When building a monolithic policy with 'make load', the
selinux_config(5) file 'SELINUXTYPE' entry determines what policy
is loaded as load_policy(8) does not take a path value (it always loads
the active system policy as defined by /etc/selinux/config).
Currently it is possible to load the wrong binary policy, for example if
the Reference Policy source is located at:
/etc/selinux/refpolicy
and the /etc/selinux/config file has the following entry:
SELINUXTYPE=targeted
Then the /etc/selinux/targeted/policy/policy.<ver> is loaded when
'make load' is executed.
Resolve this by using selinux_binary_policy_path(3) to determine the
current configured policy name and its location.
Another example is that if the Reference Policy source is located at:
/tmp/custom-rootfs/etc/selinux/refpolicy
and the /etc/selinux/config file has the following entry:
SELINUXTYPE=refpolicy
Then the /etc/selinux/refpolicy/policy/policy.<ver> is loaded when
'make DESTDIR=/tmp/custom-rootfs load' is executed (not the
/tmp/custom-rootfs/etc/selinux/refpolicy/policy/policy.<ver> that the
developer thought would be loaded).
Resolve this by checking if DESTDIR has been set.
Remove the '@touch $(tmpdir)/load' line as the file is never referenced.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
037ac427f8