[people/stevee/selinux-policy.git] / Rules.modular

########################################
#
# Rules and Targets for building modular policies
#

all_modules := $(base_mods) $(mod_mods) $(off_mods)
all_interfaces := $(all_modules:.te=.if)

base_pkg := $(builddir)base.pp
base_fc := $(builddir)base.fc
base_conf := $(builddir)base.conf
base_mod := $(tmpdir)/base.mod

users_extra := $(tmpdir)/users_extra

base_sections := $(tmpdir)/pre_te_files.conf $(tmpdir)/all_attrs_types.conf $(tmpdir)/global_bools.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf

base_pre_te_files := $(secclass) $(isids) $(avs) $(m4support) $(poldir)/mls $(poldir)/mcs
base_te_files := $(base_mods)
base_post_te_files := $(user_files) $(poldir)/constraints
base_fc_files := $(base_mods:.te=.fc)

mod_pkgs := $(addprefix $(builddir),$(notdir $(mod_mods:.te=.pp)))

# policy packages to install
instpkg := $(addprefix $(modpkgdir)/,$(notdir $(base_pkg)) $(mod_pkgs))

# search layer dirs for source files
vpath %.te $(all_layers)
vpath %.if $(all_layers)
vpath %.fc $(all_layers)

# broken in make 3.81:
#.SECONDARY:

########################################
#
# default action: create all module packages
#
default: policy

all policy: base modules

base: $(base_pkg)

modules: $(mod_pkgs)

install: $(instpkg) $(appfiles)

########################################
#
# Load all configured modules
#
load: $(instpkg) $(appfiles)
# make sure two directories exist since they are not
# created by semanage
	@mkdir -p $(policypath) $(dir $(fcpath))
	@echo "Loading configured modules."
	$(verbose) $(SEMODULE) -s $(NAME) -b $(modpkgdir)/$(notdir $(base_pkg)) $(foreach mod,$(mod_pkgs),-i $(modpkgdir)/$(mod))

########################################
#
# Install policy packages
#
$(modpkgdir)/%.pp: $(builddir)%.pp
	@mkdir -p $(modpkgdir)
	@echo "Installing $(NAME) $(@F) policy package."
	$(verbose) $(INSTALL) -m 0644 $^ $(modpkgdir)

########################################
#
# Build module packages
#
$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
	@echo "Compliling $(NAME) $(@F) module"
	@test -d $(tmpdir) || mkdir -p $(tmpdir)
	$(call perrole-expansion,$(basename $(@F)),$@.role)
	$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
	$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@

$(tmpdir)/%.mod.fc: $(m4support) %.fc
	@test -d $(tmpdir) || mkdir -p $(tmpdir)
	$(verbose) $(M4) $(M4PARAM) $(m4support) $^ > $@

$(builddir)%.pp: $(tmpdir)/%.mod $(tmpdir)/%.mod.fc
	@echo "Creating $(NAME) $(@F) policy package"
	@test -d $(builddir) || mkdir -p $(builddir)
	$(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc

########################################
#
# Create a base module package
#
$(base_pkg): $(base_mod) $(base_fc) $(users_extra) $(tmpdir)/seusers $(net_contexts)
	@echo "Creating $(NAME) base module package"
	@test -d $(builddir) || mkdir -p $(builddir)
	$(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(tmpdir)/seusers -n $(net_contexts)

$(base_mod): $(base_conf)
	@echo "Compiling $(NAME) base module"
	$(verbose) $(CHECKMODULE) $^ -o $@

$(tmpdir)/seusers: $(seusers)
	@mkdir -p $(tmpdir)
	$(verbose) $(M4) $(M4PARAM) $(m4support) $^ | $(GREP) '^[a-z_]' > $@

$(users_extra): $(m4support) $(user_files)
	@test -d $(tmpdir) || mkdir -p $(tmpdir)
	$(verbose) $(M4) $(M4PARAM) -D users_extra $^ | \
		$(SED) -r -n -e 's/^[[:blank:]]*//g' -e '/^user/p' > $@

