11 NAME ?= $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config)
12 SHAREDIR ?= /usr/share/selinux
13 HEADERDIR ?= $(SHAREDIR)/$(NAME)/include
15 include $(HEADERDIR)/build.conf
19 BINDIR := $(PREFIX)/bin
20 SBINDIR := $(PREFIX)/sbin
21 CHECKMODULE := $(BINDIR)/checkmodule
22 SEMODULE := $(SBINDIR)/semodule
23 SEMOD_PKG := $(BINDIR)/semodule_package
24 XMLLINT := $(BINDIR)/xmllint
26 # set default build options if missing
32 genxml := $(PYTHON) $(HEADERDIR)/support/segenxml.py
35 polxml := $(docs)/policy.xml
36 xmldtd := $(HEADERDIR)/support/policy.dtd
37 metaxml := metadata.xml
39 globaltun = $(HEADERDIR)/global_tunables.xml
40 globalbool = $(HEADERDIR)/global_booleans.xml
42 # enable MLS if requested.
44 M4PARAM += -D enable_mls
49 # enable MLS if MCS requested.
51 M4PARAM += -D enable_mcs
56 # enable distribution-specific policy
58 M4PARAM += -D distro_$(DISTRO)
61 ifeq ($(DIRECT_INITRC),y)
62 M4PARAM += -D direct_sysadm_daemon
66 M4PARAM += -D enable_ubac
69 # default MLS/MCS sensitivity and category settings.
78 M4PARAM += -D hide_broken_symptoms -D mls_num_sens=$(MLS_SENS) -D mls_num_cats=$(MLS_CATS) -D mcs_num_cats=$(MCS_CATS)
81 m4support = $(wildcard $(HEADERDIR)/support/*.spt)
83 header_layers := $(filter-out $(HEADERDIR)/support,$(shell find $(wildcard $(HEADERDIR)/*) -maxdepth 0 -type d))
84 header_xml := $(addsuffix .xml,$(header_layers))
85 header_interfaces := $(foreach layer,$(header_layers),$(wildcard $(layer)/*.if))
87 rolemap := $(HEADERDIR)/rolemap
89 local_layers := $(filter-out CVS tmp $(docs),$(shell find $(wildcard *) -maxdepth 0 -type d))
90 local_xml := $(addprefix tmp/, $(addsuffix .xml,$(local_layers)))
92 all_layer_names := $(sort $(notdir $(header_layers) $(local_layers)))
94 3rd_party_mods := $(wildcard *.te)
95 detected_mods := $(3rd_party_mods) $(foreach layer,$(local_layers),$(wildcard $(layer)/*.te))
97 detected_ifs := $(detected_mods:.te=.if)
98 detected_fcs := $(detected_mods:.te=.fc)
99 all_packages := $(notdir $(detected_mods:.te=.pp))
101 # figure out what modules we may want to reload
102 loaded_mods = $(addsuffix .pp,$(shell $(SEMODULE) -l | $(CUT) -f1))
103 sys_mods = $(wildcard $(SHAREDIR)/$(NAME)/*.pp)
104 match_sys = $(filter $(addprefix $(SHAREDIR)/$(NAME)/,$(loaded_mods)),$(sys_mods))
105 match_loc = $(filter $(all_packages),$(loaded_mods))
107 vpath %.te $(local_layers)
108 vpath %.if $(local_layers)
109 vpath %.fc $(local_layers)
111 ########################################
116 # parse-rolemap-compat modulename,outputfile
117 define parse-rolemap-compat
118 $(verbose) $(M4) $(M4PARAM) $(rolemap) | \
119 $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
122 # parse-rolemap modulename,outputfile
124 $(verbose) $(M4) $(M4PARAM) $(rolemap) | \
125 $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_role_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
128 # peruser-expansion modulename,outputfile
129 define peruser-expansion
130 $(verbose) echo "ifdef(\`""$1""_per_role_template',\`" > $2
131 $(call parse-rolemap,$1,$2)
132 $(verbose) echo "')" >> $2
134 $(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" >> $2
135 $(verbose) echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$1""_per_userdomain_template)'__endline__)" >> $2
136 $(call parse-rolemap-compat,$1,$2)
137 $(verbose) echo "')" >> $2
140 .PHONY: clean all xml load reload
143 # broken in make 3.81:
146 ########################################
155 ########################################
157 # Attempt to reinstall all installed packages
160 @$(EINFO) "Refreshing $(NAME) modules"
161 $(verbose) $(SEMODULE) -b $(SHAREDIR)/$(NAME)/base.pp $(foreach mod,$(match_sys) $(match_loc),-i $(mod))
163 ########################################
165 # Load module packages
169 tmp/loaded: $(all_packages)
170 @$(EINFO) "Loading $(NAME) modules: $(basename $(notdir $?))"
