diff options
Diffstat (limited to 'Makefile')
| -rw-r--r-- | Makefile | 129 |
1 files changed, 29 insertions, 100 deletions
@@ -1,110 +1,39 @@ -# SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl> -# SPDX-License-Identifier: Unlicense +# Copyright (C) 2025 John Turner -.PHONY: all clean policy check config_install modular_install monolithic_install +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. -all: clean policy check +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. -MCS = true MODULES = $(shell find src -type f -name '*.cil' -print0 | sort -z | xargs -r0) POLVERS = 34 SELINUXTYPE = dssp5 -VERBOSE = false -clean: clean.$(POLVERS) -clean.%: - rm -f policy.$* file_contexts +.PHONY: all clean policy install + +all: policy install policy: policy.$(POLVERS) policy.%: $(MODULES) -ifeq ($(VERBOSE),false) - secilc -OM $(MCS) --policyvers=$* $^ -else - secilc -vvv -OM $(MCS) --policyvers=$* $^ -endif - -check: check.$(POLVERS) -check.%: - setfiles -c policy.$* file_contexts - -config_install: - install -d $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/files - install -d $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/users - install -d $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/logins - install -d -m0700 $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/policy - /bin/echo -e """<!DOCTYPE busconfig PUBLIC\ - \"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN\"\ -\n \"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd\">\ -\n<busconfig>\ -\n<selinux>\ -\n</selinux>\ -\n</busconfig>""" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/dbus_contexts - echo "sys.serialtermdev" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/customizable_types - echo "sys.role:sys.subj" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/default_type - /bin/echo -e """/bin /usr/bin\ -\n/lib /usr/lib\ -\n/lib64 /usr/lib\ -\n/sbin /usr/bin\ -\n/usr/lib64 /usr/lib\ -\n/usr/libexec /usr/bin\ -\n/usr/local/bin /usr/bin\ -\n/usr/local/etc /etc\ -\n/usr/local/lib /usr/lib\ -\n/usr/local/lib64 /usr/lib\ -\n/usr/local/libexec /usr/bin\ -\n/usr/local/sbin /usr/bin\ -\n/usr/local/share /usr/share\ -\n/usr/local/src /usr/src\ -\n/usr/sbin /usr/bin\ -\n/usr/tmp /tmp\ -\n/var/mail /var/spool/mail\ -\n/var/lock /run/lock\ -\n/var/run /run\ -\n/var/tmp /tmp""" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/files/file_contexts.subs_dist -ifeq ($(MCS),false) - /bin/echo -e """cdrom sys.id:sys.role:removable.stordev\ -\ndisk sys.id:sys.role:removable.stordev\ -\nfloppy sys.id:sys.role:removable.stordev""" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/files/media - echo "sys.role:sys.subj sys.role:sys.subj" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/default_contexts - echo "sys.role:sys.subj" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/failsafe_context - echo "sys.id:sys.role:removable.fs" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/removable_context -else - /bin/echo -e """cdrom sys.id:sys.role:removable.stordev:s0\ -\ndisk sys.id:sys.role:removable.stordev:s0\ -\nfloppy sys.id:sys.role:removable.stordev:s0""" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/files/media - echo "sys.role:sys.subj:s0 sys.role:sys.subj:s0" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/default_contexts - echo "sys.role:sys.subj:s0" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/failsafe_context - echo "sys.id:sys.role:removable.fs:s0" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/removable_context -endif - -modular_install: config_install - install -d -m0700 $(DESTDIR)/var/lib/selinux/$(SELINUXTYPE) -ifeq ($(MCS),false) - sed -i 's/(mls true)/(mls false)/' src/misc/conf.cil -endif -ifndef DESTDIR -ifeq ($(VERBOSE),false) - semodule --priority=100 -NP -s $(SELINUXTYPE) -i $(MODULES) -else - semodule --priority=100 -NP -vvv -s $(SELINUXTYPE) -i $(MODULES) -endif -else -ifeq ($(VERBOSE),false) - semodule --priority=100 -NP -s $(SELINUXTYPE) -i $(MODULES) -p $(DESTDIR) -else - semodule --priority=100 -NP -vvv -s $(SELINUXTYPE) -i $(MODULES) -p $(DESTDIR) -endif -endif -ifeq ($(MCS),false) - sed -i 's/(mls false)/(mls true)/' src/misc/conf.cil -endif - -monolithic_install: config_install monolithic_install.$(POLVERS) -monolithic_install.%: -ifeq ($(MCS),false) - echo "__default__:sys.id" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/seusers -else - echo "__default__:sys.id:s0-s0" > $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/seusers -endif - install -m 644 file_contexts $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/files/ - install -m 600 policy.$* $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/policy/ + secilc -vvv -OM true --policyvers=$* $^ + +install: + install -d $(PREFIX)/$(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/files + install -d $(PREFIX)/$(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/users + install -d $(PREFIX)/$(DESTDIR)/etc/selinux/$(SELINUXTYPE)/logins + install -d -m0700 $(PREFIX)/$(DESTDIR)/etc/selinux/$(SELINUXTYPE)/policy + install -m0600 policy.$(POLVERS) $(PREFIX)/$(DESTDIR)/etc/selinux/$(SELINUXTYPE)/policy/ + cp -rv gentoo/contexts $(PREFIX)/$(DESTDIR)/etc/selinux/$(SELINUXTYPE)/ + cp -v gentoo/seusers $(PREFIX)/$(DESTDIR)/etc/selinux/$(SELINUXTYPE)/ + install -m0600 file_contexts $(PREFIX)/$(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/files + +clean: + rm -f policy.$(POLVERS) |