2 # Makefile for the security policy.
6 # install - compile and install the policy configuration, and context files.
7 # load - compile, install, and load the policy configuration.
8 # reload - compile, install, and load/reload the policy configuration.
9 # relabel - relabel filesystems based on the file contexts configuration.
10 # checklabels - check filesystems against the file context configuration
11 # restorelabels - check filesystems against the file context configuration
12 # and restore the label of files with incorrect labels
13 # policy - compile the policy configuration locally for testing/development.
15 # The default target is 'policy'.
18 # Please see build.conf for policy build options.
21 ########################################
23 # NO OPTIONS BELOW HERE
26 # Include the local build.conf if it exists, otherwise
27 # include the configuration of the root directory.
31 -include $(LOCAL_ROOT
)/build.conf
35 version
= $(shell cat VERSION
)
38 builddir
:= $(LOCAL_ROOT
)/
39 tmpdir
:= $(LOCAL_ROOT
)/tmp
40 tags := $(LOCAL_ROOT
)/tags
50 tc_usrbindir
:= env LD_LIBRARY_PATH
="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN
)$(BINDIR
)
51 tc_usrsbindir
:= env LD_LIBRARY_PATH
="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN
)$(SBINDIR
)
52 tc_sbindir
:= env LD_LIBRARY_PATH
="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN
)/sbin
54 tc_usrbindir
:= $(BINDIR
)
55 tc_usrsbindir
:= $(SBINDIR
)
58 CHECKPOLICY ?
= $(tc_usrbindir
)/checkpolicy
59 CHECKMODULE ?
= $(tc_usrbindir
)/checkmodule
60 SEMODULE ?
= $(tc_usrsbindir
)/semodule
61 SEMOD_PKG ?
= $(tc_usrbindir
)/semodule_package
62 SEMOD_LNK ?
= $(tc_usrbindir
)/semodule_link
63 SEMOD_EXP ?
= $(tc_usrbindir
)/semodule_expand
64 LOADPOLICY ?
= $(tc_usrsbindir
)/load_policy
65 SETFILES ?
= $(tc_sbindir
)/setfiles
66 XMLLINT ?
= $(BINDIR
)/xmllint
67 SECHECK ?
= $(BINDIR
)/sechecker
69 # interpreters and aux tools
80 # policy source layout
82 moddir
:= $(poldir
)/modules
83 flaskdir
:= $(poldir
)/flask
84 secclass
:= $(flaskdir
)/security_classes
85 isids
:= $(flaskdir
)/initial_sids
86 avs
:= $(flaskdir
)/access_vectors
90 local_poldir
:= $(LOCAL_ROOT
)/policy
91 local_moddir
:= $(local_poldir
)/modules
94 # policy building support tools
96 genxml
:= $(PYTHON
) -E
$(support
)/segenxml.py
97 gendoc
:= $(PYTHON
) -E
$(support
)/sedoctool.py
98 genperm
:= $(PYTHON
) -E
$(support
)/genclassperms.py
99 fcsort
:= $(tmpdir
)/fc_sort
100 setbools
:= $(AWK
) -f
$(support
)/set_bools_tuns.awk
101 get_type_attr_decl
:= $(SED
) -r
-f
$(support
)/get_type_attr_decl.sed
102 comment_move_decl
:= $(SED
) -r
-f
$(support
)/comment_move_decl.sed
103 gennetfilter
:= $(PYTHON
) -E
$(support
)/gennetfilter.py
104 m4iferror
:= $(support
)/iferror.m4
105 # use our own genhomedircon to make sure we have a known usable one,
106 # so policycoreutils updates are not required (RHEL4)
107 genhomedircon
:= $(PYTHON
) -E
$(support
)/genhomedircon
109 # documentation paths
111 xmldtd
= $(docs
)/policy.dtd
112 metaxml
= metadata.xml
113 doctemplate
= $(docs
)/templates
114 docfiles
= $(docs
)/Makefile.example
$(addprefix $(docs
)/,example.te example.if example.