########################################
#
# Construct a base.conf
#
$(base_conf): $(base_sections)
	@echo "Creating $(NAME) base module $(@F)"
	@test -d $(@D) || mkdir -p $(@D)
	$(verbose) cat $^ > $@

$(tmpdir)/pre_te_files.conf: M4PARAM += -D self_contained_policy
$(tmpdir)/pre_te_files.conf: $(base_pre_te_files)
	@test -d $(tmpdir) || mkdir -p $(tmpdir)
	$(verbose) $(M4) $(M4PARAM) $^ > $@

$(tmpdir)/generated_definitions.conf: $(base_te_files)
	@test -d $(tmpdir) || mkdir -p $(tmpdir)
# define all available object classes
	$(verbose) $(genperm) $(avs) $(secclass) > $@
	$(verbose) $(call create-base-per-role-tmpl,$(patsubst %.te,%,$(base_mods)),$@)
	$(verbose) test -f $(booleans) && $(setbools) $(booleans) >> $@ || true

$(tmpdir)/global_bools.conf: M4PARAM += -D self_contained_policy
$(tmpdir)/global_bools.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(globalbool) $(globaltun)
	$(verbose) $(M4) $(M4PARAM) $^ > $@

$(tmpdir)/all_interfaces.conf: $(m4support) $(all_interfaces)
	@test -d $(tmpdir) || mkdir -p $(tmpdir)
	@echo "ifdef(\`__if_error',\`m4exit(1)')" > $(tmpdir)/iferror.m4
	@echo "divert(-1)" > $@
	$(verbose) $(M4) $^ $(tmpdir)/iferror.m4 >> $(tmpdir)/$(@F).tmp
	$(verbose) $(SED) -e s/dollarsstar/\$$\*/g $(tmpdir)/$(@F).tmp >> $@
	@echo "divert" >> $@

$(tmpdir)/rolemap.conf: M4PARAM += -D self_contained_policy
$(tmpdir)/rolemap.conf: $(rolemap)
	$(call parse-rolemap,base,$@)

$(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
ifeq "$(strip $(base_te_files))" ""
	$(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf")
endif
	@test -d $(tmpdir) || mkdir -p $(tmpdir)
	$(verbose) $(M4) $(M4PARAM) -s $^ > $@

$(tmpdir)/post_te_files.conf: M4PARAM += -D self_contained_policy
$(tmpdir)/post_te_files.conf: $(m4support) $(base_post_te_files)
	@test -d $(tmpdir) || mkdir -p $(tmpdir)
	$(verbose) $(M4) $(M4PARAM) $^ > $@

# extract attributes and put them first. extract post te stuff
# like genfscon and put last.
$(tmpdir)/all_attrs_types.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf: $(tmpdir)/all_te_files.conf $(tmpdir)/post_te_files.conf
	$(verbose) $(get_type_attr_decl) $(tmpdir)/all_te_files.conf | $(SORT) > $(tmpdir)/all_attrs_types.conf
	$(verbose) cat $(tmpdir)/post_te_files.conf > $(tmpdir)/all_post.conf
# these have to run individually because order matters:
	$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
	$(verbose) $(GREP) '^fs_use_(xattr|task|trans)' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
	$(verbose) $(GREP) ^genfscon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
	$(verbose) $(GREP) ^portcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
	$(verbose) $(GREP) ^netifcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
	$(verbose) $(GREP) ^nodecon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
	$(verbose) $(comment_move_decl) $(tmpdir)/all_te_files.conf > $(tmpdir)/only_te_rules.conf

########################################
#
# Construct a base.fc
#
$(base_fc): $(tmpdir)/$(notdir $(base_fc)).tmp $(fcsort)
	$(verbose) $(fcsort) $< $@

