]> git.ipfire.org Git - people/stevee/selinux-policy.git/blob - Makefile
projects / people / stevee / selinux-policy.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' of http://oss.tresys.com/git/refpolicy
[people/stevee/selinux-policy.git] / Makefile
1 #
2 # Makefile for the security policy.
3 #
4 # Targets:
5 #
6 # install - compile and install the policy configuration, and context files.
7 # load - compile, install, and load the policy configuration.
8 # reload - compile, install, and load/reload the policy configuration.
9 # relabel - relabel filesystems based on the file contexts configuration.
10 # checklabels - check filesystems against the file context configuration
11 # restorelabels - check filesystems against the file context configuration
12 # and restore the label of files with incorrect labels
13 # policy - compile the policy configuration locally for testing/development.
14 #
15 # The default target is 'policy'.
16 #
17 #
18 # Please see build.conf for policy build options.
19 #
20
21 ########################################
22 #
23 # NO OPTIONS BELOW HERE
24 #
25
26 # Include the local build.conf if it exists, otherwise
27 # include the configuration of the root directory.
28 include build.conf
29
30 ifdef LOCAL_ROOT
31 -include $(LOCAL_ROOT)/build.conf
32 endif
33
34 # refpolicy version
35 version = $(shell cat VERSION)
36
37 ifdef LOCAL_ROOT
38 builddir := $(LOCAL_ROOT)/
39 tmpdir := $(LOCAL_ROOT)/tmp
40 tags := $(LOCAL_ROOT)/tags
41 else
42 tmpdir := tmp
43 tags := tags
44 endif
45
46 # executable paths
47 BINDIR ?= /usr/bin
48 SBINDIR ?= /usr/sbin
49 ifdef TEST_TOOLCHAIN
50 tc_usrbindir := env LD_LIBRARY_PATH="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN)$(BINDIR)
51 tc_usrsbindir := env LD_LIBRARY_PATH="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN)$(SBINDIR)
52 tc_sbindir := env LD_LIBRARY_PATH="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN)/sbin
53 else
54 tc_usrbindir := $(BINDIR)
55 tc_usrsbindir := $(SBINDIR)
56 tc_sbindir := /sbin
57 endif
58 CHECKPOLICY ?= $(tc_usrbindir)/checkpolicy
59 CHECKMODULE ?= $(tc_usrbindir)/checkmodule
60 SEMODULE ?= $(tc_usrsbindir)/semodule
61 SEMOD_PKG ?= $(tc_usrbindir)/semodule_package
62 SEMOD_LNK ?= $(tc_usrbindir)/semodule_link
63 SEMOD_EXP ?= $(tc_usrbindir)/semodule_expand
64 LOADPOLICY ?= $(tc_usrsbindir)/load_policy
65 SETFILES ?= $(tc_sbindir)/setfiles
66 XMLLINT ?= $(BINDIR)/xmllint
67 SECHECK ?= $(BINDIR)/sechecker
68
69 # interpreters and aux tools
70 AWK ?= gawk
71 GREP ?= egrep
72 INSTALL ?= install
73 M4 ?= m4
74 PYTHON ?= python
75 SED ?= sed
76 SORT ?= LC_ALL=C sort
77
78 CFLAGS += -Wall
79
80 # policy source layout
81 poldir := policy
82 moddir := $(poldir)/modules
83 flaskdir := $(poldir)/flask
84 secclass := $(flaskdir)/security_classes
85 isids := $(flaskdir)/initial_sids
86 avs := $(flaskdir)/access_vectors
87
88 # local source layout
89 ifdef LOCAL_ROOT
90 local_poldir := $(LOCAL_ROOT)/policy
91 local_moddir := $(local_poldir)/modules
92 endif
93
94 # policy building support tools
95 support := support
96 genxml := $(PYTHON) -E $(support)/segenxml.py
97 gendoc := $(PYTHON) -E $(support)/sedoctool.py
98 genperm := $(PYTHON) -E $(support)/genclassperms.py
99 fcsort := $(tmpdir)/fc_sort
100 setbools := $(AWK) -f $(support)/set_bools_tuns.awk
