diff options
| author | John Turner <jturner.usa@gmail.com> | 2025-08-09 18:40:52 -0400 |
|---|---|---|
| committer | John Turner <jturner.usa@gmail.com> | 2025-08-11 19:49:34 -0400 |
| commit | 76a28fff54a8f6005744b741165ce532fd25317d (patch) | |
| tree | 96993fbe3384a5650ed702f10dcccdc2bdef0ac2 | |
| parent | 2576fa57bb03788ccf752a02c12a7aa4c67e3420 (diff) | |
| download | selinux-policy-76a28fff54a8f6005744b741165ce532fd25317d.tar.gz | |
clean up makefile
| -rw-r--r-- | Makefile | 129 | ||||
| -rw-r--r-- | gentoo/contexts/customizable_types | 1 | ||||
| -rw-r--r-- | gentoo/contexts/dbus_contexts | 7 | ||||
| -rw-r--r-- | gentoo/contexts/default_context | 1 | ||||
| -rw-r--r-- | gentoo/contexts/default_type | 1 | ||||
| -rw-r--r-- | gentoo/contexts/failsafe_context | 1 | ||||
| -rw-r--r-- | gentoo/contexts/files/file_contexts.subs_dist | 20 | ||||
| -rw-r--r-- | gentoo/contexts/files/media | 3 | ||||
| -rw-r--r-- | gentoo/contexts/removable_context | 1 | ||||
| -rw-r--r-- | gentoo/seusers | 1 |
10 files changed, 65 insertions, 100 deletions
@@ -1,110 +1,39 @@ -# SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> -# SPDX-License-Identifier: Unlicense +# Copyright (C) 2025 John Turner -.PHONY: all clean policy check config_install modular_install monolithic_install +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. -all: clean policy check +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. -MCS = true MODULES = $(shell find src -type f -name '*.cil' -print0 | sort -z | xargs -r0) POLVERS = 34 SELINUXTYPE = dssp5 -VERBOSE = false -clean: clean.$(POLVERS) -clean.%: - rm -f policy.$* file_contexts +.PHONY: all clean policy install + +all: policy install policy: policy.$(POLVERS) policy.%: $(MODULES) -ifeq ($(VERBOSE),false) - secilc -OM $(MCS) --policyvers=$* $^ -else - secilc -vvv -OM $(MCS) --policyvers=$* $^ -endif - -check: check.$(POLVERS) -check.%: - setfiles -c policy.$* file_contexts - -config_install: - install -d $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/files - install -d $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/users - install -d $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/logins - install -d -m0700 $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/policy - /bin/echo -e """<!DOCTYPE busconfig PUBLIC\ - \"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN\"\ -\n \"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd\">\ -\n<busconfig>\ -\n<selinux>\ -\n</selinux>\ -\n</busconfig>""" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/dbus_contexts - echo "sys.serialtermdev" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/customizable_types - echo "sys.role:sys.subj" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/default_type - /bin/echo -e """/bin /usr/bin\ -\n/lib /usr/lib\ -\n/lib64 /usr/lib\ -\n/sbin /usr/bin\ -\n/usr/lib64 /usr/lib\ -\n/usr/libexec /usr/bin\ -\n/usr/local/bin /usr/bin\ -\n/usr/local/etc /etc\ -\n/usr/local/lib /usr/lib\ -\n/usr/local/lib64 /usr/lib\ -\n/usr/local/libexec /usr/bin\ -\n/usr/local/sbin /usr/bin\ -\n/usr/local/share /usr/share\ -\n/usr/local/src /usr/src\ -\n/usr/sbin /usr/bin\ -\n/usr/tmp /tmp\ -\n/var/mail /var/spool/mail\ -\n/var/lock /run/lock\ -\n/var/run /run\ -\n/var/tmp /tmp""" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/files/file_contexts.subs_dist -ifeq ($(MCS),false) - /bin/echo -e """cdrom sys.id:sys.role:removable.stordev\ -\ndisk sys.id:sys.role:removable.stordev\ -\nfloppy sys.id:sys.role:removable.stordev""" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/files/media - echo "sys.role:sys.subj sys.role:sys.subj" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/default_contexts - echo "sys.role:sys.subj" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/failsafe_context - echo "sys.id:sys.role:removable.fs" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/removable_context -else - /bin/echo -e """cdrom sys.id:sys.role:removable.stordev:s0\ -\ndisk sys.id:sys.role:removable.stordev:s0\ -\nfloppy sys.id:sys.role:removable.stordev:s0""" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/files/media - echo "sys.role:sys.subj:s0 sys.role:sys.subj:s0" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/default_contexts - echo "sys.role:sys.subj:s0" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/failsafe_context - echo "sys.id:sys.role:removable.fs:s0" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/removable_context -endif - -modular_install: config_install - install -d -m0700 $(DESTDIR)/var/lib/selinux/$(SELINUXTYPE) -ifeq ($(MCS),false) - sed -i 's/(mls true)/(mls false)/' src/misc/conf.cil -endif -ifndef DESTDIR -ifeq ($(VERBOSE),false) - semodule --priority=100 -NP -s $(SELINUXTYPE) -i $(MODULES) -else - semodule --priority=100 -NP -vvv -s $(SELINUXTYPE) -i $(MODULES) -endif -else -ifeq ($(VERBOSE),false) - semodule --priority=100 -NP -s $(SELINUXTYPE) -i $(MODULES) -p $(DESTDIR) -else - semodule --priority=100 -NP -vvv -s $(SELINUXTYPE) -i $(MODULES) -p $(DESTDIR) -endif -endif -ifeq ($(MCS),false) - sed -i 's/(mls false)/(mls true)/' src/misc/conf.cil -endif - -monolithic_install: config_install monolithic_install.