/[gentoo-x86]/eclass/selinux-policy-2.eclass
Gentoo

Contents of /eclass/selinux-policy-2.eclass

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.8 - (hide annotations) (download)
Fri Aug 12 20:01:29 2011 UTC (2 years, 11 months ago) by swift
Branch: MAIN
Changes since 1.7: +2 -2 lines
Use ~swift as location for patchbundles now

1 blueness 1.7 # Copyright 1999-2011 Gentoo Foundation
2 pebenito 1.1 # Distributed under the terms of the GNU General Public License v2
3 swift 1.8 # $Header: /var/cvsroot/gentoo-x86/eclass/selinux-policy-2.eclass,v 1.7 2011/08/07 10:47:00 blueness Exp $
4 pebenito 1.1
5     # Eclass for installing SELinux policy, and optionally
6 blueness 1.5 # reloading the reference-policy based modules.
7 pebenito 1.1
8 blueness 1.7 # @ECLASS: selinux-policy-2.eclass
9     # @MAINTAINER:
10     # selinux@gentoo.org
11     # @BLURB: This eclass supports the deployment of the various SELinux modules in sec-policy
12     # @DESCRIPTION:
13     # The selinux-policy-2.eclass supports deployment of the various SELinux modules
14     # defined in the sec-policy category. It is responsible for extracting the
15     # specific bits necessary for single-module deployment (instead of full-blown
16     # policy rebuilds) and applying the necessary patches.
17     #
18     # Also, it supports for bundling patches to make the whole thing just a bit more
19     # manageable.
20    
21     # @ECLASS-VARIABLE: MODS
22     # @DESCRIPTION:
23     # This variable contains the (upstream) module name for the SELinux module.
24     # This name is only the module name, not the category!
25     : ${MODS:="_illegal"}
26    
27     # @ECLASS-VARIABLE: BASEPOL
28     # @DESCRIPTION:
29     # This variable contains the version string of the selinux-base-policy package
30     # that this module build depends on. It is used to patch with the appropriate
31     # patch bundle(s) that are part of selinux-base-policy.
32     : ${BASEPOL:=""}
33    
34     # @ECLASS-VARIABLE: POLICY_PATCH
35     # @DESCRIPTION:
36     # This variable contains the additional patch(es) that need to be applied on top
37     # of the patchset already contained within the BASEPOL variable. The variable
38     # can be both a simple string (space-separated) or a bash array.
39     : ${POLICY_PATCH:=""}
40    
41     # @ECLASS-VARIABLE: POLICY_TYPES
42     # @DESCRIPTION:
43     # This variable informs the eclass for which SELinux policies the module should
44     # be built. Currently, Gentoo supports targeted, strict, mcs and mls.
45     # This variable is the same POLICY_TYPES variable that we tell SELinux
46     # users to set in /etc/make.conf. Therefor, it is not the module that should
47     # override it, but the user.
48     : ${POLICY_TYPES:="targeted strict mcs mls"}
49    
50 pebenito 1.1 inherit eutils
51    
52     IUSE=""
53    
54     HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
55 blueness 1.7 if [[ -n ${BASEPOL} ]];
56     then
57     SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
58 swift 1.8 http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2"
59 blueness 1.7 else
60     SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
61     fi
62 pebenito 1.1
63     LICENSE="GPL-2"
64     SLOT="0"
65     S="${WORKDIR}/"
66 blueness 1.7 PATCHBUNDLE="${DISTDIR}/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2"
67 pebenito 1.1
68 blueness 1.7 # Modules should always depend on at least the first release of the
69     # selinux-base-policy for which they are generated.
70     if [[ -n ${BASEPOL} ]];
71     then
72     RDEPEND=">=sys-apps/policycoreutils-2.0.82
73     >=sec-policy/selinux-base-policy-${BASEPOL}"
74     else
75     RDEPEND=">=sys-apps/policycoreutils-2.0.82
76     >=sec-policy/selinux-base-policy-${PV}"
77     fi
78 pebenito 1.1 DEPEND="${RDEPEND}
79     sys-devel/m4
80 blueness 1.7 >=sys-apps/checkpolicy-2.0.21"
81 pebenito 1.1
82 blueness 1.7 SELINUX_EXPF="src_unpack src_compile src_install pkg_postinst"
83     case "${EAPI:-0}" in
84     2|3|4) SELINUX_EXPF+=" src_prepare" ;;
85     *) ;;
86     esac
87    
88     EXPORT_FUNCTIONS ${SELINUX_EXPF}
89    
90     # @FUNCTION: selinux-policy-2_src_unpack
91     # @DESCRIPTION:
92     # Unpack the policy sources as offered by upstream (refpolicy). In case of EAPI
93     # older than 2, call src_prepare too.
94 pebenito 1.1 selinux-policy-2_src_unpack() {