171 $(verbose) $(SEMODULE) $(foreach mod,$?,-i $(mod))
175 reload: $(all_packages)
176 @$(EINFO) "Loading $(NAME) modules: $(basename $(notdir $^))"
177 $(verbose) $(SEMODULE) $(foreach mod,$^,-i $(mod))
181 ########################################
183 # Build module packages
185 tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
186 @$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
187 @test -d $(@D) || mkdir -p $(@D)
188 $(call peruser-expansion,$(basename $(@F)),$@.role)
189 $(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
190 $(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
192 tmp/%.mod.fc: $(m4support) %.fc
193 $(verbose) $(M4) $(M4PARAM) $^ > $@
195 %.pp: tmp/%.mod tmp/%.mod.fc
196 @echo "Creating $(NAME) $(@F) policy package"
197 $(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
199 tmp/all_interfaces.conf: $(m4support) $(header_interfaces) $(detected_ifs)
200 @test -d $(@D) || mkdir -p $(@D)
201 @echo "ifdef(\`__if_error',\`m4exit(1)')" > tmp/iferror.m4
202 @echo "divert(-1)" > $@
203 $(verbose) $(M4) $^ tmp/iferror.m4 | sed -e s/dollarsstar/\$$\*/g >> $@
206 # so users dont have to make empty .fc and .if files
211 @echo "## <summary>$(basename $(@D))</summary>" > $@
213 ########################################
215 # Documentation generation
217 tmp/%.xml: %/*.te %/*.if
218 @test -d $(@D) || mkdir -p $(@D)
219 $(verbose) test -f $(HEADERDIR)/$*.xml || cat $*/$(metaxml) > $@
220 $(verbose) $(genxml) -w -m $(sort $(basename $^)) >> $@
224 $(polxml): $(header_xml) $(local_xml) $(globaltun) $(globalbool) $(detected_mods) $(detected_ifs)
225 @echo "Creating $(@F)"
226 @test -d $(@D) || mkdir -p $(@D)
227 $(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
228 $(verbose) echo '<!DOCTYPE policy SYSTEM "$(notdir $(xmldtd))">' >> $@
229 $(verbose) echo '<policy>' >> $@
230 $(verbose) for i in $(all_layer_names); do \
231 echo "<layer name=\"$$i\">" >> $@ ;\
232 test -f $(HEADERDIR)/$$i.xml && cat $(HEADERDIR)/$$i.xml >> $@ ;\
233 test -f tmp/$$i.xml && cat tmp/$$i.xml >> $@ ;\
234 echo "</layer>" >> $@ ;\
236 ifneq "$(strip $(3rd_party_mods))" ""
237 $(verbose) echo "<layer name=\"third_party\">" >> $@
238 $(verbose) echo "<summary>These are all third-party modules.</summary>" >> $@
239 $(verbose) $(genxml) -w -m $(addprefix ./,$(basename $(3rd_party_mods))) >> $@
240 $(verbose) echo "</layer>" >> $@
242 $(verbose) cat $(globaltun) $(globalbool) >> $@
243 $(verbose) echo '</policy>' >> $@
244 $(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \
245 $(XMLLINT) --noout --path $(dir $(xmldtd)) --dtdvalid $(xmldtd) $@ ;\
248 ########################################
250 # Clean the environment