mbrose wrote:

> Attached to this email is a tarball snapshot of a new build system
> for the SELinux toolchain that I have been working on for the last
> couple of months.
>
> This autoconf/automake build system has many advantages over the
> current Makefiles.
>
> 1) It is capable of correctly cross compiling all libraries and
>  tools, including the python wrappers.
> 2) It allows the distro maintainer to set sysconfdir, prefix,
>  pamdir, startupdir etc..
> 3) It employs no "hacks", it is to-the-book, clean, GNU Automake,
>  Autoconf code, formatted to ~80 char line length.
> 4) It lets RPM spec and .deb control take advantage of the autoconf
>  infrastructure already built into these package formats, allowing
>  distro maintainers to quickly and effortlessly build distro
>  packages.
> 5) It is completely self dependent, ie. one can build the complete
>  toolchain now resolving dependencies within the build, without
>  needing to link against a system wide library.
>
> Due to an incompatibility with libtool, related to the current
> naming convention of the python wrappers and classes, a patch is
> supplied to rename:
>  *) _selinux.so to libpyselinux.so
>  *) _semanage.so to libpysemanage.so
>  *) _audit2why.so to libpyaudit2why.so
>
> Similarily, the update also renames:
>  *) selinux.py to __init__.py
>  *) semanage.py to __init__.py
> and installs these plugins into their own sub site-packages folder.
>
> For Example: libselinux/src/Makefile.am
> line 35 # When the upstream tree is patched this should be removed
> line 36 # and selinux.py must be renamed to __init__.py
> line 37 __init__.py : selinux.py
> line 38        cp selinux.py $@
>
> A similar measure is taken in libsemanage/src/Makefile.am for semanage.py.
>
> On a similar note, the code currently uses a macro called SHARED,
> which is currently being wrapped with a forced -include libtool_compat.h
> using -DPIC (a libtool defined macro). This too can be removed if the code
> can be reformatted.
>
> This build system has been thoroughly tested to function correctly.
> Compiling natively for localhost, as well as cross compiling for
> the following platforms:
>  *) PPC32
>  *) PPC64
>  *) ARM (Versatile family)
>  *) Common PC X86_64
>
> It has also been tested on mainstream Linux distributions such
> as Ubuntu 8.04 and Fedora 9.
>
> This new build system is a replacement for the existing build system.
> They cannot be used concurrently. I leave no guarantee on backward
> compatibility after applying this update.
>
> Recently a Ruby wrapper was added to the SELinux trunk, this build
> system does not build it. Though with the current infrastructure in
> place, it is a very simple procedure for anyone familiar with ruby
> to include it.
>
> This contribution comes out of the integration efforts WindRiver has
> recently taken to add a SELinux feature to WindRiver Linux. It comes
> with no obligation or indemnity from WindRiver or myself. Distributed
> as not copyrighted, public domain software, in accordance with
> libselinux.
>
> I ask if this update can be merged into the main SELinux trunk.
> I will help coordinate the merge if necessary.
>
>

Makefile.toolchain

@@ -0,0 +1,34 @@
+CONFIG=CFLAGS=-I$(PREFIX)/include LDFLAGS=-L$(PREFIX)/lib --prefix=$(PREFIX) --enable-static
+
+# libsepol and libselinux must be first, in order to resolve deps
+# libsemanage must be before policycoreutils
+
+VPATH = .
+
+MAKEFILES =	libsepol/Makefile \
+		libselinux/Makefile \
+		libsemanage/Makefile \
+		checkpolicy/Makefile \
+		policycoreutils/Makefile
+
+CONFIGUREFILES = libsepol/configure \
+		libselinux/configure \
+		libsemanage/configure \
+		checkpolicy/configure \
+		policycoreutils/configure 
+	
+%/Makefile: %/configure
+	cd $(patsubst %/configure,%,$<) && ./configure $(CONFIG) && make install
+
+build: $(MAKEFILES)
+
+install: $(MAKEFILES)
+	for i in $^; do make -C $(dir $$i) install  ; done 
+	
+%/configure: %/configure.ac
+	cd $(patsubst %/configure.ac,%,$<) && touch NEWS README AUTHORS && autoreconf -i && automake --add-missing
+
+autoconf: $(CONFIGUREFILES)
+
+clean:
+	rm -f $(MAKEFILES)

checkpolicy/Makefile.am

@@ -0,0 +1,18 @@
+bin_PROGRAMS		= checkmodule checkpolicy
+checkmodule_SOURCES	= $(COMMONSRC)  checkmodule.c
+checkmodule_DEPENDENCIES= $(LIBSEPOL_A_PATH)
+checkmodule_LDADD	= $(LIBSEPOL_A_PATH)
+checkpolicy_SOURCES	= $(COMMONSRC) checkpolicy.c
+checkpolicy_DEPENDENCIES= $(LIBSEPOL_A_PATH)
+checkpolicy_LDADD	= $(LIBSEPOL_A_PATH)
+BUILT_SOURCES		= y.tab.c y.tab.h policy_scan.c
+CLEANFILES		= $(BUILT_SOURCES)
+AM_LDFLAGS		= -Wl,--as-needed
+
+COMMONSRC		= \
+	queue.c		module_compiler.c \
+	parse_util.c	policy_define.c \
+	policy_parse.y	policy_scan.l
+
+y.tab.h y.tab.c : policy_parse.y
+	$(YACC) -d $<

checkpolicy/configure.ac

@@ -0,0 +1,97 @@
+#                                               -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script.
+
+AC_PREREQ(2.61)
+AC_INIT([checkpolicy], VERSION, BUG-REPORT-ADDRESS)
+AM_INIT_AUTOMAKE
+AC_CONFIG_SRCDIR([module_compiler.h])
+AC_CONFIG_HEADER([config.h])
+
+# Checks for programs.
+AC_PROG_YACC
+if test -z "$ac_cv_prog_YACC" ; then
+	AC_MSG_ERROR([Could not find yacc])
+fi
+
+AM_PROG_LEX
+if test -z "$ac_cv_prog_LEX" ; then
+	AC_MSG_ERROR([Could not find lex])
+fi
+AC_PROG_CC
+AC_PROG_INSTALL
+
+# Checks for libraries.
+AC_CHECK_LIB([fl], [yywrap])
+
+# As of testing (May 2008) this test fails because this function is hidden in the .so
+# due to the visibility discrepency between the .a and the .so this test was just kept
+# for any future modifcations to this file to be made faster/easier.
+#AC_SEARCH_LIBS([sepol_set_policydb],[sepol],
+#		[],
+#		[AC_MSG_NOTICE([********************************************************])]
+#		[AC_MSG_ERROR([[SELinux Policy library was not found. Aborted]])],
+#		[]
+#)
+
+AC_ARG_WITH([static-libsepol],
+	[AC_HELP_STRING([--with-static-libsepol=PATH],
+		[libsepol.a library to build against. Manadatory])],
+	[AC_MSG_CHECKING([for libsepol.a ])]
+	[if @<:@ -f "$with_static_libsepol/libsepol.a" @:>@ ; then
+			AC_MSG_RESULT([$with_static_libsepol/libsepol.a found])
+			AC_SUBST([LIBSEPOL_A_PATH], [[$with_static_libsepol/libsepol.a]])
+	elif @<:@ -f "$with_static_libsepol" @:>@ ; then
+			AC_MSG_RESULT([$with_static_libsepol ok])
+			AC_SUBST([LIBSEPOL_A_PATH], [[$with_static_libsepol]])
+	else
+		AC_MSG_RESULT([no found])
+		AC_MSG_ERROR([[Provide path to libsepol.a --with-static-libsepol=PATH]])
+		
+	fi], 
+	[AC_MSG_CHECKING([for libsepol.a in $libdir])]
+	[if @<:@ -f "$prefix/lib/libsepol.a" @:>@ ; then
+		AC_MSG_RESULT([$libdir/libsepol.a found])
+                AC_SUBST([LIBSEPOL_A_PATH], [[$libdir/libsepol.a]])
+	else
+		AC_MSG_RESULT([not found])
+		AC_MSG_ERROR([[Provide path to libsepol.a. use --with-static-libsepol=PATH]])
+	fi]
+)
+		
+# Checks for header files.
+AC_HEADER_STDC
+AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h \
+		netinet/in.h stdint.h stdlib.h \
+		string.h sys/socket.h unistd.h])
+
+#NOTE: A more proficient test is needed for libsepol's headers
+AC_CHECK_HEADERS([sepol/policydb/policydb.h \
+		sepol/policydb/avrule_block.h \
+		sepol/policydb/conditional.h \
+		sepol/policydb/hashtab.h],
+		[],
+		[AC_MSG_ERROR([Could not find sepol development headers])])
+
+# Checks for typedefs, structures, and compiler characteristics.
+AC_HEADER_STDBOOL
+AC_C_CONST
+AC_TYPE_SIZE_T
+AC_TYPE_UINT32_T
+
+# Checks for library functions.
+AC_FUNC_MALLOC
+AC_FUNC_MEMCMP
+AC_FUNC_MMAP
+AC_FUNC_REALLOC
+AC_CHECK_FUNCS([memset strcasecmp strchr strdup strerror strtol strtoul])
+
+AC_CONFIG_FILES([Makefile])
+AC_OUTPUT
+
+PRINT='echo -n -e '
+
+$PRINT "\nCheckpolicy/module Configuration Summary:\n"
+$PRINT "\tcheckpolicy\t= yes\n"
+$PRINT "\tchecknodule\t= yes\n"
+$PRINT "\tlibsepol.a\t= $LIBSEPOL_A_PATH\n"
+$PRINT "------------------------------------------------------------\n"