fc)
117 polxml
= $(docs
)/policy.xml
118 tunxml
= $(docs
)/global_tunables.xml
119 boolxml
= $(docs
)/global_booleans.xml
120 htmldir
= $(docs
)/html
122 polxml
= $(LOCAL_ROOT
)/doc
/policy.xml
123 tunxml
= $(LOCAL_ROOT
)/doc
/global_tunables.xml
124 boolxml
= $(LOCAL_ROOT
)/doc
/global_booleans.xml
125 htmldir
= $(LOCAL_ROOT
)/doc
/html
129 globaltun
= $(poldir
)/global_tunables
130 globalbool
= $(poldir
)/global_booleans
131 rolemap
= $(poldir
)/rolemap
132 user_files
:= $(poldir
)/users
134 # local config file paths
136 mod_conf
= $(poldir
)/modules.conf
137 booleans
= $(poldir
)/booleans.conf
138 tunables
= $(poldir
)/tunables.conf
140 mod_conf
= $(local_poldir
)/modules.conf
141 booleans
= $(local_poldir
)/booleans.conf
142 tunables
= $(local_poldir
)/tunables.conf
146 PKGNAME ?
= refpolicy-
$(version
)
147 prefix = $(DESTDIR
)/usr
148 topdir
= $(DESTDIR
)/etc
/selinux
149 installdir
= $(topdir
)/$(strip $(NAME
))
150 srcpath
= $(installdir
)/src
151 userpath
= $(installdir
)/users
152 policypath
= $(installdir
)/policy
153 contextpath
= $(installdir
)/contexts
154 homedirpath
= $(contextpath
)/files
/homedir_template
155 fcpath
= $(contextpath
)/files
/file_contexts
156 ncpath
= $(contextpath
)/netfilter_contexts
157 sharedir
= $(prefix)/share
/selinux
158 modpkgdir
= $(sharedir
)/$(strip $(NAME
))
159 headerdir
= $(modpkgdir
)/include
160 docsdir
= $(prefix)/share
/doc
/$(PKGNAME
)
162 # enable MLS if requested.
164 M4PARAM
+= -D enable_mls
170 # enable MLS if MCS requested.
172 M4PARAM
+= -D enable_mcs
178 # enable distribution-specific policy
180 M4PARAM
+= -D distro_
$(DISTRO
)
183 # rhel4 also implies redhat
184 ifeq "$(DISTRO)" "rhel4"
185 M4PARAM
+= -D distro_redhat
188 ifeq "$(DISTRO)" "ubuntu"
189 M4PARAM
+= -D distro_debian
192 ifneq ($(OUTPUT_POLICY
),)
193 CHECKPOLICY
+= -c
$(OUTPUT_POLICY
)
196 # if not set, use the type as the name.
199 # default unknown permissions setting
202 ifeq ($(DIRECT_INITRC
),y
)
203 M4PARAM
+= -D direct_sysadm_daemon
206 # default MLS/MCS sensitivity and category settings.
215 M4PARAM
+= -D mls_num_sens
=$(MLS_SENS
) -D mls_num_cats
=$(MLS_CATS
) -D mcs_num_cats
=$(MCS_CATS
) -D hide_broken_symptoms
217 # we need exuberant ctags; unfortunately it is named
218 # differently on different distros
219 ifeq ($(DISTRO
),debian
)
220 CTAGS
:= ctags-exuberant
223 ifeq ($(DISTRO
),gentoo
)
224 CTAGS
:= exuberant-ctags
229 m4support
:= $(wildcard $(poldir
)/support
/*.spt
)
231 m4support
+= $(wildcard $(local_poldir
)/support
/*.spt
)
234 appconf
:= config
/appconfig-
$(TYPE
)
235 seusers
:= $(appconf
)/seusers
236 appdir
:= $(contextpath
)
237 user_default_contexts
:= $(wildcard config
/appconfig-
$(TYPE
)/*_default_contexts
)
238 user_default_contexts_names
:= $(addprefix $(contextpath
)/users
/,$(subst _default_contexts
,,$(notdir $(user_default_contexts
))))
239 appfiles
:= $(addprefix $(appdir
)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts x_contexts customizable_types securetty_types
) $(contextpath
)/files
/media
$(user_default_contexts_names
)
240 net_contexts
:= $(builddir
)net_contexts
242 all_layers
:= $(shell find
$(wildcard $(moddir
)/*) -maxdepth
0 -type d
)
244 all_layers
+= $(shell find
$(wildcard $(local_moddir
)/*) -maxdepth
0 -type d
)
247 generated_te
:= $(basename $(foreach dir,$(all_layers
),$(wildcard $(dir)/*.te.in
)))
248 generated_if
:= $(basename $(foreach dir,$(all_layers
),$(wildcard $(dir)/*.if.in
)))
249 generated_fc
:= $(basename $(foreach dir,$(all_layers
),$(wildcard $(dir)/*.