$(tmpdir)/$(notdir $(base_fc)).tmp: $(m4support) $(tmpdir)/generated_definitions.conf $(base_fc_files)
ifeq ($(base_fc_files),)
	$(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf")
endif
	@echo "Creating $(NAME) base module file contexts."
	@test -d $(tmpdir) || mkdir -p $(tmpdir)
	$(verbose) $(M4) $(M4PARAM) $^ > $@

########################################
#
# Remove the dontaudit rules from the base.conf
#
enableaudit: $(base_conf)
	@test -d $(tmpdir) || mkdir -p $(tmpdir)
	@echo "Removing dontaudit rules from $(^F)"
	$(verbose) $(GREP) -v dontaudit $(base_conf) > $(tmpdir)/base.audit
	$(verbose) mv $(tmpdir)/base.audit $(base_conf)

########################################
#
# Appconfig files
#
$(appdir)/customizable_types: $(base_conf)
	@mkdir -p $(appdir)
	$(verbose) $(GREP) '^[[:blank:]]*type .*customizable' $< | cut -d';' -f1 | cut -d',' -f1 | cut -d' ' -f2 | $(SORT) -u > $(tmpdir)/customizable_types
	$(verbose) $(INSTALL) -m 644 $(tmpdir)/customizable_types $@ 

########################################
#
# Validate linking and expanding of modules
#
validate: $(base_pkg) $(mod_pkgs)
	@echo "Validating policy linking."
	$(verbose) $(SEMOD_LNK) -o $(tmpdir)/test.lnk $^
	$(verbose) $(SEMOD_EXP) $(tmpdir)/test.lnk $(tmpdir)/policy.bin
	@echo "Success."

########################################
#
# Clean the sources
#
clean:
	rm -f $(base_conf)
	rm -f $(base_fc)
	rm -f $(builddir)*.pp
	rm -f $(net_contexts)
	rm -fR $(tmpdir)