libselinux/Makefile.am

@@ -0,0 +1 @@
+SUBDIRS	= include man src utils

libselinux/configure.ac

@@ -0,0 +1,224 @@
+#                                               -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script.
+
+AC_PREREQ(2.61)
+AC_INIT([libselinux], [VERSION], BUG-REPORT-ADDRESS)
+AM_INIT_AUTOMAKE
+AC_CONFIG_SRCDIR([utils/compute_create.c])
+AC_CONFIG_HEADER([config.h])
+
+AM_PATH_PYTHON
+
+# Checks for programs.
+AC_PROG_CC
+AC_PROG_INSTALL
+AC_PROG_LN_S
+
+AC_PROG_LIBTOOL
+
+AC_PATH_PROGS([SWIG],[swig])
+
+# Checks for libraries.
+AC_CHECK_LIB([dl], [dlopen])
+
+# Checks for header files.
+AC_HEADER_DIRENT
+AC_HEADER_STDC
+AC_CHECK_HEADERS( \
+	[fcntl.h 	float.h 	limits.h \
+	netdb.h		stddef.h 	stdint.h \
+	stdio_ext.h	stdlib.h 	string.h \
+	strings.h 	sys/ioctl.h 	sys/mount.h \
+	sys/socket.h 	sys/vfs.h 	syslog.h \
+	unistd.h])
+
+AC_CHECK_HEADERS([sepol/sepol.h sepol/policydb.h],[],
+	[AC_MSG_ERROR([Cannot find sepol headers])])
+	
+
+# Checks for typedefs, structures, and compiler characteristics.
+AC_HEADER_STDBOOL
+AC_C_CONST
+AC_C_INLINE
+AC_TYPE_INT32_T
+AC_TYPE_MODE_T
+AC_TYPE_PID_T
+AC_TYPE_SIZE_T
+AC_TYPE_SSIZE_T
+AC_TYPE_UINT16_T
+AC_TYPE_UINT32_T
+
+# Checks for library functions.
+AC_FUNC_CLOSEDIR_VOID
+AC_PROG_GCC_TRADITIONAL
+AC_FUNC_LSTAT
+AC_FUNC_LSTAT_FOLLOWS_SLASHED_SYMLINK
+AC_FUNC_MALLOC
+AC_FUNC_MMAP
+AC_FUNC_REALLOC
+AC_FUNC_STAT
+AC_FUNC_VPRINTF
+AC_CHECK_FUNCS([floor	mempcpy		memset 	\
+	munmap 		regcomp		socket	\	
+	stpcpy 		strcasecmp	strchr	\	
+	strdup 		strerror	strncasecmp	\
+	strstr 		strtol		strtoul		\
+	strverscmp	uname])
+
+
+AC_ARG_ENABLE([rpm],
+	[AC_HELP_STRING([--disable-rpm],[Disables rpm support (default=no)])],
+	[_enable_rpm=$enableval],
+	[_enable_rpm=yes])
+
+AC_ARG_ENABLE([avc],
+	[AC_HELP_STRING([--disable-avc],[Disables avc support (default=no)])],
+	[_enable_avc=$enableval],
+	[_enable_avc=yes])
+
+AC_ARG_ENABLE([bool],
+	[AC_HELP_STRING([--disable-bool],[Disables boolean support (default=no)])],
+	[_enable_bool=$enableval],
+	[_enable_bool=yes])
+
+AC_ARG_ENABLE([docs],
+	[AC_HELP_STRING([--disable-docs],
+		[Disables installation of man pages (defualt=no)])],
+	[_enable_docs=$enableval],
+	[_enable_docs=yes])
+
+AM_CONDITIONAL([enable_rpm], [ test "$_enable_rpm" = yes])
+AM_CONDITIONAL([enable_avc], [ test "$_enable_avc" = yes])
+AM_CONDITIONAL([enable_bool], [ test "$_enable_bool" = yes])
+AM_CONDITIONAL([enable_docs], [ test "$_enable_docs" = yes])
+
+AC_ARG_WITH([pythonver],
+	[AC_HELP_STRING([--with-pythonver=x],[Python version (eg 2.4) ])],
+        [],
+        [with_pythonver=$PYTHON_VERSION]
+)
+
+if test -n "$with_pythonver" ; then
+        AC_SUBST([pythondir],[$libdir/python$with_pythonver/site-packages])
+        AC_SUBST([pyexecdir],[$libdir/python$with_pythonver/site-packages])
+fi
+
+AC_ARG_WITH([python],
+	[AC_HELP_STRING(
+		[--with-python=PATH],
+		[ Optional path to python includedir 
+		  (eg prefix/include/python2.4)for python clients])],
+	[],
+	[with_python=no]
+)
+if test "$with_python" != "no" ; then
+	AC_SUBST([PYTHON_INCLUDE_DIR],[$with_python])
+	if test -d "$with_python" -a  -f "$with_python/Python.h"; then 
+		have_python=yes;
+	else
+		have_python=no;
+	fi
+
+fi
+
+AM_CONDITIONAL([enable_python], [test "$have_python" = yes])
+
+
+AC_ARG_WITH([static-libsepol],
+        [AC_HELP_STRING([--with-static-libsepol=PATH],
+		[libsepol.a library to build against. Optional])],
+        [AC_MSG_CHECKING([for libsepol.a ])]
+        [if @<:@ -f "$with_static_libsepol/libsepol.a" @:>@ ; then
+                        AC_MSG_RESULT([$with_static_libsepol/libsepol.a found])
+                        AC_SUBST([LIBSEPOL_A_PATH], 
+				[[$with_static_libsepol/libsepol.a]])
+        elif @<:@ -f "$with_static_libsepol" @:>@ ; then
+                        AC_MSG_RESULT([$with_static_libsepol ok])
+                        AC_SUBST([LIBSEPOL_A_PATH], [[$with_static_libsepol]])
+        else
+                AC_MSG_RESULT([no found])
+                AC_MSG_WARN([[Cannot build libpyaudit2why.so python wrappper. 
+			Try --with-static-libsepol=PATH]])
+
+        fi],
+        [AC_MSG_CHECKING([for libsepol.a in $prefix/lib])]
+        [if @<:@ -f "$prefix/lib/libsepol.a" @:>@ ; then
+                AC_MSG_RESULT([$prefix/lib/libsepol.a found])
+                AC_SUBST([LIBSEPOL_A_PATH], [[$prefix/lib/libsepol.a]])
+        else
+                AC_MSG_RESULT([not found])
+                AC_MSG_WARN([[Cannot build libpyaudit2why.so python wrappper. 
+			Try --with-static-libsepol=PATH]])
+        fi]
+)
+
+
+AM_CONDITIONAL([have_sepol],[test -n "$LIBSEPOL_A_PATH" ])
+
+AC_ARG_WITH([policyname],
+	[AC_HELP_STRING([--with-policyname],
+		[Name of policy type for configuration (default: targeted)])],
+	[],
+	[with_policyname=targeted]
+)
+
+AC_SUBST([policyname],[$with_policyname])
+
+AC_ARG_ENABLE([swig],
+	[AC_HELP_STRING([--enable-swig],
+		[Cause regeneration of python c interface (default=no)])],
+	[_enable_swig=$enableval],
+	[_enable_swig=no]
+)
+# Hault the config if we are asked for swig, but not swig is found
+if test "$_enable_swig" = "yes" -a -z "$SWIG" ; then
+	AC_MSG_ERROR([Cannot find swig interface gemerator in PATH, 
+		Disable python c-inteferace regeneration with --disable-swig])
+fi
+
+# slip in fake swig if needed
+if test "$_enable_swig" != "yes" ; then
+	AC_SUBST([SWIG],[/bin/true])
+fi
+
+AC_CONFIG_FILES([Makefile
+		src/Makefile
+		utils/Makefile
+		man/Makefile
+		include/Makefile])
+
+VERSION=`cat $srcdir/VERSION`
+if test "$VERSION" = "" ; then
+	VERSION=svn
+fi
+
+AC_OUTPUT
+
+PRINT='echo -n -e '
+$PRINT "\n*** Libselinux Configuration summary ***\n"
+
+if test "$have_python" != yes ; then
+ $PRINT "\taudit2why\t\t= no "
+ $PRINT "(try --with-python=/usr/include/python$PYTHON_VERSION) \n"
+ $PRINT "\tlibpyselinux.so\t\t= no\n"
+else
+ $PRINT "\taudit2why\t\t= yes (Using python headers $with_python) \n"
+ $PRINT "\tlibpyselinux.so\t\t= yes\n"
+fi
+
+if test -n "$LIBSEPOL_A_PATH" ; then
+ $PRINT "\tlibpyaudit2why.so\t= yes (Using $LIBSEPOL_A_PATH) \n"
+else
+ $PRINT "\tlibpyaudit2why.so\t= no "
+ $PRINT "(try --with-static-libsepol=/path/to/libsepol.a)\n"
+fi
+$PRINT "\tlibselinux.so\t\t= yes\n"
+$PRINT "\tAVC Support\t\t= $_enable_avc\n"
+$PRINT "\tBoolean Support\t\t= $_enable_bool\n"
+$PRINT "\tRPM Support\t\t= $_enable_rpm\n"
+$PRINT "\tSELinux utlities\t= yes\n"
+$PRINT "\tInstall Man pages\t= $_enable_docs\n"
+$PRINT "\tSELinux Type\t\t= $with_policyname\n"
+$PRINT "\tRegenerate py wrapper\t= $_enable_swig\n"
+$PRINT "\tPython Packages folder\t= $pythondir\n"
+$PRINT "------------------------------------------------------------\n" 

