Contents of /selinux/base-policy/Makefile

#
# Makefile for the security policy.
#
# Targets:
# 
# initrd  - compile and install the policy configuration, and create a policy initrd.
# install - compile and install the policy configuration.
# load    - compile, install, and load the policy configuration.
# reload  - compile, install, and load/reload the policy configuration.
# relabel - relabel filesystems based on the file contexts configuration.
# policy  - compile the policy configuration locally for testing/development.
#
# The default target is 'install'.
#

# initrd options
MKINITRD = /sbin/mkinitrd
# kernel version, defaults to current running kernel
KV = $(shell uname -r)
INITRD = /boot/initrd-$(KV)
# extra options
EXTRAOPT = -f --omit-scsi-modules --omit-raid-modules --omit-lvm-modules

# Set to y if MLS is enabled in the module.
MLS=n

FLASKDIR = flask/
PREFIX = /usr
BINDIR = $(PREFIX)/bin
SBINDIR = $(PREFIX)/sbin
LOADPOLICY  = $(SBINDIR)/load_policy
CHECKPOLICY = $(BINDIR)/checkpolicy
SETFILES = $(SBINDIR)/setfiles

POLICYVER := policy.$(shell $(CHECKPOLICY) -V)
INSTALLDIR = /etc/security/selinux
LOADPATH = $(INSTALLDIR)/$(POLICYVER)
SRCINSTALLDIR = $(INSTALLDIR)/src
POLICYCONF = $(SRCINSTALLDIR)/policy.conf

POLICYFILES = $(addprefix $(FLASKDIR),security_classes initial_sids access_vectors)
ifeq ($(MLS),y)
POLICYFILES += mls
endif
POLICYFILES += tmp/te-rbac.m4
POLICYFILES += users 
POLICYFILES += tmp/constraints-contexts.m4

FC = file_contexts/file_contexts
FCFILES=file_contexts/types.fc $(patsubst domains/program/%.te,file_contexts/program/%.fc, $(wildcard domains/program/*.te)) file_contexts/users.fc

install: $(LOADPATH)

$(LOADPATH):  $(POLICYCONF) $(CHECKPOLICY)
        mkdir -p $(INSTALLDIR)
        $(CHECKPOLICY) -o $@ $(POLICYCONF)
# Note: Can't use install, so not sure how to deal with mode, user, and group
#       other than by default.

policy: $(POLICYVER)

$(POLICYVER):  policy.conf $(CHECKPOLICY)
        $(CHECKPOLICY) -o $@ policy.conf

$(POLICYCONF): policy.conf 
        mkdir -p $(SRCINSTALLDIR)
        install -m 644 -o root -g root policy.conf $@

reload tmp/load: $(LOADPATH)
        $(LOADPOLICY) $(LOADPATH)
        touch tmp/load

load: tmp/load

initrd: $(LOADPATH)
        $(MKINITRD) $(EXTRAOPT) $(INITRD) $(KV)

policy.conf: $(POLICYFILES) 
        mkdir -p tmp
        cat $^ > $@

install-src: 
        rm -rf $(SRCINSTALLDIR)/policy.old
        -mv $(SRCINSTALLDIR)/policy $(SRCINSTALLDIR)/policy.old
        mkdir -p $(SRCINSTALLDIR)/policy
        cp -R . $(SRCINSTALLDIR)/policy

ALLTEFILES := attrib.te tmp/program_used_flags.te tmp/all_macros.te tmp/all_types.te tmp/all_domains.te assert.te 
TE_RBAC_MACRO_FILES := tmp/all.te rbac
CONSTRAINT_CONTEXT_MACRO_FILES := tmp/program_used_flags.te tmp/all_macros.te constraints initial_sid_contexts fs_use genfs_contexts net_contexts

tmp/te-rbac.m4: $(TE_RBAC_MACRO_FILES)
        m4 -Imacros -s $^ > $@
        
tmp/constraints-contexts.m4: $(CONSTRAINT_CONTEXT_MACRO_FILES)
        m4 -Imacros -s $^ > $@