fc.in
)))
251 # sort here since it removes duplicates, which can happen
252 # when a generated file is already generated
253 detected_mods
:= $(sort $(foreach dir,$(all_layers
),$(wildcard $(dir)/*.te
)) $(generated_te
))
255 modxml
:= $(addprefix $(tmpdir
)/, $(detected_mods
:.te
=.xml
))
256 layerxml
:= $(sort $(addprefix $(tmpdir
)/, $(notdir $(addsuffix .xml
,$(all_layers
)))))
257 layer_names
:= $(sort $(notdir $(all_layers
)))
258 all_metaxml
= $(call detect-metaxml
, $(layer_names
))
260 # modules.conf setting for base module
263 # modules.conf setting for loadable module
266 # modules.conf setting for unused module
269 # test for module overrides from command line
270 mod_test
= $(filter $(APPS_OFF
), $(APPS_BASE
) $(APPS_MODS
))
271 mod_test
+= $(filter $(APPS_MODS
), $(APPS_BASE
))
272 ifneq "$(strip $(mod_test))" ""
273 $(error Applications must be base
, module
, or off
, and not in more than one list
! $(strip $(mod_test
)) found in multiple lists
!)
276 # add on suffix to modules specified on command line
277 cmdline_base
:= $(addsuffix .te
,$(APPS_BASE
))
278 cmdline_mods
:= $(addsuffix .te
,$(APPS_MODS
))
279 cmdline_off
:= $(addsuffix .te
,$(APPS_OFF
))
281 # extract settings from modules.conf
282 mod_conf_base
:= $(addsuffix .te
,$(sort $(shell awk
'/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configbase)") print $$1 }' $(mod_conf
) 2> /dev
/null
)))
283 mod_conf_mods
:= $(addsuffix .te
,$(sort $(shell awk
'/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configmod)") print $$1 }' $(mod_conf
) 2> /dev
/null
)))
284 mod_conf_off
:= $(addsuffix .te
,$(sort $(shell awk
'/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configoff)") print $$1 }' $(mod_conf
) 2> /dev
/null
)))
286 base_mods
:= $(cmdline_base
)
287 mod_mods
:= $(cmdline_mods
)
288 off_mods
:= $(cmdline_off
)
290 base_mods
+= $(filter-out $(cmdline_off
) $(cmdline_base
) $(cmdline_mods
), $(mod_conf_base
))
291 mod_mods
+= $(filter-out $(cmdline_off
) $(cmdline_base
) $(cmdline_mods
), $(mod_conf_mods
))
292 off_mods
+= $(filter-out $(cmdline_off
) $(cmdline_base
) $(cmdline_mods
), $(mod_conf_off
))
294 # add modules not in modules.conf to the off list
295 off_mods
+= $(filter-out $(base_mods
) $(mod_mods
) $(off_mods
),$(notdir $(detected_mods
)))
297 # filesystems to be used in labeling targets
298 filesystems
= $(shell mount | grep
-v
"context=" | egrep
-v
'\((|.*,)bind(,.*|)\)' | awk
'/(ext[23]| xfs| jfs).*rw/{print $$3}';)
300 ########################################
305 # parse-rolemap-compat modulename,outputfile
306 define parse-rolemap-compat
307 $(verbose
) $(M4
) $(M4PARAM
) $(rolemap
) | \
308 $(AWK
) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
311 # parse-rolemap modulename,outputfile
313 $(verbose
) $(M4
) $(M4PARAM
) $(rolemap
) | \
314 $(AWK
) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_role_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
317 # perrole-expansion modulename,outputfile
318 define perrole-expansion
319 $(verbose
) echo
"ifdef(\`""$1""_per_role_template',\`" > $2
320 $(call parse-rolemap
