[people/stevee/selinux-policy.git] / support / Makefile.devel


# helper tools
AWK ?= gawk
INSTALL ?= install
M4 ?= m4
SED ?= sed
EINFO ?= echo
PYTHON ?= python
CUT ?= cut

NAME ?= $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config)
SHAREDIR ?= /usr/share/selinux
HEADERDIR ?= $(SHAREDIR)/$(NAME)/include

include $(HEADERDIR)/build.conf

# executables
PREFIX := /usr
BINDIR := $(PREFIX)/bin
SBINDIR := $(PREFIX)/sbin
CHECKMODULE := $(BINDIR)/checkmodule
SEMODULE := $(SBINDIR)/semodule
SEMOD_PKG := $(BINDIR)/semodule_package
XMLLINT := $(BINDIR)/xmllint

# set default build options if missing
TYPE ?= standard
DIRECT_INITRC ?= n
POLY ?= n
QUIET ?= y

genxml := $(PYTHON) $(HEADERDIR)/support/segenxml.py

docs := doc
polxml := $(docs)/policy.xml
xmldtd := $(HEADERDIR)/support/policy.dtd
metaxml := metadata.xml

globaltun = $(HEADERDIR)/global_tunables.xml
globalbool = $(HEADERDIR)/global_booleans.xml

# enable MLS if requested.
ifeq "$(TYPE)" "mls"
	M4PARAM += -D enable_mls
	CHECKPOLICY += -M
	CHECKMODULE += -M
endif

# enable MLS if MCS requested.
ifeq "$(TYPE)" "mcs"
	M4PARAM += -D enable_mcs
	CHECKPOLICY += -M
	CHECKMODULE += -M
endif

# enable distribution-specific policy
ifneq ($(DISTRO),)
	M4PARAM += -D distro_$(DISTRO)
endif

ifeq ($(DIRECT_INITRC),y)
	M4PARAM += -D direct_sysadm_daemon
endif

ifeq "$(UBAC)" "y"
	M4PARAM += -D enable_ubac
endif

# default MLS/MCS sensitivity and category settings.
MLS_SENS ?= 16
MLS_CATS ?= 1024
MCS_CATS ?= 1024

ifeq ($(QUIET),y)
	verbose := @
endif

M4PARAM += -D hide_broken_symptoms -D mls_num_sens=$(MLS_SENS) -D mls_num_cats=$(MLS_CATS) -D mcs_num_cats=$(MCS_CATS)

# policy headers
m4support = $(wildcard $(HEADERDIR)/support/*.spt)

header_layers := $(filter-out $(HEADERDIR)/support,$(shell find $(wildcard $(HEADERDIR)/*) -maxdepth 0 -type d))
header_xml := $(addsuffix .xml,$(header_layers))
header_interfaces := $(foreach layer,$(header_layers),$(wildcard $(layer)/*.if))

rolemap := $(HEADERDIR)/rolemap

local_layers := $(filter-out CVS tmp $(docs),$(shell find $(wildcard *) -maxdepth 0 -type d))
local_xml := $(addprefix tmp/, $(addsuffix .xml,$(local_layers)))

all_layer_names := $(sort $(notdir $(header_layers) $(local_layers)))

3rd_party_mods := $(wildcard *.te)
detected_mods := $(3rd_party_mods) $(foreach layer,$(local_layers),$(wildcard $(layer)/*.te))

detected_ifs := $(detected_mods:.te=.if)
detected_fcs := $(detected_mods:.te=.fc)
all_packages := $(notdir $(detected_mods:.te=.pp))

# figure out what modules we may want to reload
loaded_mods = $(addsuffix .pp,$(shell $(SEMODULE) -l | $(CUT) -f1))
sys_mods = $(wildcard $(SHAREDIR)/$(NAME)/*.pp)
match_sys = $(filter $(addprefix $(SHAREDIR)/$(NAME)/,$(loaded_mods)),$(sys_mods))
match_loc = $(filter $(all_packages),$(loaded_mods))

vpath %.te $(local_layers)
vpath %.if $(local_layers)
vpath %.fc $(local_layers)

########################################
#
# Functions
#

# parse-rolemap-compat modulename,outputfile
define parse-rolemap-compat
	$(verbose) $(M4) $(M4PARAM) $(rolemap) | \
		$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
endef