libselinux/include/Makefile.am

@@ -0,0 +1,5 @@
+nobase_include_HEADERS	= \
+	selinux/avc.h selinux/context.h selinux/get_context_list.h \
+	selinux/label.h selinux/av_permissions.h selinux/flask.h \
+	selinux/get_default_type.h selinux/selinux.h
+

libselinux/libtool_compat.h

@@ -0,0 +1,4 @@
+/* Wraps legacy macro -DSHARED with libtool defined -DPIC */
+#ifdef PIC
+# define SHARED
+#endif

libselinux/man/Makefile.am

@@ -0,0 +1,52 @@
+dist_man_MANS	= $(mydocs)
+mydocs=
+if enable_docs
+mydocs	+= man3/avc_add_callback.3 man3/avc_audit.3 man3/avc_av_stats.3 \
+	man3/avc_cache_stats.3 man3/avc_cleanup.3 man3/avc_compute_create.3 \
+	man3/avc_compute_member.3 man3/avc_context_to_sid.3 man3/avc_destroy.3 \
+	man3/avc_entry_ref_init.3 man3/avc_get_initial_context.3 \
+	man3/avc_has_perm.3 \
+	man3/avc_has_perm_noaudit.3 man3/avc_init.3 man3/avc_reset.3 \
+	man3/avc_sid_stats.3 man3/avc_sid_to_context.3 man3/checkPasswdAccess.3 \
+	man3/context_free.3 man3/context_new.3 man3/context_range_get.3 \
+	man3/context_range_set.3 man3/context_role_get.3 man3/context_role_set.3 \
+	man3/context_type_get.3 man3/context_type_set.3 man3/context_user_get.3 \
+	man3/context_user_set.3 man3/freecon.3 man3/freeconary.3 \
+	man3/fsetfilecon.3 man3/getcon.3 man3/get_default_context.3 \
+	man3/get_default_context_with_level.3 \
+	man3/get_default_context_with_role.3 \
+	man3/get_default_context_with_rolelevel.3 man3/getexeccon.3 \
+	man3/getfilecon.3 \
+	man3/getfscreatecon.3 man3/get_ordered_context_list.3 \
+	man3/get_ordered_context_list_with_level.3 man3/getpeercon.3 \
+	man3/getpidcon.3 man3/getprevcon.3 man3/getseuserbyname.3 \
+	man3/is_context_customizable.3 man3/is_selinux_enabled.3 \
+	man3/lsetfilecon.3 man3/manual_user_enter_context.3 man3/matchmediacon.3 \
+	man3/matchpathcon.3 man3/query_user_context.3 man3/rpm_execcon.3 \
+	man3/security_av_perm_to_string.3 man3/security_av_string.3 \
+	man3/security_check_context.3 man3/security_class_to_string.3 \
+	man3/security_commit_booleans.3 man3/security_compute_av.3 \
+	man3/security_compute_create.3 man3/security_compute_member.3 \
+	man3/security_compute_relabel.3 man3/security_compute_user.3 \
+	man3/security_get_boolean_active.3 man3/security_get_boolean_names.3 \
+	man3/security_get_boolean_pending.3 man3/security_getenforce.3 \
+	man3/security_get_initial_context.3 man3/security_load_booleans.3 \
+	man3/security_load_policy.3 man3/security_policyvers.3 \
+	man3/security_set_boolean.3 man3/security_setenforce.3 \
+	man3/selabel_close.3 man3/selabel_lookup.3 man3/selabel_open.3 \
+	man3/selabel_stats.3 man3/selinux_binary_policy_path.3 \
+	man3/selinux_booleans_path.3 man3/selinux_check_securetty_context.3 \
+	man3/selinux_contexts_path.3 man3/selinux_default_context_path.3 \
+	man3/selinux_failsafe_context_path.3 man3/selinux_file_context_path.3 \
+	man3/selinux_getenforcemode.3 man3/selinux_media_context_path.3 \
+	man3/selinux_policy_root.3 man3/selinux_removable_context_path.3 \
+	man3/selinux_securetty_types_path.3 man3/selinux_set_callback.3 \
+	man3/selinux_user_contexts_path.3 man3/setcon.3 man3/setexeccon.3 \
+	man3/setfilecon.3 man3/setfscreatecon.3 man3/set_matchpathcon_printf.3 \
+	man3/sidget.3 man3/sidput.3 man3/string_to_av_perm.3 \
+	man3/string_to_security_class.3 man5/selabel_file.5 \
+	man5/selabel_media.5 man5/selabel_x.5 man8/avcstat.8 \
+	man8/booleans.8 man8/getenforce.8 man8/getsebool.8 \
+	man8/matchpathcon.8 man8/selinux.8 man8/selinuxenabled.8 \
+	man8/setenforce.8 man8/togglesebool.8
+endif

libselinux/src/Makefile.am

@@ -0,0 +1,76 @@
+COMMONSRC = \
+	compute_member.c get_default_type.c lgetfilecon.c selinux_config.c \
+	compute_relabel.c getenforce.c load_policy.c \
+	compute_user.c getfilecon.c lsetfilecon.c setenforce.c \
+	context.c get_initial_context.c setfilecon.c \
+	disable.c getpeercon.c matchmediacon.c setrans_client.c \
+	callbacks.c enabled.c init.c matchpathcon.c seusers.c \
+	canonicalize_context.c fgetfilecon.c is_customizable_type.c \
+	policyvers.c freeconary.c label.c procattr.c check_context.c \
+	freecon.c label_file.c query_user_context.c compute_av.c fsetfilecon.c \
+	label_media.c compute_create.c get_context_list.c label_x.c \
+	selinux_check_securetty_context.c
+
+AVCSRC	= \
+	avc.c avc_internal.c avc_sidtab.c \
+	mapping.c stringrep.c checkAccess.c
+
+BOOLSRC				= booleans.c
+RPMSRC				= rpm.c
+BUILDSRC			= $(COMMONSRC) 
+AM_CFLAGS			= \
+	-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 \
+	-I$(abs_top_srcdir)/include
+AM_LDFLAGS			= -Wl,--as-needed
+SWIG_FLAGS			= -Wall -python -outdir $(srcdir)
+lib_LTLIBRARIES			= libselinux.la
+selinux_pyexecdir		= $(pyexecdir)/selinux
+selinux_pythondir		= $(pythondir)/selinux
+selinux_pyexec_LTLIBRARIES	= $(extra_lib)
+selinux_python_PYTHON		= __init__.py
+
+sysconf_DATA			= config
+config:Makefile
+	echo -e "SELINUXTYPE=$(policyname)\nSELINUX=enforcing" > $@ 
+		
+# When the upstream tree is patched this should be removed
+# and selinux.py must be renamed to __init__.py
+__init__.py : selinux.py
+	cp selinux.py $@
+
+PACKAGE				= selinux
+extra_lib			=
+libselinux_la_SOURCES		= $(BUILDSRC)
+libselinux_la_CPPFLAGS		= -include $(abs_top_srcdir)/libtool_compat.h
+libselinux_la_LDFLAGS		= -Wl,--as-needed -version-info 1
+if enable_python
+selinuxswig_wrap.c: Makefile selinuxswig.i selinuxswig_python.i
+	$(SWIG) -o $@ $(SWIG_FLAGS) -interface libpyselinux selinuxswig_python.i 
+extra_lib			+= libpyselinux.la
+libpyselinux_la_SOURCES		= selinuxswig_wrap.c
+libpyselinux_la_CPPFLAGS	= \
+	-include $(abs_top_srcdir)/libtool_compat.h \
+	-I@PYTHON_INCLUDE_DIR@
+libpyselinux_la_LDFLAGS		= -Wl,--as-needed -lselinux -L$(builddir)
+libpyselinux_la_DEPENDENCIES	= $(builddir)/libselinux.la
+if have_sepol
+extra_lib			+= libpyaudit2why.la
+libpyaudit2why_la_SOURCES	= audit2why.c
+libpyaudit2why_la_CPPFLAGS	= \
+	-include $(abs_top_srcdir)/libtool_compat.h \
+	-I@PYTHON_INCLUDE_DIR@
+libpyaudit2why_la_DEPENDENCIES	= $(LIBSEPOL_A_PATH) $(builddir)/libselinux.la
+libpyaudit2why_la_LDFLAGS	= -Wl,--as-needed -lselinux -L$(builddir) 
+libpyaudit2why_la_LIBADD	= $(LIBSEPOL_A_PATH)
+endif # have_sepol
+
+endif # have python
+if enable_avc
+BUILDSRC += $(AVCSRC)
+endif
+if enable_bool 
+BUILDSRC += $(BOOLSRC)
+endif
+if enable_rpm
+BUILDSRC += $(RPMSRC)
+endif