.PHONY: default all policy base modules install load clean validate
Commit	Line	Data
fb0a3a98 CP	1	########################################
fb0a3a98 CP	2	#
c3812748	3	# Rules and Targets for building modular policies
fb0a3a98 CP	4	#
fb0a3a98 CP	5
c634db20 CP	6	all_modules := $(base_mods) $(mod_mods) $(off_mods)
c634db20 CP	7	all_interfaces := $(all_modules:.te=.if)
fb0a3a98	8
c634db20 CP	9	base_pkg := $(builddir)base.pp
	10	base_fc := $(builddir)base.fc
	11	base_conf := $(builddir)base.conf
	12	base_mod := $(tmpdir)/base.mod
fb0a3a98	13
c634db20	14	users_extra := $(tmpdir)/users_extra
90b331fa	15
c634db20	16	base_sections := $(tmpdir)/pre_te_files.conf $(tmpdir)/all_attrs_types.conf $(tmpdir)/global_bools.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf
fb0a3a98	17
c634db20 CP	18	base_pre_te_files := $(secclass) $(isids) $(avs) $(m4support) $(poldir)/mls $(poldir)/mcs
	19	base_te_files := $(base_mods)
	20	base_post_te_files := $(user_files) $(poldir)/constraints
	21	base_fc_files := $(base_mods:.te=.fc)
fb0a3a98	22
c634db20	23	mod_pkgs := $(addprefix $(builddir),$(notdir $(mod_mods:.te=.pp)))
c04f2abe	24
c767b14c	25	# policy packages to install
c634db20	26	instpkg := $(addprefix $(modpkgdir)/,$(notdir $(base_pkg)) $(mod_pkgs))
c767b14c	27
c04f2abe	28	# search layer dirs for source files
c634db20 CP	29	vpath %.te $(all_layers)
	30	vpath %.if $(all_layers)
	31	vpath %.fc $(all_layers)
fb0a3a98	32
4b01e21d CP	33	# broken in make 3.81:
4b01e21d CP	34	#.SECONDARY:
e60b983b	35
fb0a3a98 CP	36	########################################
	37	#
	38	# default action: create all module packages
	39	#
ddb9aafc	40	default: policy
fb0a3a98	41
ddb9aafc	42	all policy: base modules
06a5362f	43
c634db20	44	base: $(base_pkg)
fb0a3a98	45
c634db20	46	modules: $(mod_pkgs)
fb0a3a98	47
c634db20	48	install: $(instpkg) $(appfiles)
c767b14c CP	49
	50	########################################
	51	#
	52	# Load all configured modules
	53	#
c634db20	54	load: $(instpkg) $(appfiles)
21283237 CP	55	# make sure two directories exist since they are not
	56	# created by semanage
	57	@mkdir -p $(policypath) $(dir $(fcpath))
c767b14c	58	@echo "Loading configured modules."
c634db20	59	$(verbose) $(SEMODULE) -s $(NAME) -b $(modpkgdir)/$(notdir $(base_pkg)) $(foreach mod,$(mod_pkgs),-i $(modpkgdir)/$(mod))
c767b14c CP	60
	61	########################################
	62	#
	63	# Install policy packages
	64	#
c634db20 CP	65	$(modpkgdir)/%.pp: $(builddir)%.pp
c634db20 CP	66	@mkdir -p $(modpkgdir)
6b1c8ee3	67	@echo "Installing $(NAME) $(@F) policy package."
c634db20	68	$(verbose) $(INSTALL) -m 0644 $^ $(modpkgdir)
c767b14c CP	69
	70	########################################
	71	#
	72	# Build module packages
	73	#
c634db20	74	$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
c767b14c	75	@echo "Compliling $(NAME) $(@F) module"
c634db20	76	@test -d $(tmpdir) \|\| mkdir -p $(tmpdir)
bbcd3c97	77	$(call perrole-expansion,$(basename $(@F)),$@.role)
3abd5ee8	78	$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
9b3756bf	79	$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
c767b14c	80
c634db20 CP	81	$(tmpdir)/%.mod.fc: $(m4support) %.fc
	82	@test -d $(tmpdir) \|\| mkdir -p $(tmpdir)
	83	$(verbose) $(M4) $(M4PARAM) $(m4support) $^ > $@
c767b14c	84
c634db20	85	$(builddir)%.pp: $(tmpdir)/%.mod $(tmpdir)/%.mod.fc
c767b14c	86	@echo "Creating $(NAME) $(@F) policy package"
c634db20	87	@test -d $(builddir) \|\| mkdir -p $(builddir)
9b3756bf	88	$(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
