/[gentoo-x86]/eclass/selinux-policy-2.eclass
Gentoo

Diff of /eclass/selinux-policy-2.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.6 Revision 1.7
1# Copyright 1999-2006 Gentoo Foundation 1# Copyright 1999-2011 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License v2 2# Distributed under the terms of the GNU General Public License v2
3# $Header: /var/cvsroot/gentoo-x86/eclass/selinux-policy-2.eclass,v 1.6 2011/05/20 19:06:07 blueness Exp $ 3# $Header: /var/cvsroot/gentoo-x86/eclass/selinux-policy-2.eclass,v 1.7 2011/08/07 10:47:00 blueness Exp $
4 4
5# Eclass for installing SELinux policy, and optionally 5# Eclass for installing SELinux policy, and optionally
6# reloading the reference-policy based modules. 6# reloading the reference-policy based modules.
7 7
8# @ECLASS: selinux-policy-2.eclass
9# @MAINTAINER:
10# selinux@gentoo.org
11# @BLURB: This eclass supports the deployment of the various SELinux modules in sec-policy
12# @DESCRIPTION:
13# The selinux-policy-2.eclass supports deployment of the various SELinux modules
14# defined in the sec-policy category. It is responsible for extracting the
15# specific bits necessary for single-module deployment (instead of full-blown
16# policy rebuilds) and applying the necessary patches.
17#
18# Also, it supports for bundling patches to make the whole thing just a bit more
19# manageable.
20
21# @ECLASS-VARIABLE: MODS
22# @DESCRIPTION:
23# This variable contains the (upstream) module name for the SELinux module.
24# This name is only the module name, not the category!
25: ${MODS:="_illegal"}
26
27# @ECLASS-VARIABLE: BASEPOL
28# @DESCRIPTION:
29# This variable contains the version string of the selinux-base-policy package
30# that this module build depends on. It is used to patch with the appropriate
31# patch bundle(s) that are part of selinux-base-policy.
32: ${BASEPOL:=""}
33
34# @ECLASS-VARIABLE: POLICY_PATCH
35# @DESCRIPTION:
36# This variable contains the additional patch(es) that need to be applied on top
37# of the patchset already contained within the BASEPOL variable. The variable
38# can be both a simple string (space-separated) or a bash array.
39: ${POLICY_PATCH:=""}
40
41# @ECLASS-VARIABLE: POLICY_TYPES
42# @DESCRIPTION:
43# This variable informs the eclass for which SELinux policies the module should
44# be built. Currently, Gentoo supports targeted, strict, mcs and mls.
45# This variable is the same POLICY_TYPES variable that we tell SELinux
46# users to set in /etc/make.conf. Therefor, it is not the module that should
47# override it, but the user.
48: ${POLICY_TYPES:="targeted strict mcs mls"}
49
8inherit eutils 50inherit eutils
9 51
10IUSE="" 52IUSE=""
11 53
12HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" 54HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
55if [[ -n ${BASEPOL} ]];
56then
57 SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
58 http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2"
59else
13SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2" 60 SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
61fi
14 62
15LICENSE="GPL-2" 63LICENSE="GPL-2"
16SLOT="0" 64SLOT="0"
17S="${WORKDIR}/" 65S="${WORKDIR}/"
66PATCHBUNDLE="${DISTDIR}/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2"
18 67
68# Modules should always depend on at least the first release of the
69# selinux-base-policy for which they are generated.
70if [[ -n ${BASEPOL} ]];
71then
19RDEPEND=">=sys-apps/policycoreutils-1.30.30 72 RDEPEND=">=sys-apps/policycoreutils-2.0.82
73 >=sec-policy/selinux-base-policy-${BASEPOL}"
74else
75 RDEPEND=">=sys-apps/policycoreutils-2.0.82
20 >=sec-policy/selinux-base-policy-${PV}" 76 >=sec-policy/selinux-base-policy-${PV}"
21 77fi
22DEPEND="${RDEPEND} 78DEPEND="${RDEPEND}
23 sys-devel/m4 79 sys-devel/m4
24 >=sys-apps/checkpolicy-1.30.12" 80 >=sys-apps/checkpolicy-2.0.21"
25 81
82SELINUX_EXPF="src_unpack src_compile src_install pkg_postinst"
83case "${EAPI:-0}" in
84 2|3|4) SELINUX_EXPF+=" src_prepare" ;;
85 *) ;;
86esac
87
88EXPORT_FUNCTIONS ${SELINUX_EXPF}
89
90# @FUNCTION: selinux-policy-2_src_unpack
91# @DESCRIPTION:
92# Unpack the policy sources as offered by upstream (refpolicy). In case of EAPI
93# older than 2, call src_prepare too.
26selinux-policy-2_src_unpack() { 94selinux-policy-2_src_unpack() {
95 unpack ${A}
96
97 # Call src_prepare explicitly for EAPI 0 or 1
98 has "${EAPI:-0}" 0 1 && selinux-policy-2_src_prepare
99}
100
101# @FUNCTION: selinux-policy-2_src_prepare
102# @DESCRIPTION:
103# Patch the reference policy sources with our set of enhancements. Start with
104# the base patchbundle referred to by the ebuilds through the BASEPOL variable,
105# then apply the additional patches as offered by the ebuild.
106#
107# Next, extract only those files needed for this particular module (i.e. the .te
108# and .fc files for the given module in the MODS variable).