libselinux/utils/Makefile.am

@@ -0,0 +1,21 @@
+COMMON = avcstat getenforce  getseuser selinuxenabled \
+	compute_user getfilecon matchpathcon setenforce \
+	getconlist getpidcon policyvers setfilecon \
+	getdefaultcon selinux_check_securetty_context
+
+BUILDS = $(COMMON)
+
+AVC	= compute_av compute_create compute_member compute_relabel
+BOOL	= getsebool togglesebool
+
+if enable_avc
+BUILDS += $(AVC)
+endif
+if enable_bool 
+BUILDS += $(BOOL)
+endif
+
+bin_PROGRAMS	= $(BUILDS)
+AM_LDFLAGS	= -Wl,--as-needed -lselinux -L$(builddir)/../src
+AM_CPPFLAGS	= -I$(srcdir)/../include
+BUILT_SOURCES	= $(builddir)/../src/libselinux.la

libsemanage/Makefile.am

@@ -0,0 +1 @@
+SUBDIRS = man src include

libsemanage/configure.ac

@@ -0,0 +1,173 @@
+#                                               -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script.
+
+AC_PREREQ(2.61)
+AC_INIT(libsemanage, VERSION, BUG-REPORT-ADDRESS)
+AM_INIT_AUTOMAKE
+AC_CONFIG_SRCDIR([src/modules.c])
+AC_CONFIG_HEADER([config.h])
+
+
+# Checks for programs.
+AC_PROG_YACC
+if test -z "$ac_cv_prog_YACC" ; then
+	AC_MSG_ERROR([Could not find yacc])
+fi
+AC_PROG_CC
+AC_PROG_LEX
+if test -z "$ac_cv_prog_LEX" ; then
+	AC_MSG_ERROR([Could not find lex])
+fi
+AC_PROG_INSTALL
+AC_PROG_LN_S
+# Stop libtool from building the .a because the NSA use special 
+# flags for the .a and need to be set manually from the Makefile.am
+# Static lib is used to build checkpolicy/module
+AC_DISABLE_STATIC
+AC_PROG_LIBTOOL
+AM_PATH_PYTHON
+AC_PATH_PROGS([SWIG],[swig])
+
+AM_PROG_CC_C_O
+
+# Checks for libraries.
+AC_SEARCH_LIBS([selinux_init_load_policy],[selinux],
+	[],
+	[AC_MSG_ERROR([[SELinux library was not found.]])]
+	,[]
+)
+AC_SEARCH_LIBS([sepol_policydb_read],[sepol],
+	[],
+	[AC_MSG_ERROR([[SELinux Policy library was not found.]])]
+	,[]
+)
+
+AC_SEARCH_LIBS([ustr_free],[ustr],
+	[],
+	[AC_MSG_ERROR([[ustr Micro String library was not found.]])]
+	,[]
+)
+	
+# Checks for header files.
+AC_HEADER_DIRENT
+AC_HEADER_STDC
+AC_HEADER_SYS_WAIT
+AC_CHECK_HEADERS([fcntl.h float.h limits.h \
+	stddef.h stdio_ext.h stdlib.h \
+	string.h strings.h sys/file.h \
+	sys/time.h unistd.h])
+
+AC_CHECK_HEADER([selinux/selinux.h],
+	[AC_DEFINE(HAVE_SELINUX_SELINUX_H, 1, 
+		[Define to 1 if you have <selinux/selinux.h>.])]
+	,
+        [AC_MSG_ERROR([[SELinux headers are missing.]])]
+)
+
+AC_CHECK_HEADER([ustr.h],
+	[AC_DEFINE(HAVE_USTR_H, 1, [Define to 1 if you have <ustr.h>.])]
+	,
+        [AC_MSG_ERROR([[ustr Micro String library header is missing.]])]
+)
+
+AC_ARG_WITH([pythonver],
+	[AC_HELP_STRING([--with-pythonver=x],[Python version (eg 2.4) ])],
+        [],
+        [with_pythonver=$PYTHON_VERSION]
+)
+
+AC_ARG_WITH([python],
+        [AC_HELP_STRING([--with-python=PATH],[Optional path to python includedir 
+		(eg prefix/include/python2.4)for python clients])],
+        [],
+        [with_python=no]
+)
+if test "$with_python" != "no" ; then
+        AC_SUBST([PYTHON_INCLUDE_DIR],[$with_python])
+
+        if test -d "$with_python" -a  -f "$with_python/Python.h"; then
+		AC_SEARCH_LIBS([PyObject_Init],[python$with_pythonver],
+			[have_python=yes],
+			[have_python=no]
+			[AC_MSG_WARN([
+			[python$with_pythonver library could not be found. 
+				Cannot build libpysemanage]])]
+		)
+	fi
+fi
+
+AM_CONDITIONAL([enable_python], [test "$have_python" = yes])
+
+AC_SUBST([pythondir],[$libdir/python$with_pythonver/site-packages])
+AC_SUBST([pyexecdir],[$libdir/python$with_pythonver/site-packages])
+
+AC_ARG_ENABLE([swig],
+	[AC_HELP_STRING([--enable-swig],
+		[Cause regeneration of python c interface (default=no)])],
+	[_enable_swig=$enableval],
+	[_enable_swig=no]
+)
+
+# Hault the config if we are asked for swig, but not swig is found
+if test "$_enable_swig" = "yes" -a -z "$SWIG" ; then
+        AC_MSG_ERROR([Cannot find swig interface gemerator in PATH,
+                Disable python c-inteferace regeneration with --disable-swig])
+fi
+
+# slip in fake swig if needed
+if test "$_enable_swig" != "yes" ; then
+        AC_SUBST([SWIG],[/bin/true])
+fi
+
+# Checks for typedefs, structures, and compiler characteristics.
+AC_HEADER_STDBOOL
+AC_C_CONST
+AC_C_INLINE
+AC_TYPE_MODE_T
+AC_TYPE_PID_T
+AC_TYPE_SIZE_T
+AC_TYPE_SSIZE_T
+AC_HEADER_TIME
+AC_TYPE_UID_T
+
+# Checks for library functions.
+AC_FUNC_MALLOC
+AC_FUNC_MEMCMP
+AC_FUNC_MMAP
+AC_FUNC_REALLOC
+AC_FUNC_SELECT_ARGTYPES
+AC_FUNC_STAT
+AC_FUNC_FORK
+AC_FUNC_VPRINTF
+AC_CHECK_FUNCS([endpwent floor memset \
+	mkdir munmap regcomp rmdir \
+	select strcasecmp strchr \
+	strdup strerror strndup \
+	strrchr strstr strtol \
+	strtoul strverscmp])
+
+AC_CONFIG_FILES([Makefile
+                 src/Makefile
+                 include/Makefile
+                 man/Makefile])
+
+
+VERSION=`cat $srcdir/VERSION`
+if test "$VERSION" = "" ; then
+	VERSION=svn
+fi
+AC_OUTPUT
+
+PRINT='echo -n -e '
+$PRINT  "\nLibsemanage Configuration Summary:\n"
+if test "$have_python" = "yes" ; then
+	$PRINT "\tlibpysemanage.so\t= $have_python (Using $with_python) \n"
+else
+	$PRINT "\tlibpysemanage.so\t= no "
+	$PRINT "(try --with-python=/usr/include/python$PYTHON_VERSION) \n"
+fi
+$PRINT "\tRegenerate py wrapper\t= $_enable_swig\n"
+$PRINT "\tBuilding static lib\t= $enable_static\n"
+$PRINT "\tBuilding shared object\t= $enable_shared\n"
+$PRINT "\tPython Packages folder\t= $pythondir\n"
+$PRINT "------------------------------------------------------------\n"

libsemanage/include/Makefile.am

@@ -0,0 +1,15 @@
+nobase_include_HEADERS = \
+	semanage/boolean_record.h 	semanage/booleans_active.h \
+	semanage/booleans_local.h 	semanage/booleans_policy.h \
+	semanage/context_record.h 	semanage/debug.h \
+	semanage/fcontext_record.h 	semanage/fcontexts_local.h \
+	semanage/fcontexts_policy.h	semanage/handle.h \
+	semanage/iface_record.h 	semanage/interfaces_local.h \
+	semanage/interfaces_policy.h 	semanage/modules.h \
+	semanage/node_record.h 		semanage/nodes_local.h \
+	semanage/nodes_policy.h 	semanage/port_record.h \
+	semanage/ports_local.h 		semanage/ports_policy.h \
+	semanage/semanage.h 		semanage/seuser_record.h \
+	semanage/seusers_local.h 	semanage/seusers_policy.h \
+	semanage/user_record.h 		semanage/users_local.h \
+	semanage/users_policy.h