101 get_type_attr_decl := $(SED) -r -f $(support)/get_type_attr_decl.sed
102 comment_move_decl := $(SED) -r -f $(support)/comment_move_decl.sed
103 gennetfilter := $(PYTHON) -E $(support)/gennetfilter.py
104 m4iferror := $(support)/iferror.m4
105 m4divert := $(support)/divert.m4
106 m4undivert := $(support)/undivert.m4
107 # use our own genhomedircon to make sure we have a known usable one,
108 # so policycoreutils updates are not required (RHEL4)
109 genhomedircon := $(PYTHON) -E $(support)/genhomedircon
110
111 # documentation paths
112 docs := doc
113 xmldtd = $(docs)/policy.dtd
114 metaxml = metadata.xml
115 doctemplate = $(docs)/templates
116 docfiles = $(docs)/Makefile.example $(addprefix $(docs)/,example.te example.if example.fc)
117
118 ifndef LOCAL_ROOT
119 polxml = $(docs)/policy.xml
120 tunxml = $(docs)/global_tunables.xml
121 boolxml = $(docs)/global_booleans.xml
122 htmldir = $(docs)/html
123 else
124 polxml = $(LOCAL_ROOT)/doc/policy.xml
125 tunxml = $(LOCAL_ROOT)/doc/global_tunables.xml
126 boolxml = $(LOCAL_ROOT)/doc/global_booleans.xml
127 htmldir = $(LOCAL_ROOT)/doc/html
128 endif
129
130 # config file paths
131 globaltun = $(poldir)/global_tunables
132 globalbool = $(poldir)/global_booleans
133 rolemap = $(poldir)/rolemap
134 user_files := $(poldir)/users
135 policycaps := $(poldir)/policy_capabilities
136
137 # local config file paths
138 ifndef LOCAL_ROOT
139 mod_conf = $(poldir)/modules.conf
140 booleans = $(poldir)/booleans.conf
141 tunables = $(poldir)/tunables.conf
142 else
143 mod_conf = $(local_poldir)/modules.conf
144 booleans = $(local_poldir)/booleans.conf
145 tunables = $(local_poldir)/tunables.conf
146 endif
147
148 # install paths
149 PKGNAME ?= refpolicy-$(version)
150 prefix = $(DESTDIR)/usr
151 topdir = $(DESTDIR)/etc/selinux
152 installdir = $(topdir)/$(strip $(NAME))
153 srcpath = $(installdir)/src
154 userpath = $(installdir)/users
155 policypath = $(installdir)/policy
156 contextpath = $(installdir)/contexts
157 homedirpath = $(contextpath)/files/homedir_template
158 fcpath = $(contextpath)/files/file_contexts
159 ncpath = $(contextpath)/netfilter_contexts
160 sharedir = $(prefix)/share/selinux
161 modpkgdir = $(sharedir)/$(strip $(NAME))
162 headerdir = $(modpkgdir)/include
163 docsdir = $(prefix)/share/doc/$(PKGNAME)
164
165 # enable MLS if requested.
166 ifeq "$(TYPE)" "mls"
167 M4PARAM += -D enable_mls
168 CHECKPOLICY += -M
169 CHECKMODULE += -M
170 gennetfilter += -m
171 endif
172
173 # enable MLS if MCS requested.
174 ifeq "$(TYPE)" "mcs"
175 M4PARAM += -D enable_mcs
176 CHECKPOLICY += -M
177 CHECKMODULE += -M
178 gennetfilter += -c
179 endif
180
181 # enable distribution-specific policy
182 ifneq ($(DISTRO),)
183 M4PARAM += -D distro_$(DISTRO)
184 endif
185
186 # rhel4 also implies redhat
187 ifeq "$(DISTRO)" "rhel4"
188 M4PARAM += -D distro_redhat
189 endif
190
191 ifeq "$(DISTRO)" "ubuntu"
192 M4PARAM += -D distro_debian
193 endif
194
195 ifneq ($(OUTPUT_POLICY),)
196 CHECKPOLICY += -c $(OUTPUT_POLICY)
197 endif
198
199 # if not set, use the type as the name.
200 NAME ?= $(TYPE)
201
202 # default unknown permissions setting
203 #UNK_PERMS ?= deny
204
205 ifeq ($(DIRECT_INITRC),y)
206 M4PARAM += -D direct_sysadm_daemon
207 endif
208
209 ifeq "$(UBAC)" "y"
210 M4PARAM += -D enable_ubac
211 endif
212
213 # default MLS/MCS sensitivity and category settings.
