]>
Commit | Line | Data |
---|---|---|
fb0a3a98 CP |
1 | ######################################## |
2 | # | |
c3812748 | 3 | # Rules and Targets for building modular policies |
fb0a3a98 CP |
4 | # |
5 | ||
e0a9001b | 6 | ALL_MODULES := $(BASE_MODS) $(MOD_MODS) $(OFF_MODS) |
fb0a3a98 CP |
7 | ALL_INTERFACES := $(ALL_MODULES:.te=.if) |
8 | ||
5b45ffb0 CP |
9 | BASE_PKG := $(BUILDDIR)base.pp |
10 | BASE_FC := $(BUILDDIR)base.fc | |
11 | BASE_CONF := $(BUILDDIR)base.conf | |
c9f20d5b | 12 | BASE_MOD := $(TMPDIR)/base.mod |
fb0a3a98 | 13 | |
90b331fa CP |
14 | USERS_EXTRA := $(TMPDIR)/users_extra |
15 | ||
3abd5ee8 | 16 | BASE_SECTIONS := $(TMPDIR)/pre_te_files.conf $(TMPDIR)/all_attrs_types.conf $(TMPDIR)/global_bools.conf $(TMPDIR)/only_te_rules.conf $(TMPDIR)/all_post.conf |
fb0a3a98 | 17 | |
a0824843 | 18 | BASE_PRE_TE_FILES := $(SECCLASS) $(ISIDS) $(AVS) $(M4SUPPORT) $(POLDIR)/mls $(POLDIR)/mcs |
fb0a3a98 | 19 | BASE_TE_FILES := $(BASE_MODS) |
2f33cd7d | 20 | BASE_POST_TE_FILES := $(USER_FILES) $(POLDIR)/constraints |
fb0a3a98 CP |
21 | BASE_FC_FILES := $(BASE_MODS:.te=.fc) |
22 | ||
23 | MOD_MODULES := $(MOD_MODS:.te=.mod) | |
5b45ffb0 | 24 | MOD_PKGS := $(addprefix $(BUILDDIR),$(notdir $(MOD_MODS:.te=.pp))) |
c04f2abe | 25 | |
c767b14c | 26 | # policy packages to install |
c9f20d5b | 27 | INSTPKG := $(addprefix $(MODPKGDIR)/,$(notdir $(BASE_PKG)) $(MOD_PKGS)) |
c767b14c | 28 | |
c04f2abe | 29 | # search layer dirs for source files |
e2680fb4 CP |
30 | vpath %.te $(ALL_LAYERS) |
31 | vpath %.if $(ALL_LAYERS) | |
32 | vpath %.fc $(ALL_LAYERS) | |
fb0a3a98 | 33 | |
4b01e21d CP |
34 | # broken in make 3.81: |
35 | #.SECONDARY: | |
e60b983b | 36 | |
fb0a3a98 CP |
37 | ######################################## |
38 | # | |
39 | # default action: create all module packages | |
40 | # | |
ddb9aafc | 41 | default: policy |
fb0a3a98 | 42 | |
ddb9aafc | 43 | all policy: base modules |
06a5362f | 44 | |
fb0a3a98 CP |
45 | base: $(BASE_PKG) |
46 | ||
47 | modules: $(MOD_PKGS) | |
48 | ||
c767b14c CP |
49 | install: $(INSTPKG) $(APPFILES) |
50 | ||
51 | ######################################## | |
52 | # | |
53 | # Load all configured modules | |
54 | # | |
55 | load: $(INSTPKG) $(APPFILES) | |
56 | @echo "Loading configured modules." | |
c9f20d5b | 57 | $(verbose) $(SEMODULE) -s $(NAME) -b $(MODPKGDIR)/$(notdir $(BASE_PKG)) $(foreach mod,$(MOD_PKGS),-i $(MODPKGDIR)/$(mod)) |
c767b14c CP |
58 | |
59 | ######################################## | |
60 | # | |
61 | # Install policy packages | |
62 | # | |
5b45ffb0 | 63 | $(MODPKGDIR)/%.pp: $(BUILDDIR)%.pp |
c767b14c | 64 | @mkdir -p $(MODPKGDIR) |
6b1c8ee3 | 65 | @echo "Installing $(NAME) $(@F) policy package." |
9b3756bf | 66 | $(verbose) install -m 0644 $^ $(MODPKGDIR) |
c767b14c CP |
67 | |
68 | ######################################## | |
69 | # | |
70 | # Build module packages | |
71 | # | |
