2 # Makefile for the security policy.
6 # install - compile and install the policy configuration, and context files.
7 # load - compile, install, and load the policy configuration.
8 # reload - compile, install, and load/reload the policy configuration.
9 # relabel - relabel filesystems based on the file contexts configuration.
10 # checklabels - check filesystems against the file context configuration
11 # restorelabels - check filesystems against the file context configuration
12 # and restore the label of files with incorrect labels
13 # policy - compile the policy configuration locally for testing/development.
15 # The default target is 'policy'.
18 # Please see build.conf for policy build options.
21 ########################################
23 # NO OPTIONS BELOW HERE
26 # Include the local build.conf if it exists, otherwise
27 # include the configuration of the root directory.
31 -include $(LOCAL_ROOT
)/build.conf
35 version
= $(shell cat VERSION
)
38 builddir
:= $(LOCAL_ROOT
)/
39 tmpdir
:= $(LOCAL_ROOT
)/tmp
40 tags := $(LOCAL_ROOT
)/tags
50 tc_usrbindir
:= env LD_LIBRARY_PATH
="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN
)$(BINDIR
)
51 tc_usrsbindir
:= env LD_LIBRARY_PATH
="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN
)$(SBINDIR
)
52 tc_sbindir
:= env LD_LIBRARY_PATH
="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN
)/sbin
54 tc_usrbindir
:= $(BINDIR
)
55 tc_usrsbindir
:= $(SBINDIR
)
58 CHECKPOLICY ?
= $(tc_usrbindir
)/checkpolicy
59 CHECKMODULE ?
= $(tc_usrbindir
)/checkmodule
60 SEMODULE ?
= $(tc_usrsbindir
)/semodule
61 SEMOD_PKG ?
= $(tc_usrbindir
)/semodule_package
62 SEMOD_LNK ?
= $(tc_usrbindir
)/semodule_link
63 SEMOD_EXP ?
= $(tc_usrbindir
)/semodule_expand
64 LOADPOLICY ?
= $(tc_usrsbindir
)/load_policy
65 SETFILES ?
= $(tc_sbindir
)/setfiles
66 XMLLINT ?
= $(BINDIR
)/xmllint
67 SECHECK ?
= $(BINDIR
)/sechecker
69 # interpreters and aux tools
80 # policy source layout
82 moddir
:= $(poldir
)/modules
83 flaskdir
:= $(poldir
)/flask
84 secclass
:= $(flaskdir
)/security_classes
85 isids
:= $(flaskdir
)/initial_sids
86 avs
:= $(flaskdir
)/access_vectors
90 local_poldir
:= $(LOCAL_ROOT
)/policy
91 local_moddir
:= $(local_poldir
)/modules
94 # policy building support tools
96 genxml
:= $(PYTHON
) -E
$(support
)/segenxml.py
97 gendoc
:= $(PYTHON
) -E
$(support
)/sedoctool.py
98 genperm
:= $(PYTHON
) -E
$(support
)/genclassperms.py
99 fcsort
:= $(tmpdir
)/fc_sort
100 setbools
:= $(AWK
) -f
$(support
)/set_bools_tuns.awk
101 get_type_attr_decl
:= $(SED
) -r
-f
$(support
)/get_type_attr_decl.sed
102 comment_move_decl
:= $(SED
) -r
-f
$(support
)/comment_move_decl.sed
103 gennetfilter
:= $(PYTHON
) -E
$(support
)/gennetfilter.py
104 m4iferror
:= $(support
)/iferror.m4
105 m4divert
:= $(support
)/divert.m4
106 m4undivert
:= $(support
)/undivert.m4
107 # use our own genhomedircon to make sure we have a known usable one,
108 # so policycoreutils updates are not required (RHEL4)
109 genhomedircon
:= $(PYTHON
) -E
$(support
)/genhomedircon
111 # documentation paths
113 xmldtd
= $(docs
)/policy.dtd
114 metaxml
= metadata.xml
115 doctemplate
= $(docs
)/templates
116 docfiles
= $(docs
)/Makefile.example
$(addprefix $(docs
)/,example.te example.if example.
