refpolicy: add variant that builds modular policy
This adds a variant of refpolicy that builds the modular form of the policy. While this requires more memory on the target device, along with some tricks to deal with OpenWrt's volatile /var directory, it is useful for experiementing with SELinux policy. Signed-off-by: W. Michael Petullo <mike@flyn.org>
This commit is contained in:
parent
2e282537d0
commit
9eb9943f82
@ -362,6 +362,12 @@ menu "Global build settings"
|
||||
help
|
||||
SELinux Reference Policy (refpolicy)
|
||||
|
||||
config SELINUXTYPE_targeted-modular
|
||||
bool "targeted-modular"
|
||||
select PACKAGE_refpolicy-modular
|
||||
help
|
||||
Modular SELinux Reference Policy (refpolicy-modular)
|
||||
|
||||
config SELINUXTYPE_dssp
|
||||
bool "dssp"
|
||||
select PACKAGE_selinux-policy
|
||||
|
@ -24,7 +24,7 @@ TAR_OPTIONS:=--transform='s%^refpolicy%$(PKG_NAME)-$(PKG_VERSION)%' -xf -
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
define Package/refpolicy
|
||||
define Package/refpolicy/Default
|
||||
SECTION:=system
|
||||
CATEGORY:=Base system
|
||||
TITLE:=SELinux reference policy
|
||||
@ -32,6 +32,19 @@ define Package/refpolicy
|
||||
PKGARCH:=all
|
||||
endef
|
||||
|
||||
define Package/refpolicy
|
||||
$(call Package/refpolicy/Default)
|
||||
CONFLICTS:=refpolicy-modular
|
||||
VARIANT:=default
|
||||
endef
|
||||
|
||||
define Package/refpolicy-modular
|
||||
$(call Package/refpolicy/Default)
|
||||
TITLE += (modular)
|
||||
VARIANT:=modular
|
||||
PROVIDES:=refpolicy
|
||||
endef
|
||||
|
||||
define Package/refpolicy/description
|
||||
The SELinux Reference Policy project (refpolicy) is a
|
||||
complete SELinux policy that can be used as the system
|
||||
@ -56,25 +69,43 @@ endef
|
||||
# builds is a small host tool that gets run as part of the build
|
||||
# process.
|
||||
MAKE_FLAGS += \
|
||||
DESTDIR="$(PKG_INSTALL_DIR)"
|
||||
SETFILES="$(STAGING_DIR_HOST)/bin/setfiles" \
|
||||
CHECKPOLICY="$(STAGING_DIR_HOSTPKG)/bin/checkpolicy" \
|
||||
CC="$(HOSTCC)" \
|
||||
CFLAGS="$(HOST_CFLAGS)"
|
||||
|
||||
define Build/Configure
|
||||
$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf
|
||||
$(SED) "/NAME/c\NAME = targeted" $(PKG_BUILD_DIR)/build.conf
|
||||
ifneq ($(BUILD_VARIANT),modular)
|
||||
$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf
|
||||
endif
|
||||
$(call Build/Compile/Default,conf)
|
||||
endef
|
||||
|
||||
ifeq ($(BUILD_VARIANT),modular)
|
||||
define Build/Install
|
||||
$(call Build/Compile/Default,install install-headers)
|
||||
endef
|
||||
endif
|
||||
|
||||
define Package/refpolicy/conffiles
|
||||
/etc/selinux/config
|
||||
endef
|
||||
|
||||
Package/refpolicy-modular/conffiles = $(Package/refpolicy/conffiles)
|
||||
|
||||
define Package/refpolicy/install
|
||||
$(INSTALL_DIR) $(1)/etc/selinux
|
||||
$(CP) $(PKG_INSTALL_DIR)/etc/selinux/* $(1)/etc/selinux/
|
||||
$(CP) ./files/selinux-config $(1)/etc/selinux/config
|
||||
ifeq ($(BUILD_VARIANT),modular)
|
||||
$(INSTALL_DIR) $(1)/usr/share/selinux
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/share/selinux/* $(1)/usr/share/selinux/
|
||||
endif
|
||||
endef
|
||||
|
||||
Package/refpolicy-modular/install = $(Package/refpolicy/install)
|
||||
|
||||
$(eval $(call BuildPackage,refpolicy))
|
||||
$(eval $(call BuildPackage,refpolicy-modular))
|
||||
|
Loading…
Reference in New Issue
Block a user