,$1,$2)
321 $(verbose
) echo
"')" >> $2
323 $(verbose
) echo
"ifdef(\`""$1""_per_userdomain_template',\`" >> $2
324 $(verbose
) echo
"errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$1""_per_userdomain_template)'__endline__)" >> $2
325 $(call parse-rolemap-compat
,$1,$2)
326 $(verbose
) echo
"')" >> $2
329 # create-base-per-role-tmpl modulenames,outputfile
330 define create-base-per-role-tmpl
331 $(verbose
) echo
"define(\`base_per_role_template',\`" >> $2
333 $(verbose
) for i in
$1; do \
334 echo
"ifdef(\`""$$i""_per_role_template',\`""$$i""_per_role_template("'$$*'")')" \
338 $(verbose
) for i in
$1; do \
339 echo
"ifdef(\`""$$i""_per_userdomain_template',\`" >> $2 ;\
340 echo
"errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$$i""_per_userdomain_template)'__endline__)" >> $2 ;\
341 echo
"""$$i""_per_userdomain_template("'$$*'")')" >> $2 ;\
343 $(verbose
) echo
"')" >> $@
347 # detect-metaxml layer_names
349 define detect-metaxml
350 $(shell for i in
$1; do \
351 if
[ -d
$(moddir
)/$$i -a
-d
$(local_moddir
)/$$i ]; then \
352 if
[ -f
$(local_moddir
)/$$i/$(metaxml
) ]; then \
353 echo
$(local_moddir
)/$$i/$(metaxml
) ;\
355 echo
$(moddir
)/$$i/$(metaxml
) ;\
357 elif
[ -d
$(local_moddir
)/$$i ]; then
358 echo
$(local_moddir
)/$$i/$(metaxml
) ;\
360 echo
$(moddir
)/$$i/$(metaxml
) ;\
365 define detect-metaxml
366 $(shell for i in
$1; do echo
$(moddir
)/$$i/$(metaxml
); done
)
370 ########################################
372 # Load appropriate rules
375 ifeq ($(MONOLITHIC
),y
)
376 include Rules.monolithic
378 include Rules.modular
381 ########################################
385 # NOTE: There is no "local" version of these files.
387 generate
: $(generated_te
) $(generated_if
) $(generated_fc
)
389 $(moddir
)/kernel
/corenetwork.if
: $(moddir
)/kernel
/corenetwork.te.in
$(moddir
)/kernel
/corenetwork.if.m4
$(moddir
)/kernel
/corenetwork.if.in
391 @echo
"# This is a generated file! Instead of modifying this file, the" >> $@
392 @echo
"# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
394 $(verbose
) cat
$@.in
>> $@
395 $(verbose
) $(GREP
) "^[[:blank:]]*network_(interface|node|port|packet)\(.*\)" $< \
396 |
$(M4
) -D self_contained_policy
$(M4PARAM
) $@.m4
- \
397 |
$(SED
) -e
's/dollarsone/\$$1/g' -e
's/dollarszero/\$$0/g' >> $@
399 $(moddir
)/kernel
/corenetwork.te
: $(moddir
)/kernel
/corenetwork.te.m4
$(moddir
)/kernel
/corenetwork.te.in
401 @echo
"# This is a generated file! Instead of modifying this file, the" >> $@
402 @echo
"# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
404 $(verbose
) $(M4
) -D self_contained_policy
$(M4PARAM
) $^ \
405 |
$(SED
) -e
's/dollarsone/\$$1/g' -e
's/dollarszero/\$$0/g' >> $@
407 ########################################
409 # Network packet labeling
411 $(net_contexts
): $(moddir
)/kernel
/corenetwork.te.in
412 @echo
"Creating netfilter network labeling rules"
413 $(verbose
) $(gennetfilter
) $^
> $@
415 ########################################
417 # Create config files
419 conf
: $(mod_conf
) $(booleans
) $(generated_te
) $(generated_if
) $(generated_fc
)