# parse-rolemap modulename,outputfile
define parse-rolemap
	$(verbose) $(M4) $(M4PARAM) $(rolemap) | \
		$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_role_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
endef

# peruser-expansion modulename,outputfile
define peruser-expansion
	$(verbose) echo "ifdef(\`""$1""_per_role_template',\`" > $2
	$(call parse-rolemap,$1,$2)
	$(verbose) echo "')" >> $2

	$(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" >> $2
	$(verbose) echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$1""_per_userdomain_template)'__endline__)" >> $2
	$(call parse-rolemap-compat,$1,$2)
	$(verbose) echo "')" >> $2
endef

.PHONY: clean all xml load reload
.SUFFIXES:
.SUFFIXES: .pp
# broken in make 3.81:
#.SECONDARY:

########################################
#
# Main targets
#

all: $(all_packages)

xml: $(polxml)

########################################
#
# Attempt to reinstall all installed packages
#
refresh:
	@$(EINFO) "Refreshing $(NAME) modules"
	$(verbose) $(SEMODULE) -b $(SHAREDIR)/$(NAME)/base.pp $(foreach mod,$(match_sys) $(match_loc),-i $(mod))

########################################
#
# Load module packages
#

load: tmp/loaded
tmp/loaded: $(all_packages)
	@$(EINFO) "Loading $(NAME) modules: $(basename $(notdir $?))"
	$(verbose) $(SEMODULE) $(foreach mod,$?,-i $(mod))
	@mkdir -p tmp
	@touch tmp/loaded

reload: $(all_packages)
	@$(EINFO) "Loading $(NAME) modules: $(basename $(notdir $^))"
	$(verbose) $(SEMODULE) $(foreach mod,$^,-i $(mod))
	@mkdir -p tmp
	@touch tmp/loaded

########################################
#
# Build module packages
#
tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
	@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
	@test -d $(@D) || mkdir -p $(@D)
	$(call peruser-expansion,$(basename $(@F)),$@.role)
	$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
	$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@

tmp/%.mod.fc: $(m4support) %.fc
	$(verbose) $(M4) $(M4PARAM) $^ > $@

%.pp: tmp/%.mod tmp/%.mod.fc
	@echo "Creating $(NAME) $(@F) policy package"
	$(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc

tmp/all_interfaces.conf: $(m4support) $(header_interfaces) $(detected_ifs)
	@test -d $(@D) || mkdir -p $(@D)
	@echo "ifdef(\`__if_error',\`m4exit(1)')" > tmp/iferror.m4
	@echo "divert(-1)" > $@
	$(verbose) $(M4) $^ tmp/iferror.m4 | sed -e s/dollarsstar/\$$\*/g >> $@
	@echo "divert" >> $@

# so users dont have to make empty .fc and .if files
$(detected_fcs):
	@touch $@
	
$(detected_ifs):
	@echo "## <summary>$(basename $(@D))</summary>" > $@

########################################
#
# Documentation generation
#
tmp/%.xml: %/*.te %/*.if
	@test -d $(@D) || mkdir -p $(@D)
	$(verbose) test -f $(HEADERDIR)/$*.xml || cat $*/$(metaxml) > $@
	$(verbose) $(genxml) -w -m $(sort $(basename $^)) >> $@

vars: $(local_xml)

$(polxml): $(header_xml) $(local_xml) $(globaltun) $(globalbool) $(detected_mods) $(detected_ifs)
	@echo "Creating $(@F)"
	@test -d $(@D) || mkdir -p $(@D)
	$(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
	$(verbose) echo '<!DOCTYPE policy SYSTEM "$(notdir $(xmldtd))">' >> $@
	$(verbose) echo '<policy>' >> $@
	$(verbose) for i in $(all_layer_names); do \
		echo "<layer name=\"$$i\">" >> $@ ;\
		test -f $(HEADERDIR)/$$i.xml && cat $(HEADERDIR)/$$i.xml >> $@ ;\
		test -f tmp/$$i.xml && cat tmp/$$i.xml >> $@ ;\
		echo "</layer>" >> $@ ;\
	done
ifneq "$(strip $(3rd_party_mods))" ""
	$(verbose) echo "<layer name=\"third_party\">" >> $@
	$(verbose) echo "<summary>These are all third-party modules.</summary>" >> $@
	$(verbose) $(genxml) -w -m $(addprefix ./,$(basename $(3rd_party_mods))) >> $@
	$(verbose) echo "</layer>" >> $@
endif
	$(verbose) cat $(globaltun) $(globalbool) >> $@
	$(verbose) echo '</policy>' >> $@
	$(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \
		$(XMLLINT) --noout --path $(dir $(xmldtd)) --dtdvalid $(xmldtd) $@ ;\
	fi