109#
110# Finally, prepare the build environments for each of the supported SELinux
111# types (such as targeted or strict), depending on the POLICY_TYPES variable
112# content.
113selinux-policy-2_src_prepare() {
27 local modfiles 114 local modfiles
28 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
29 115
30 unpack ${A} 116 # Patch the sources with the base patchbundle
117 if [[ -n ${BASEPOL} ]];
118 then
119 cd "${S}"
120 epatch "${PATCHBUNDLE}"
121 fi
31 122
32 for i in ${MODS}; do 123 # Apply the additional patches refered to by the module ebuild.
33 modfiles="`find ${S}/refpolicy/policy/modules -iname $i.te` $modfiles" 124 # But first some magic to differentiate between bash arrays and strings
34 modfiles="`find ${S}/refpolicy/policy/modules -iname $i.fc` $modfiles" 125 if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]];
126 then
127 cd "${S}/refpolicy/policy/modules"
128 for POLPATCH in "${POLICY_PATCH[@]}";
129 do
130 epatch "${POLPATCH}"
35 done 131 done
36 132 else
37 for i in ${POLICY_TYPES}; do
38 mkdir "${S}"/${i}
39 cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile
40
41 cp ${modfiles} "${S}"/${i}
42
43 if [ -n "${POLICY_PATCH}" ]; then 133 if [[ -n ${POLICY_PATCH} ]];
134 then
135 cd "${S}/refpolicy/policy/modules"
44 for POLPATCH in "${POLICY_PATCH}"; 136 for POLPATCH in ${POLICY_PATCH};
45 do 137 do
46 cd "${S}"/${i} 138 epatch "${POLPATCH}"
47 einfo "Patching ${i}"
48 epatch "${POLPATCH}" || die "failed patch ${POLPATCH}"
49 done 139 done
50 fi 140 fi
141 fi
51 142
143 # Collect only those files needed for this particular module
144 for i in ${MODS}; do
145 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
146 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
52 done 147 done
53}
54 148
149 for i in ${POLICY_TYPES}; do
150 mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
151 cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
152 || die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
153
154 cp ${modfiles} "${S}"/${i} \
155 || die "Failed to copy the module files to ${S}/${i}"
156 done
157}
158
159# @FUNCTION: selinux-policy-2_src_compile
160# @DESCRIPTION:
161# Build the SELinux policy module (.pp file) for just the selected module, and
162# this for each SELinux policy mentioned in POLICY_TYPES
55selinux-policy-2_src_compile() { 163selinux-policy-2_src_compile() {
56 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
57
58 for i in ${POLICY_TYPES}; do 164 for i in ${POLICY_TYPES}; do
165 # Parallel builds are broken, so we need to force -j1 here
59 make NAME=$i -C "${S}"/${i} || die "${i} compile failed" 166 emake -j1 NAME=$i -C "${S}"/${i} || die "${i} compile failed"
60 done 167 done
61} 168}
62 169
170# @FUNCTION: selinux-policy-2_src_install
171# @DESCRIPTION:
172# Install the built .pp files in the correct subdirectory within
173# /usr/share/selinux.
63selinux-policy-2_src_install() { 174selinux-policy-2_src_install() {
64 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
65 local BASEDIR="/usr/share/selinux" 175 local BASEDIR="/usr/share/selinux"
66 176
67 for i in ${POLICY_TYPES}; do 177 for i in ${POLICY_TYPES}; do
68 for j in ${MODS}; do 178 for j in ${MODS}; do
69 echo "Installing ${i} ${j} policy package" 179 einfo "Installing ${i} ${j} policy package"
70 insinto ${BASEDIR}/${i} 180 insinto ${BASEDIR}/${i}
71 doins "${S}"/${i}/${j}.pp 181 doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
72 done 182 done
73 done 183 done
74} 184}
75 185
186# @FUNCTION: selinux-policy-2_pkg_postinst
187# @DESCRIPTION:
188# Install the built .pp files in the SELinux policy stores, effectively
189# activating the policy on the system.
76selinux-policy-2_pkg_postinst() { 190selinux-policy-2_pkg_postinst() {
77 # build up the command in the case of multiple modules 191 # build up the command in the case of multiple modules
78 local COMMAND 192 local COMMAND
79 for i in ${MODS}; do 193 for i in ${MODS}; do
80 COMMAND="-i ${i}.pp ${COMMAND}" 194 COMMAND="-i ${i}.pp ${COMMAND}"
81 done 195 done
82 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
83 196
84 for i in ${POLICY_TYPES}; do 197 for i in ${POLICY_TYPES}; do
85 einfo "Inserting the following modules into the $i module store: ${MODS}" 198 einfo "Inserting the following modules into the $i module store: ${MODS}"
86 199
87 cd /usr/share/selinux/${i} 200 cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}"
88 semodule -s ${i} ${COMMAND} || die "Failed to load in modules ${MODS} in the $i policy store" 201 semodule -s ${i} ${COMMAND} || die "Failed to load in modules ${MODS} in the $i policy store"
89 done 202 done
90} 203}
91 204
92EXPORT_FUNCTIONS src_unpack src_compile src_install pkg_postinst
Legend:
Removed from v.1.6  
changed lines
  Added in v.1.7
  ViewVC Help
Powered by ViewVC 1.1.13