-include build.conf # executables PREFIX := /usr BINDIR := $(PREFIX)/bin SBINDIR := $(PREFIX)/sbin CHECKMODULE := $(BINDIR)/checkmodule SEMODULE := $(SBINDIR)/semodule SEMOD_PKG := $(BINDIR)/semodule_package # helper tools AWK ?= gawk INSTALL ?= install M4 ?= m4 SED ?= sed EINFO ?= echo # set default build options NAME ?= $(shell . /etc/selinux/config; echo $$SELINUXTYPE) MLSENABLED := $(shell cat /selinux/mls) ifeq ($(MLSENABLED),1) MCSFLAG=-mcs endif TYPE ?= $(NAME)${MCSFLAG} DIRECT_INITRC ?= n POLY ?= n # installation paths SHAREDIR := $(PREFIX)/share/selinux MODPKGDIR := $(SHAREDIR)/$(NAME) HEADERDIR := $(SHAREDIR)/refpolicy/include # compile strict policy if requested. ifneq ($(findstring strict,$(TYPE)),) M4PARAM += -D strict_policy endif # compile targeted policy if requested. ifneq ($(findstring targeted,$(TYPE)),) M4PARAM += -D targeted_policy endif # enable MLS if requested. ifneq ($(findstring -mls,$(TYPE)),) M4PARAM += -D enable_mls CHECKPOLICY += -M CHECKMODULE += -M endif # enable MLS if MCS requested. ifneq ($(findstring -mcs,$(TYPE)),) M4PARAM += -D enable_mcs CHECKPOLICY += -M CHECKMODULE += -M endif # enable distribution-specific policy ifneq ($(DISTRO),) M4PARAM += -D distro_$(DISTRO) endif # enable polyinstantiation ifeq ($(POLY),y) M4PARAM += -D enable_polyinstantiation endif ifeq ($(DIRECT_INITRC),y) M4PARAM += -D direct_sysadm_daemon endif ifneq ($(VERBOSE),y) quiet := @ endif M4PARAM += -D hide_broken_symptoms # policy headers m4support := $(wildcard $(HEADERDIR)/*.spt) all_interfaces := $(wildcard $(HEADERDIR)/*.if) rolemap := $(HEADERDIR)/rolemap detected_mods := $(wildcard *.te) detected_ifs := $(detected_mods:.te=.if) all_packages := $(detected_mods:.te=.pp) install_mods := $(MODPKGDIR)/$(all_packages) ######################################## # # Functions # # parse-rolemap modulename,outputfile define parse-rolemap $(verbose) $(M4) $(M4PARAM) $(rolemap) | \ $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2 endef # peruser-expansion modulename,outputfile define peruser-expansion $(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" > $2 $(call parse-rolemap,$1,$2) $(verbose) echo "')" >> $2 endef ######################################## # # Main targets # all: $(all_packages) ######################################## # # Build module packages # tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te @$(EINFO) "Compliling $(NAME) $(basename $(@F)) module" @test -d tmp || mkdir -p tmp $(call peruser-expansion,$(basename $(@F)),$@.role) $(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp) $(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@ tmp/%.mod.fc: $(m4support) %.fc $(verbose) $(M4) $(M4PARAM) $^ > $@ %.pp: tmp/%.mod tmp/%.mod.fc @echo "Creating $(NAME) $(@F) policy package" $(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc tmp/all_interfaces.conf: $(m4support) $(all_interfaces) $(detected_ifs) @test -d tmp || mkdir -p tmp $(verbose) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@ ######################################## # # Clean the environment # clean: rm -fR tmp rm -f *.pp .PHONY: clean install all default