214 MLS_SENS ?= 16
215 MLS_CATS ?= 1024
216 MCS_CATS ?= 1024
217
218 ifeq ($(QUIET),y)
219 verbose = @
220 endif
221
222 M4PARAM += -D mls_num_sens=$(MLS_SENS) -D mls_num_cats=$(MLS_CATS) -D mcs_num_cats=$(MCS_CATS) -D hide_broken_symptoms
223
224 # we need exuberant ctags; unfortunately it is named
225 # differently on different distros
226 ifeq ($(DISTRO),debian)
227 CTAGS := ctags-exuberant
228 endif
229
230 ifeq ($(DISTRO),gentoo)
231 CTAGS := exuberant-ctags
232 endif
233
234 CTAGS ?= ctags
235
236 m4support := $(m4divert) $(wildcard $(poldir)/support/*.spt)
237 ifdef LOCAL_ROOT
238 m4support += $(wildcard $(local_poldir)/support/*.spt)
239 endif
240 m4support += $(m4undivert)
241
242 appconf := config/appconfig-$(TYPE)
243 seusers := $(appconf)/seusers
244 appdir := $(contextpath)
245 user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
246 user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _default_contexts,,$(notdir $(user_default_contexts))))
247 appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts x_contexts customizable_types securetty_types virtual_image_context virtual_domain_context) $(contextpath)/files/media $(user_default_contexts_names)
248 net_contexts := $(builddir)net_contexts
249
250 all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
251 ifdef LOCAL_ROOT
252 all_layers += $(shell find $(wildcard $(local_moddir)/*) -maxdepth 0 -type d)
253 endif
254
255 generated_te := $(basename $(foreach dir,$(all_layers),$(wildcard $(dir)/*.te.in)))
256 generated_if := $(basename $(foreach dir,$(all_layers),$(wildcard $(dir)/*.if.in)))
257 generated_fc := $(basename $(foreach dir,$(all_layers),$(wildcard $(dir)/*.fc.in)))
258
259 # sort here since it removes duplicates, which can happen
260 # when a generated file is already generated
261 detected_mods := $(sort $(foreach dir,$(all_layers),$(wildcard $(dir)/*.te)) $(generated_te))
262
263 modxml := $(addprefix $(tmpdir)/, $(detected_mods:.te=.xml))
264 layerxml := $(sort $(addprefix $(tmpdir)/, $(notdir $(addsuffix .xml,$(all_layers)))))
265 layer_names := $(sort $(notdir $(all_layers)))
266 all_metaxml = $(call detect-metaxml, $(layer_names))
267
268 # modules.conf setting for base module
269 configbase := base
270
271 # modules.conf setting for loadable module
272 configmod := module
273
274 # modules.conf setting for unused module
275 configoff := off
276
277 # test for module overrides from command line
278 mod_test = $(filter $(APPS_OFF), $(APPS_BASE) $(APPS_MODS))
279 mod_test += $(filter $(APPS_MODS), $(APPS_BASE))
280 ifneq "$(strip $(mod_test))" ""
281 $(error Applications must be base, module, or off, and not in more than one list! $(strip $(mod_test)) found in multiple lists!)