libsemanage/libtool_compat.h

@@ -0,0 +1,4 @@
+/* Wraps legacy macro -DSHARED with libtool defined -DPIC */
+#ifdef PIC
+# define SHARED
+#endif

libsemanage/man/Makefile.am

@@ -0,0 +1,52 @@
+dist_man_MANS = \
+	man3/semanage_bool.3 man3/semanage_bool_count.3 \
+	man3/semanage_bool_count_active.3 man3/semanage_bool_count_local.3 \
+	man3/semanage_bool_del_local.3 man3/semanage_bool_exists.3 \
+	man3/semanage_bool_exists_active.3 man3/semanage_bool_exists_local.3 \
+	man3/semanage_bool_iterate.3 man3/semanage_bool_iterate_active.3 \
+	man3/semanage_bool_iterate_local.3 man3/semanage_bool_list.3 \
+	man3/semanage_bool_list_active.3 man3/semanage_bool_list_local.3 \
+	man3/semanage_bool_modify_local.3 man3/semanage_bool_query.3 \
+	man3/semanage_bool_query_active.3 man3/semanage_bool_query_local.3 \
+	man3/semanage_bool_set_active.3 man3/semanage_count.3 \
+	man3/semanage_del.3 man3/semanage_exists.3 man3/semanage_fcontext.3 \
+	man3/semanage_fcontext_count.3 man3/semanage_fcontext_count_local.3 \
+	man3/semanage_fcontext_del_local.3 man3/semanage_fcontext_exists.3 \
+	man3/semanage_fcontext_exists_local.3 man3/semanage_fcontext_iterate.3 \
+	man3/semanage_fcontext_iterate_local.3 man3/semanage_fcontext_list.3 \
+	man3/semanage_fcontext_list_local.3 man3/semanage_fcontext_modify_local.3 \
+	man3/semanage_fcontext_query.3 man3/semanage_fcontext_query_local.3 \
+	man3/semanage_iface.3 man3/semanage_iface_count.3 \
+	man3/semanage_iface_count_local.3 man3/semanage_iface_del_local.3 \
+	man3/semanage_iface_exists.3 man3/semanage_iface_exists_local.3 \
+	man3/semanage_iface_iterate.3 man3/semanage_iface_iterate_local.3 \
+	man3/semanage_iface_list.3 man3/semanage_iface_list_local.3 \
+	man3/semanage_iface_modify_local.3 man3/semanage_iface_query.3 \
+	man3/semanage_iface_query_local.3 man3/semanage_iterate.3 \
+	man3/semanage_list.3 man3/semanage_modify.3 man3/semanage_node.3 \
+	man3/semanage_node_count.3 man3/semanage_node_count_local.3 \
+	man3/semanage_node_del_local.3 man3/semanage_node_exists.3 \
+	man3/semanage_node_exists_local.3 man3/semanage_node_iterate.3 \
+	man3/semanage_node_iterate_local.3 man3/semanage_node_list.3 \
+	man3/semanage_node_list_local.3 man3/semanage_node_modify_local.3 \
+	man3/semanage_node_query.3 man3/semanage_node_query_local.3 \
+	man3/semanage_port.3 man3/semanage_port_count.3 \
+	man3/semanage_port_count_local.3 man3/semanage_port_del_local.3 \
+	man3/semanage_port_exists.3 man3/semanage_port_exists_local.3 \
+	man3/semanage_port_iterate.3 man3/semanage_port_iterate_local.3 \
+	man3/semanage_port_list.3 man3/semanage_port_list_local.3 \
+	man3/semanage_port_modify_local.3 man3/semanage_port_query.3 \
+	man3/semanage_port_query_local.3 man3/semanage_query.3 \
+	man3/semanage_seuser.3 man3/semanage_seuser_count.3 \
+	man3/semanage_seuser_count_local.3 man3/semanage_seuser_del_local.3 \
+	man3/semanage_seuser_exists.3 man3/semanage_seuser_exists_local.3 \
+	man3/semanage_seuser_iterate.3 man3/semanage_seuser_iterate_local.3 \
+	man3/semanage_seuser_list.3 man3/semanage_seuser_list_local.3 \
+	man3/semanage_seuser_modify_local.3 man3/semanage_seuser_query.3 \
+	man3/semanage_seuser_query_local.3 man3/semanage_user.3 \
+	man3/semanage_user_count.3 man3/semanage_user_count_local.3 \
+	man3/semanage_user_del_local.3 man3/semanage_user_exists.3 \
+	man3/semanage_user_exists_local.3 man3/semanage_user_iterate.3 \
+	man3/semanage_user_iterate_local.3 man3/semanage_user_list.3 \
+	man3/semanage_user_list_local.3 man3/semanage_user_modify_local.3 \
+	man3/semanage_user_query.3 man3/semanage_user_query_local.3

libsemanage/src/Makefile.am

@@ -0,0 +1,69 @@
+COMMONSRC = \
+	boolean_record.c	database_llist.c	interfaces_local.c	\
+	ports_file.c		user_record.c		booleans_active.c	\
+	database_policydb.c	interfaces_policy.c	ports_local.c		\
+	users_base_file.c	booleans_activedb.c	debug.c			\
+	interfaces_policydb.c	ports_policy.c		users_base_policydb.c	\
+	booleans_file.c		direct_api.c		modules.c		\
+	ports_policydb.c	users_extra_file.c 	booleans_local.c	\
+	fcontext_record.c	node_record.c		semanage_store.c	\
+	users_join.c 		booleans_policy.c	fcontexts_file.c	\
+	nodes_file.c           	users_local.c		booleans_policydb.c	\
+	fcontexts_local.c	nodes_local.c 		seuser_record.c		\
+	users_policy.c 		context_record.c	fcontexts_policy.c	\
+	nodes_policy.c		seusers_file.c 		utilities.c 		\
+	database_activedb.c	genhomedircon.c		nodes_policydb.c	\
+	seusers_local.c 	database.c		handle.c            	\
+	parse_utils.c		seusers_policy.c 	database_file.c		\
+	iface_record.c		policy_components.c	user_base_record.c 	\
+	database_join.c		interfaces_file.c	port_record.c   	\
+	user_extra_record.c
+
+
+CLEANFILES			= $(BUILT_SOURCES)
+BUILT_SOURCES 			= conf-parse.h conf-parse.c conf-scan.c
+lib_LTLIBRARIES			= libsemanage.la
+libsemanage_la_SOURCES		= $(COMMONSRC) conf-scan.l conf-parse.y 
+libsemanage_la_CPPFLAGS 	= \
+	-I$(abs_top_srcdir)/include \
+	-include $(abs_top_srcdir)/libtool_compat.h
+libsemanage_la_LDFLAGS		= \
+	-Wl,--as-needed \
+	--version-script=$(srcdir)/libsemanage.map,-z,defs \
+	-version-info 1
+
+semanage_pyexecdir		= $(pyexecdir)/semanage
+semanage_pythondir		= $(pythondir)/semanage
+
+semanage_python_PYTHON		= __init__.py
+semanage_pyexec_LTLIBRARIES	= $(py_libs)
+py_libs				=
+
+SWIG_FLAGS			= -Wall -python -outdir $(srcdir)
+
+# When the upstream tree is patched this should be removed
+# and semanage.py must be renamed to __init__.py
+__init__.py : semanage.py
+	cp $^ $@
+
+if enable_python
+semanageswig_wrap.c: Makefile semanageswig.i semanageswig_python.i
+	$(SWIG) -o $@ $(SWIG_FLAGS) -interface libpysemanage semanageswig_python.i 
+
+py_libs				+= libpysemanage.la
+libpysemanage_la_SOURCES	= semanageswig_wrap.c
+libpysemanage_la_LDFLAGS	=  -Wl,--as-needed,-z,defs -lsemanage  -L$(builddir)
+libpysemanage_la_DEPENDENCIES	= $(lib_LTLIBRARIES)
+libpysemanage_la_CPPFLAGS	= \
+	-I$(abs_top_srcdir)/include \
+	-include $(abs_top_srcdir)/libtool_compat.h \
+	-I@PYTHON_INCLUDE_DIR@
+endif
+AM_LDFLAGS			= -Wl,--as-needed
+AM_YFLAGS			= -d
+# "lex.yy.c" is the default output, and is also tested by configure, 
+# but conf-scan.l sets the prefix itself within the file, hence in result
+# allowing the configure conftest to pass but this make rule to fail.
+# This is why -o lex.yy.c is given here.
+AM_LFLAGS			= -o lex.yy.c -s
+sysconf_DATA			= semanage.conf

