diff --git a/refpolicy/Makefile b/refpolicy/Makefile index 495b479..bdb98ff 100644 --- a/refpolicy/Makefile +++ b/refpolicy/Makefile @@ -66,8 +66,7 @@ XMLDTD = $(DOCS)/policy.dtd LAYERXML = metadata.xml HTMLDIR = $(DOCS)/html DOCTEMPLATE = $(DOCS)/templates -DEVMAKEFILE = $(SUPPORT)/Makefile.devel -EXAMPLEMOD = $(addprefix $(DOCS)/,example.te example.if example.fc) +DOCFILES = $(DOCS)/Makefile.example $(addprefix $(DOCS)/,example.te example.if example.fc) # config file paths GLOBALTUN = $(POLDIR)/global_tunables @@ -369,10 +368,10 @@ install-headers: $(DETECTED_MODS:.te=.if) $(ROLEMAP) $(M4SUPPORT) # # Install policy documentation # -install-docs: $(DEVMAKEFILE) $(EXAMPLEMOD) build.conf tmp/html +install-docs: $(DOCFILES) build.conf tmp/html @mkdir -p $(DOCSDIR)/html @echo "Installing policy documentation" - $(verbose) install -m 644 $(DEVMAKEFILE) $(EXAMPLEMOD) $(DOCSDIR) + $(verbose) install -m 644 $(DOCFILES) $(DOCSDIR) $(verbose) install -m 644 build.conf $(DOCSDIR)/build.conf.example $(verbose) install -m 644 $(wildcard $(HTMLDIR)/*) $(DOCSDIR)/html diff --git a/refpolicy/doc/Makefile.example b/refpolicy/doc/Makefile.example new file mode 100644 index 0000000..f236d7d --- /dev/null +++ b/refpolicy/doc/Makefile.example @@ -0,0 +1,140 @@ + +-include build.conf + +# executables +PREFIX := /usr +BINDIR := $(PREFIX)/bin +SBINDIR := $(PREFIX)/sbin +CHECKMODULE := $(BINDIR)/checkmodule +SEMODULE := $(SBINDIR)/semodule +SEMOD_PKG := $(BINDIR)/semodule_package + +# helper tools +AWK ?= gawk +INSTALL ?= install +M4 ?= m4 +SED ?= sed +EINFO ?= echo + +# installation paths +SHAREDIR := $(PREFIX)/share/selinux +MODPKGDIR := $(SHAREDIR)/$(NAME) +HEADERDIR := $(SHAREDIR)/refpolicy/include + +# set default build options +TYPE ?= strict +NAME ?= $(TYPE) +DIRECT_INITRC ?= n +POLY ?= n + +# compile strict policy if requested. +ifneq ($(findstring strict,$(TYPE)),) + M4PARAM += -D strict_policy +endif + +# compile targeted policy if requested. +ifneq ($(findstring targeted,$(TYPE)),) + M4PARAM += -D targeted_policy +endif + +# enable MLS if requested. +ifneq ($(findstring -mls,$(TYPE)),) + M4PARAM += -D enable_mls + CHECKPOLICY += -M + CHECKMODULE += -M +endif + +# enable MLS if MCS requested. +ifneq ($(findstring -mcs,$(TYPE)),) + M4PARAM += -D enable_mcs + CHECKPOLICY += -M + CHECKMODULE += -M +endif + +# enable distribution-specific policy +ifneq ($(DISTRO),) + M4PARAM += -D distro_$(DISTRO) +endif + +# enable polyinstantiation +ifeq ($(POLY),y) + M4PARAM += -D enable_polyinstantiation +endif + +ifeq ($(DIRECT_INITRC),y) + M4PARAM += -D direct_sysadm_daemon +endif + +ifneq ($(VERBOSE),y) + quiet := @ +endif + +M4PARAM += -D hide_broken_symptoms + +# policy headers +m4support := $(wildcard $(HEADERDIR)/*.spt) +all_interfaces := $(wildcard $(HEADERDIR)/*.if) +rolemap := $(HEADERDIR)/rolemap + +detected_mods := $(wildcard *.te) +detected_ifs := $(detected_mods:.te=.if) +all_packages := $(detected_mods:.te=.pp) +install_mods := $(MODPKGDIR)/$(all_packages) + +######################################## +# +# Functions +# + +# parse-rolemap modulename,outputfile +define parse-rolemap + $(verbose) $(M4) $(M4PARAM) $(rolemap) | \ + $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2 +endef + +# peruser-expansion modulename,outputfile +define peruser-expansion + $(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" > $2 + $(call parse-rolemap,$1,$2) + $(verbose) echo "')" >> $2 +endef + +######################################## +# +# Main targets +# + +all: $(all_packages) + +######################################## +# +# Build module packages +# +tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te + @$(EINFO) "Compliling $(NAME) $(basename $(@F)) module" + @test -d tmp || mkdir -p tmp + $(call peruser-expansion,$(basename $(@F)),$@.role) + $(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp) + $(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@ + +tmp/%.mod.fc: $(m4support) %.fc + $(verbose) $(M4) $(M4PARAM) $^ > $@ + +%.pp: tmp/%.mod tmp/%.mod.fc + @echo "Creating $(NAME) $(@F) policy package" + $(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc + +tmp/all_interfaces.conf: $(m4support) $(all_interfaces) $(detected_ifs) + @test -d tmp || mkdir -p tmp + $(verbose) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@ + +######################################## +# +# Clean the environment +# + +clean: + rm -fR tmp + rm -f *.pp + +.PHONY: clean install all default diff --git a/refpolicy/support/Makefile.devel b/refpolicy/support/Makefile.devel deleted file mode 100644 index f236d7d..0000000 --- a/refpolicy/support/Makefile.devel +++ /dev/null @@ -1,140 +0,0 @@ - --include build.conf - -# executables -PREFIX := /usr -BINDIR := $(PREFIX)/bin -SBINDIR := $(PREFIX)/sbin -CHECKMODULE := $(BINDIR)/checkmodule -SEMODULE := $(SBINDIR)/semodule -SEMOD_PKG := $(BINDIR)/semodule_package - -# helper tools -AWK ?= gawk -INSTALL ?= install -M4 ?= m4 -SED ?= sed -EINFO ?= echo - -# installation paths -SHAREDIR := $(PREFIX)/share/selinux -MODPKGDIR := $(SHAREDIR)/$(NAME) -HEADERDIR := $(SHAREDIR)/refpolicy/include - -# set default build options -TYPE ?= strict -NAME ?= $(TYPE) -DIRECT_INITRC ?= n -POLY ?= n - -# compile strict policy if requested. -ifneq ($(findstring strict,$(TYPE)),) - M4PARAM += -D strict_policy -endif - -# compile targeted policy if requested. -ifneq ($(findstring targeted,$(TYPE)),) - M4PARAM += -D targeted_policy -endif - -# enable MLS if requested. -ifneq ($(findstring -mls,$(TYPE)),) - M4PARAM += -D enable_mls - CHECKPOLICY += -M - CHECKMODULE += -M -endif - -# enable MLS if MCS requested. -ifneq ($(findstring -mcs,$(TYPE)),) - M4PARAM += -D enable_mcs - CHECKPOLICY += -M - CHECKMODULE += -M -endif - -# enable distribution-specific policy -ifneq ($(DISTRO),) - M4PARAM += -D distro_$(DISTRO) -endif - -# enable polyinstantiation -ifeq ($(POLY),y) - M4PARAM += -D enable_polyinstantiation -endif - -ifeq ($(DIRECT_INITRC),y) - M4PARAM += -D direct_sysadm_daemon -endif - -ifneq ($(VERBOSE),y) - quiet := @ -endif - -M4PARAM += -D hide_broken_symptoms - -# policy headers -m4support := $(wildcard $(HEADERDIR)/*.spt) -all_interfaces := $(wildcard $(HEADERDIR)/*.if) -rolemap := $(HEADERDIR)/rolemap - -detected_mods := $(wildcard *.te) -detected_ifs := $(detected_mods:.te=.if) -all_packages := $(detected_mods:.te=.pp) -install_mods := $(MODPKGDIR)/$(all_packages) - -######################################## -# -# Functions -# - -# parse-rolemap modulename,outputfile -define parse-rolemap - $(verbose) $(M4) $(M4PARAM) $(rolemap) | \ - $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2 -endef - -# peruser-expansion modulename,outputfile -define peruser-expansion - $(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" > $2 - $(call parse-rolemap,$1,$2) - $(verbose) echo "')" >> $2 -endef - -######################################## -# -# Main targets -# - -all: $(all_packages) - -######################################## -# -# Build module packages -# -tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te - @$(EINFO) "Compliling $(NAME) $(basename $(@F)) module" - @test -d tmp || mkdir -p tmp - $(call peruser-expansion,$(basename $(@F)),$@.role) - $(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp) - $(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@ - -tmp/%.mod.fc: $(m4support) %.fc - $(verbose) $(M4) $(M4PARAM) $^ > $@ - -%.pp: tmp/%.mod tmp/%.mod.fc - @echo "Creating $(NAME) $(@F) policy package" - $(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc - -tmp/all_interfaces.conf: $(m4support) $(all_interfaces) $(detected_ifs) - @test -d tmp || mkdir -p tmp - $(verbose) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@ - -######################################## -# -# Clean the environment -# - -clean: - rm -fR tmp - rm -f *.pp - -.PHONY: clean install all default