FCPATH = $(CONTEXTPATH)/files/file_contexts
HOMEDIRPATH = $(CONTEXTPATH)/files/homedir_template
+# Monolithic still uses booleans file
+APPFILES += $(INSTALLDIR)/booleans
+
# for monolithic policy use all base and module to create policy
ENABLEMOD := $(BASE_MODS) $(MOD_MODS)
ALL_TE_FILES := $(ALL_MODULES)
ALL_FC_FILES := $(ALL_MODULES:.te=.fc)
-PRE_TE_FILES := $(addprefix $(FLASKDIR)/,security_classes initial_sids access_vectors) $(M4SUPPORT) $(POLDIR)/mls
-POST_TE_FILES := $(POLDIR)/users $(POLDIR)/constraints
-
-POLICY_SECTIONS := tmp/pre_te_files.conf tmp/generated_definitions.conf tmp/all_interfaces.conf tmp/all_attrs_types.conf $(GLOBALTUN) tmp/only_te_rules.conf tmp/all_post.conf
+PRE_TE_FILES := $(SECCLASS) $(ISIDS) $(AVS) $(M4SUPPORT) $(POLDIR)/mls $(POLDIR)/mcs
+POST_TE_FILES := $(POLDIR)/systemuser $(POLDIR)/users $(POLDIR)/constraints
-HOMEDIR_TEMPLATE = tmp/homedir_template
+POLICY_SECTIONS := tmp/pre_te_files.conf tmp/generated_definitions.conf tmp/all_interfaces.conf tmp/all_attrs_types.conf $(GLOBALBOOL) $(GLOBALTUN) tmp/only_te_rules.conf tmp/all_post.conf
########################################
#
policy.conf: $(POLICY_SECTIONS)
@echo "Creating $(NAME) policy.conf"
# checkpolicy can use the #line directives provided by -s for error reporting:
- $(QUIET) m4 -D monolithic_policy $(M4PARAM) -s $^ > tmp/$@.tmp
+ $(QUIET) m4 -D self_contained_policy $(M4PARAM) -s $^ > tmp/$@.tmp
$(QUIET) sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d < tmp/$@.tmp > $@
# the ordering of these ocontexts matters:
$(QUIET) grep ^portcon tmp/$@.tmp >> $@ || true
@test -d tmp || mkdir -p tmp
$(QUIET) echo "define(\`per_userdomain_templates',\`" > $@
$(QUIET) for i in $(patsubst %.te,%,$(notdir $(ALL_MODULES))); do \
- echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$1'")')" \
+ echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$*'")')" \
>> $@ ;\
done
$(QUIET) echo "')" >> $@
$(QUIET) for i in $(notdir $(ALL_MODULES)); do \
echo "define(\`$$i')" >> $@ ;\
done
- $(QUIET) $(SETTUN) $(TUNABLES) >> $@
+ $(QUIET) $(SETTUN) $(BOOLEANS) >> $@
tmp/all_interfaces.conf: $(M4SUPPORT) $(ALL_INTERFACES)
ifeq ($(ALL_INTERFACES),)
fi
$(QUIET) $(SETFILES) $(FC) $(FILESYSTEMS)
+########################################
+#
+# Run policy source checks
+#
+check: policy.conf $(FC)
+ $(SECHECK) -s --profile=development --policy=policy.conf --fcfile=$(FC) > $@.res
+
+longcheck: policy.conf $(FC)
+ $(SECHECK) -s --profile=all --policy=policy.conf --fcfile=$(FC) > $@.res
+
########################################
#
# Clean the sources
rm -f policy.conf
rm -f policy.$(PV)
rm -f $(FC)
+ rm -f *.res
-.PHONY: default policy install load reload enableaudit checklabels restorelabels relabel clean
+.PHONY: default policy install load reload enableaudit checklabels restorelabels relabel check longcheck clean