fb0a3a98 CP	89
	90	########################################
	91	#
	92	# Create a base module package
	93	#
e070dd2d	94	$(base_pkg): $(base_mod) $(base_fc) $(users_extra) $(tmpdir)/seusers $(net_contexts)
fb0a3a98	95	@echo "Creating $(NAME) base module package"
c634db20	96	@test -d $(builddir) \|\| mkdir -p $(builddir)
e070dd2d	97	$(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(tmpdir)/seusers -n $(net_contexts)
fb0a3a98	98
c634db20	99	$(base_mod): $(base_conf)
fb0a3a98	100	@echo "Compiling $(NAME) base module"
9b3756bf	101	$(verbose) $(CHECKMODULE) $^ -o $@
fb0a3a98	102
e070dd2d CP	103	$(tmpdir)/seusers: $(seusers)
	104	@mkdir -p $(tmpdir)
	105	$(verbose) $(M4) $(M4PARAM) $(m4support) $^ \| $(GREP) '^[a-z_]' > $@
	106
c634db20 CP	107	$(users_extra): $(m4support) $(user_files)
c634db20 CP	108	@test -d $(tmpdir) \|\| mkdir -p $(tmpdir)
90b331fa CP	109	$(verbose) $(M4) $(M4PARAM) -D users_extra $^ \| \
	110	$(SED) -r -n -e 's/^[[:blank:]]*//g' -e '/^user/p' > $@
	111
fb0a3a98 CP	112	########################################
fb0a3a98 CP	113	#
c767b14c	114	# Construct a base.conf
fb0a3a98	115	#
c634db20	116	$(base_conf): $(base_sections)
58b2a3c7	117	@echo "Creating $(NAME) base module $(@F)"
3abd5ee8 CP	118	@test -d $(@D) \|\| mkdir -p $(@D)
3abd5ee8 CP	119	$(verbose) cat $^ > $@
fb0a3a98	120
c634db20 CP	121	$(tmpdir)/pre_te_files.conf: M4PARAM += -D self_contained_policy
	122	$(tmpdir)/pre_te_files.conf: $(base_pre_te_files)
	123	@test -d $(tmpdir) \|\| mkdir -p $(tmpdir)
3abd5ee8	124	$(verbose) $(M4) $(M4PARAM) $^ > $@
fb0a3a98	125
c634db20 CP	126	$(tmpdir)/generated_definitions.conf: $(base_te_files)
c634db20 CP	127	@test -d $(tmpdir) \|\| mkdir -p $(tmpdir)
c04f2abe	128	# define all available object classes
c634db20	129	$(verbose) $(genperm) $(avs) $(secclass) > $@
bbcd3c97	130	$(verbose) $(call create-base-per-role-tmpl,$(patsubst %.te,%,$(base_mods)),$@)
c634db20	131	$(verbose) test -f $(booleans) && $(setbools) $(booleans) >> $@ \|\| true
fb0a3a98	132
c634db20 CP	133	$(tmpdir)/global_bools.conf: M4PARAM += -D self_contained_policy
c634db20 CP	134	$(tmpdir)/global_bools.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(globalbool) $(globaltun)
3abd5ee8 CP	135	$(verbose) $(M4) $(M4PARAM) $^ > $@
3abd5ee8 CP	136
c634db20 CP	137	$(tmpdir)/all_interfaces.conf: $(m4support) $(all_interfaces)
	138	@test -d $(tmpdir) \|\| mkdir -p $(tmpdir)
	139	@echo "ifdef(\`__if_error',\`m4exit(1)')" > $(tmpdir)/iferror.m4
3abd5ee8	140	@echo "divert(-1)" > $@
c634db20 CP	141	$(verbose) $(M4) $^ $(tmpdir)/iferror.m4 >> $(tmpdir)/$(@F).tmp
c634db20 CP	142	$(verbose) $(SED) -e s/dollarsstar/\$$\*/g $(tmpdir)/$(@F).tmp >> $@
3abd5ee8 CP	143	@echo "divert" >> $@
3abd5ee8 CP	144
c634db20 CP	145	$(tmpdir)/rolemap.conf: M4PARAM += -D self_contained_policy
c634db20 CP	146	$(tmpdir)/rolemap.conf: $(rolemap)
3abd5ee8	147	$(call parse-rolemap,base,$@)
fb0a3a98	148
c634db20 CP	149	$(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
	150	$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
	151	ifeq "$(strip $(base_te_files))" ""
	152	$(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf")
fb0a3a98	153	endif
c634db20	154	@test -d $(tmpdir) \|\| mkdir -p $(tmpdir)
3abd5ee8	155	$(verbose) $(M4) $(M4PARAM) -s $^ > $@
fb0a3a98	156
c634db20 CP	157	$(tmpdir)/post_te_files.conf: M4PARAM += -D self_contained_policy
	158	$(tmpdir)/post_te_files.conf: $(m4support) $(base_post_te_files)
	159	@test -d $(tmpdir) \|\| mkdir -p $(tmpdir)
3abd5ee8	160	$(verbose) $(M4) $(M4PARAM) $^ > $@