421 $(mod_conf
) $(booleans
): $(polxml
)
422 @echo
"Updating $(mod_conf) and $(booleans)"
423 $(verbose
) $(gendoc
) -b
$(booleans
) -m
$(mod_conf
) -x
$(polxml
)
425 ########################################
427 # Generate the fc_sort program
429 $(fcsort
) : $(support
)/fc_sort.c
430 $(verbose
) $(CC
) $(CFLAGS
) $^
-o
$@
432 ########################################
434 # Documentation generation
436 $(layerxml
): %.xml
: $(all_metaxml
) $(filter $(addprefix $(moddir
)/, $(notdir $*))%, $(detected_mods
)) $(subst .te
,.if
, $(filter $(addprefix $(moddir
)/, $(notdir $*))%, $(detected_mods
)))
437 @
test -d
$(tmpdir
) || mkdir
-p
$(tmpdir
)
438 $(verbose
) cat
$(filter %$(notdir $*)/$(metaxml
), $(all_metaxml
)) > $@
439 $(verbose
) for i in
$(basename $(filter $(addprefix $(moddir
)/, $(notdir $*))%, $(detected_mods
))); do
$(genxml
) -w
-m
$$i >> $@
; done
441 $(verbose
) for i in
$(basename $(filter $(addprefix $(local_moddir
)/, $(notdir $*))%, $(detected_mods
))); do
$(genxml
) -w
-m
$$i >> $@
; done
444 $(tunxml
): $(globaltun
)
445 $(verbose
) $(genxml
) -w
-t
$< > $@
447 $(boolxml
): $(globalbool
)
448 $(verbose
) $(genxml
) -w
-b
$< > $@
450 $(polxml
): $(layerxml
) $(tunxml
) $(boolxml
)
451 @echo
"Creating $(@F)"
452 @
test -d
$(dir $(polxml
)) || mkdir
-p
$(dir $(polxml
))
453 @
test -d
$(tmpdir
) || mkdir
-p
$(tmpdir
)
454 $(verbose
) echo
'<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
455 $(verbose
) echo
'<!DOCTYPE policy SYSTEM "$(notdir $(xmldtd))">' >> $@
456 $(verbose
) echo
'<policy>' >> $@
457 $(verbose
) for i in
$(basename $(notdir $(layerxml
))); do echo
"<layer name=\"$$i\">" >> $@
; cat
$(tmpdir
)/$$i.xml
>> $@
; echo
"</layer>" >> $@
; done
458 $(verbose
) cat
$(tunxml
) $(boolxml
) >> $@
459 $(verbose
) echo
'</policy>' >> $@
460 $(verbose
) if
test -x
$(XMLLINT
) && test -f
$(xmldtd
); then \
461 $(XMLLINT
) --noout
--path
$(dir $(xmldtd
)) --dtdvalid
$(xmldtd
) $@
;\
466 html
$(tmpdir
)/html
: $(polxml
)
467 @echo
"Building html interface reference documentation in $(htmldir)"
468 @
test -d
$(htmldir
) || mkdir
-p
$(htmldir
)
469 @
test -d
$(tmpdir
) || mkdir
-p
$(tmpdir
)
470 $(verbose
) $(gendoc
) -d
$(htmldir
) -T
$(doctemplate
) -x
$(polxml
)
471 $(verbose
) cp
$(doctemplate
)/*.css
$(htmldir
)
472 @touch
$(tmpdir
)/html
474 ########################################
476 # Runtime binary policy patching of users
478 $(userpath
)/system.users
: $(m4support
) $(tmpdir
)/generated_definitions.conf
$(user_files
)
480 @mkdir
-p
$(userpath
)
481 @echo
"Installing system.users"
482 @echo
"# " > $(tmpdir
)/system.users
483 @echo
"# Do not edit this file. " >> $(tmpdir
)/system.users
484 @echo
"# This file is replaced on reinstalls of this policy." >> $(tmpdir
)/system.users
485 @echo
"# Please edit local.users to make local changes." >> $(tmpdir
)/system.users
486 @echo
"#" >> $(tmpdir
)/system.users
487 $(verbose
) $(M4
) -D self_contained_policy
$(M4PARAM
) $^ |
$(SED
) -r
-e
's/^[[:blank:]]+//' \
488 -e
'/^[[:blank:]]*($$|#)/d' >> $(tmpdir
)/system.users
489 $(verbose
) $(INSTALL
) -m
644 $(tmpdir
