support/Makefile.devel

   1
   2 # helper tools
   3 AWK ?= gawk
   4 INSTALL ?= install
   5 M4 ?= m4
   6 SED ?= sed
   7 EINFO ?= echo
   8 PYTHON ?= python
   9 CUT ?= cut
  10
  11 NAME ?= $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config)
  12 SHAREDIR ?= /usr/share/selinux
  13 HEADERDIR ?= $(SHAREDIR)/$(NAME)/include
  14
  15 include $(HEADERDIR)/build.conf
  16
  17 # executables
  18 PREFIX := /usr
  19 BINDIR := $(PREFIX)/bin
  20 SBINDIR := $(PREFIX)/sbin
  21 CHECKMODULE := $(BINDIR)/checkmodule
  22 SEMODULE := $(SBINDIR)/semodule
  23 SEMOD_PKG := $(BINDIR)/semodule_package
  24 XMLLINT := $(BINDIR)/xmllint
  25
  26 # set default build options if missing
  27 TYPE ?= standard
  28 DIRECT_INITRC ?= n
  29 POLY ?= n
  30 QUIET ?= y
  31
  32 genxml := $(PYTHON) $(HEADERDIR)/support/segenxml.py
  33
  34 docs := doc
  35 polxml := $(docs)/policy.xml
  36 xmldtd := $(HEADERDIR)/support/policy.dtd
  37 metaxml := metadata.xml
  38
  39 globaltun = $(HEADERDIR)/global_tunables.xml
  40 globalbool = $(HEADERDIR)/global_booleans.xml
  41
  42 # enable MLS if requested.
  43 ifeq "$(TYPE)" "mls"
  44         M4PARAM += -D enable_mls
  45         CHECKPOLICY += -M
  46         CHECKMODULE += -M
  47 endif
  48
  49 # enable MLS if MCS requested.
  50 ifeq "$(TYPE)" "mcs"
  51         M4PARAM += -D enable_mcs
  52         CHECKPOLICY += -M
  53         CHECKMODULE += -M
  54 endif
  55
  56 # enable distribution-specific policy
  57 ifneq ($(DISTRO),)
  58         M4PARAM += -D distro_$(DISTRO)
  59 endif
  60
  61 ifeq ($(DIRECT_INITRC),y)
  62         M4PARAM += -D direct_sysadm_daemon
  63 endif
  64
  65 ifeq "$(UBAC)" "y"
  66         M4PARAM += -D enable_ubac
  67 endif
  68
  69 # default MLS/MCS sensitivity and category settings.
  70 MLS_SENS ?= 16
  71 MLS_CATS ?= 1024
  72 MCS_CATS ?= 1024
  73
  74 ifeq ($(QUIET),y)
  75         verbose := @
  76 endif
  77
  78 M4PARAM += -D hide_broken_symptoms -D mls_num_sens=$(MLS_SENS) -D mls_num_cats=$(MLS_CATS) -D mcs_num_cats=$(MCS_CATS)
  79
  80 # policy headers
  81 m4support = $(wildcard $(HEADERDIR)/support/*.spt)
  82
  83 header_layers := $(filter-out $(HEADERDIR)/support,$(shell find $(wildcard $(HEADERDIR)/*) -maxdepth 0 -type d))
  84 header_xml := $(addsuffix .xml,$(header_layers))
  85 header_interfaces := $(foreach layer,$(header_layers),$(wildcard $(layer)/*.if))
  86
  87 rolemap := $(HEADERDIR)/rolemap
  88
  89 local_layers := $(filter-out CVS tmp $(docs),$(shell find $(wildcard *) -maxdepth 0 -type d))
  90 local_xml := $(addprefix tmp/, $(addsuffix .xml,$(local_layers)))
  91
  92 all_layer_names := $(sort $(notdir $(header_layers) $(local_layers)))
  93
  94 3rd_party_mods := $(wildcard *.te)
  95 detected_mods := $(3rd_party_mods) $(foreach layer,$(local_layers),$(wildcard $(layer)/*.te))
  96
  97 detected_ifs := $(detected_mods:.te=.if)
  98 detected_fcs := $(detected_mods:.te=.fc)
  99 all_packages := $(notdir $(detected_mods:.te=.pp))
 100
 101 # figure out what modules we may want to reload
 102 loaded_mods = $(addsuffix .pp,$(shell $(SEMODULE) -l | $(CUT) -f1))
 103 sys_mods = $(wildcard $(SHAREDIR)/$(NAME)/*.pp)
 104 match_sys = $(filter $(addprefix $(SHAREDIR)/$(NAME)/,$(loaded_mods)),$(sys_mods))
 105 match_loc = $(filter $(all_packages),$(loaded_mods))
 106
 107 vpath %.te $(local_layers)
 108 vpath %.if $(local_layers)
 109 vpath %.fc $(local_layers)
 110
 111 ########################################
 112 #
 113 # Functions
 114 #
 115
 116 # parse-rolemap-compat modulename,outputfile
 117 define parse-rolemap-compat
 118         $(verbose) $(M4) $(M4PARAM) $(rolemap) | \
 119                 $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
 120 endef
 121
 122 # parse-rolemap modulename,outputfile
 123 define parse-rolemap
 124         $(verbose) $(M4) $(M4PARAM) $(rolemap) | \
 125                 $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_role_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
 126 endef
 127
 128 # peruser-expansion modulename,outputfile
 129 define peruser-expansion
 130         $(verbose) echo "ifdef(\`""$1""_per_role_template',\`" > $2
 131         $(call parse-rolemap,$1,$2)
 132         $(verbose) echo "')" >> $2
 133
 134         $(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" >> $2
 135         $(verbose) echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$1""_per_userdomain_template)'__endline__)" >> $2
 136         $(call parse-rolemap-compat,$1,$2)
 137         $(verbose) echo "')" >> $2
 138 endef
 139
 140 .PHONY: clean all xml load reload
 141 .SUFFIXES:
 142 .SUFFIXES: .pp
 143 # broken in make 3.81:
 144 #.SECONDARY:
 145
 146 ########################################
 147 #
 148 # Main targets
 149 #
 150
 151 all: $(all_packages)
 152
 153 xml: $(polxml)
 154
 155 ########################################
 156 #
 157 # Attempt to reinstall all installed packages
 158 #
 159 refresh:
 160         @$(EINFO) "Refreshing $(NAME) modules"
 161         $(verbose) $(SEMODULE) -b $(SHAREDIR)/$(NAME)/base.pp $(foreach mod,$(match_sys) $(match_loc),-i $(mod))
 162
 163 ########################################
 164 #
 165 # Load module packages
 166 #
 167
 168 load: tmp/loaded
 169 tmp/loaded: $(all_packages)
 170         @$(EINFO) "Loading $(NAME) modules: $(basename $(notdir $?))"