libsepol/Makefile.am

@@ -0,0 +1 @@
+SUBDIRS		=  include man src utils 

libsepol/configure.ac

@@ -0,0 +1,68 @@
+#                                               -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script.
+
+AC_PREREQ(2.61)
+AC_INIT([libsepol], [1] BUG-REPORT-ADDRESS)
+AM_INIT_AUTOMAKE
+AC_CONFIG_SRCDIR([utils/chkcon.c])
+AC_CONFIG_HEADER([config.h])
+
+# Checks for programs.
+AC_PROG_CC
+AC_PROG_INSTALL
+AC_PROG_LN_S
+# semodule_deps in policycoreutils builds against libsepol.a
+AC_DISABLE_STATIC
+AC_PROG_LIBTOOL
+AM_PROG_CC_C_O
+
+
+
+# Checks for libraries.
+AC_CHECK_LIB([fl], [yywrap])
+
+# Checks for header files.
+AC_HEADER_STDC
+AC_CHECK_HEADERS([arpa/inet.h \
+	limits.h \
+	netinet/in.h \
+	stddef.h \
+	stdint.h \
+	stdio_ext.h \
+	stdlib.h \
+	string.h \
+	sys/socket.h \
+	unistd.h])
+
+
+# Checks for typedefs, structures, and compiler characteristics.
+AC_HEADER_STDBOOL
+AC_C_CONST
+AC_C_INLINE
+AC_TYPE_SIZE_T
+AC_TYPE_SSIZE_T
+AC_TYPE_UINT16_T
+AC_TYPE_UINT32_T
+AC_TYPE_UINT64_T
+AC_TYPE_UINT8_T
+
+# Checks for library functions.
+AC_FUNC_MALLOC
+AC_FUNC_MEMCMP
+AC_FUNC_REALLOC
+AC_FUNC_VPRINTF
+AC_CHECK_FUNCS([memset strcasecmp strchr strdup strerror strncasecmp strrchr])
+
+AC_CONFIG_FILES([Makefile
+                 include/Makefile
+                 man/Makefile
+                 src/Makefile
+                 utils/Makefile])
+AC_OUTPUT
+
+PRINT='echo -n -e '
+$PRINT "\n*** Libsepol Configuration Summary ***\n"
+$PRINT "\tBuilding static lib\t= $enable_static\n"
+$PRINT "\tBuilding shared object\t= $enable_shared\n"
+$PRINT "------------------------------------------------------------\n" 
+

libsepol/include/Makefile.am

@@ -0,0 +1,22 @@
+nobase_include_HEADERS	= \
+	sepol/boolean_record.h  	sepol/node_record.h \
+	sepol/policydb/flask_types.h 	sepol/policydb/sidtab.h \
+	sepol/booleans.h        	sepol/nodes.h \
+	sepol/policydb.h		sepol/policydb/symtab.h	\
+	sepol/context.h 		sepol/policydb/avrule_block.h \
+	sepol/policydb/hashtab.h	sepol/policydb/util.h \
+	sepol/context_record.h  	sepol/policydb/avtab.h \
+	sepol/policydb/hierarchy.h 	sepol/port_record.h \
+	sepol/debug.h           	sepol/policydb/conditional.h \
+	sepol/policydb/link.h		sepol/ports.h \	
+	sepol/errcodes.h 		sepol/policydb/constraint.h \
+	sepol/policydb/mls_types.h	sepol/roles.h \
+	sepol/handle.h			sepol/policydb/context.h \
+	sepol/policydb/module.h 	sepol/sepol.h \
+	sepol/iface_record.h		sepol/policydb/ebitmap.h \
+	sepol/policydb/polcaps.h	sepol/user_record.h \
+	sepol/interfaces.h 		sepol/policydb/expand.h	\
+	sepol/policydb/policydb.h	sepol/users.h \
+	sepol/module.h			sepol/policydb/flask.h \
+	sepol/policydb/services.h
+

libsepol/libtool_compat.h

@@ -0,0 +1,4 @@
+/* Wraps legacy macro -DSHARED with libtool defined -DPIC */
+#ifdef PIC
+# define SHARED
+#endif

libsepol/man/Makefile.am

@@ -0,0 +1,7 @@
+dist_man_MANS	=  \
+	man3/sepol_check_context.3  \
+	man3/sepol_genusers.3  \
+	man8/genpolbools.8 \
+	man3/sepol_genbools.3 \
+	man8/chkcon.8 \
+	man8/genpolusers.8

libsepol/src/Makefile.am

@@ -0,0 +1,17 @@
+COMMONSRC		= assertion.c conditional.c ebitmap.c hashtab.c \
+			mls.c policydb.c roles.c users.c \
+			avrule_block.c constraint.c expand.c hierarchy.c \
+			module.c policydb_convert.c services.c util.c \
+			avtab.c context.c genbools.c iface_record.c \
+			node_record.c  policydb_public.c sidtab.c write.c \
+			boolean_record.c context_record.c genusers.c interfaces.c \
+			nodes.c port_record.c symtab.c booleans.c \
+			debug.c handle.c link.c polcaps.c ports.c user_record.c
+lib_LTLIBRARIES		= libsepol.la
+libsepol_la_SOURCES	= $(COMMONSRC)
+libsepol_la_CPPFLAGS	= \
+	-D_GNU_SOURCE -fPIC \
+	-include $(abs_top_srcdir)/libtool_compat.h \
+	-I$(abs_top_srcdir)/include
+libsepol_la_LDFLAGS	= -version-info 1
+AM_LDFLAGS		= -Wl,--as-needed

libsepol/utils/Makefile.am

@@ -0,0 +1,6 @@
+bin_PROGRAMS	= chkcon
+AM_LDFLAGS	= -Wl,--as-needed
+AM_CPPFLAGS	= -I$(abs_top_srcdir)/include
+chkcon_SOURCES	= chkcon.c
+chkcon_DEPENDENCIES	= $(builddir)/../src/libsepol.la
+chkcon_LDFLAGS	= -lsepol -L$(builddir)/../src

policycoreutils/Makefile.am

@@ -0,0 +1,16 @@
+SUBDIRS		= \
+	setfiles	semanage	load_policy \
+	newrole		secon		audit2allow \
+	audit2why 	scripts		sestatus \
+	semodule_link	semodule_expand \
+	restorecond	semodule_package \
+	$(extra_subdirs)
+
+extra_subdirs	=
+		
+# needs either pam or crypt
+extra_subdirs	+= run_init
+
+extra_subdirs	+= semodule
+extra_subdirs	+= setsebool
+extra_subdirs	+= semodule_deps

policycoreutils/audit2allow/Makefile.am

@@ -0,0 +1,2 @@
+dist_bin_SCRIPTS	= audit2allow sepolgen-ifgen
+man_MANS		= audit2allow.1