fc)
119 polxml
= $(docs
)/policy.xml
120 tunxml
= $(docs
)/global_tunables.xml
121 boolxml
= $(docs
)/global_booleans.xml
122 htmldir
= $(docs
)/html
124 polxml
= $(LOCAL_ROOT
)/doc
/policy.xml
125 tunxml
= $(LOCAL_ROOT
)/doc
/global_tunables.xml
126 boolxml
= $(LOCAL_ROOT
)/doc
/global_booleans.xml
127 htmldir
= $(LOCAL_ROOT
)/doc
/html
131 globaltun
= $(poldir
)/global_tunables
132 globalbool
= $(poldir
)/global_booleans
133 rolemap
= $(poldir
)/rolemap
134 user_files
:= $(poldir
)/users
135 policycaps
:= $(poldir
)/policy_capabilities
137 # local config file paths
139 mod_conf
= $(poldir
)/modules.conf
140 booleans
= $(poldir
)/booleans.conf
141 tunables
= $(poldir
)/tunables.conf
143 mod_conf
= $(local_poldir
)/modules.conf
144 booleans
= $(local_poldir
)/booleans.conf
145 tunables
= $(local_poldir
)/tunables.conf
149 PKGNAME ?
= refpolicy-
$(version
)
150 prefix = $(DESTDIR
)/usr
151 topdir
= $(DESTDIR
)/etc
/selinux
152 installdir
= $(topdir
)/$(strip $(NAME
))
153 srcpath
= $(installdir
)/src
154 userpath
= $(installdir
)/users
155 policypath
= $(installdir
)/policy
156 contextpath
= $(installdir
)/contexts
157 homedirpath
= $(contextpath
)/files
/homedir_template
158 fcpath
= $(contextpath
)/files
/file_contexts
159 ncpath
= $(contextpath
)/netfilter_contexts
160 sharedir
= $(prefix)/share
/selinux
161 modpkgdir
= $(sharedir
)/$(strip $(NAME
))
162 headerdir
= $(modpkgdir
)/include
163 docsdir
= $(prefix)/share
/doc
/$(PKGNAME
)
165 # enable MLS if requested.
167 M4PARAM
+= -D enable_mls
173 # enable MLS if MCS requested.
175 M4PARAM
+= -D enable_mcs
181 # enable distribution-specific policy
183 M4PARAM
+= -D distro_
$(DISTRO
)
186 # rhel4 also implies redhat
187 ifeq "$(DISTRO)" "rhel4"
188 M4PARAM
+= -D distro_redhat
191 ifeq "$(DISTRO)" "ubuntu"
192 M4PARAM
+= -D distro_debian
195 ifneq ($(OUTPUT_POLICY
),)
196 CHECKPOLICY
+= -c
$(OUTPUT_POLICY
)
199 # if not set, use the type as the name.
202 # default unknown permissions setting
205 ifeq ($(DIRECT_INITRC
),y
)
206 M4PARAM
+= -D direct_sysadm_daemon
210 M4PARAM
+= -D enable_ubac
213 # default MLS/MCS sensitivity and category settings.
222 M4PARAM
+= -D mls_num_sens
=$(MLS_SENS
) -D mls_num_cats
=$(MLS_CATS
) -D mcs_num_cats
=$(MCS_CATS
) -D hide_broken_symptoms
224 # we need exuberant ctags; unfortunately it is named
225 # differently on different distros
226 ifeq ($(DISTRO
),debian
)
227 CTAGS
:= ctags-exuberant
230 ifeq ($(DISTRO
),gentoo
)
231 CTAGS
:= exuberant-ctags
236 m4support
:= $(m4divert
) $(wildcard $(poldir
)/support
/*.spt
)
238 m4support
+= $(wildcard $(local_poldir
)/support
/*.spt
)
240 m4support
+= $(m4undivert
)
242 appconf
:= config
/appconfig-
$(TYPE
)
243 seusers
:= $(appconf
)/seusers
244 appdir
:= $(contextpath
)
245 user_default_contexts
:= $(wildcard config
/appconfig-
$(TYPE
)/*_default_contexts
)
246 user_default_contexts_names
:= $(addprefix $(contextpath
)/users
/,$(subst _default_contexts
,,$(notdir $(user_default_contexts
))))
247 appfiles
:= $(addprefix $(appdir
)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts x_contexts customizable_types securetty_types virtual_image_context virtual_domain_context
) $(contextpath
)/files
/media
$(user_default_contexts_names
)
248 net_contexts
:= $(builddir
)net_contexts
250 all_layers
:= $(shell find
$(wildcard $(moddir
)/*) -maxdepth
0 -type d
)
252 all_layers
+= $(shell find
$(wildcard $(local_moddir
)/*) -maxdepth
0 -type d
)
255 generated_te
:= $(basename $(foreach dir,$(all_layers
),$(wildcard $(dir)/*.te.in
)))
256 generated_if
:= $(basename $(foreach dir,$(all_layers
),$(wildcard $(dir)/*.if.in
)))
257 generated_fc
:= $(basename $(foreach dir,$(all_layers
),$(wildcard $(dir)/*.
