Makefile: add target build-interface-db

Build the policy interface database with 'sepolgen-ifgen'.
This database is required for reference style policy generation by
'audit2allow --reference'

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
This commit is contained in:
Christian Göttsche 2020-05-28 14:27:55 +02:00
parent c950ada4ea
commit a3811f4eb4
2 changed files with 17 additions and 1 deletions

View File

@ -62,6 +62,7 @@ SEMOD_PKG ?= $(tc_usrbindir)/semodule_package
SEMOD_LNK ?= $(tc_usrbindir)/semodule_link
SEMOD_EXP ?= $(tc_usrbindir)/semodule_expand
LOADPOLICY ?= $(tc_usrsbindir)/load_policy
SEPOLGEN_IFGEN ?= $(tc_usrbindir)/sepolgen-ifgen
SETFILES ?= $(tc_sbindir)/setfiles
XMLLINT ?= $(BINDIR)/xmllint
SECHECK ?= $(BINDIR)/sechecker
@ -228,6 +229,8 @@ MCS_CATS ?= 1024
ifeq ($(QUIET),y)
verbose = @
else
VERBOSE_FLAG = --verbose
endif
M4PARAM += -D mls_num_sens=$(MLS_SENS) -D mls_num_cats=$(MLS_CATS) -D mcs_num_cats=$(MCS_CATS) -D hide_broken_symptoms
@ -554,6 +557,14 @@ endif
$(verbose) echo "override MCS_CATS := $(MCS_CATS)" >> $(headerdir)/build.conf
$(verbose) $(INSTALL) -m 644 $(support)/Makefile.devel $(headerdir)/Makefile
########################################
#
# Build policy interface database
#
build-interface-db: install-headers
@mkdir -p $(DESTDIR)/var/lib/sepolgen $(tmpdir)
$(verbose) $(SEPOLGEN_IFGEN) $(VERBOSE_FLAG) --interfaces $(headerdir) --output $(DESTDIR)/var/lib/sepolgen/interface_info
########################################
#
# Install policy documentation
@ -657,4 +668,4 @@ ifneq ($(generated_fc),)
endif
endif
.PHONY: install-src install-appconfig install-headers generate xml conf html bare tags
.PHONY: install-src install-appconfig install-headers build-interface-db generate xml conf html bare tags

5
README
View File

@ -60,6 +60,11 @@ install-headers Install the policy headers into /usr/share/selinux/NAME.
for this policy configuration should be set before
using this target.
build-interface-db Build the policy interface database with
'sepolgen-ifgen'. This database is required for
reference style policy generation by
'audit2allow --reference'.
Make targets specific to monolithic policies:
policy Compile a policy locally for development and testing.