c9f20d5b | 72 | $(TMPDIR)/%.mod: $(M4SUPPORT) $(TMPDIR)/generated_definitions.conf $(TMPDIR)/all_interfaces.conf %.te |
c767b14c | 73 | @echo "Compliling $(NAME) $(@F) module" |
c9f20d5b | 74 | @test -d $(TMPDIR) || mkdir -p $(TMPDIR) |
4ace0fa5 | 75 | $(call peruser-expansion,$(basename $(@F)),$@.role) |
3abd5ee8 | 76 | $(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp) |
9b3756bf | 77 | $(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@ |
c767b14c | 78 | |
c9f20d5b CP |
79 | $(TMPDIR)/%.mod.fc: $(M4SUPPORT) %.fc |
80 | @test -d $(TMPDIR) || mkdir -p $(TMPDIR) | |
3abd5ee8 | 81 | $(verbose) $(M4) $(M4PARAM) $(M4SUPPORT) $^ > $@ |
c767b14c | 82 | |
5b45ffb0 | 83 | $(BUILDDIR)%.pp: $(TMPDIR)/%.mod $(TMPDIR)/%.mod.fc |
c767b14c | 84 | @echo "Creating $(NAME) $(@F) policy package" |
c9f20d5b | 85 | @test -d $(BUILDDIR) || mkdir -p $(BUILDDIR) |
9b3756bf | 86 | $(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc |
fb0a3a98 CP |
87 | |
88 | ######################################## | |
89 | # | |
90 | # Create a base module package | |
91 | # | |
5a7c06fd | 92 | $(BASE_PKG): $(BASE_MOD) $(BASE_FC) $(USERS_EXTRA) $(SEUSERS) $(net_contexts) |
fb0a3a98 | 93 | @echo "Creating $(NAME) base module package" |
c9f20d5b | 94 | @test -d $(BUILDDIR) || mkdir -p $(BUILDDIR) |
5a7c06fd | 95 | $(verbose) $(SEMOD_PKG) -o $@ -m $(BASE_MOD) -f $(BASE_FC) -u $(USERS_EXTRA) -s $(SEUSERS) -n $(net_contexts) |
fb0a3a98 | 96 | |
c9f20d5b | 97 | $(BASE_MOD): $(BASE_CONF) |
fb0a3a98 | 98 | @echo "Compiling $(NAME) base module" |
9b3756bf | 99 | $(verbose) $(CHECKMODULE) $^ -o $@ |
fb0a3a98 | 100 | |
90b331fa CP |
101 | $(USERS_EXTRA): $(M4SUPPORT) $(USER_FILES) |
102 | @test -d $(TMPDIR) || mkdir -p $(TMPDIR) | |
103 | $(verbose) $(M4) $(M4PARAM) -D users_extra $^ | \ | |
104 | $(SED) -r -n -e 's/^[[:blank:]]*//g' -e '/^user/p' > $@ | |
105 | ||
fb0a3a98 CP |
106 | ######################################## |
107 | # | |
c767b14c | 108 | # Construct a base.conf |
fb0a3a98 | 109 | # |
c9f20d5b | 110 | $(BASE_CONF): $(BASE_SECTIONS) |
58b2a3c7 | 111 | @echo "Creating $(NAME) base module $(@F)" |
3abd5ee8 CP |
112 | @test -d $(@D) || mkdir -p $(@D) |
113 | $(verbose) cat $^ > $@ | |
fb0a3a98 | 114 | |
3abd5ee8 | 115 | $(TMPDIR)/pre_te_files.conf: M4PARAM += -D self_contained_policy |
c9f20d5b CP |
116 | $(TMPDIR)/pre_te_files.conf: $(BASE_PRE_TE_FILES) |
117 | @test -d $(TMPDIR) || mkdir -p $(TMPDIR) | |
3abd5ee8 | 118 | $(verbose) $(M4) $(M4PARAM) $^ > $@ |
fb0a3a98 | 119 | |
c9f20d5b CP |
120 | $(TMPDIR)/generated_definitions.conf: $(BASE_TE_FILES) |
121 | @test -d $(TMPDIR) || mkdir -p $(TMPDIR) | |
c04f2abe | 122 | # define all available object classes |
9b3756bf | 123 | $(verbose) $(GENPERM) $(AVS) $(SECCLASS) > $@ |
71fe0fa4 | 124 | # per-userdomain templates |
9b3756bf CP |
125 | $(verbose) echo "define(\`base_per_userdomain_template',\`" >> $@ |
126 | $(verbose) for i in $(patsubst %.te,%,$(BASE_MODS)); do \ | |
71fe0fa4 CP |