fc.in
)))
259 # sort here since it removes duplicates, which can happen
260 # when a generated file is already generated
261 detected_mods
:= $(sort $(foreach dir,$(all_layers
),$(wildcard $(dir)/*.te
)) $(generated_te
))
263 modxml
:= $(addprefix $(tmpdir
)/, $(detected_mods
:.te
=.xml
))
264 layerxml
:= $(sort $(addprefix $(tmpdir
)/, $(notdir $(addsuffix .xml
,$(all_layers
)))))
265 layer_names
:= $(sort $(notdir $(all_layers
)))
266 all_metaxml
= $(call detect-metaxml
, $(layer_names
))
268 # modules.conf setting for base module
271 # modules.conf setting for loadable module
274 # modules.conf setting for unused module
277 # test for module overrides from command line
278 mod_test
= $(filter $(APPS_OFF
), $(APPS_BASE
) $(APPS_MODS
))
279 mod_test
+= $(filter $(APPS_MODS
), $(APPS_BASE
))
280 ifneq "$(strip $(mod_test))" ""
281 $(error Applications must be base
, module
, or off
, and not in more than one list
! $(strip $(mod_test
)) found in multiple lists
!)
284 # add on suffix to modules specified on command line
285 cmdline_base
:= $(addsuffix .te
,$(APPS_BASE
))
286 cmdline_mods
:= $(addsuffix .te
,$(APPS_MODS
))
287 cmdline_off
:= $(addsuffix .te
,$(APPS_OFF
))
289 # extract settings from modules.conf
290 mod_conf_base
:= $(addsuffix .te
,$(sort $(shell awk
'/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configbase)") print $$1 }' $(mod_conf
) 2> /dev
/null
)))
291 mod_conf_mods
:= $(addsuffix .te
,$(sort $(shell awk
'/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configmod)") print $$1 }' $(mod_conf
) 2> /dev
/null
)))
292 mod_conf_off
:= $(addsuffix .te
,$(sort $(shell awk
'/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configoff)") print $$1 }' $(mod_conf
) 2> /dev
/null
)))
294 base_mods
:= $(cmdline_base
)
295 mod_mods
:= $(cmdline_mods
)
296 off_mods
:= $(cmdline_off
)
298 base_mods
+= $(filter-out $(cmdline_off
) $(cmdline_base
) $(cmdline_mods
), $(mod_conf_base
))
299 mod_mods
+= $(filter-out $(cmdline_off
) $(cmdline_base
) $(cmdline_mods
), $(mod_conf_mods
))
300 off_mods
+= $(filter-out $(cmdline_off
) $(cmdline_base
) $(cmdline_mods
), $(mod_conf_off
))
302 # add modules not in modules.conf to the off list
303 off_mods
+= $(filter-out $(base_mods
) $(mod_mods
) $(off_mods
),$(notdir $(detected_mods
)))
305 # filesystems to be used in labeling targets
306 filesystems
= $(shell mount | grep
-v
"context=" | egrep
-v