95 blueness 1.7 unpack ${A}
96    
97     # Call src_prepare explicitly for EAPI 0 or 1
98     has "${EAPI:-0}" 0 1 && selinux-policy-2_src_prepare
99     }
100    
101     # @FUNCTION: selinux-policy-2_src_prepare
102     # @DESCRIPTION:
103     # Patch the reference policy sources with our set of enhancements. Start with
104     # the base patchbundle referred to by the ebuilds through the BASEPOL variable,
105     # then apply the additional patches as offered by the ebuild.
106     #
107     # Next, extract only those files needed for this particular module (i.e. the .te
108     # and .fc files for the given module in the MODS variable).
109     #
110     # Finally, prepare the build environments for each of the supported SELinux
111     # types (such as targeted or strict), depending on the POLICY_TYPES variable
112     # content.
113     selinux-policy-2_src_prepare() {
114 pebenito 1.2 local modfiles
115    
116 blueness 1.7 # Patch the sources with the base patchbundle
117     if [[ -n ${BASEPOL} ]];
118     then
119     cd "${S}"
120     epatch "${PATCHBUNDLE}"
121     fi
122    
123     # Apply the additional patches refered to by the module ebuild.
124     # But first some magic to differentiate between bash arrays and strings
125     if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]];
126     then
127     cd "${S}/refpolicy/policy/modules"
128     for POLPATCH in "${POLICY_PATCH[@]}";
129     do
130     epatch "${POLPATCH}"
131     done
132     else
133     if [[ -n ${POLICY_PATCH} ]];
134     then
135     cd "${S}/refpolicy/policy/modules"
136     for POLPATCH in ${POLICY_PATCH};
137     do
138     epatch "${POLPATCH}"
139     done
140     fi
141     fi
142 pebenito 1.1
143 blueness 1.7 # Collect only those files needed for this particular module
144 pebenito 1.1 for i in ${MODS}; do
145 blueness 1.7 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
146     modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
147 pebenito 1.1 done
148    
149     for i in ${POLICY_TYPES}; do
150 blueness 1.7 mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
151     cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
152     || die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
153 kaiowas 1.3
154 blueness 1.7 cp ${modfiles} "${S}"/${i} \
155     || die "Failed to copy the module files to ${S}/${i}"
156 pebenito 1.1 done
157     }
158    
159 blueness 1.7 # @FUNCTION: selinux-policy-2_src_compile
160     # @DESCRIPTION:
161     # Build the SELinux policy module (.pp file) for just the selected module, and
162     # this for each SELinux policy mentioned in POLICY_TYPES
163 pebenito 1.1 selinux-policy-2_src_compile() {
164     for i in ${POLICY_TYPES}; do
165 blueness 1.7 # Parallel builds are broken, so we need to force -j1 here
166     emake -j1 NAME=$i -C "${S}"/${i} || die "${i} compile failed"
167 pebenito 1.1 done
168     }
169    
170 blueness 1.7 # @FUNCTION: selinux-policy-2_src_install
171     # @DESCRIPTION:
172     # Install the built .pp files in the correct subdirectory within
173     # /usr/share/selinux.
174 pebenito 1.1 selinux-policy-2_src_install() {
175 pebenito 1.2 local BASEDIR="/usr/share/selinux"
176 pebenito 1.1
177     for i in ${POLICY_TYPES}; do
178     for j in ${MODS}; do
179 blueness 1.7 einfo "Installing ${i} ${j} policy package"
180 pebenito 1.1 insinto ${BASEDIR}/${i}
181 blueness 1.7 doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
182 pebenito 1.1 done
183     done
184     }
185    
186 blueness 1.7 # @FUNCTION: selinux-policy-2_pkg_postinst
187     # @DESCRIPTION:
188     # Install the built .pp files in the SELinux policy stores, effectively
189     # activating the policy on the system.
190 pebenito 1.1 selinux-policy-2_pkg_postinst() {
191     # build up the command in the case of multiple modules
192     local COMMAND
193     for i in ${MODS}; do
194     COMMAND="-i ${i}.pp ${COMMAND}"
195     done
196    
197 blueness 1.5 for i in ${POLICY_TYPES}; do
198     einfo "Inserting the following modules into the $i module store: ${MODS}"
199 pebenito 1.1
200 blueness 1.7 cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}"
201 blueness 1.6 semodule -s ${i} ${COMMAND} || die "Failed to load in modules ${MODS} in the $i policy store"
202 blueness 1.5 done
203 pebenito 1.1 }

  ViewVC Help
Powered by ViewVC 1.1.20