282 endif
283
284 # add on suffix to modules specified on command line
285 cmdline_base := $(addsuffix .te,$(APPS_BASE))
286 cmdline_mods := $(addsuffix .te,$(APPS_MODS))
287 cmdline_off := $(addsuffix .te,$(APPS_OFF))
288
289 # extract settings from modules.conf
290 mod_conf_base := $(addsuffix .te,$(sort $(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configbase)") print $$1 }' $(mod_conf) 2> /dev/null)))
291 mod_conf_mods := $(addsuffix .te,$(sort $(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configmod)") print $$1 }' $(mod_conf) 2> /dev/null)))
292 mod_conf_off := $(addsuffix .te,$(sort $(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configoff)") print $$1 }' $(mod_conf) 2> /dev/null)))
293
294 base_mods := $(cmdline_base)
295 mod_mods := $(cmdline_mods)
296 off_mods := $(cmdline_off)
297
298 base_mods += $(filter-out $(cmdline_off) $(cmdline_base) $(cmdline_mods), $(mod_conf_base))
299 mod_mods += $(filter-out $(cmdline_off) $(cmdline_base) $(cmdline_mods), $(mod_conf_mods))
300 off_mods += $(filter-out $(cmdline_off) $(cmdline_base) $(cmdline_mods), $(mod_conf_off))
301
302 # add modules not in modules.conf to the off list
303 off_mods += $(filter-out $(base_mods) $(mod_mods) $(off_mods),$(notdir $(detected_mods)))
304
305 # filesystems to be used in labeling targets
306 filesystems = $(shell mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]|btrfs| xfs| jfs).*rw/{print $$3}';)
307 fs_names := "btrfs ext2 ext3 ext4 xfs jfs"
308
309 ########################################
310 #
311 # Functions
312 #
313
314 # parse-rolemap-compat modulename,outputfile
315 define parse-rolemap-compat
316 $(verbose) $(M4) $(M4PARAM) $(rolemap) | \
317 $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
318 endef
319
320 # parse-rolemap modulename,outputfile
321 define parse-rolemap
322 $(verbose) $(M4) $(M4PARAM) $(rolemap) | \
323 $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_role_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
324 endef
325
326 # perrole-expansion modulename,outputfile
327 define perrole-expansion
328 $(verbose) echo "ifdef(\`""$1""_per_role_template',\`" > $2
329 $(call parse-rolemap,$1,$2)
330 $(verbose) echo "')" >> $2
331
332 $(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" >> $2
333 $(verbose) echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$1""_per_userdomain_template)'__endline__)" >> $2
334 $(call parse-rolemap-compat,$1,$2)
335 $(verbose) echo "')" >> $2
336 endef
337
338 # create-base-per-role-tmpl modulenames,outputfile
339 define create-base-per-role-tmpl
340 $(verbose) echo "define(\`base_per_role_template',\`" >> $2
341
342 $(verbose) for i in $1; do \
343 echo "ifdef(\`""$$i""_per_role_template',\`""$$i""_per_role_template("'$$*'")')" \
344 >> $2 ;\
345 done
346
347 $(verbose) for i in $1; do \
348 echo "ifdef(\`""$$i""_per_userdomain_template',\`" >> $2 ;\
349 echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$$i""_per_userdomain_template)'__endline__)" >> $2 ;\
350 echo """$$i""_per_userdomain_template("'$$*'")')" >> $2 ;\
351 done
352 $(verbose) echo "')" >> $@
353
354 endef
355
356 # detect-metaxml layer_names
357 ifdef LOCAL_ROOT
358 define detect-metaxml
359 $(shell for i in $1; do \
360 if [ -d $(moddir)/$$i -a -d $(local_moddir)/$$i ]; then \
361 if [ -f $(local_moddir)/$$i/$(metaxml) ]; then \
362 echo $(local_moddir)/$$i/$(metaxml) ;\
363 else \
364 echo $(moddir)/$$i/$(metaxml) ;\
365 fi \
366 elif [ -d $(local_moddir)/$$i ]; then
367 echo $(local_moddir)/$$i/$(metaxml) ;\
368 else \
369 echo $(moddir)/$$i/$(metaxml) ;\
370 fi \
371 done )
372 endef
373 else
374 define detect-metaxml
375 $(shell for i in $1; do echo $(moddir)/$$i/$(metaxml); done)
376 endef
377 endif
378
379 ########################################
380 #
381 # Load appropriate rules
382 #
383
384 ifeq ($(MONOLITHIC),y)
385 include Rules.monolithic
386 else
387 include Rules.modular
388 endif
389
390 ########################################
391 #
392 # Generated files
393 #
394 # NOTE: There is no "local" version of these files.