tmp/all.te: $(ALLTEFILES)
        cat $^ > $@

tmp/program_used_flags.te: $(wildcard domains/program/*.te) domains/program
        mkdir -p tmp
        ( cd domains/program/ ; for n in *.te ; do echo "define(\`$$n')"; done ) > $@
        ( cd domains/misc/ ; for n in *.te ; do echo "define(\`$$n')"; done ) >> $@

tmp/all_macros.te:  macros $(wildcard macros/*.te) tmp/all_program_macros.te
        cat $(wildcard macros/*.te) tmp/all_program_macros.te > $@

tmp/all_program_macros.te: macros/program $(wildcard macros/program/*.te)
        cat $(wildcard macros/program/*.te) > $@

tmp/all_types.te: $(wildcard types/*.te) types
        cat types/*.te > $@

tmp/all_domains.te: $(wildcard domains/*.te domains/misc/*.te domains/program/*.te) domains domains/misc domains/program
        cat domains/*.te domains/misc/*.te domains/program/*.te > $@

relabel:  $(FC) $(SETFILES)
        $(SETFILES) $(FC) `mount | awk '/ext[23]/{print $$3}'`

# this is a nasty hack since 'make relabel' doesnt work in chroot
chroot_relabel: $(FC) $(SETFILES)
        @echo
        @echo
        @echo "THIS SHOULD ONLY BE USED INSIDE A CHROOT!!!"
        @echo
        @echo "Otherwise use \"make relabel\""
        @echo
        @echo
        $(SETFILES) $(FC) -r / /

reset:  $(FC) $(SETFILES)
        $(SETFILES) -R $(FC) `mount | awk '/ext[23]/{print $$3}'`