policycoreutils/audit2why/Makefile.am

@@ -0,0 +1,2 @@
+dist_bin_SCRIPTS	= audit2why
+man_MANS		= audit2why.1

policycoreutils/configure.ac

@@ -0,0 +1,251 @@
+#                                               -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script.
+
+AC_PREREQ(2.61)
+AC_INIT(policycoreutils, VERSION, BUG-REPORT-ADDRESS)
+AM_INIT_AUTOMAKE
+AC_CONFIG_SRCDIR([run_init/run_init.c])
+AC_CONFIG_HEADER([config.h])
+
+AM_PATH_PYTHON
+
+# Checks for programs.
+AC_PROG_CC
+AC_PROG_INSTALL
+AC_PROG_LN_S
+
+AM_PROG_CC_C_O
+
+# Checks for typedefs, structures, and compiler characteristics.
+AC_C_CONST
+AC_C_INLINE
+AC_TYPE_PID_T
+AC_TYPE_SIZE_T
+AC_TYPE_SSIZE_T
+AC_HEADER_TIME
+AC_TYPE_UID_T
+AC_TYPE_UINT32_T
+
+AC_CHECK_LIB([dl], [dlopen])
+
+AC_SEARCH_LIBS([selinux_init_load_policy],[selinux],
+        [],
+        [echo -n -e "********************************************************\n"]
+        [AC_MSG_ERROR([[SELinux library was not found. Aborted]])]
+)
+
+AC_SEARCH_LIBS([sepol_policydb_read],[sepol],
+        [],
+        [echo -n -e "********************************************************\n"]
+        [AC_MSG_ERROR([[SELinux Policy library was not found. Aborted]])]
+)
+
+AC_ARG_WITH([static-libsepol],
+	[AC_HELP_STRING([--with-static-libsepol=PATH],
+		[Required for semodule_deps])],
+	[AC_MSG_CHECKING([for libsepol.a ])]
+	[if @<:@ -f "$with_static_libsepol/libsepol.a" @:>@ ; then
+		AC_MSG_RESULT([$with_static_libsepol/libsepol.a found])
+		HAVE_semodule_deps=yes
+		AC_SUBST([LIBSEPOL_A_PATH], [[$with_static_libsepol/libsepol.a]])
+	elif @<:@ -f "$with_static_libsepol" @:>@ ; then
+			AC_MSG_RESULT([$with_static_libsepol ok])
+			HAVE_semodule_deps=yes
+			AC_SUBST([LIBSEPOL_A_PATH], [[$with_static_libsepol]])
+	else
+		AC_MSG_RESULT([no found])
+		HAVE_semodule_deps=no
+		AC_MSG_NOTICE([[semodule_deps cannot be built without libsepol.a ]])
+	fi],
+	[AC_MSG_CHECKING([for libsepol.a in $prefix/lib])]
+	[if @<:@ -f "$prefix/lib/libsepol.a" @:>@ ; then
+		AC_MSG_RESULT([$prefix/lib/libsepol.a found])
+		HAVE_semodule_deps=yes
+		AC_SUBST([LIBSEPOL_A_PATH], [[$prefix/lib/libsepol.a]])
+	else
+		AC_MSG_RESULT([not found])
+		HAVE_semodule_deps=no
+		AC_MSG_NOTICE([[semodule_deps cannot be built without libsepol.a. 
+			Please use --with-static-libsepol=PATH]])
+	fi]
+)
+
+AM_CONDITIONAL([BUILD_semodule_deps],[test "x$HAVE_semodule_deps" = xyes])
+
+AC_SEARCH_LIBS([forkpty], [util],
+	[HAVE_run_init=yes],
+	[HAVE_run_init=no]
+	[AC_MSG_NOTICE([*** Not building run_init ***])]
+)
+AM_CONDITIONAL([BUILD_run_init],[test "x$HAVE_run_init" = xyes])
+
+#check for libaudit
+AC_SEARCH_LIBS([audit_open], [audit],
+	[AC_CHECK_HEADERS([libaudit.h],[HAVE_LIBAUDIT=yes],[])],
+	[AC_MSG_NOTICE([ *** Disabling kernel audit functionality *** ])])
+AM_CONDITIONAL([have_libaudit],[test "x$HAVE_LIBAUDIT" = xyes])
+
+AC_SEARCH_LIBS([pam_authenticate], [pam],
+	[AC_SEARCH_LIBS([misc_conv],[pam_misc],
+		[AC_CHECK_HEADERS([security/pam_appl.h],[have_pam=yes],
+			[AC_MSG_NOTICE([ *** PAM functionality disabled ***])])],
+		[AC_MSG_NOTICE([*** PAM Functionality disabled ***])]
+		[have_pam=no]
+	)],
+	[AC_MSG_NOTICE([*** PAM Functionality disabled ***])]
+	[have_pam=no]
+)
+AM_CONDITIONAL([HAVE_PAM], [ test "x$have_pam" = xyes])
+
+if test "x$have_pam" != xyes ; then
+	AC_SEARCH_LIBS([crypt], [crypt],[],
+		[AC_MSG_ERROR([Must have either PAM or crypt libs to continue])]
+	)
+fi
+
+
+AC_SEARCH_LIBS([semanage_connect], [semanage],
+	[HAVE_semanage=yes],
+	[HAVE_semanage=no]
+	[AC_MSG_NOTICE([*** Not building semodule ***])]
+	[AC_MSG_NOTICE([*** Not building setsebool ***])]
+)
+AM_CONDITIONAL([BUILD_semodule],[test "x$HAVE_semanage" = xyes])
+AM_CONDITIONAL([BUILD_setsebool],[test "x$HAVE_semanage" = xyes])
+
+
+AC_ARG_WITH([startupdir],
+        [AC_HELP_STRING([--with-startupdir=PATH],
+		[Path to startup script's folder (eg /etc/rc.d/init.d)])],
+        [],
+        [with_startupdir=no]
+)
+if test "$with_startupdir" != "no" ; then
+        AC_SUBST([STARTUP_DIR],[$with_startupdir])
+else
+	AC_SUBST([STARTUP_DIR],[$sysconfdir/rc.d/init.d])
+fi
+
+
+AC_ARG_WITH([pamdir],
+	[AC_HELP_STRING([--with-pamdir=x],
+		[Location of pam module directory (default: $sysconfdir/pam.d)])],
+	[],
+	[with_pamdir=$sysconfdir/pam.d],
+)
+AC_SUBST([pamdir],[$with_pamdir])
+
+AC_ARG_WITH([pythonver],
+	[AC_HELP_STRING([--with-pythonver=x],[Python version (eg 2.4) ])],
+        [],
+        [with_pythonver=$PYTHON_VERSION]
+)
+
+if test -n "$with_pythonver" ; then
+        AC_SUBST([pythondir],[$libdir/python$with_pythonver/site-packages])
+        AC_SUBST([pyexecdir],[$libdir/python$with_pythonver/site-packages])
+fi
+
+# Checks for header files.
+AC_HEADER_DIRENT
+AC_HEADER_STDC
+AC_HEADER_SYS_WAIT
+AC_CHECK_HEADERS([fcntl.h libintl.h \
+	limits.h locale.h shadow.h \
+	stdint.h stdio_ext.h stdlib.h \
+	string.h sys/vfs.h syslog.h \
+	termios.h unistd.h utmp.h])
+
+AC_CHECK_HEADERS([sys/inotify.h])
+
+AC_CHECK_HEADERS([selinux/selinux.h],[],
+	[AC_MSG_ERROR([SELinux header file missing])])
+
+#AM_PATH_PYTHON(,, [:])
+#AM_CONDITIONAL([HAVE_PYTHON], [test "$PYTHON" != :])
+
+AC_CHECK_HEADER([sys/inotify.h],
+       [AC_DEFINE([HAVE_SYS_INOTIFY_H], 1,  
+		[Define to 1 if <sys/inotify.h> is available])]
+       [have_sys_inotify=yes]
+        ,
+        [AC_MSG_WARN([[<sys/inotify.h> not found, cannot build restorecond]])]
+        [have_sys_inotify=no]
+)
+
+# Checks for library functions.
+AC_FUNC_CLOSEDIR_VOID
+AC_FUNC_FORK
+AC_PROG_GCC_TRADITIONAL
+AC_FUNC_LSTAT
+AC_FUNC_LSTAT_FOLLOWS_SLASHED_SYMLINK
+AC_FUNC_MALLOC
+AC_FUNC_MEMCMP
+AC_FUNC_MMAP
+AC_FUNC_REALLOC
+AC_TYPE_SIGNAL
+AC_FUNC_STAT
+AC_CHECK_FUNCS([atexit endpwent getdelim \
+	getpass getspnam getusershell \
+	memset munmap realpath setenv \
+	setlocale strcasecmp strchr \
+	strcspn strdup strerror \
+	strndup strrchr strspn strtol])
+
+AC_CONFIG_FILES([
+	semanage/Makefile
+	load_policy/Makefile
+	newrole/Makefile
+	secon/Makefile
+	audit2allow/Makefile
+	audit2why/Makefile
+	scripts/Makefile
+	restorecond/Makefile
+	run_init/Makefile
+	setsebool/Makefile
+	sestatus/Makefile
+	semodule/Makefile
+	semodule_deps/Makefile
+	semodule_package/Makefile
+	semodule_link/Makefile
+	semodule_expand/Makefile
+	setfiles/Makefile
+	Makefile])
+
+
+VERSION=`cat $srcdir/VERSION`
+if test "$VERSION" = "" ; then
+        VERSION=svn
+fi
+
+AC_OUTPUT
+
+PRINT='echo -n -e '
+
+$PRINT "\nPolicycoreutils Configuration Summary:\n"
+	$PRINT "\tsemanage\t\t= yes\n"
+	$PRINT "\tload_policy\t\t= yes\n"
+	$PRINT "\tnewrole\t\t\t= yes\n"
+	$PRINT "\tsecon\t\t\t= yes\n"
+	$PRINT "\taudit2allow\t\t= yes\n"
+	$PRINT "\taudit2why\t\t= yes\n"
+	$PRINT "\trestorecond\t\t= yes\n"
+        $PRINT  "\trun_init\t\t= $HAVE_run_init\n"
+	$PRINT "\tscripts\t\t\t= yes\n"
+	$PRINT "\tsestatus\t\t= yes\n"
+	$PRINT "\tsemodule_package\t= yes\n"
+	$PRINT "\tsemodule\t\t= $HAVE_semanage\n"
+	$PRINT "\tsetsebool\t\t= $HAVE_semanage\n"
+	$PRINT "\tsemodule_link\t\t= yes\n"
+	$PRINT "\tsemodule_expand\t\t= yes\n"
+	$PRINT "\tsemodule_deps\t\t= $HAVE_semodule_deps\n"
+	$PRINT "\tsetfiles\t\t= yes\n"
+	$PRINT "\tPAM Support\t\t= $have_pam\n"
+	$PRINT "\tPAM Module Path\t\t= $pamdir\n"
+if test -z "$LIBSEPOL_A_PATH" ; then
+	LIBSEPOL_A_PATH="Not available"
+fi
+	$PRINT "\tlibsepol.a\t\t= $LIBSEPOL_A_PATH\n"
+	$PRINT "\tStartup Script folder\t= $STARTUP_DIR\n"
+	$PRINT "\tPython Packages folder\t= $pythondir\n"
+$PRINT "------------------------------------------------------------\n"

policycoreutils/load_policy/Makefile.am

@@ -0,0 +1,8 @@
+custom_cppflags		= \
+	-DUSE_NLS \
+	-DLOCALEDIR="\"$(localedir)\"" \
+	-DPACKAGE="\"policycoreutils\""
+sbin_PROGRAMS		= load_policy
+man_MANS		= load_policy.8
+load_policy_CPPFLAGS	= $(custom_cppflags)
+AM_LDFLAGS		=  -Wl,--as-needed 

