root/trunk/Rules.modular

Revision 2866, 7.9 kB (checked in by cpebenito, 1 month ago)

trunk: merge UBAC.

Line 
1 ########################################
2 #
3 # Rules and Targets for building modular policies
4 #
5
6 all_modules := $(base_mods) $(mod_mods) $(off_mods)
7 all_interfaces := $(all_modules:.te=.if)
8
9 base_pkg := $(builddir)base.pp
10 base_fc := $(builddir)base.fc
11 base_conf := $(builddir)base.conf
12 base_mod := $(tmpdir)/base.mod
13
14 users_extra := $(tmpdir)/users_extra
15
16 base_sections := $(tmpdir)/pre_te_files.conf $(tmpdir)/all_attrs_types.conf $(tmpdir)/global_bools.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf
17
18 base_pre_te_files := $(secclass) $(isids) $(avs) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps)
19 base_te_files := $(base_mods)
20 base_post_te_files := $(user_files) $(poldir)/constraints
21 base_fc_files := $(base_mods:.te=.fc)
22
23 mod_pkgs := $(addprefix $(builddir),$(notdir $(mod_mods:.te=.pp)))
24
25 # policy packages to install
26 instpkg := $(addprefix $(modpkgdir)/,$(notdir $(base_pkg)) $(mod_pkgs))
27
28 # search layer dirs for source files
29 vpath %.te $(all_layers)
30 vpath %.if $(all_layers)
31 vpath %.fc $(all_layers)
32
33 .SECONDARY: $(addprefix $(tmpdir)/,$(mod_pkgs:.pp=.mod)) $(addprefix $(tmpdir)/,$(mod_pkgs:.pp=.mod.fc))
34
35 ########################################
36 #
37 # default action: create all module packages
38 #
39 default: policy
40
41 all policy: base modules
42
43 base: $(base_pkg)
44
45 modules: $(mod_pkgs)
46
47 install: $(instpkg) $(appfiles)
48
49 ########################################
50 #
51 # Load all configured modules
52 #
53 load: $(instpkg) $(appfiles)
54 # make sure two directories exist since they are not
55 # created by semanage
56         @mkdir -p $(policypath) $(dir $(fcpath))
57         @echo "Loading configured modules."
58         $(verbose) $(SEMODULE) -s $(NAME) -b $(modpkgdir)/$(notdir $(base_pkg)) $(foreach mod,$(mod_pkgs),-i $(modpkgdir)/$(mod))
59
60 ########################################
61 #
62 # Install policy packages
63 #
64 $(modpkgdir)/%.pp: $(builddir)%.pp
65         @mkdir -p $(modpkgdir)
66         @echo "Installing $(NAME) $(@F) policy package."
67         $(verbose) $(INSTALL) -m 0644 $^ $(modpkgdir)
68
69 ########################################
70 #
71 # Build module packages
72 #
73 $(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
74         @echo "Compliling $(NAME) $(@F) module"
75         @test -d $(tmpdir) || mkdir -p $(tmpdir)
76         $(call perrole-expansion,$(basename $(@F)),$@.role)
77         $(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
78         $(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
79
80 $(tmpdir)/%.mod.fc: $(m4support) %.fc
81         @test -d $(tmpdir) || mkdir -p $(tmpdir)
82         $(verbose) $(M4) $(M4PARAM) $(m4support) $^ > $@
83
84 $(builddir)%.pp: $(tmpdir)/%.mod $(tmpdir)/%.mod.fc
85         @echo "Creating $(NAME) $(@F) policy package"
86         @test -d $(builddir) || mkdir -p $(builddir)
87         $(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
88
89 ########################################
90 #
91 # Create a base module package
92 #
93 $(base_pkg): $(base_mod) $(base_fc) $(users_extra) $(tmpdir)/seusers
94         @echo "Creating $(NAME) base module package"
95         @test -d $(builddir) || mkdir -p $(builddir)
96         $(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(tmpdir)/seusers
97
98 ifneq "$(UNK_PERMS)" ""
99 $(base_mod): CHECKMODULE += -U $(UNK_PERMS)
100 endif
101 $(base_mod): $(base_conf)
102         @echo "Compiling $(NAME) base module"
103         $(verbose) $(CHECKMODULE) $^ -o $@
104
105 $(tmpdir)/seusers: $(seusers)
106         @mkdir -p $(tmpdir)
107         $(verbose) $(M4) $(M4PARAM) $(m4support) $^ | $(GREP) '^[a-z_]' > $@
108
109 $(users_extra): $(m4support) $(user_files)
110         @test -d $(tmpdir) || mkdir -p $(tmpdir)
111         $(verbose) $(M4) $(M4PARAM) -D users_extra $^ | \
112                 $(SED) -r -n -e 's/^[[:blank:]]*//g' -e '/^user/p' > $@
113
114 ########################################
115 #
116 # Construct a base.conf
117 #
118 $(base_conf): $(base_sections)
119         @echo "Creating $(NAME) base module $(@F)"
120         @test -d $(@D) || mkdir -p $(@D)
121         $(verbose) cat $^ > $@
122
123 $(tmpdir)/pre_te_files.conf: M4PARAM += -D self_contained_policy
124 $(tmpdir)/pre_te_files.conf: $(base_pre_te_files)
125         @test -d $(tmpdir) || mkdir -p $(tmpdir)
126         $(verbose) $(M4) $(M4PARAM) $^ > $@
127
