libsepol: build cil into libsepol

Set DISABLE_CIL=y to build libsepol without CIL support, e.g

    make DISABLE_CIL=y

To enable CIL support in libsepol, set DISABLE_CIL=n. This is the default
if not specified.

Signed-off-by: Steve Lawrence <slawrence@tresys.com>

libsepol/.gitignore

@@ -1 +1,2 @@
 utils/chkcon
+libsepol.map

libsepol/Makefile

@@ -1,3 +1,7 @@
+DISABLE_CIL ?= n
+
+export DISABLE_CIL
+
 all: 
 	$(MAKE) -C src 
 	$(MAKE) -C utils

libsepol/include/Makefile

@@ -1,14 +1,17 @@
 # Installation directories.
 PREFIX ?= $(DESTDIR)/usr
 INCDIR ?= $(PREFIX)/include/sepol
+CILDIR ?= ../cil
 
 all:
 
 install: all
 	test -d $(INCDIR) || install -m 755 -d $(INCDIR)
 	test -d $(INCDIR)/policydb || install -m 755 -d $(INCDIR)/policydb
+	test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil
 	install -m 644 $(wildcard sepol/*.h) $(INCDIR)
 	install -m 644 $(wildcard sepol/policydb/*.h) $(INCDIR)/policydb
+	install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(INCDIR)/cil
 
 indent:
 	../../scripts/Lindent $(wildcard sepol/*.h)

libsepol/src/Makefile

@@ -5,32 +5,58 @@ LIBDIR ?= $(PREFIX)/lib
 SHLIBDIR ?= $(DESTDIR)/lib
 RANLIB ?= ranlib
 LIBBASE ?= $(shell basename $(LIBDIR))
+CILDIR ?= ../cil
 
 VERSION = $(shell cat ../VERSION)
 LIBVERSION = 1
 
+LEX = flex
+CIL_GENERATED = $(CILDIR)/src/cil_lexer.c
+
 LIBA=libsepol.a 
 TARGET=libsepol.so
 LIBPC=libsepol.pc
+LIBMAP=libsepol.map
 LIBSO=$(TARGET).$(LIBVERSION)
 OBJS= $(patsubst %.c,%.o,$(wildcard *.c))
 LOBJS= $(patsubst %.c,%.lo,$(wildcard *.c))
-CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
+CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-format-attribute
+
 override CFLAGS += -I. -I../include -D_GNU_SOURCE
 
+ifneq ($(DISABLE_CIL),y)
+OBJS += $(sort $(patsubst %.c,%.o,$(wildcard $(CILDIR)/src/*.c) $(CIL_GENERATED)))
+LOBJS += $(sort $(patsubst %.c,%.lo,$(wildcard $(CILDIR)/src/*.c) $(CIL_GENERATED)))
+override CFLAGS += -I$(CILDIR)/include
+endif
+
+
 all: $(LIBA) $(LIBSO) $(LIBPC)
 
+
 $(LIBA):  $(OBJS)
 	$(AR) rcs $@ $^
 	$(RANLIB) $@
 
-$(LIBSO): $(LOBJS)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -Wl,-soname,$(LIBSO),--version-script=libsepol.map,-z,defs
+$(LIBSO): $(LOBJS) $(LIBMAP)
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $(LOBJS) -Wl,-soname,$(LIBSO),--version-script=$(LIBMAP),-z,defs
 	ln -sf $@ $(TARGET) 
 
 $(LIBPC): $(LIBPC).in ../VERSION
 	sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):' < $< > $@
 
+$(LIBMAP): $(LIBMAP).in
+ifneq ($(DISABLE_CIL),y)
+	cp $< $@
+else
+	sed -e '/^\s*cil_/d' < $< > $@
+endif
+
+ifneq ($(DISABLE_CIL),y)
+$(CILDIR)/src/cil_lexer.c: $(CILDIR)/src/cil_lexer.l
+	$(LEX) -t $< > $@
+endif
+
 %.o:  %.c 
 	$(CC) $(CFLAGS) -fPIC -c -o $@ $<
 
@@ -50,7 +76,7 @@ relabel:
 	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
 
 clean: 
-	-rm -f $(LIBPC) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(TARGET)
+	-rm -f $(LIBPC) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(TARGET) $(CIL_GENERATED)
 
 indent:
 	../../scripts/Lindent $(wildcard *.[ch])

libsepol/src/libsepol.map.in

@@ -17,5 +17,20 @@
 	sepol_set_disable_dontaudit;
 	sepol_set_expand_consume_base;
 	sepol_get_preserve_tunables; sepol_set_preserve_tunables;
+	cil_db_init;
+	cil_set_disable_dontaudit;
+	cil_set_disable_neverallow;
+	cil_set_preserve_tunables;
+	cil_set_handle_unknown;
+	cil_db_destroy;
+	cil_add_file;
+	cil_compile;
+	cil_build_policydb;
+	cil_userprefixes_to_string;
+	cil_selinuxusers_to_string;
+	cil_filecons_to_string;
+	cil_set_log_level;
+	cil_set_log_handler;
+	cil_set_malloc_error_handler;
   local: *;
 };