fb0a3a98 CP	161
fb0a3a98 CP	162	# extract attributes and put them first. extract post te stuff
3abd5ee8	163	# like genfscon and put last.
c634db20 CP	164	$(tmpdir)/all_attrs_types.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf: $(tmpdir)/all_te_files.conf $(tmpdir)/post_te_files.conf
	165	$(verbose) $(get_type_attr_decl) $(tmpdir)/all_te_files.conf \| $(SORT) > $(tmpdir)/all_attrs_types.conf
	166	$(verbose) cat $(tmpdir)/post_te_files.conf > $(tmpdir)/all_post.conf
3abd5ee8	167	# these have to run individually because order matters:
c634db20 CP	168	$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf \|\| true
	169	$(verbose) $(GREP) '^fs_use_(xattr\|task\|trans)' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf \|\| true
	170	$(verbose) $(GREP) ^genfscon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf \|\| true
	171	$(verbose) $(GREP) ^portcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf \|\| true
	172	$(verbose) $(GREP) ^netifcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf \|\| true
	173	$(verbose) $(GREP) ^nodecon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf \|\| true
	174	$(verbose) $(comment_move_decl) $(tmpdir)/all_te_files.conf > $(tmpdir)/only_te_rules.conf
fb0a3a98 CP	175
	176	########################################
	177	#
c767b14c	178	# Construct a base.fc
fb0a3a98	179	#
c634db20 CP	180	$(base_fc): $(tmpdir)/$(notdir $(base_fc)).tmp $(fcsort)
c634db20 CP	181	$(verbose) $(fcsort) $< $@
c767b14c	182
c634db20 CP	183	$(tmpdir)/$(notdir $(base_fc)).tmp: $(m4support) $(tmpdir)/generated_definitions.conf $(base_fc_files)
	184	ifeq ($(base_fc_files),)
	185	$(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf")
fb0a3a98 CP	186	endif
fb0a3a98 CP	187	@echo "Creating $(NAME) base module file contexts."
c634db20	188	@test -d $(tmpdir) \|\| mkdir -p $(tmpdir)
3abd5ee8	189	$(verbose) $(M4) $(M4PARAM) $^ > $@
fb0a3a98	190
bf080a46 CP	191	########################################
	192	#
	193	# Remove the dontaudit rules from the base.conf
	194	#
c634db20 CP	195	enableaudit: $(base_conf)
c634db20 CP	196	@test -d $(tmpdir) \|\| mkdir -p $(tmpdir)
58b2a3c7	197	@echo "Removing dontaudit rules from $(^F)"
c634db20 CP	198	$(verbose) $(GREP) -v dontaudit $(base_conf) > $(tmpdir)/base.audit
c634db20 CP	199	$(verbose) mv $(tmpdir)/base.audit $(base_conf)
bf080a46	200
049e11af CP	201	########################################
	202	#
	203	# Appconfig files
	204	#
c634db20 CP	205	$(appdir)/customizable_types: $(base_conf)
	206	@mkdir -p $(appdir)
	207	$(verbose) $(GREP) '^[[:blank:]]type .customizable' $< \| cut -d';' -f1 \| cut -d',' -f1 \| cut -d' ' -f2 \| $(SORT) -u > $(tmpdir)/customizable_types
	208	$(verbose) $(INSTALL) -m 644 $(tmpdir)/customizable_types $@
049e11af	209
ea5333d1 CP	210	########################################
	211	#
	212	# Validate linking and expanding of modules
	213	#
c634db20	214	validate: $(base_pkg) $(mod_pkgs)
ea5333d1	215	@echo "Validating policy linking."
c634db20 CP	216	$(verbose) $(SEMOD_LNK) -o $(tmpdir)/test.lnk $^
c634db20 CP	217	$(verbose) $(SEMOD_EXP) $(tmpdir)/test.lnk $(tmpdir)/policy.bin
ea5333d1 CP	218	@echo "Success."
ea5333d1 CP	219
fb0a3a98 CP	220	########################################
	221	#
	222	# Clean the sources
	223	#
	224	clean:
c634db20 CP	225	rm -f $(base_conf)
	226	rm -f $(base_fc)
	227	rm -f $(builddir)*.pp
6962bb32	228	rm -f $(net_contexts)
c634db20	229	rm -fR $(tmpdir)
fb0a3a98	230
ea5333d1	231	.PHONY: default all policy base modules install load clean validate