395 #
396 generate: $(generated_te) $(generated_if) $(generated_fc)
397
398 $(moddir)/kernel/corenetwork.if: $(moddir)/kernel/corenetwork.te.in $(moddir)/kernel/corenetwork.if.m4 $(moddir)/kernel/corenetwork.if.in
399 @echo "#" > $@
400 @echo "# This is a generated file! Instead of modifying this file, the" >> $@
401 @echo "# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
402 @echo "#" >> $@
403 $(verbose) cat $@.in >> $@
404 $(verbose) $(GREP) "^[[:blank:]]*network_(interface|node|port|packet)(_controlled)?\(.*\)" $< \
405 | $(M4) -D self_contained_policy $(M4PARAM) $@.m4 - \
406 | $(SED) -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
407
408 $(moddir)/kernel/corenetwork.te: $(moddir)/kernel/corenetwork.te.m4 $(moddir)/kernel/corenetwork.te.in
409 @echo "#" > $@
410 @echo "# This is a generated file! Instead of modifying this file, the" >> $@
411 @echo "# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
412 @echo "#" >> $@
413 $(verbose) $(M4) -D self_contained_policy $(M4PARAM) $^ \
414 | $(SED) -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
415
416 ########################################
417 #
418 # Network packet labeling
419 #
420 $(net_contexts): $(moddir)/kernel/corenetwork.te.in
421 @echo "Creating netfilter network labeling rules"
422 $(verbose) $(gennetfilter) $^ > $@
423
424 ########################################
425 #
426 # Create config files
427 #
428 conf: $(mod_conf) $(booleans) $(generated_te) $(generated_if) $(generated_fc)
429
430 $(mod_conf) $(booleans): $(polxml)
431 @echo "Updating $(mod_conf) and $(booleans)"
432 $(verbose) $(gendoc) -b $(booleans) -m $(mod_conf) -x $(polxml)
433
434 ########################################
435 #
436 # Generate the fc_sort program
437 #
438 $(fcsort) : $(support)/fc_sort.c
439 $(verbose) $(CC) $(CFLAGS) $^ -o $@
440
441 ########################################
442 #
443 # Documentation generation
444 #
445 $(layerxml): %.xml: $(all_metaxml) $(filter $(addprefix $(moddir)/, $(notdir $*))%, $(detected_mods)) $(subst .te,.if, $(filter $(addprefix $(moddir)/, $(notdir $*))%, $(detected_mods)))
446 @test -d $(tmpdir) || mkdir -p $(tmpdir)
447 $(verbose) cat $(filter %$(notdir $*)/$(metaxml), $(all_metaxml)) > $@
448 $(verbose) for i in $(basename $(filter $(addprefix $(moddir)/, $(notdir $*))%, $(detected_mods))); do $(genxml) -w -m $$i >> $@; done
449 ifdef LOCAL_ROOT
450 $(verbose) for i in $(basename $(filter $(addprefix $(local_moddir)/, $(notdir $*))%, $(detected_mods))); do $(genxml) -w -m $$i >> $@; done
451 endif
452
453 $(tunxml): $(globaltun)
454 $(verbose) $(genxml) -w -t $< > $@
455
456 $(boolxml): $(globalbool)
457 $(verbose) $(genxml) -w -b $< > $@
458
459 $(polxml): $(layerxml) $(tunxml) $(boolxml)
460 @echo "Creating $(@F)"
461 @test -d $(dir $(polxml)) || mkdir -p $(dir $(polxml))
462 @test -d $(tmpdir) || mkdir -p $(tmpdir)
463 $(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
464 $(verbose) echo '<!DOCTYPE policy SYSTEM "$(notdir $(xmldtd))">' >> $@
465 $(verbose) echo '<policy>' >> $@
466 $(verbose) for i in $(basename $(notdir $(layerxml))); do echo "<layer name=\"$$i\">" >> $@; cat $(tmpdir)/$$i.xml >> $@; echo "</layer>" >> $@; done
467 $(verbose) cat $(tunxml) $(boolxml) >> $@
468 $(verbose) echo '</policy>' >> $@
469 $(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \
470 $(XMLLINT) --noout --path $(dir $(xmldtd)) --dtdvalid $(xmldtd) $@ ;\
471 fi
472
473 xml: $(polxml)
474
475 html $(tmpdir)/html: $(polxml)