policycoreutils/newrole/Makefile.am

@@ -0,0 +1,42 @@
+#only need selinux
+# Enable capabilities to permit newrole to generate audit records.
+# This will make newrole a setuid root program.
+# The capabilities used are: CAP_AUDIT_WRITE.
+AUDIT_LOG_PRIV		?= n
+# Enable capabilities to permit newrole to utilitize the pam_namespace module.
+# This will make newrole a setuid root program.
+# The capabilities used are: CAP_SYS_ADMIN, CAP_CHOWN, CAP_FOWNER and
+# CAP_DAC_OVERRIDE. 
+NAMESPACE_PRIV		?= n
+# If LSPP_PRIV is y, then newrole will be made into setuid root program.
+# Enabling this option will force AUDIT_LOG_PRIV and NAMESPACE_PRIV to be y.
+LSPP_PRIV		?= n
+
+AM_LDFLAGS		=  -Wl,--as-needed $(extra_ldflags)
+extra_cppflags		= \
+	-DVERSION=\"$(VERSION)\"	\
+	-DUSE_NLS 			\
+	-DLOCALEDIR="\"$(LOCALEDIR)\""	\
+	-DPACKAGE="\"policycoreutils\""
+extra_src		= 
+extra_ldflags		=
+bin_PROGRAMS		= newrole
+newrole_SOURCES		= newrole.c $(extra_src)
+newrole_CPPFLAGS	= $(extra_cppflags)
+man_MANS		= newrole.1
+
+if HAVE_PAM
+extra_cppflags		+= -DUSE_PAM
+extra_src		+= hashtab.c
+extra_ldflags		+= -lpam -lpam_misc
+pam_DATA		= newrole.pamd
+else
+extra_cppflags		+= -D_XOPEN_SOURCE=500
+extra_ldflags		+= -lcrypt
+endif
+
+if have_libaudit
+extra_cppflags		+= -DUSE_AUDIT
+extra_ldflags		+= -laudit
+endif
+

policycoreutils/restorecond/Makefile.am

@@ -0,0 +1,15 @@
+bin_PROGRAMS		= restorecond
+
+restorecond_SOURCES	= restorecond.c utmpwatcher.c stringslist.c
+man_MANS		= restorecond.8
+sysconf_DATA		= restorecond.conf 
+
+AM_CPPFLAGS		= -D_FILE_OFFSET_BITS=64
+AM_LDFLAGS		= -Wl,--as-needed
+
+startup_SCRIPTS		= restorecond
+
+startupdir		= $(STARTUP_DIR)
+
+restorecond:restorecond.init
+	cp $< $@

policycoreutils/run_init/Makefile.am

@@ -0,0 +1,24 @@
+if BUILD_run_init
+AM_LDFLAGS		=  -Wl,--as-needed $(extra_ldflags)
+extra_cppflags		= \
+	-DUSE_NLS \
+	-DLOCALEDIR="\"$(LOCALEDIR)\"" \
+	-DPACKAGE="\"policycoreutils\""
+extra_src		= 
+extra_ldflags		=
+sbin_PROGRAMS		= run_init open_init_pty
+run_init_CPPFLAGS	= $(extra_cppflags)
+man_MANS		= run_init.8 open_init_pty.8
+if HAVE_PAM
+extra_cppflags		+= -DUSE_PAM
+extra_ldflags		+= -lpam -lpam_misc
+pam_DATA		= run_init.pamd
+else
+extra_cppflags		+= -D_XOPEN_SOURCE=500
+extra_ldflags		+= -lcrypt
+endif
+if have_libaudit
+extra_cppflags		+= -DUSE_AUDIT
+extra_ldflags		+= -laudit
+endif
+endif

policycoreutils/scripts/Makefile.am

@@ -0,0 +1,2 @@
+dist_bin_SCRIPTS	= chcat genhomedircon fixfiles
+man_MANS		= fixfiles.8 chcat.8

policycoreutils/secon/Makefile.am

@@ -0,0 +1,5 @@
+AM_LDFLAGS	= -Wl,--as-needed 
+AM_CPPFLAGS	=  -DVERSION=\"$(VERSION)\"
+
+bin_PROGRAMS	= secon
+man_MANS	= secon.1

policycoreutils/semanage/Makefile.am

@@ -0,0 +1,3 @@
+dist_sbin_SCRIPTS	= semanage
+man_MANS		= semanage.8
+python_PYTHON		= seobject.py

policycoreutils/semodule/Makefile.am

@@ -0,0 +1,5 @@
+if BUILD_semodule
+sbin_PROGRAMS		= semodule
+AM_LDFLAGS		= -Wl,--as-needed
+man_MANS		= semodule.8
+endif

policycoreutils/semodule_deps/Makefile.am

@@ -0,0 +1,7 @@
+if BUILD_semodule_deps
+bin_PROGRAMS			= semodule_deps
+AM_LDFLAGS			= -Wl,--as-needed
+semodule_deps_LDADD		= $(LIBSEPOL_A_PATH)
+semodule_deps_DEPENDENCIES	= $(LIBSEPOL_A_PATH)
+man_MANS			= semodule_deps.8
+endif

policycoreutils/semodule_expand/Makefile.am

@@ -0,0 +1,3 @@
+bin_PROGRAMS	= semodule_expand
+AM_LDFLAGS	= -Wl,--as-needed
+man_MANS	= semodule_expand.8

policycoreutils/semodule_link/Makefile.am

@@ -0,0 +1,3 @@
+bin_PROGRAMS	= semodule_link
+man_MANS	= semodule_link.8
+AM_LDFLAGS	= -Wl,--as-needed

policycoreutils/semodule_package/Makefile.am

@@ -0,0 +1,3 @@
+bin_PROGRAMS	= semodule_package
+AM_LDFLAGS	= -Wl,--as-needed
+man_MANS	= semodule_package.8

policycoreutils/sestatus/Makefile.am

@@ -0,0 +1,5 @@
+sbin_PROGRAMS	= sestatus
+AM_LDFLAGS	= -Wl,--as-needed
+AM_CPPFLAGS	= -D_FILE_OFFSET_BITS=64
+man_MANS	= sestatus.8
+sysconf_DATA	= sestatus.conf

policycoreutils/setfiles/Makefile.am

@@ -0,0 +1,16 @@
+sbin_PROGRAMS		= setfiles
+nodist_bin_SCRIPTS	= restorecon
+
+restorecon: setfiles
+	ln -sf setfiles restorecon
+
+CLEANFILES		= restorecon
+
+setfiles_SOURCES	= setfiles.c
+man_MANS		= setfiles.8 restorecon.8
+setfiles_CPPFLAGS	= $(libaudit_cppflags)
+AM_LDFLAGS		=  -Wl,--as-needed 
+libaudit_cppflags	= -D_FILE_OFFSET_BITS=64
+if have_libaudit
+libaudit_cppflags += -DUSE_AUDIT
+endif

policycoreutils/setsebool/Makefile.am

@@ -0,0 +1,5 @@
+if BUILD_setsebool
+sbin_PROGRAMS	= setsebool
+AM_LDFLAGS	= -Wl,--as-needed
+man_MANS	= setsebool.8
+endif

sepolgen/Makefile.am

@@ -0,0 +1 @@
+SUBDIRS	= src/sepolgen src/share

sepolgen/configure.ac

@@ -0,0 +1,47 @@
+#                                               -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script.
+
+AC_PREREQ(2.61)
+AC_INIT(sepolgen, VERSION, BUG-REPORT-ADDRESS)
+AM_INIT_AUTOMAKE
+
+
+AM_PATH_PYTHON
+
+# Checks for programs.
+AC_PROG_INSTALL
+
+
+AC_ARG_WITH([pythonver],
+	[AC_HELP_STRING([--with-pythonver=2.X],
+		[eg 2.4])],
+	[],
+	[with_pythonver=$PYTHON_VERSION]
+)
+
+if test -n "$with_pythonver" ; then
+	AC_SUBST([pythondir],[$libdir/python$with_pythonver/site-packages])
+	AC_SUBST([pyexecdir],[$libdir/python$with_pythonver/site-packages])
+fi
+
+AC_CONFIG_FILES([Makefile
+                 src/sepolgen/Makefile
+                 src/share/Makefile])
+
+
+
+VERSION=`cat $srcdir/VERSION`
+if test "$VERSION" = "" ; then
+        VERSION=svn
+fi
+
+AC_OUTPUT
+
+PRINT='echo -n -e '
+
+
+
+$PRINT "\n$PACKAGE Configuration Summary:\n"
+$PRINT "\tPython Packages folder\t= $pythondir\n"
+$PRINT "------------------------------------------------------------\n"
+

sepolgen/src/sepolgen/Makefile.am

@@ -0,0 +1,20 @@
+pkgpython_PYTHON	= $(pyfiles)
+PACKAGE	= sepolgen
+pyfiles = \
+access.py \
+audit.py \
+classperms.py \
+defaults.py \
+__init__.py \
+interfaces.py \
+lex.py \
+matching.py \
+module.py \
+objectmodel.py \
+output.py \
+policygen.py \
+refparser.py \
+refpolicy.py \
+sepolgeni18n.py \
+util.py \
+yacc.py 

sepolgen/src/share/Makefile.am

@@ -0,0 +1 @@
+dist_pkglib_DATA	= perm_map