/' \
586 --regex-te='/^typealias[ \t]+\w+[ \t+]+alias[ \t]+(\w+);/\1/t,type/' \
587 --regex-te='/^attribute[ \t]+(\w+);/\1/a,attribute/' \
588 --regex-te='/^[ \t]*define\(`(\w+)/\1/d,define/' \
589 --regex-te='/^[ \t]*interface\(`(\w+)/\1/i,interface/' \
590 --regex-te='/^[ \t]*template\(`(\w+)/\1/i,template/' \
591 --regex-te='/^[ \t]*bool[ \t]+(\w+)/\1/b,bool/' policy/modules/*/*.{if,te} policy/support/*.spt
592
593 ########################################
594 #
595 # Filesystem labeling
596 #
597 checklabels:
598 @echo "Checking labels on filesystem types: ext2 ext3 xfs jfs"
599 @if test -z "$(filesystems)"; then \
600 echo "No filesystems with extended attributes found!" ;\
601 false ;\
602 fi
603 $(verbose) $(SETFILES) -v -n $(fcpath) $(filesystems)
604
605 restorelabels:
606 @echo "Restoring labels on filesystem types: ext2 ext3 xfs jfs"
607 @if test -z "$(filesystems)"; then \
608 echo "No filesystems with extended attributes found!" ;\
609 false ;\
610 fi
611 $(verbose) $(SETFILES) -v $(fcpath) $(filesystems)
612
613 relabel:
614 @echo "Relabeling filesystem types: ext2 ext3 xfs jfs"
615 @if test -z "$(filesystems)"; then \
616 echo "No filesystems with extended attributes found!" ;\
617 false ;\
618 fi
619 $(verbose) $(SETFILES) $(fcpath) $(filesystems)
620
621 resetlabels:
622 @echo "Resetting labels on filesystem types: ext2 ext3 xfs jfs"
623 @if test -z "$(filesystems)"; then \
624 echo "No filesystems with extended attributes found!" ;\
625 false ;\
626 fi
627 $(verbose) $(SETFILES) -F $(fcpath) $(filesystems)
628
629 ########################################
630 #
631 # Clean everything
632 #
633 bare: clean
634 rm -f $(polxml)
635 rm -f $(layerxml)
636 rm -f $(modxml)
637 rm -f $(tunxml)
638 rm -f $(boolxml)
639 rm -f $(mod_conf)
640 rm -f $(booleans)
641 rm -fR $(htmldir)
642 rm -f $(tags)
643 # don't remove these files if we're given a local root
644 ifndef LOCAL_ROOT
645 rm -f $(fcsort)
646 rm -f $(support)/*.pyc
647 ifneq ($(generated_te),)
648 rm -f $(generated_te)
649 endif
650 ifneq ($(generated_if),)
651 rm -f $(generated_if)
652 endif
653 ifneq ($(generated_fc),)
654 rm -f $(generated_fc)
655 endif
656 endif
657
658 .PHONY: install-src install-appconfig install-headers generate xml conf html bare tags
659 .SUFFIXES:
660 .SUFFIXES: .c
The IPFire selinux policy.