$(POLVERS) -monolithic_install.%: -ifeq ($(MCS),false) - echo "__default__:sys.id" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/seusers -else - echo "__default__:sys.id:s0-s0" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/seusers -endif - install -m 644 file_contexts $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/files/ - install -m 600 policy.$* $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/policy/ + secilc -vvv -OM true --policyvers=$* $^ + +install: + install -d $(PREFIX)/$(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/files + install -d $(PREFIX)/$(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/users + install -d $(PREFIX)/$(DESTDIR)/etc/selinux/$(SELINUXTYPE)/logins + install -d -m0700 $(PREFIX)/$(DESTDIR)/etc/selinux/$(SELINUXTYPE)/policy + install -m0600 policy.$(POLVERS) $(PREFIX)/$(DESTDIR)/etc/selinux/$(SELINUXTYPE)/policy/ + cp -rv gentoo/contexts $(PREFIX)/$(DESTDIR)/etc/selinux/$(SELINUXTYPE)/ + cp -v gentoo/seusers $(PREFIX)/$(DESTDIR)/etc/selinux/$(SELINUXTYPE)/ + install -m0600 file_contexts $(PREFIX)/$(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/files + +clean: + rm -f policy.$(POLVERS) diff --git a/gentoo/contexts/customizable_types b/gentoo/contexts/customizable_types new file mode 100644 index 0000000..30f248a --- /dev/null +++ b/gentoo/contexts/customizable_types @@ -0,0 +1 @@ +sys.serialtermdev
\ No newline at end of file diff --git a/gentoo/contexts/dbus_contexts b/gentoo/contexts/dbus_contexts new file mode 100644 index 0000000..1a35f8b --- /dev/null +++ b/gentoo/contexts/dbus_contexts @@ -0,0 +1,7 @@ +<!DOCTYPE busconfig PUBLIC +"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN\" +"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd\"> +<busconfig> +<selinux> +</selinux> +</busconfig> diff --git a/gentoo/contexts/default_context b/gentoo/contexts/default_context new file mode 100644 index 0000000..187c5b1 --- /dev/null +++ b/gentoo/contexts/default_context @@ -0,0 +1 @@ +sys.role:sys.subj:s0 sys.role:sys.subj:s0
\ No newline at end of file diff --git a/gentoo/contexts/default_type b/gentoo/contexts/default_type new file mode 100644 index 0000000..c89274a --- /dev/null +++ b/gentoo/contexts/default_type @@ -0,0 +1 @@ +sys.role:sys.subj
\ No newline at end of file diff --git a/gentoo/contexts/failsafe_context b/gentoo/contexts/failsafe_context new file mode 100644 index 0000000..47efb07 --- /dev/null +++ b/gentoo/contexts/failsafe_context @@ -0,0 +1 @@ +sys.role:sys.subj:s0
\ No newline at end of file diff --git a/gentoo/contexts/files/file_contexts.subs_dist b/gentoo/contexts/files/file_contexts.subs_dist new file mode 100644 index 0000000..5d8a2cd --- /dev/null +++ b/gentoo/contexts/files/file_contexts.subs_dist @@ -0,0 +1,20 @@ +/bin /usr/bin +/lib /usr/lib +/lib64 /usr/lib +/sbin /usr/bin +/usr/lib64 /usr/lib +/usr/libexec /usr/bin +/usr/local/bin /usr/bin +/usr/local/etc /etc +/usr/local/lib /usr/lib +/usr/local/lib64 /usr/lib +/usr/local/libexec /usr/bin +/usr/local/sbin /usr/bin +/usr/local/share /usr/share +/usr/local/src /usr/src +/usr/sbin /usr/bin +/usr/tmp /tmp +/var/mail /var/spool/mail +/var/lock /run/lock +/var/run /run +/var/tmp /tmp
\ No newline at end of file diff --git a/gentoo/contexts/files/media b/gentoo/contexts/files/media new file mode 100644 index 0000000..2cb0529 --- /dev/null +++ b/gentoo/contexts/files/media @@ -0,0 +1,3 @@ +cdrom sys.id:sys.role:removable.stordev:s0 +disk sys.id:sys.role:removable.stordev:s0 +floppy sys.id:sys.role:removable.stordev:s0
\ No newline at end of file diff --git a/gentoo/contexts/removable_context b/gentoo/contexts/removable_context new file mode 100644 index 0000000..52cd558 --- /dev/null +++ b/gentoo/contexts/removable_context @@ -0,0 +1 @@ +sys.id:sys.role:removable.fs:s0
\ No newline at end of file diff --git a/gentoo/seusers b/gentoo/seusers new file mode 100644 index 0000000..30231e1 --- /dev/null +++ b/gentoo/seusers @@ -0,0 +1 @@ +__default__:sys.id:s0-s0
\ No newline at end of file |