########################################
#
# Clean the environment
#

clean:
	rm -fR tmp
	rm -f *.pp
Commit	Line	Data
885b83ec	1
794a56cc CP	2	# helper tools
	3	AWK ?= gawk
	4	INSTALL ?= install
	5	M4 ?= m4
	6	SED ?= sed
	7	EINFO ?= echo
	8	PYTHON ?= python
dde00d4e	9	CUT ?= cut
794a56cc CP	10
	11	NAME ?= $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config)
	12	SHAREDIR ?= /usr/share/selinux
	13	HEADERDIR ?= $(SHAREDIR)/$(NAME)/include
	14
885b83ec CP	15	include $(HEADERDIR)/build.conf
	16
	17	# executables
	18	PREFIX := /usr
	19	BINDIR := $(PREFIX)/bin
	20	SBINDIR := $(PREFIX)/sbin
	21	CHECKMODULE := $(BINDIR)/checkmodule
	22	SEMODULE := $(SBINDIR)/semodule
	23	SEMOD_PKG := $(BINDIR)/semodule_package
	24	XMLLINT := $(BINDIR)/xmllint
	25
885b83ec	26	# set default build options if missing
350b6ab7	27	TYPE ?= standard
885b83ec CP	28	DIRECT_INITRC ?= n
	29	POLY ?= n
	30	QUIET ?= y
	31
	32	genxml := $(PYTHON) $(HEADERDIR)/support/segenxml.py
	33
96fc0a45 CP	34	docs := doc
	35	polxml := $(docs)/policy.xml
	36	xmldtd := $(HEADERDIR)/support/policy.dtd
	37	metaxml := metadata.xml
885b83ec CP	38
	39	globaltun = $(HEADERDIR)/global_tunables.xml
	40	globalbool = $(HEADERDIR)/global_booleans.xml
	41
885b83ec	42	# enable MLS if requested.
350b6ab7	43	ifeq "$(TYPE)" "mls"
885b83ec CP	44	M4PARAM += -D enable_mls
	45	CHECKPOLICY += -M
	46	CHECKMODULE += -M
	47	endif
	48
	49	# enable MLS if MCS requested.
350b6ab7	50	ifeq "$(TYPE)" "mcs"
885b83ec CP	51	M4PARAM += -D enable_mcs
	52	CHECKPOLICY += -M
	53	CHECKMODULE += -M
	54	endif
	55
	56	# enable distribution-specific policy
	57	ifneq ($(DISTRO),)
	58	M4PARAM += -D distro_$(DISTRO)
	59	endif
	60
885b83ec CP	61	ifeq ($(DIRECT_INITRC),y)
	62	M4PARAM += -D direct_sysadm_daemon
	63	endif
	64
296273a7 CP	65	ifeq "$(UBAC)" "y"
	66	M4PARAM += -D enable_ubac
	67	endif
	68
e070dd2d CP	69	# default MLS/MCS sensitivity and category settings.
e070dd2d CP	70	MLS_SENS ?= 16
2968e068 DW	71	MLS_CATS ?= 1024
2968e068 DW	72	MCS_CATS ?= 1024
e070dd2d	73
885b83ec CP	74	ifeq ($(QUIET),y)
	75	verbose := @
	76	endif
	77
e070dd2d	78	M4PARAM += -D hide_broken_symptoms -D mls_num_sens=$(MLS_SENS) -D mls_num_cats=$(MLS_CATS) -D mcs_num_cats=$(MCS_CATS)
885b83ec CP	79
	80	# policy headers
	81	m4support = $(wildcard $(HEADERDIR)/support/*.spt)
56e1b3d2	82
96fc0a45 CP	83	header_layers := $(filter-out $(HEADERDIR)/support,$(shell find $(wildcard $(HEADERDIR)/*) -maxdepth 0 -type d))
	84	header_xml := $(addsuffix .xml,$(header_layers))
	85	header_interfaces := $(foreach layer,$(header_layers),$(wildcard $(layer)/*.if))
885b83ec	86
96fc0a45	87	rolemap := $(HEADERDIR)/rolemap
56e1b3d2	88
96fc0a45 CP	89	local_layers := $(filter-out CVS tmp $(docs),$(shell find $(wildcard *) -maxdepth 0 -type d))
96fc0a45 CP	90	local_xml := $(addprefix tmp/, $(addsuffix .xml,$(local_layers)))
56e1b3d2	91
96fc0a45	92	all_layer_names := $(sort $(notdir $(header_layers) $(local_layers)))
56e1b3d2	93
96fc0a45 CP	94	3rd_party_mods := $(wildcard *.te)
96fc0a45 CP	95	detected_mods := $(3rd_party_mods) $(foreach layer,$(local_layers),$(wildcard $(layer)/*.te))