476 @echo "Building html interface reference documentation in $(htmldir)"
477 @test -d $(htmldir) || mkdir -p $(htmldir)
478 @test -d $(tmpdir) || mkdir -p $(tmpdir)
479 $(verbose) $(gendoc) -d $(htmldir) -T $(doctemplate) -x $(polxml)
480 $(verbose) cp $(doctemplate)/*.css $(htmldir)
481 @touch $(tmpdir)/html
482
483 ########################################
484 #
485 # Runtime binary policy patching of users
486 #
487 $(userpath)/system.users: $(m4support) $(tmpdir)/generated_definitions.conf $(user_files)
488 @mkdir -p $(tmpdir)
489 @mkdir -p $(userpath)
490 @echo "Installing system.users"
491 @echo "# " > $(tmpdir)/system.users
492 @echo "# Do not edit this file. " >> $(tmpdir)/system.users
493 @echo "# This file is replaced on reinstalls of this policy." >> $(tmpdir)/system.users
494 @echo "# Please edit local.users to make local changes." >> $(tmpdir)/system.users
495 @echo "#" >> $(tmpdir)/system.users
496 $(verbose) $(M4) -D self_contained_policy $(M4PARAM) $^ | $(SED) -r -e 's/^[[:blank:]]+//' \
497 -e '/^[[:blank:]]*($$|#)/d' >> $(tmpdir)/system.users
498 $(verbose) $(INSTALL) -m 644 $(tmpdir)/system.users $@
499
500 $(userpath)/local.users: config/local.users
501 @mkdir -p $(userpath)
502 @echo "Installing local.users"
503 $(verbose) $(INSTALL) -b -m 644 $< $@
504
505 ########################################
506 #
507 # Build Appconfig files
508 #
509 $(tmpdir)/initrc_context: $(appconf)/initrc_context
510 @mkdir -p $(tmpdir)
511 $(verbose) $(M4) $(M4PARAM) $(m4support) $^ | $(GREP) '^[a-z]' > $@
512
513 ########################################
514 #
515 # Install Appconfig files
516 #
517 install-appconfig: $(appfiles)
518
519 $(installdir)/booleans: $(booleans)
520 @mkdir -p $(tmpdir)
521 @mkdir -p $(installdir)
522 $(verbose) $(SED) -r -e 's/false/0/g' -e 's/true/1/g' \
523 -e '/^[[:blank:]]*($$|#)/d' $(booleans) | $(SORT) > $(tmpdir)/booleans
524 $(verbose) $(INSTALL) -m 644 $(tmpdir)/booleans $@
525
526 $(contextpath)/files/media: $(appconf)/media
527 @mkdir -p $(contextpath)/files/
528 $(verbose) $(INSTALL) -m 644 $< $@
529
530 $(contextpath)/users/%: $(appconf)/%_default_contexts
531 @mkdir -p $(appdir)/users
532 $(verbose) $(INSTALL) -m 644 $^ $@
533
534 $(appdir)/%: $(appconf)/%
535 @mkdir -p $(appdir)
536 $(verbose) $(M4) $(M4PARAM) $(m4support) $< > $@
537
538 ########################################
539 #
540 # Install policy headers
541 #
542 install-headers: $(layerxml) $(tunxml) $(boolxml)
543 @mkdir -p $(headerdir)
544 @echo "Installing $(NAME) policy headers."
545 $(verbose) $(INSTALL) -m 644 $^ $(headerdir)
546 $(verbose) $(M4) $(M4PARAM) $(rolemap) > $(headerdir)/$(notdir $(rolemap))
547 $(verbose) mkdir -p $(headerdir)/support
548 $(verbose) $(INSTALL) -m 644 $(m4support) $(word $(words $(genxml)),$(genxml)) $(xmldtd) $(headerdir)/support
549 $(verbose) $(genperm) $(avs) $(secclass) > $(headerdir)/support/all_perms.spt
550 $(verbose) for i in $(notdir $(all_layers)); do \
551 mkdir -p $(headerdir)/$$i ;\
552 $(INSTALL) -m 644 $(moddir)/$$i/*.if $(headerdir)/$$i ;\
553 done
554 $(verbose) echo "TYPE ?= $(TYPE)" > $(headerdir)/build.conf
555 $(verbose) echo "NAME ?= $(NAME)" >> $(headerdir)/build.conf
556 ifneq "$(DISTRO)" ""
557 $(verbose) echo "DISTRO ?= $(DISTRO)" >> $(headerdir)/build.conf
558 endif
559 $(verbose) echo "MONOLITHIC ?= n" >> $(headerdir)/build.conf
560 $(verbose) echo "DIRECT_INITRC ?= $(DIRECT_INITRC)" >> $(headerdir)/build.conf
561 $(verbose) echo "override UBAC := $(UBAC)" >> $(headerdir)/build.conf