127 | echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$*'")')" \ |
128 | >> $@ ;\ | |
129 | done | |
9b3756bf | 130 | $(verbose) echo "')" >> $@ |
5b45ffb0 | 131 | $(verbose) test -f $(BOOLEANS) && $(SETBOOLS) $(BOOLEANS) >> $@ || true |
fb0a3a98 | 132 | |
3abd5ee8 CP |
133 | $(TMPDIR)/global_bools.conf: M4PARAM += -D self_contained_policy |
134 | $(TMPDIR)/global_bools.conf: $(M4SUPPORT) $(TMPDIR)/generated_definitions.conf $(GLOBALBOOL) $(GLOBALTUN) | |
135 | $(verbose) $(M4) $(M4PARAM) $^ > $@ | |
136 | ||
c9f20d5b | 137 | $(TMPDIR)/all_interfaces.conf: $(M4SUPPORT) $(ALL_INTERFACES) |
c9f20d5b | 138 | @test -d $(TMPDIR) || mkdir -p $(TMPDIR) |
5706facd | 139 | @echo "ifdef(\`__if_error',\`m4exit(1)')" > $(TMPDIR)/iferror.m4 |
3abd5ee8 | 140 | @echo "divert(-1)" > $@ |
5706facd CP |
141 | $(verbose) $(M4) $^ $(TMPDIR)/iferror.m4 >> $(TMPDIR)/$(@F).tmp |
142 | $(verbose) $(SED) -e s/dollarsstar/\$$\*/g $(TMPDIR)/$(@F).tmp >> $@ | |
3abd5ee8 CP |
143 | @echo "divert" >> $@ |
144 | ||
145 | $(TMPDIR)/rolemap.conf: M4PARAM += -D self_contained_policy | |
146 | $(TMPDIR)/rolemap.conf: $(ROLEMAP) | |
147 | $(call parse-rolemap,base,$@) | |
fb0a3a98 | 148 | |
3abd5ee8 CP |
149 | $(TMPDIR)/all_te_files.conf: M4PARAM += -D self_contained_policy |
150 | $(TMPDIR)/all_te_files.conf: $(M4SUPPORT) $(TMPDIR)/generated_definitions.conf $(TMPDIR)/all_interfaces.conf $(BASE_TE_FILES) $(TMPDIR)/rolemap.conf | |
c72f53f6 | 151 | ifeq "$(strip $(BASE_TE_FILES))" "" |
fb0a3a98 CP |
152 | $(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf") |
153 | endif | |
c9f20d5b | 154 | @test -d $(TMPDIR) || mkdir -p $(TMPDIR) |
3abd5ee8 | 155 | $(verbose) $(M4) $(M4PARAM) -s $^ > $@ |
fb0a3a98 | 156 | |
3abd5ee8 CP |
157 | $(TMPDIR)/post_te_files.conf: M4PARAM += -D self_contained_policy |
158 | $(TMPDIR)/post_te_files.conf: $(M4SUPPORT) $(BASE_POST_TE_FILES) | |
c9f20d5b | 159 | @test -d $(TMPDIR) || mkdir -p $(TMPDIR) |
3abd5ee8 | 160 | $(verbose) $(M4) $(M4PARAM) $^ > $@ |
fb0a3a98 CP |
161 | |
162 | # extract attributes and put them first. extract post te stuff | |
3abd5ee8 | 163 | # like genfscon and put last. |
c9f20d5b | 164 | $(TMPDIR)/all_attrs_types.conf $(TMPDIR)/only_te_rules.conf $(TMPDIR)/all_post.conf: $(TMPDIR)/all_te_files.conf $(TMPDIR)/post_te_files.conf |
f62f4c79 | 165 | $(verbose) $(get_type_attr_decl) $(TMPDIR)/all_te_files.conf | $(SORT) > $(TMPDIR)/all_attrs_types.conf |
c9f20d5b | 166 | $(verbose) cat $(TMPDIR)/post_te_files.conf > $(TMPDIR)/all_post.conf |
3abd5ee8 CP |
167 | # these have to run individually because order matters: |
168 | $(verbose) $(GREP) '^sid ' $(TMPDIR)/all_te_files.conf >> $(TMPDIR)/all_post.conf || true | |
169 | $(verbose) $(GREP) '^fs_use_(xattr|task|trans)' $(TMPDIR)/all_te_files.conf >> $(TMPDIR)/all_post.conf || true | |
170 | $(verbose) $(GREP) ^genfscon $(TMPDIR)/all_te_files.conf >> $(TMPDIR)/all_post.conf || true | |