$(FC): $(FCFILES) file_contexts/program 
        cat $(FCFILES) > $@

clean:
        rm -f $(POLICYVER)
        rm -f policy.conf
        rm -fR tmp
        rm -f $(FC)
1	pebenito	1.1	#
2			# Makefile for the security policy.
3			#
4			# Targets:
5			#
6	pebenito	1.3	# initrd - compile and install the policy configuration, and create a policy initrd.
7	pebenito	1.1	# install - compile and install the policy configuration.
8			# load - compile, install, and load the policy configuration.
9			# reload - compile, install, and load/reload the policy configuration.
10			# relabel - relabel filesystems based on the file contexts configuration.
11			# policy - compile the policy configuration locally for testing/development.
12			#
13			# The default target is 'install'.
14			#
15
16	pebenito	1.2	# initrd options
17			MKINITRD = /sbin/mkinitrd
18			# kernel version, defaults to current running kernel
19			KV = $(shell uname -r)
20			INITRD = /boot/initrd-$(KV)
21			# extra options
22	pebenito	1.5	EXTRAOPT = -f --omit-scsi-modules --omit-raid-modules --omit-lvm-modules
23	pebenito	1.2
24	pebenito	1.1	# Set to y if MLS is enabled in the module.
25			MLS=n
26
27			FLASKDIR = flask/
28			PREFIX = /usr
29			BINDIR = $(PREFIX)/bin
30			SBINDIR = $(PREFIX)/sbin
31			LOADPOLICY = $(SBINDIR)/load_policy
32			CHECKPOLICY = $(BINDIR)/checkpolicy
33			SETFILES = $(SBINDIR)/setfiles
34
35			POLICYVER := policy.$(shell $(CHECKPOLICY) -V)
36			INSTALLDIR = /etc/security/selinux
37			LOADPATH = $(INSTALLDIR)/$(POLICYVER)
38			SRCINSTALLDIR = $(INSTALLDIR)/src
39			POLICYCONF = $(SRCINSTALLDIR)/policy.conf
40
41			POLICYFILES = $(addprefix $(FLASKDIR),security_classes initial_sids access_vectors)
42			ifeq ($(MLS),y)
43			POLICYFILES += mls
44			endif
45			POLICYFILES += tmp/te-rbac.m4
46			POLICYFILES += users
47			POLICYFILES += tmp/constraints-contexts.m4
48
49			FC = file_contexts/file_contexts
50			FCFILES=file_contexts/types.fc $(patsubst domains/program/%.te,file_contexts/program/%.fc, $(wildcard domains/program/*.te)) file_contexts/users.fc
51
52			install: $(LOADPATH)
53
54			$(LOADPATH): $(POLICYCONF) $(CHECKPOLICY)
55			mkdir -p $(INSTALLDIR)
56			$(CHECKPOLICY) -o $@ $(POLICYCONF)
57			# Note: Can't use install, so not sure how to deal with mode, user, and group
58			# other than by default.
59
60			policy: $(POLICYVER)
61
62			$(POLICYVER): policy.conf $(CHECKPOLICY)
63			$(CHECKPOLICY) -o $@ policy.conf
64
65			$(POLICYCONF): policy.conf
66			mkdir -p $(SRCINSTALLDIR)
67			install -m 644 -o root -g root policy.conf $@
68
69			reload tmp/load: $(LOADPATH)
70			$(LOADPOLICY) $(LOADPATH)
71			touch tmp/load
72
73			load: tmp/load
74	pebenito	1.2
75			initrd: $(LOADPATH)
76			$(MKINITRD) $(EXTRAOPT) $(INITRD) $(KV)
77	pebenito	1.1
78			policy.conf: $(POLICYFILES)
79			mkdir -p tmp
80			cat $^ > $@
81
82			install-src:
83			rm -rf $(SRCINSTALLDIR)/policy.old
84			-mv $(SRCINSTALLDIR)/policy $(SRCINSTALLDIR)/policy.old
85			mkdir -p $(SRCINSTALLDIR)/policy
86			cp -R . $(SRCINSTALLDIR)/policy
87
88			ALLTEFILES := attrib.te tmp/program_used_flags.te tmp/all_macros.te tmp/all_types.te tmp/all_domains.te assert.te
89			TE_RBAC_MACRO_FILES := tmp/all.te rbac
90			CONSTRAINT_CONTEXT_MACRO_FILES := tmp/program_used_flags.te tmp/all_macros.te constraints initial_sid_contexts fs_use genfs_contexts net_contexts
91
92			tmp/te-rbac.m4: $(TE_RBAC_MACRO_FILES)
93			m4 -Imacros -s $^ > $@
94
95			tmp/constraints-contexts.m4: $(CONSTRAINT_CONTEXT_MACRO_FILES)
96			m4 -Imacros -s $^ > $@
97
98			tmp/all.te: $(ALLTEFILES)
99			cat $^ > $@
100
101			tmp/program_used_flags.te: $(wildcard domains/program/*.te) domains/program
102			mkdir -p tmp
103			( cd domains/program/ ; for n in *.te ; do echo "define(\`$$n')"; done ) > $@
104			( cd domains/misc/ ; for n in *.te ; do echo "define(\`$$n')"; done ) >> $@
105
106			tmp/all_macros.te: macros $(wildcard macros/*.te) tmp/all_program_macros.te
107			cat $(wildcard macros/*.te) tmp/all_program_macros.te > $@
108
109			tmp/all_program_macros.te: macros/program $(wildcard macros/program/*.te)
110			cat $(wildcard macros/program/*.te) > $@
111
112			tmp/all_types.te: $(wildcard types/*.te) types
113			cat types/*.te > $@
114
115			tmp/all_domains.te: $(wildcard domains/.te domains/misc/.te domains/program/*.te) domains domains/misc domains/program
116			cat domains/.te domains/misc/.te domains/program/*.te > $@
117
118			relabel: $(FC) $(SETFILES)
119			$(SETFILES) $(FC) `mount \| awk '/ext[23]/{print $$3}'`
120
121			# this is a nasty hack since 'make relabel' doesnt work in chroot
122			chroot_relabel: $(FC) $(SETFILES)
123			@echo
124			@echo
125			@echo "THIS SHOULD ONLY BE USED INSIDE A CHROOT!!!"
126			@echo
127			@echo "Otherwise use \"make relabel\""
128			@echo
129			@echo
130			$(SETFILES) $(FC) -r / /
131
132			reset: $(FC) $(SETFILES)
133			$(SETFILES) -R $(FC) `mount \| awk '/ext[23]/{print $$3}'`
134
135			$(FC): $(FCFILES) file_contexts/program
136			cat $(FCFILES) > $@
137
138			clean:
139			rm -f $(POLICYVER)
140			rm -f policy.conf
141			rm -fR tmp
142			rm -f $(FC)