Startsida Utforska Hjälp
Registrera dig Logga in
OpenWrt
/
openwrt
spegling av https://github.com/openwrt/openwrt.git
2
0
Fork 0
Filer Ärenden 0 Wiki
Bläddra i källkod

refpolicy: add variant that builds modular policy

This adds a variant of refpolicy that builds the modular form of the
policy. While this requires more memory on the target device, along with
some tricks to deal with OpenWrt's volatile /var directory, it is useful
for experiementing with SELinux policy.

Signed-off-by: W. Michael Petullo <[email protected]>
W. Michael Petullo 5 år sedan
förälder
2e282537d0
incheckning
9eb9943f82
2 ändrade filer med 39 tillägg och 2 borttagningar
Delad Vy Visa Diff Statistik
  1. 6 0
      config/Config-build.in
  2. 33 2
      package/system/refpolicy/Makefile

+ 6 - 0
config/Config-build.in
Visa fil 

@@ -362,6 +362,12 @@ menu "Global build settings"
 
 			help
 
 			  SELinux Reference Policy (refpolicy)
 
 
+		config SELINUXTYPE_targeted-modular
 
+			bool "targeted-modular"
 
+			select PACKAGE_refpolicy-modular
 
+			help
 
+			  Modular SELinux Reference Policy (refpolicy-modular)
 
+
 
 		config SELINUXTYPE_dssp
 
 			bool "dssp"
 
 			select PACKAGE_selinux-policy

+ 33 - 2
package/system/refpolicy/Makefile
Visa fil 

@@ -24,7 +24,7 @@ TAR_OPTIONS:=--transform='s%^refpolicy%$(PKG_NAME)-$(PKG_VERSION)%' -xf -
 
 
 include $(INCLUDE_DIR)/package.mk
 
 
-define Package/refpolicy
 
+define Package/refpolicy/Default
 
   SECTION:=system
 
   CATEGORY:=Base system
 
   TITLE:=SELinux reference policy
 
@@ -32,6 +32,19 @@ define Package/refpolicy
 
   PKGARCH:=all
 
 endef
 
 
+define Package/refpolicy
 
+  $(call Package/refpolicy/Default)
 
+  CONFLICTS:=refpolicy-modular
 
+  VARIANT:=default
 
+endef
 
+
 
+define Package/refpolicy-modular
 
+  $(call Package/refpolicy/Default)
 
+  TITLE += (modular)
 
+  VARIANT:=modular
 
+  PROVIDES:=refpolicy
 
+endef
 
+
 
 define Package/refpolicy/description
 
 	The SELinux Reference Policy project (refpolicy) is a
 
 	complete SELinux policy that can be used as the system
 
@@ -56,25 +69,43 @@ endef
 
 # builds is a small host tool that gets run as part of the build
 
 # process.
 
 MAKE_FLAGS += \
 
+	DESTDIR="$(PKG_INSTALL_DIR)"
 
 	SETFILES="$(STAGING_DIR_HOST)/bin/setfiles" \
 
 	CHECKPOLICY="$(STAGING_DIR_HOSTPKG)/bin/checkpolicy" \
 
 	CC="$(HOSTCC)" \
 
 	CFLAGS="$(HOST_CFLAGS)"
 
 
 define Build/Configure
 
-	$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf
 
 	$(SED) "/NAME/c\NAME = targeted" $(PKG_BUILD_DIR)/build.conf
 
+ifneq ($(BUILD_VARIANT),modular)
 
+	$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf
 
+endif
 
 	$(call Build/Compile/Default,conf)
 
 endef
 
 
+ifeq ($(BUILD_VARIANT),modular)
 
+define Build/Install
 
+	$(call Build/Compile/Default,install install-headers)
 
+endef
 
+endif
 
+
 
 define Package/refpolicy/conffiles
 
 /etc/selinux/config
 
 endef
 
 
+Package/refpolicy-modular/conffiles = $(Package/refpolicy/conffiles)
 
+
 
 define Package/refpolicy/install
 
 	$(INSTALL_DIR) $(1)/etc/selinux
 
 	$(CP) $(PKG_INSTALL_DIR)/etc/selinux/* $(1)/etc/selinux/
 
 	$(CP) ./files/selinux-config $(1)/etc/selinux/config
 
+ifeq ($(BUILD_VARIANT),modular)
 
+	$(INSTALL_DIR) $(1)/usr/share/selinux
 
+	$(CP) $(PKG_INSTALL_DIR)/usr/share/selinux/* $(1)/usr/share/selinux/
 
+endif
 
 endef
 
 
+Package/refpolicy-modular/install = $(Package/refpolicy/install)
 
+
 
 $(eval $(call BuildPackage,refpolicy))
 
+$(eval $(call BuildPackage,refpolicy-modular))