171 | $(verbose) $(GREP) ^portcon $(TMPDIR)/all_te_files.conf >> $(TMPDIR)/all_post.conf || true | |
172 | $(verbose) $(GREP) ^netifcon $(TMPDIR)/all_te_files.conf >> $(TMPDIR)/all_post.conf || true | |
173 | $(verbose) $(GREP) ^nodecon $(TMPDIR)/all_te_files.conf >> $(TMPDIR)/all_post.conf || true | |
174 | $(verbose) $(comment_move_decl) $(TMPDIR)/all_te_files.conf > $(TMPDIR)/only_te_rules.conf | |
fb0a3a98 CP |
175 | |
176 | ######################################## | |
177 | # | |
c767b14c | 178 | # Construct a base.fc |
fb0a3a98 | 179 | # |
c9f20d5b | 180 | $(BASE_FC): $(TMPDIR)/$(notdir $(BASE_FC)).tmp $(FCSORT) |
9b3756bf | 181 | $(verbose) $(FCSORT) $< $@ |
c767b14c | 182 | |
c9f20d5b | 183 | $(TMPDIR)/$(notdir $(BASE_FC)).tmp: $(M4SUPPORT) $(TMPDIR)/generated_definitions.conf $(BASE_FC_FILES) |
fb0a3a98 CP |
184 | ifeq ($(BASE_FC_FILES),) |
185 | $(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf") | |
186 | endif | |
187 | @echo "Creating $(NAME) base module file contexts." | |
c9f20d5b | 188 | @test -d $(TMPDIR) || mkdir -p $(TMPDIR) |
3abd5ee8 | 189 | $(verbose) $(M4) $(M4PARAM) $^ > $@ |
fb0a3a98 | 190 | |
bf080a46 CP |
191 | ######################################## |
192 | # | |
193 | # Remove the dontaudit rules from the base.conf | |
194 | # | |
c9f20d5b CP |
195 | enableaudit: $(BASE_CONF) |
196 | @test -d $(TMPDIR) || mkdir -p $(TMPDIR) | |
58b2a3c7 | 197 | @echo "Removing dontaudit rules from $(^F)" |
3abd5ee8 | 198 | $(verbose) $(GREP) -v dontaudit $(BASE_CONF) > $(TMPDIR)/base.audit |
c9f20d5b | 199 | $(verbose) mv $(TMPDIR)/base.audit $(BASE_CONF) |
bf080a46 | 200 | |
049e11af CP |
201 | ######################################## |
202 | # | |
203 | # Appconfig files | |
204 | # | |
c9f20d5b | 205 | $(APPDIR)/customizable_types: $(BASE_CONF) |
049e11af | 206 | @mkdir -p $(APPDIR) |
85a0f967 | 207 | $(verbose) $(GREP) '^[[:blank:]]*type .*customizable' $< | cut -d';' -f1 | cut -d',' -f1 | cut -d' ' -f2 | $(SORT) -u > $(TMPDIR)/customizable_types |
c9f20d5b | 208 | $(verbose) install -m 644 $(TMPDIR)/customizable_types $@ |
049e11af | 209 | |
ea5333d1 CP |
210 | ######################################## |
211 | # | |
212 | # Validate linking and expanding of modules | |
213 | # | |
214 | validate: $(BASE_PKG) $(MOD_PKGS) | |
215 | @echo "Validating policy linking." | |
216 | $(verbose) $(SEMOD_LNK) -o $(TMPDIR)/test.lnk $^ | |
217 | $(verbose) $(SEMOD_EXP) $(TMPDIR)/test.lnk $(TMPDIR)/policy.bin | |
218 | @echo "Success." | |
219 | ||
fb0a3a98 CP |
220 | ######################################## |
221 | # | |
222 | # Clean the sources | |
223 | # | |
224 | clean: | |
c9f20d5b | 225 | rm -f $(BASE_CONF) |
712566ee | 226 | rm -f $(BASE_FC) |
5b45ffb0 | 227 | rm -f $(BUILDDIR)*.pp |
6962bb32 | 228 | rm -f $(net_contexts) |
c9f20d5b | 229 | rm -fR $(TMPDIR) |
fb0a3a98 | 230 | |
ea5333d1 | 231 | .PHONY: default all policy base modules install load clean validate |