'\((|.*,)bind(,.*|)\)' | awk
'/(ext[234]|btrfs| xfs| jfs).*rw/{print $$3}';)
307 fs_names
:= "btrfs ext2 ext3 ext4 xfs jfs"
309 ########################################
314 # parse-rolemap-compat modulename,outputfile
315 define parse-rolemap-compat
316 $(verbose
) $(M4
) $(M4PARAM
) $(rolemap
) | \
317 $(AWK
) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
320 # parse-rolemap modulename,outputfile
322 $(verbose
) $(M4
) $(M4PARAM
) $(rolemap
) | \
323 $(AWK
) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_role_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
326 # perrole-expansion modulename,outputfile
327 define perrole-expansion
328 $(verbose
) echo
"ifdef(\`""$1""_per_role_template',\`" > $2
329 $(call parse-rolemap
,$1,$2)
330 $(verbose
) echo
"')" >> $2
332 $(verbose
) echo
"ifdef(\`""$1""_per_userdomain_template',\`" >> $2
333 $(verbose
) echo
"errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$1""_per_userdomain_template)'__endline__)" >> $2
334 $(call parse-rolemap-compat
,$1,$2)
335 $(verbose
) echo
"')" >> $2
338 # create-base-per-role-tmpl modulenames,outputfile
339 define create-base-per-role-tmpl
340 $(verbose
) echo
"define(\`base_per_role_template',\`" >> $2
342 $(verbose
) for i in
$1; do \
343 echo
"ifdef(\`""$$i""_per_role_template',\`""$$i""_per_role_template("'$$*'")')" \
347 $(verbose
) for i in
$1; do \
348 echo
"ifdef(\`""$$i""_per_userdomain_template',\`" >> $2 ;\
349 echo
"errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$$i""_per_userdomain_template)'__endline__)" >> $2 ;\
350 echo
"""$$i""_per_userdomain_template("'$$*'")')" >> $2 ;\
352 $(verbose
) echo
"')" >> $@
356 # detect-metaxml layer_names
358 define detect-metaxml
359 $(shell for i in
$1; do \
360 if
[ -d
$(moddir
)/$$i -a
-d
$(local_moddir
)/$$i ]; then \
361 if
[ -f
$(local_moddir
)/$$i/$(metaxml
) ]; then \
362 echo
$(local_moddir
)/$$i/$(metaxml
) ;\
364 echo
$(moddir
)/$$i/$(metaxml
) ;\
366 elif
[ -d
$(local_moddir
)/$$i ]; then
367 echo
$(local_moddir
)/$$i/$(metaxml
) ;\
369 echo
$(moddir
)/$$i/$(metaxml
) ;\
374 define detect-metaxml
375 $(shell for i in
$1; do echo
$(moddir
)/$$i/$(metaxml
); done
)
379 ########################################
381 # Load appropriate rules
384 ifeq ($(MONOLITHIC
),y
)
385 include Rules.monolithic
387 include Rules.modular
390 ########################################
394 # NOTE: There is no "local" version of these files.
