selinux-refpolicy/refpolicy/doc/Makefile.example

141 lines
3.0 KiB
Makefile
Raw Normal View History

-include build.conf
# executables
PREFIX := /usr
BINDIR := $(PREFIX)/bin
SBINDIR := $(PREFIX)/sbin
CHECKMODULE := $(BINDIR)/checkmodule
SEMODULE := $(SBINDIR)/semodule
SEMOD_PKG := $(BINDIR)/semodule_package
# helper tools
AWK ?= gawk
INSTALL ?= install
M4 ?= m4
SED ?= sed
EINFO ?= echo
# installation paths
SHAREDIR := $(PREFIX)/share/selinux
MODPKGDIR := $(SHAREDIR)/$(NAME)
HEADERDIR := $(SHAREDIR)/refpolicy/include
# set default build options
TYPE ?= strict
NAME ?= $(TYPE)
DIRECT_INITRC ?= n
POLY ?= n
# compile strict policy if requested.
ifneq ($(findstring strict,$(TYPE)),)
M4PARAM += -D strict_policy
endif
# compile targeted policy if requested.
ifneq ($(findstring targeted,$(TYPE)),)
M4PARAM += -D targeted_policy
endif
# enable MLS if requested.
ifneq ($(findstring -mls,$(TYPE)),)
M4PARAM += -D enable_mls
CHECKPOLICY += -M
CHECKMODULE += -M
endif
# enable MLS if MCS requested.
ifneq ($(findstring -mcs,$(TYPE)),)
M4PARAM += -D enable_mcs
CHECKPOLICY += -M
CHECKMODULE += -M
endif
# enable distribution-specific policy
ifneq ($(DISTRO),)
M4PARAM += -D distro_$(DISTRO)
endif
# enable polyinstantiation
ifeq ($(POLY),y)
M4PARAM += -D enable_polyinstantiation
endif
ifeq ($(DIRECT_INITRC),y)
M4PARAM += -D direct_sysadm_daemon
endif
ifneq ($(VERBOSE),y)
quiet := @
endif
M4PARAM += -D hide_broken_symptoms
# policy headers
m4support := $(wildcard $(HEADERDIR)/*.spt)
all_interfaces := $(wildcard $(HEADERDIR)/*.if)
rolemap := $(HEADERDIR)/rolemap
detected_mods := $(wildcard *.te)
detected_ifs := $(detected_mods:.te=.if)
all_packages := $(detected_mods:.te=.pp)
install_mods := $(MODPKGDIR)/$(all_packages)
########################################
#
# Functions
#
# parse-rolemap modulename,outputfile
define parse-rolemap
$(verbose) $(M4) $(M4PARAM) $(rolemap) | \
$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
endef
# peruser-expansion modulename,outputfile
define peruser-expansion
$(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" > $2
$(call parse-rolemap,$1,$2)
$(verbose) echo "')" >> $2
endef
########################################
#
# Main targets
#
all: $(all_packages)
########################################
#
# Build module packages
#
tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
@$(EINFO) "Compliling $(NAME) $(basename $(@F)) module"
@test -d tmp || mkdir -p tmp
$(call peruser-expansion,$(basename $(@F)),$@.role)
$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
tmp/%.mod.fc: $(m4support) %.fc
$(verbose) $(M4) $(M4PARAM) $^ > $@
%.pp: tmp/%.mod tmp/%.mod.fc
@echo "Creating $(NAME) $(@F) policy package"
$(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
tmp/all_interfaces.conf: $(m4support) $(all_interfaces) $(detected_ifs)
@test -d tmp || mkdir -p tmp
$(verbose) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@
########################################
#
# Clean the environment
#
clean:
rm -fR tmp
rm -f *.pp
.PHONY: clean install all default