FCPATH = $(CONTEXTPATH)/files/file_contexts
HOMEDIRPATH = $(CONTEXTPATH)/files/homedir_template
-# Monolithic still uses booleans file
-APPFILES += $(INSTALLDIR)/booleans
+FC := file_contexts
+POLVER := policy.$(PV)
-# for monolithic policy use all base and module to create policy
-ENABLEMOD := $(BASE_MODS) $(MOD_MODS)
+APPFILES += $(APPDIR)/customizable_types $(INSTALLDIR)/booleans
-ALL_MODULES := $(filter $(ENABLEMOD),$(DETECTED_MODS))
+# for monolithic policy use all base and module to create policy
+ALL_MODULES := $(strip $(BASE_MODS) $(MOD_MODS))
ALL_INTERFACES := $(ALL_MODULES:.te=.if)
ALL_TE_FILES := $(ALL_MODULES)
ALL_FC_FILES := $(ALL_MODULES:.te=.fc)
PRE_TE_FILES := $(SECCLASS) $(ISIDS) $(AVS) $(M4SUPPORT) $(POLDIR)/mls $(POLDIR)/mcs
-POST_TE_FILES := $(POLDIR)/systemuser $(POLDIR)/users $(POLDIR)/constraints
+POST_TE_FILES := $(USER_FILES) $(POLDIR)/constraints
POLICY_SECTIONS := tmp/pre_te_files.conf tmp/generated_definitions.conf tmp/all_interfaces.conf tmp/all_attrs_types.conf $(GLOBALBOOL) $(GLOBALTUN) tmp/only_te_rules.conf tmp/all_post.conf
+HOMEDIR_TEMPLATE = homedir_template
+
+# search layer dirs for source files
+vpath %.te $(ALL_LAYERS)
+vpath %.if $(ALL_LAYERS)
+vpath %.fc $(ALL_LAYERS)
+
########################################
#
# default action: build policy locally
#
# Load the binary policy
#
-reload tmp/load: $(LOADPATH) $(FCPATH)
+reload tmp/load: $(LOADPATH) $(FCPATH) $(APPFILES)
@echo "Loading $(NAME) $(LOADPATH)"
$(QUIET) $(LOADPOLICY) -q $(LOADPATH)
@touch tmp/load
#
# Construct file_contexts
#
-$(FC): $(M4SUPPORT) tmp/generated_definitions.conf $(ALL_FC_FILES) $(FCSORT)
+$(FC): tmp/$(FC).tmp $(FCSORT)
+ $(QUIET) $(FCSORT) $< $@
+ $(QUIET) grep -e HOME -e ROLE $@ > $(HOMEDIR_TEMPLATE)
+ $(QUIET) sed -i -e /HOME/d -e /ROLE/d $@
+
+tmp/$(FC).tmp: $(M4SUPPORT) tmp/generated_definitions.conf $(ALL_FC_FILES)
ifeq ($(ALL_FC_FILES),)
$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
endif
@echo "Creating $(NAME) file_contexts."
@test -d tmp || mkdir -p tmp
- $(QUIET) m4 $(M4PARAM) $(M4SUPPORT) tmp/generated_definitions.conf $(ALL_FC_FILES) > tmp/$@.tmp
- $(QUIET) grep -e HOME -e ROLE tmp/$@.tmp > $(HOMEDIR_TEMPLATE)
- $(QUIET) sed -i -e /HOME/d -e /ROLE/d tmp/$@.tmp
- $(QUIET) $(FCSORT) tmp/$@.tmp $@
+ $(QUIET) m4 $(M4PARAM) $^ > $@
########################################
#
#
FILESYSTEMS := `mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs| jfs).*rw/{print $$3}';`
-checklabels: $(FC) $(SETFILES)
+checklabels: $(FCPATH) $(SETFILES)
+ @echo "Checking labels on filesystem types: ext2 ext3 xfs jfs"
@if test -z "$(FILESYSTEMS)"; then \
echo "No filesystems with extended attributes found!" ;\
false ;\
fi
- $(QUIET) $(SETFILES) -v -n $(FC) $(FILESYSTEMS)
+ $(QUIET) $(SETFILES) -v -n $(FCPATH) $(FILESYSTEMS)
-restorelabels: $(FC) $(SETFILES)
+restorelabels: $(FCPATH) $(SETFILES)
+ @echo "Restoring labels on filesystem types: ext2 ext3 xfs jfs"
@if test -z "$(FILESYSTEMS)"; then \
echo "No filesystems with extended attributes found!" ;\
false ;\
fi
- $(QUIET) $(SETFILES) -v $(FC) $(FILESYSTEMS)
+ $(QUIET) $(SETFILES) -v $(FCPATH) $(FILESYSTEMS)
-relabel: $(FC) $(SETFILES)
+relabel: $(FCPATH) $(SETFILES)
+ @echo "Relabeling filesystem types: ext2 ext3 xfs jfs"
@if test -z "$(FILESYSTEMS)"; then \
echo "No filesystems with extended attributes found!" ;\
false ;\
fi
- $(QUIET) $(SETFILES) $(FC) $(FILESYSTEMS)
+ $(QUIET) $(SETFILES) $(FCPATH) $(FILESYSTEMS)
########################################
#
# Clean the sources
#
clean:
- rm -fR tmp
rm -f policy.conf
rm -f policy.$(PV)
rm -f $(FC)
+ rm -f $(HOMEDIR_TEMPLATE)
rm -f *.res
+ rm -fR tmp
.PHONY: default policy install load reload enableaudit checklabels restorelabels relabel check longcheck clean
projects / people / stevee / selinux-policy.git / blobdiff