396 generate
: $(generated_te
) $(generated_if
) $(generated_fc
)
398 $(moddir
)/kernel
/corenetwork.if
: $(moddir
)/kernel
/corenetwork.te.in
$(moddir
)/kernel
/corenetwork.if.m4
$(moddir
)/kernel
/corenetwork.if.in
400 @echo
"# This is a generated file! Instead of modifying this file, the" >> $@
401 @echo
"# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
403 $(verbose
) cat
$@.in
>> $@
404 $(verbose
) $(GREP
) "^[[:blank:]]*network_(interface|node|port|packet)(_controlled)?\(.*\)" $< \
405 |
$(M4
) -D self_contained_policy
$(M4PARAM
) $@.m4
- \
406 |
$(SED
) -e
's/dollarsone/\$$1/g' -e
's/dollarszero/\$$0/g' >> $@
408 $(moddir
)/kernel
/corenetwork.te
: $(moddir
)/kernel
/corenetwork.te.m4
$(moddir
)/kernel
/corenetwork.te.in
410 @echo
"# This is a generated file! Instead of modifying this file, the" >> $@
411 @echo
"# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
413 $(verbose
) $(M4
) -D self_contained_policy
$(M4PARAM
) $^ \
414 |
$(SED
) -e
's/dollarsone/\$$1/g' -e
's/dollarszero/\$$0/g' >> $@
416 ########################################
418 # Network packet labeling
420 $(net_contexts
): $(moddir
)/kernel
/corenetwork.te.in
421 @echo
"Creating netfilter network labeling rules"
422 $(verbose
) $(gennetfilter
) $^
> $@
424 ########################################
426 # Create config files
428 conf
: $(mod_conf
) $(booleans
) $(generated_te
) $(generated_if
) $(generated_fc
)
430 $(mod_conf
) $(booleans
): $(polxml
)
431 @echo
"Updating $(mod_conf) and $(booleans)"
432 $(verbose
) $(gendoc
) -b
$(booleans
) -m
$(mod_conf
) -x
$(polxml
)
434 ########################################
436 # Generate the fc_sort program
438 $(fcsort
) : $(support
)/fc_sort.c
439 $(verbose
) $(CC
) $(CFLAGS
) $^
-o
$@
441 ########################################
443 # Documentation generation
445 $(layerxml
): %.xml
: $(all_metaxml
) $(filter $(addprefix $(moddir
)/, $(notdir $*))%, $(detected_mods
)) $(subst .te
,.if
, $(filter $(addprefix $(moddir
)/, $(notdir $*))%, $(detected_mods
)))
446 @
test -d
$(tmpdir
) || mkdir
-p
$(tmpdir
)
447 $(verbose
) cat
$(filter %$(notdir $*)/$(metaxml
), $(all_metaxml
)) > $@
448 $(verbose
) for i in
$(basename $(filter $(addprefix $(moddir
)/, $(notdir $*))%, $(detected_mods
))); do
$(genxml
) -w
-m
$$i >> $@
; done
450 $(verbose
) for i in
$(basename $(filter $(addprefix $(local_moddir
)/, $(notdir $*))%, $(detected_mods
))); do
$(genxml
) -w
-m
$$i >> $@
; done
453 $(tunxml
): $(globaltun
)
454 $(verbose
) $(genxml
) -w
-t
$< > $@
456 $(boolxml
): $(globalbool
)
457 $(verbose
) $(genxml
) -w
-b
$< > $@
459 $(polxml
): $(layerxml
) $(tunxml
) $(boolxml
)
460 @echo
"Creating $(@F)"
461 @
test -d
$(dir $(polxml
)) || mkdir
-p
$(dir $(polxml
))
462 @
test -d
$(tmpdir
) || mkdir
-p
$(tmpdir
)
463 $(verbose
) echo
'<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
464 $(verbose
) echo
'<!DOCTYPE policy SYSTEM "$(notdir $(xmldtd))">' >> $@
465 $(verbose
) echo
'<policy>' >> $@
466 $(verbose
) for i in
$(basename $(notdir $(layerxml
))); do echo
"<layer name=\"$$i\">" >> $@
; cat
$(tmpdir
)/$$i.xml
>> $@
; echo
"</layer>" >> $@
; done
467 $(verbose
) cat
$(tunxml
) $(boolxml
) >> $@
468 $(verbose
) echo
'</policy>' >> $@
469 $(verbose
) if
test -x
$(XMLLINT