ad8af23a	96
96fc0a45 CP	97	detected_ifs := $(detected_mods:.te=.if)
	98	detected_fcs := $(detected_mods:.te=.fc)
	99	all_packages := $(notdir $(detected_mods:.te=.pp))
56e1b3d2	100
dde00d4e CP	101	# figure out what modules we may want to reload
	102	loaded_mods = $(addsuffix .pp,$(shell $(SEMODULE) -l \| $(CUT) -f1))
	103	sys_mods = $(wildcard $(SHAREDIR)/$(NAME)/*.pp)
	104	match_sys = $(filter $(addprefix $(SHAREDIR)/$(NAME)/,$(loaded_mods)),$(sys_mods))
	105	match_loc = $(filter $(all_packages),$(loaded_mods))
	106
96fc0a45 CP	107	vpath %.te $(local_layers)
	108	vpath %.if $(local_layers)
	109	vpath %.fc $(local_layers)
885b83ec	110
885b83ec CP	111	########################################
	112	#
	113	# Functions
	114	#
	115
bbcd3c97 CP	116	# parse-rolemap-compat modulename,outputfile
	117	define parse-rolemap-compat
	118	$(verbose) $(M4) $(M4PARAM) $(rolemap) \| \
	119	$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
	120	endef
	121
885b83ec CP	122	# parse-rolemap modulename,outputfile
	123	define parse-rolemap
	124	$(verbose) $(M4) $(M4PARAM) $(rolemap) \| \
bbcd3c97	125	$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_role_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
885b83ec CP	126	endef
	127
	128	# peruser-expansion modulename,outputfile
	129	define peruser-expansion
bbcd3c97	130	$(verbose) echo "ifdef(\`""$1""_per_role_template',\`" > $2
885b83ec CP	131	$(call parse-rolemap,$1,$2)
885b83ec CP	132	$(verbose) echo "')" >> $2
bbcd3c97 CP	133
	134	$(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" >> $2
	135	$(verbose) echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$1""_per_userdomain_template)'__endline__)" >> $2
	136	$(call parse-rolemap-compat,$1,$2)
	137	$(verbose) echo "')" >> $2
885b83ec CP	138	endef
885b83ec CP	139
59f85393	140	.PHONY: clean all xml load reload
885b83ec CP	141	.SUFFIXES:
885b83ec CP	142	.SUFFIXES: .pp
4b01e21d CP	143	# broken in make 3.81:
4b01e21d CP	144	#.SECONDARY:
885b83ec CP	145
	146	########################################
	147	#
	148	# Main targets
	149	#
	150
	151	all: $(all_packages)
	152
	153	xml: $(polxml)
	154
dde00d4e CP	155	########################################
	156	#
	157	# Attempt to reinstall all installed packages
	158	#
	159	refresh:
	160	@$(EINFO) "Refreshing $(NAME) modules"
	161	$(verbose) $(SEMODULE) -b $(SHAREDIR)/$(NAME)/base.pp $(foreach mod,$(match_sys) $(match_loc),-i $(mod))
	162
d508474f CP	163	########################################
	164	#
	165	# Load module packages
	166	#
76bac89c CP	167
76bac89c CP	168	load: tmp/loaded
59f85393 CP	169	tmp/loaded: $(all_packages)
	170	@$(EINFO) "Loading $(NAME) modules: $(basename $(notdir $?))"
	171	$(verbose) $(SEMODULE) $(foreach mod,$?,-i $(mod))
	172	@mkdir -p tmp
	173	@touch tmp/loaded
76bac89c	174
59f85393 CP	175	reload: $(all_packages)
59f85393 CP	176	@$(EINFO) "Loading $(NAME) modules: $(basename $(notdir $^))"
d508474f	177	$(verbose) $(SEMODULE) $(foreach mod,$^,-i $(mod))
76bac89c CP	178	@mkdir -p tmp
76bac89c CP	179	@touch tmp/loaded