562 $(verbose) echo "override MLS_SENS := $(MLS_SENS)" >> $(headerdir)/build.conf
563 $(verbose) echo "override MLS_CATS := $(MLS_CATS)" >> $(headerdir)/build.conf
564 $(verbose) echo "override MCS_CATS := $(MCS_CATS)" >> $(headerdir)/build.conf
565 $(verbose) $(INSTALL) -m 644 $(support)/Makefile.devel $(headerdir)/Makefile
566
567 ########################################
568 #
569 # Install policy documentation
570 #
571 install-docs: $(tmpdir)/html
572 @mkdir -p $(docsdir)/html
573 @echo "Installing policy documentation"
574 $(verbose) $(INSTALL) -m 644 $(docfiles) $(docsdir)
575 $(verbose) $(INSTALL) -m 644 $(wildcard $(htmldir)/*) $(docsdir)/html
576
577 ########################################
578 #
579 # Install policy sources
580 #
581 install-src:
582 rm -rf $(srcpath)/policy.old
583 -mv $(srcpath)/policy $(srcpath)/policy.old
584 mkdir -p $(srcpath)/policy
585 cp -R . $(srcpath)/policy
586
587 ########################################
588 #
589 # Generate tags file
590 #
591 tags: $(tags)
592 $(tags):
593 @($(CTAGS) --version | grep -q Exuberant) || (echo ERROR: Need exuberant-ctags to function!; exit 1)
594 @LC_ALL=C $(CTAGS) -f $(tags) --langdef=te --langmap=te:..te.if.spt \
595 --regex-te='/^type[ \t]+(\w+)(,|;)/\1/t,type/' \
596 --regex-te='/^typealias[ \t]+\w+[ \t+]+alias[ \t]+(\w+);/\1/t,type/' \
597 --regex-te='/^attribute[ \t]+(\w+);/\1/a,attribute/' \
598 --regex-te='/^[ \t]*define\(`(\w+)/\1/d,define/' \
599 --regex-te='/^[ \t]*interface\(`(\w+)/\1/i,interface/' \
600 --regex-te='/^[ \t]*template\(`(\w+)/\1/i,template/' \
601 --regex-te='/^[ \t]*bool[ \t]+(\w+)/\1/b,bool/' policy/modules/*/*.{if,te} policy/support/*.spt
602
603 ########################################
604 #
605 # Filesystem labeling
606 #
607 checklabels:
608 @echo "Checking labels on filesystem types: $(fs_names)"
609 @if test -z "$(filesystems)"; then \
610 echo "No filesystems with extended attributes found!" ;\
611 false ;\
612 fi
613 $(verbose) $(SETFILES) -v -n $(fcpath) $(filesystems)
614
615 restorelabels:
616 @echo "Restoring labels on filesystem types: $(fs_names)"
617 @if test -z "$(filesystems)"; then \
618 echo "No filesystems with extended attributes found!" ;\
619 false ;\
620 fi
621 $(verbose) $(SETFILES) -v $(fcpath) $(filesystems)
622
623 relabel:
624 @echo "Relabeling filesystem types: $(fs_names)"
625 @if test -z "$(filesystems)"; then \
626 echo "No filesystems with extended attributes found!" ;\
627 false ;\
628 fi
629 $(verbose) $(SETFILES) $(fcpath) $(filesystems)
630
631 resetlabels:
632 @echo "Resetting labels on filesystem types: $(fs_names)"
633 @if test -z "$(filesystems)"; then \
634 echo "No filesystems with extended attributes found!" ;\
635 false ;\
636 fi
637 $(verbose) $(SETFILES) -F $(fcpath) $(filesystems)
638
639 ########################################
640 #
641 # Clean everything
642 #
643 bare: clean
644 rm -f $(polxml)
645 rm -f $(layerxml)
646 rm -f $(modxml)
647 rm -f $(tunxml)
648 rm -f $(boolxml)
649 rm -f $(mod_conf)
650 rm -f $(booleans)
651 rm -fR $(htmldir)
652 rm -f $(tags)
653 # don't remove these files if we're given a local root
654 ifndef LOCAL_ROOT
655 rm -f $(fcsort)
656 rm -f $(support)/*.pyc
657 ifneq ($(generated_te),)
658 rm -f $(generated_te)
659 endif
660 ifneq ($(generated_if),)
661 rm -f $(generated_if)
662 endif
663 ifneq ($(generated_fc),)
664 rm -f $(generated_fc)
665 endif
666 endif
667
668 .PHONY: install-src install-appconfig install-headers generate xml conf html bare tags
669 .SUFFIXES:
670 .SUFFIXES: .c
The IPFire selinux policy.