/[gentoo-x86]/eclass/selinux-policy-2.eclass
Gentoo

Contents of /eclass/selinux-policy-2.eclass

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.9 - (show annotations) (download)
Mon Aug 22 04:46:32 2011 UTC (2 years, 11 months ago) by vapier
Branch: MAIN
Changes since 1.8: +6 -6 lines
fix random bugs in eclass documentation, and convert to new @AUTHOR tag

1 # Copyright 1999-2011 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/eclass/selinux-policy-2.eclass,v 1.8 2011/08/12 20:01:29 swift Exp $
4
5 # Eclass for installing SELinux policy, and optionally
6 # reloading the reference-policy based modules.
7
8 # @ECLASS: selinux-policy-2.eclass
9 # @MAINTAINER:
10 # selinux@gentoo.org
11 # @BLURB: This eclass supports the deployment of the various SELinux modules in sec-policy
12 # @DESCRIPTION:
13 # The selinux-policy-2.eclass supports deployment of the various SELinux modules
14 # defined in the sec-policy category. It is responsible for extracting the
15 # specific bits necessary for single-module deployment (instead of full-blown
16 # policy rebuilds) and applying the necessary patches.
17 #
18 # Also, it supports for bundling patches to make the whole thing just a bit more
19 # manageable.
20
21 # @ECLASS-VARIABLE: MODS
22 # @DESCRIPTION:
23 # This variable contains the (upstream) module name for the SELinux module.
24 # This name is only the module name, not the category!
25 : ${MODS:="_illegal"}
26
27 # @ECLASS-VARIABLE: BASEPOL
28 # @DESCRIPTION:
29 # This variable contains the version string of the selinux-base-policy package
30 # that this module build depends on. It is used to patch with the appropriate
31 # patch bundle(s) that are part of selinux-base-policy.
32 : ${BASEPOL:=""}
33
34 # @ECLASS-VARIABLE: POLICY_PATCH
35 # @DESCRIPTION:
36 # This variable contains the additional patch(es) that need to be applied on top
37 # of the patchset already contained within the BASEPOL variable. The variable
38 # can be both a simple string (space-separated) or a bash array.
39 : ${POLICY_PATCH:=""}
40
41 # @ECLASS-VARIABLE: POLICY_TYPES
42 # @DESCRIPTION:
43 # This variable informs the eclass for which SELinux policies the module should
44 # be built. Currently, Gentoo supports targeted, strict, mcs and mls.
45 # This variable is the same POLICY_TYPES variable that we tell SELinux
46 # users to set in /etc/make.conf. Therefor, it is not the module that should
47 # override it, but the user.
48 : ${POLICY_TYPES:="targeted strict mcs mls"}
49
50 inherit eutils
51
52 IUSE=""
53
54 HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
55 if [[ -n ${BASEPOL} ]];
56 then
57 SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
58 http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2"
59 else
60 SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
61 fi
62
63 LICENSE="GPL-2"
64 SLOT="0"
65 S="${WORKDIR}/"
66 PATCHBUNDLE="${DISTDIR}/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2"
67
68 # Modules should always depend on at least the first release of the
69 # selinux-base-policy for which they are generated.
70 if [[ -n ${BASEPOL} ]];
71 then
72 RDEPEND=">=sys-apps/policycoreutils-2.0.82
73 >=sec-policy/selinux-base-policy-${BASEPOL}"
74 else
75 RDEPEND=">=sys-apps/policycoreutils-2.0.82
76 >=sec-policy/selinux-base-policy-${PV}"
77 fi
78 DEPEND="${RDEPEND}
79 sys-devel/m4
80 >=sys-apps/checkpolicy-2.0.21"
81
82 SELINUX_EXPF="src_unpack src_compile src_install pkg_postinst"
83 case "${EAPI:-0}" in
84 2|3|4) SELINUX_EXPF+=" src_prepare" ;;
85 *) ;;
86 esac
87
88 EXPORT_FUNCTIONS ${SELINUX_EXPF}
89
90 # @FUNCTION: selinux-policy-2_src_unpack
91 # @DESCRIPTION:
92 # Unpack the policy sources as offered by upstream (refpolicy). In case of EAPI