 171         $(verbose) $(SEMODULE) $(foreach mod,$?,-i $(mod))
 172         @mkdir -p tmp
 173         @touch tmp/loaded
 174
 175 reload: $(all_packages)
 176         @$(EINFO) "Loading $(NAME) modules: $(basename $(notdir $^))"
 177         $(verbose) $(SEMODULE) $(foreach mod,$^,-i $(mod))
 178         @mkdir -p tmp
 179         @touch tmp/loaded
 180
 181 ########################################
 182 #
 183 # Build module packages
 184 #
 185 tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
 186         @$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
 187         @test -d $(@D) || mkdir -p $(@D)
 188         $(call peruser-expansion,$(basename $(@F)),$@.role)
 189         $(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
 190         $(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
 191
 192 tmp/%.mod.fc: $(m4support) %.fc
 193         $(verbose) $(M4) $(M4PARAM) $^ > $@
 194
 195 %.pp: tmp/%.mod tmp/%.mod.fc
 196         @echo "Creating $(NAME) $(@F) policy package"
 197         $(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
 198
 199 tmp/all_interfaces.conf: $(m4support) $(header_interfaces) $(detected_ifs)
 200         @test -d $(@D) || mkdir -p $(@D)
 201         @echo "ifdef(\`__if_error',\`m4exit(1)')" > tmp/iferror.m4
 202         @echo "divert(-1)" > $@
 203         $(verbose) $(M4) $^ tmp/iferror.m4 | sed -e s/dollarsstar/\$$\*/g >> $@
 204         @echo "divert" >> $@
 205
 206 # so users dont have to make empty .fc and .if files
 207 $(detected_fcs):
 208         @touch $@
 209
 210 $(detected_ifs):
 211         @echo "## <summary>$(basename $(@D))</summary>" > $@
 212
 213 ########################################
 214 #
 215 # Documentation generation
 216 #
 217 tmp/%.xml: %/*.te %/*.if
 218         @test -d $(@D) || mkdir -p $(@D)
 219         $(verbose) test -f $(HEADERDIR)/$*.xml || cat $*/$(metaxml) > $@
 220         $(verbose) $(genxml) -w -m $(sort $(basename $^)) >> $@
 221
 222 vars: $(local_xml)
 223
 224 $(polxml): $(header_xml) $(local_xml) $(globaltun) $(globalbool) $(detected_mods) $(detected_ifs)
 225         @echo "Creating $(@F)"
 226         @test -d $(@D) || mkdir -p $(@D)
 227         $(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
 228         $(verbose) echo '<!DOCTYPE policy SYSTEM "$(notdir $(xmldtd))">' >> $@
 229         $(verbose) echo '<policy>' >> $@
 230         $(verbose) for i in $(all_layer_names); do \
 231                 echo "<layer name=\"$$i\">" >> $@ ;\
 232                 test -f $(HEADERDIR)/$$i.xml && cat $(HEADERDIR)/$$i.xml >> $@ ;\
 233                 test -f tmp/$$i.xml && cat tmp/$$i.xml >> $@ ;\
 234                 echo "</layer>" >> $@ ;\
 235         done
 236 ifneq "$(strip $(3rd_party_mods))" ""
 237         $(verbose) echo "<layer name=\"third_party\">" >> $@
 238         $(verbose) echo "<summary>These are all third-party modules.</summary>" >> $@
 239         $(verbose) $(genxml) -w -m $(addprefix ./,$(basename $(3rd_party_mods))) >> $@
 240         $(verbose) echo "</layer>" >> $@
 241 endif
 242         $(verbose) cat $(globaltun) $(globalbool) >> $@
 243         $(verbose) echo '</policy>' >> $@
 244         $(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \
 245                 $(XMLLINT) --noout --path $(dir $(xmldtd)) --dtdvalid $(xmldtd) $@ ;\
 246         fi
 247
 248 ########################################
 249 #
 250 # Clean the environment
 251 #
 252
 253 clean:
 254         rm -fR tmp
 255         rm -f *.pp