128 $(tmpdir)/generated_definitions.conf:
129         @test -d $(tmpdir) || mkdir -p $(tmpdir)
130 # define all available object classes
131         $(verbose) $(genperm) $(avs) $(secclass) > $@
132         $(verbose) $(call create-base-per-role-tmpl,$(patsubst %.te,%,$(base_mods)),$@)
133         $(verbose) test -f $(booleans) && $(setbools) $(booleans) >> $@ || true
134
135 $(tmpdir)/global_bools.conf: M4PARAM += -D self_contained_policy
136 $(tmpdir)/global_bools.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(globalbool) $(globaltun)
137         $(verbose) $(M4) $(M4PARAM) $^ > $@
138
139 $(tmpdir)/all_interfaces.conf: $(m4support) $(all_interfaces) $(m4iferror)
140         @test -d $(tmpdir) || mkdir -p $(tmpdir)
141         @echo "divert(-1)" > $@
142         $(verbose) $(M4) $^ >> $(tmpdir)/$(@F).tmp
143         $(verbose) $(SED) -e s/dollarsstar/\$$\*/g $(tmpdir)/$(@F).tmp >> $@
144         @echo "divert" >> $@
145
146 $(tmpdir)/rolemap.conf: M4PARAM += -D self_contained_policy
147 $(tmpdir)/rolemap.conf: $(rolemap)
148         $(verbose) echo "" > $@
149         $(call parse-rolemap,base,$@)
150
151 $(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
152 $(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
153 ifeq "$(strip $(base_te_files))" ""
154         $(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf")
155 endif
156         @test -d $(tmpdir) || mkdir -p $(tmpdir)
157         $(verbose) $(M4) $(M4PARAM) -s $^ > $@
158
159 $(tmpdir)/post_te_files.conf: M4PARAM += -D self_contained_policy
160 $(tmpdir)/post_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(base_post_te_files)
161         @test -d $(tmpdir) || mkdir -p $(tmpdir)
162         $(verbose) $(M4) $(M4PARAM) $^ > $@
163
164 # extract attributes and put them first. extract post te stuff
165 # like genfscon and put last.
166 $(tmpdir)/all_attrs_types.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf: $(tmpdir)/all_te_files.conf $(tmpdir)/post_te_files.conf
167         $(verbose) $(get_type_attr_decl) $(tmpdir)/all_te_files.conf | $(SORT) > $(tmpdir)/all_attrs_types.conf
168         $(verbose) cat $(tmpdir)/post_te_files.conf > $(tmpdir)/all_post.conf
169 # these have to run individually because order matters:
170         $(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
171         $(verbose) $(GREP) '^fs_use_(xattr|task|trans)' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
172         $(verbose) $(GREP) ^genfscon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
173         $(verbose) $(GREP) ^portcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
174         $(verbose) $(GREP) ^netifcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
175         $(verbose) $(GREP) ^nodecon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
176         $(verbose) $(comment_move_decl) $(tmpdir)/all_te_files.conf > $(tmpdir)/only_te_rules.conf
177
178 ########################################
179 #
180 # Construct a base.fc
181 #
182 $(base_fc): $(tmpdir)/$(notdir $(base_fc)).tmp $(fcsort)
183         $(verbose) $(fcsort) $< $@
184
185 $(tmpdir)/$(notdir $(base_fc)).tmp: $(m4support) $(tmpdir)/generated_definitions.conf $(base_fc_files)
186 ifeq ($(base_fc_files),)
187         $(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf")
188 endif
189         @echo "Creating $(NAME) base module file contexts."
190         @test -d $(tmpdir) || mkdir -p $(tmpdir)
191         $(verbose) $(M4) $(M4PARAM) $^ > $@
192
193 ########################################
194 #
195 # Appconfig files
196 #
197 $(appdir)/customizable_types: $(base_conf)
198         @mkdir -p $(appdir)
199         $(verbose) $(GREP) '^[[:blank:]]*type .*customizable' $< | cut -d';' -f1 | cut -d',' -f1 | cut -d' ' -f2 | $(SORT) -u > $(tmpdir)/customizable_types
200         $(verbose) $(INSTALL) -m 644 $(tmpdir)/customizable_types $@
201
202 ########################################
203 #
204 # Validate linking and expanding of modules
205 #
206 validate: $(base_pkg) $(mod_pkgs)
207         @echo "Validating policy linking."
208         $(verbose) $(SEMOD_LNK) -o $(tmpdir)/test.lnk $^
209         $(verbose) $(SEMOD_EXP) $(tmpdir)/test.lnk $(tmpdir)/policy.bin
210         @echo "Success."
211
212 ########################################
213 #
214 # Clean the sources
215 #
216 clean:
217         rm -f $(base_conf)
218         rm -f $(base_fc)
219         rm -f $(builddir)*.pp
220         rm -f $(net_contexts)
221         rm -fR $(tmpdir)
222
223 .PHONY: default all policy base modules install load clean validate
Note: See TracBrowser for help on using the browser.