d508474f	180
885b83ec CP	181	########################################
	182	#
	183	# Build module packages
	184	#
	185	tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
0578bf8d	186	@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
96fc0a45	187	@test -d $(@D) \|\| mkdir -p $(@D)
885b83ec CP	188	$(call peruser-expansion,$(basename $(@F)),$@.role)
	189	$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
	190	$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
	191
	192	tmp/%.mod.fc: $(m4support) %.fc
	193	$(verbose) $(M4) $(M4PARAM) $^ > $@
	194
	195	%.pp: tmp/%.mod tmp/%.mod.fc
	196	@echo "Creating $(NAME) $(@F) policy package"
	197	$(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
	198
96fc0a45 CP	199	tmp/all_interfaces.conf: $(m4support) $(header_interfaces) $(detected_ifs)
	200	@test -d $(@D) \|\| mkdir -p $(@D)
	201	@echo "ifdef(\`__if_error',\`m4exit(1)')" > tmp/iferror.m4
	202	@echo "divert(-1)" > $@
	203	$(verbose) $(M4) $^ tmp/iferror.m4 \| sed -e s/dollarsstar/\$$\*/g >> $@
	204	@echo "divert" >> $@
885b83ec	205
0578bf8d	206	# so users dont have to make empty .fc and .if files
96fc0a45	207	$(detected_fcs):
0578bf8d	208	@touch $@
96fc0a45 CP	209
	210	$(detected_ifs):
	211	@echo "## <summary>$(basename $(@D))</summary>" > $@
885b83ec CP	212
	213	########################################
	214	#
	215	# Documentation generation
	216	#
96fc0a45 CP	217	tmp/%.xml: %/.te %/.if
	218	@test -d $(@D) \|\| mkdir -p $(@D)
	219	$(verbose) test -f $(HEADERDIR)/$.xml \|\| cat $/$(metaxml) > $@
	220	$(verbose) $(genxml) -w -m $(sort $(basename $^)) >> $@
885b83ec	221
96fc0a45	222	vars: $(local_xml)
56e1b3d2	223
96fc0a45	224	$(polxml): $(header_xml) $(local_xml) $(globaltun) $(globalbool) $(detected_mods) $(detected_ifs)
56e1b3d2	225	@echo "Creating $(@F)"
96fc0a45	226	@test -d $(@D) \|\| mkdir -p $(@D)
885b83ec	227	$(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
56e1b3d2 CP	228	$(verbose) echo '<!DOCTYPE policy SYSTEM "$(notdir $(xmldtd))">' >> $@
56e1b3d2 CP	229	$(verbose) echo '<policy>' >> $@
96fc0a45 CP	230	$(verbose) for i in $(all_layer_names); do \
	231	echo "<layer name=\"$$i\">" >> $@ ;\
	232	test -f $(HEADERDIR)/$$i.xml && cat $(HEADERDIR)/$$i.xml >> $@ ;\
	233	test -f tmp/$$i.xml && cat tmp/$$i.xml >> $@ ;\
	234	echo "</layer>" >> $@ ;\
	235	done
	236	ifneq "$(strip $(3rd_party_mods))" ""
	237	$(verbose) echo "<layer name=\"third_party\">" >> $@
	238	$(verbose) echo "<summary>These are all third-party modules.</summary>" >> $@
	239	$(verbose) $(genxml) -w -m $(addprefix ./,$(basename $(3rd_party_mods))) >> $@
	240	$(verbose) echo "</layer>" >> $@
	241	endif
	242	$(verbose) cat $(globaltun) $(globalbool) >> $@
56e1b3d2	243	$(verbose) echo '</policy>' >> $@
885b83ec	244	$(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \
56e1b3d2	245	$(XMLLINT) --noout --path $(dir $(xmldtd)) --dtdvalid $(xmldtd) $@ ;\
885b83ec CP	246	fi
	247
	248	########################################
	249	#
	250	# Clean the environment
	251	#
	252
	253	clean:
	254	rm -fR tmp
	255	rm -f *.pp