93 # older than 2, call src_prepare too.
94 selinux-policy-2_src_unpack() {
95 unpack ${A}
96
97 # Call src_prepare explicitly for EAPI 0 or 1
98 has "${EAPI:-0}" 0 1 && selinux-policy-2_src_prepare
99 }
100
101 # @FUNCTION: selinux-policy-2_src_prepare
102 # @DESCRIPTION:
103 # Patch the reference policy sources with our set of enhancements. Start with
104 # the base patchbundle referred to by the ebuilds through the BASEPOL variable,
105 # then apply the additional patches as offered by the ebuild.
106 #
107 # Next, extract only those files needed for this particular module (i.e. the .te
108 # and .fc files for the given module in the MODS variable).
109 #
110 # Finally, prepare the build environments for each of the supported SELinux
111 # types (such as targeted or strict), depending on the POLICY_TYPES variable
112 # content.
113 selinux-policy-2_src_prepare() {
114 local modfiles
115
116 # Patch the sources with the base patchbundle
117 if [[ -n ${BASEPOL} ]];
118 then
119 cd "${S}"
120 epatch "${PATCHBUNDLE}"
121 fi
122
123 # Apply the additional patches refered to by the module ebuild.
124 # But first some magic to differentiate between bash arrays and strings
125 if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]];
126 then
127 cd "${S}/refpolicy/policy/modules"
128 for POLPATCH in "${POLICY_PATCH[@]}";
129 do
130 epatch "${POLPATCH}"
131 done
132 else
133 if [[ -n ${POLICY_PATCH} ]];
134 then
135 cd "${S}/refpolicy/policy/modules"
136 for POLPATCH in ${POLICY_PATCH};
137 do
138 epatch "${POLPATCH}"
139 done
140 fi
141 fi
142
143 # Collect only those files needed for this particular module
144 for i in ${MODS}; do
145 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
146 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
147 done
148
149 for i in ${POLICY_TYPES}; do
150 mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
151 cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
152 || die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
153
154 cp ${modfiles} "${S}"/${i} \
155 || die "Failed to copy the module files to ${S}/${i}"
156 done
157 }
158
159 # @FUNCTION: selinux-policy-2_src_compile
160 # @DESCRIPTION:
161 # Build the SELinux policy module (.pp file) for just the selected module, and
162 # this for each SELinux policy mentioned in POLICY_TYPES
163 selinux-policy-2_src_compile() {
164 for i in ${POLICY_TYPES}; do
165 # Parallel builds are broken, so we need to force -j1 here
166 emake -j1 NAME=$i -C "${S}"/${i} || die "${i} compile failed"
167 done
168 }
169
170 # @FUNCTION: selinux-policy-2_src_install
171 # @DESCRIPTION:
172 # Install the built .pp files in the correct subdirectory within
173 # /usr/share/selinux.
174 selinux-policy-2_src_install() {
175 local BASEDIR="/usr/share/selinux"
176
177 for i in ${POLICY_TYPES}; do
178 for j in ${MODS}; do
179 einfo "Installing ${i} ${j} policy package"
180 insinto ${BASEDIR}/${i}
181 doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
182 done
183 done
184 }
185
186 # @FUNCTION: selinux-policy-2_pkg_postinst
187 # @DESCRIPTION:
188 # Install the built .pp files in the SELinux policy stores, effectively
189 # activating the policy on the system.
190 selinux-policy-2_pkg_postinst() {
191 # build up the command in the case of multiple modules
192 local COMMAND
193 for i in ${MODS}; do
194 COMMAND="-i ${i}.pp ${COMMAND}"
195 done
196
197 for i in ${POLICY_TYPES}; do
198 einfo "Inserting the following modules into the $i module store: ${MODS}"
199
200 cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}"
201 semodule -s ${i} ${COMMAND} || die "Failed to load in modules ${MODS} in the $i policy store"
202 done
203 }

  ViewVC Help
Powered by ViewVC 1.1.20