)/system.users
$@
491 $(userpath
)/local.users
: config
/local.users
492 @mkdir
-p
$(userpath
)
493 @echo
"Installing local.users"
494 $(verbose
) $(INSTALL
) -b
-m
644 $< $@
496 ########################################
498 # Build Appconfig files
500 $(tmpdir
)/initrc_context
: $(appconf
)/initrc_context
502 $(verbose
) $(M4
) $(M4PARAM
) $(m4support
) $^ |
$(GREP
) '^[a-z]' > $@
504 ########################################
506 # Install Appconfig files
508 install-appconfig
: $(appfiles
)
510 $(installdir
)/booleans
: $(booleans
)
512 @mkdir
-p
$(installdir
)
513 $(verbose
) $(SED
) -r
-e
's/false/0/g' -e
's/true/1/g' \
514 -e
'/^[[:blank:]]*($$|#)/d' $(booleans
) |
$(SORT
) > $(tmpdir
)/booleans
515 $(verbose
) $(INSTALL
) -m
644 $(tmpdir
)/booleans
$@
517 $(contextpath
)/files
/media
: $(appconf
)/media
518 @mkdir
-p
$(contextpath
)/files
/
519 $(verbose
) $(INSTALL
) -m
644 $< $@
521 $(contextpath
)/users
/%: $(appconf
)/%_default_contexts
522 @mkdir
-p
$(appdir
)/users
523 $(verbose
) $(INSTALL
) -m
644 $^
$@
525 $(appdir
)/%: $(appconf
)/%
527 $(verbose
) $(INSTALL
) -m
644 $< $@
529 ########################################
531 # Install policy headers
533 install-headers
: $(layerxml
) $(tunxml
) $(boolxml
)
534 @mkdir
-p
$(headerdir
)
535 @echo
"Installing $(TYPE) policy headers."
536 $(verbose
) $(INSTALL
) -m
644 $^
$(headerdir
)
537 $(verbose
) $(M4
) $(M4PARAM
) $(rolemap
) > $(headerdir
)/$(notdir $(rolemap
))
538 $(verbose
) mkdir
-p
$(headerdir
)/support
539 $(verbose
) $(INSTALL
) -m
644 $(m4support
) $(word $(words $(genxml
)),$(genxml
)) $(xmldtd
) $(headerdir
)/support
540 $(verbose
) $(genperm
) $(avs
) $(secclass
) > $(headerdir
)/support
/all_perms.spt
541 $(verbose
) for i in
$(notdir $(all_layers
)); do \
542 mkdir
-p
$(headerdir
)/$$i ;\
543 $(INSTALL
) -m
644 $(moddir
)/$$i/*.if
$(headerdir
)/$$i ;\
545 $(verbose
) echo
"TYPE ?= $(TYPE)" > $(headerdir
)/build.conf
546 $(verbose
) echo
"NAME ?= $(NAME)" >> $(headerdir
)/build.conf
548 $(verbose
) echo
"DISTRO ?= $(DISTRO)" >> $(headerdir
)/build.conf
550 $(verbose
) echo
"MONOLITHIC ?= n" >> $(headerdir
)/build.conf
551 $(verbose
) echo
"DIRECT_INITRC ?= $(DIRECT_INITRC)" >> $(headerdir
)/build.conf
552 $(verbose
) echo
"override MLS_SENS := $(MLS_SENS)" >> $(headerdir
)/build.conf
553 $(verbose
) echo
"override MLS_CATS := $(MLS_CATS)" >> $(headerdir
)/build.conf
554 $(verbose
) echo
"override MCS_CATS := $(MCS_CATS)" >> $(headerdir
)/build.conf
555 $(verbose
) $(INSTALL
) -m
644 $(support
)/Makefile.devel
$(headerdir
)/Makefile
557 ########################################
559 # Install policy documentation
561 install-docs
: $(tmpdir
)/html
562 @mkdir
-p
$(docsdir
)/html
563 @echo
"Installing policy documentation"
564 $(verbose
) $(INSTALL
) -m
644 $(docfiles
) $(docsdir
)
565 $(verbose
) $(INSTALL
) -m
644 $(wildcard $(htmldir
)/*) $(docsdir
)/html
567 ########################################
569 # Install policy sources
572 rm -rf
$(srcpath
)/policy.old
573 -mv
$(srcpath
)/policy
$(srcpath
)/policy.old
574 mkdir
-p
$(srcpath
)/policy
575 cp
-R .