) && test -f
$(xmldtd
); then \
470 $(XMLLINT
) --noout
--path
$(dir $(xmldtd
)) --dtdvalid
$(xmldtd
) $@
;\
475 html
$(tmpdir
)/html
: $(polxml
)
476 @echo
"Building html interface reference documentation in $(htmldir)"
477 @
test -d
$(htmldir
) || mkdir
-p
$(htmldir
)
478 @
test -d
$(tmpdir
) || mkdir
-p
$(tmpdir
)
479 $(verbose
) $(gendoc
) -d
$(htmldir
) -T
$(doctemplate
) -x
$(polxml
)
480 $(verbose
) cp
$(doctemplate
)/*.css
$(htmldir
)
481 @touch
$(tmpdir
)/html
483 ########################################
485 # Runtime binary policy patching of users
487 $(userpath
)/system.users
: $(m4support
) $(tmpdir
)/generated_definitions.conf
$(user_files
)
489 @mkdir
-p
$(userpath
)
490 @echo
"Installing system.users"
491 @echo
"# " > $(tmpdir
)/system.users
492 @echo
"# Do not edit this file. " >> $(tmpdir
)/system.users
493 @echo
"# This file is replaced on reinstalls of this policy." >> $(tmpdir
)/system.users
494 @echo
"# Please edit local.users to make local changes." >> $(tmpdir
)/system.users
495 @echo
"#" >> $(tmpdir
)/system.users
496 $(verbose
) $(M4
) -D self_contained_policy
$(M4PARAM
) $^ |
$(SED
) -r
-e
's/^[[:blank:]]+//' \
497 -e
'/^[[:blank:]]*($$|#)/d' >> $(tmpdir
)/system.users
498 $(verbose
) $(INSTALL
) -m
644 $(tmpdir
)/system.users
$@
500 $(userpath
)/local.users
: config
/local.users
501 @mkdir
-p
$(userpath
)
502 @echo
"Installing local.users"
503 $(verbose
) $(INSTALL
) -b
-m
644 $< $@
505 ########################################
507 # Build Appconfig files
509 $(tmpdir
)/initrc_context
: $(appconf
)/initrc_context
511 $(verbose
) $(M4
) $(M4PARAM
) $(m4support
) $^ |
$(GREP
) '^[a-z]' > $@
513 ########################################
515 # Install Appconfig files
517 install-appconfig
: $(appfiles
)
519 $(installdir
)/booleans
: $(booleans
)
521 @mkdir
-p
$(installdir
)
522 $(verbose
) $(SED
) -r
-e
's/false/0/g' -e
's/true/1/g' \
523 -e
'/^[[:blank:]]*($$|#)/d' $(booleans
) |
$(SORT
) > $(tmpdir
)/booleans
524 $(verbose
) $(INSTALL
) -m
644 $(tmpdir
)/booleans
$@
526 $(contextpath
)/files
/media
: $(appconf
)/media
527 @mkdir
-p
$(contextpath
)/files
/
528 $(verbose
) $(INSTALL
) -m
644 $< $@
530 $(contextpath
)/users
/%: $(appconf
)/%_default_contexts
531 @mkdir
-p
$(appdir
)/users
532 $(verbose
) $(INSTALL
) -m
644 $^
$@
534 $(appdir
)/%: $(appconf
)/%
536 $(verbose
) $(M4
) $(M4PARAM
) $(m4support
) $< > $@
538 ########################################
540 # Install policy headers
542 install-headers
: $(layerxml
) $(tunxml
) $(boolxml
)
543 @mkdir
-p
$(headerdir
)
544 @echo
"Installing $(NAME) policy headers."
545 $(verbose
) $(INSTALL
) -m
644 $^
$(headerdir
)
546 $(verbose
) $(M4
) $(M4PARAM
) $(rolemap
) > $(headerdir
)/$(notdir $(rolemap
))
547 $(verbose
) mkdir
-p
$(headerdir
)/support
548 $(verbose
) $(INSTALL
) -m
644 $(m4support
) $(word $(words $(genxml
)),$(genxml
)) $(xmldtd
) $(headerdir
)/support
549 $(verbose
) $(genperm
) $(avs
) $(secclass
) > $(headerdir
)/support
/all_perms.spt
550 $(verbose
) for i in
$(notdir $(all_layers
)); do \
551 mkdir
-p
$(headerdir
)/$$i ;\
552 $(INSTALL
) -m
644 $(moddir
)/$$i/*.if
$(headerdir
)/$$i ;\
554 $(verbose
) echo
"TYPE ?= $(TYPE)" > $(headerdir
)/build.conf
555 $(verbose
) echo
"NAME ?= $(NAME)" >> $(headerdir