$(srcpath
)/policy
577 ########################################
583 @
($(CTAGS
) --version | grep
-q Exuberant
) ||
(echo ERROR
: Need exuberant-ctags to function
!; exit
1)
584 @LC_ALL
=C
$(CTAGS
) -f
$(tags) --langdef
=te
--langmap
=te
:..te.if.spt \
585 --regex-te
='/^type[ \t]+(\w+)(,|;)/\1/t,type/' \
586 --regex-te
='/^typealias[ \t]+\w+[ \t+]+alias[ \t]+(\w+);/\1/t,type/' \
587 --regex-te
='/^attribute[ \t]+(\w+);/\1/a,attribute/' \
588 --regex-te
='/^[ \t]*define\(`(\w+)/\1/d,define/' \
589 --regex-te
='/^[ \t]*interface\(`(\w+)/\1/i,interface/' \
590 --regex-te
='/^[ \t]*template\(`(\w+)/\1/i,template/' \
591 --regex-te
='/^[ \t]*bool[ \t]+(\w+)/\1/b,bool/' policy
/modules
/*/*.
{if
,te
} policy
/support
/*.spt
593 ########################################
595 # Filesystem labeling
598 @echo
"Checking labels on filesystem types: ext2 ext3 xfs jfs"
599 @if
test -z
"$(filesystems)"; then \
600 echo
"No filesystems with extended attributes found!" ;\
603 $(verbose
) $(SETFILES
) -v
-n
$(fcpath
) $(filesystems
)
606 @echo
"Restoring labels on filesystem types: ext2 ext3 xfs jfs"
607 @if
test -z
"$(filesystems)"; then \
608 echo
"No filesystems with extended attributes found!" ;\
611 $(verbose
) $(SETFILES
) -v
$(fcpath
) $(filesystems
)
614 @echo
"Relabeling filesystem types: ext2 ext3 xfs jfs"
615 @if
test -z
"$(filesystems)"; then \
616 echo
"No filesystems with extended attributes found!" ;\
619 $(verbose
) $(SETFILES
) $(fcpath
) $(filesystems
)
622 @echo
"Resetting labels on filesystem types: ext2 ext3 xfs jfs"
623 @if
test -z
"$(filesystems)"; then \
624 echo
"No filesystems with extended attributes found!" ;\
627 $(verbose
) $(SETFILES
) -F
$(fcpath
) $(filesystems
)
629 ########################################
643 # don't remove these files if we're given a local root
646 rm -f
$(support
)/*.pyc
647 ifneq ($(generated_te
),)
648 rm -f
$(generated_te
)
650 ifneq ($(generated_if
),)
651 rm -f
$(generated_if
)
653 ifneq ($(generated_fc
),)
654 rm -f
$(generated_fc
)
658 .PHONY
: install-src install-appconfig install-headers generate xml conf html bare
tags