)/build.conf
557 $(verbose
) echo
"DISTRO ?= $(DISTRO)" >> $(headerdir
)/build.conf
559 $(verbose
) echo
"MONOLITHIC ?= n" >> $(headerdir
)/build.conf
560 $(verbose
) echo
"DIRECT_INITRC ?= $(DIRECT_INITRC)" >> $(headerdir
)/build.conf
561 $(verbose
) echo
"override UBAC := $(UBAC)" >> $(headerdir
)/build.conf
562 $(verbose
) echo
"override MLS_SENS := $(MLS_SENS)" >> $(headerdir
)/build.conf
563 $(verbose
) echo
"override MLS_CATS := $(MLS_CATS)" >> $(headerdir
)/build.conf
564 $(verbose
) echo
"override MCS_CATS := $(MCS_CATS)" >> $(headerdir
)/build.conf
565 $(verbose
) $(INSTALL
) -m
644 $(support
)/Makefile.devel
$(headerdir
)/Makefile
567 ########################################
569 # Install policy documentation
571 install-docs
: $(tmpdir
)/html
572 @mkdir
-p
$(docsdir
)/html
573 @echo
"Installing policy documentation"
574 $(verbose
) $(INSTALL
) -m
644 $(docfiles
) $(docsdir
)
575 $(verbose
) $(INSTALL
) -m
644 $(wildcard $(htmldir
)/*) $(docsdir
)/html
577 ########################################
579 # Install policy sources
582 rm -rf
$(srcpath
)/policy.old
583 -mv
$(srcpath
)/policy
$(srcpath
)/policy.old
584 mkdir
-p
$(srcpath
)/policy
585 cp
-R .
$(srcpath
)/policy
587 ########################################
593 @
($(CTAGS
) --version | grep
-q Exuberant
) ||
(echo ERROR
: Need exuberant-ctags to function
!; exit
1)
594 @LC_ALL
=C
$(CTAGS
) -f
$(tags) --langdef
=te
--langmap
=te
:..te.if.spt \
595 --regex-te
='/^type[ \t]+(\w+)(,|;)/\1/t,type/' \
596 --regex-te
='/^typealias[ \t]+\w+[ \t+]+alias[ \t]+(\w+);/\1/t,type/' \
597 --regex-te
='/^attribute[ \t]+(\w+);/\1/a,attribute/' \
598 --regex-te
='/^[ \t]*define\(`(\w+)/\1/d,define/' \
599 --regex-te
='/^[ \t]*interface\(`(\w+)/\1/i,interface/' \
600 --regex-te
='/^[ \t]*template\(`(\w+)/\1/i,template/' \
601 --regex-te
='/^[ \t]*bool[ \t]+(\w+)/\1/b,bool/' policy
/modules
/*/*.
{if
,te
} policy
/support
/*.spt
603 ########################################
605 # Filesystem labeling
608 @echo
"Checking labels on filesystem types: $(fs_names)"
609 @if
test -z
"$(filesystems)"; then \
610 echo
"No filesystems with extended attributes found!" ;\
613 $(verbose
) $(SETFILES
) -v
-n
$(fcpath
) $(filesystems
)
616 @echo
"Restoring labels on filesystem types: $(fs_names)"
617 @if
test -z
"$(filesystems)"; then \
618 echo
"No filesystems with extended attributes found!" ;\
621 $(verbose
) $(SETFILES
) -v
$(fcpath
) $(filesystems
)
624 @echo
"Relabeling filesystem types: $(fs_names)"
625 @if
test -z
"$(filesystems)"; then \
626 echo
"No filesystems with extended attributes found!" ;\
629 $(verbose
) $(SETFILES
) $(fcpath
) $(filesystems
)
632 @echo
"Resetting labels on filesystem types: $(fs_names)"
633 @if
test -z
"$(filesystems)"; then \
634 echo
"No filesystems with extended attributes found!" ;\
637 $(verbose
) $(SETFILES
) -F
$(fcpath
) $(filesystems
)
639 ########################################
653 # don't remove these files if we're given a local root
656 rm -f
$(support
)/*.pyc
657 ifneq ($(generated_te
),)
658 rm -f
$(generated_te
)
660 ifneq ($(generated_if
),)
661 rm -f
$(generated_if
)
663 ifneq ($(generated_fc
),)
664 rm -f
$(generated_fc
)
668 .PHONY
: install-src install-appconfig install-headers generate xml conf html bare
tags