diff options
| author | W. Michael Petullo <mike@flyn.org> | 2020-11-01 07:44:56 -0600 |
|---|---|---|
| committer | Daniel Golle <daniel@makrotopia.org> | 2020-11-09 13:06:19 +0000 |
| commit | 9eb9943f82e0b2d5e32ffe1c63f5a82caca5094d (patch) | |
| tree | a1f201de88e55926d10ad5ebcfc9d5943ea8bbd0 | |
| parent | 2e282537d00267774526ea5b4386ea3167b69c6a (diff) | |
| download | upstream-9eb9943f82e0b2d5e32ffe1c63f5a82caca5094d.tar.gz upstream-9eb9943f82e0b2d5e32ffe1c63f5a82caca5094d.tar.bz2 upstream-9eb9943f82e0b2d5e32ffe1c63f5a82caca5094d.zip | |
refpolicy: add variant that builds modular policy
This adds a variant of refpolicy that builds the modular form of the
policy. While this requires more memory on the target device, along with
some tricks to deal with OpenWrt's volatile /var directory, it is useful
for experiementing with SELinux policy.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
| -rw-r--r-- | config/Config-build.in | 6 | ||||
| -rw-r--r-- | package/system/refpolicy/Makefile | 35 |
2 files changed, 39 insertions, 2 deletions
diff --git a/config/Config-build.in b/config/Config-build.in index 8e12199cbd..178afbdb94 100644 --- a/config/Config-build.in +++ b/config/Config-build.in @@ -362,6 +362,12 @@ menu "Global build settings" help SELinux Reference Policy (refpolicy) + config SELINUXTYPE_targeted-modular + bool "targeted-modular" + select PACKAGE_refpolicy-modular + help + Modular SELinux Reference Policy (refpolicy-modular) + config SELINUXTYPE_dssp bool "dssp" select PACKAGE_selinux-policy diff --git a/package/system/refpolicy/Makefile b/package/system/refpolicy/Makefile index a431770955..d9c8c90208 100644 --- a/package/system/refpolicy/Makefile +++ b/package/system/refpolicy/Makefile @@ -24,7 +24,7 @@ TAR_OPTIONS:=--transform='s%^refpolicy%$(PKG_NAME)-$(PKG_VERSION)%' -xf - include $(INCLUDE_DIR)/package.mk -define Package/refpolicy +define Package/refpolicy/Default SECTION:=system CATEGORY:=Base system TITLE:=SELinux reference policy @@ -32,6 +32,19 @@ define Package/refpolicy PKGARCH:=all endef +define Package/refpolicy + $(call Package/refpolicy/Default) + CONFLICTS:=refpolicy-modular + VARIANT:=default +endef + +define Package/refpolicy-modular + $(call Package/refpolicy/Default) + TITLE += (modular) + VARIANT:=modular + PROVIDES:=refpolicy +endef + define Package/refpolicy/description The SELinux Reference Policy project (refpolicy) is a complete SELinux policy that can be used as the system @@ -56,25 +69,43 @@ endef # builds is a small host tool that gets run as part of the build # process. MAKE_FLAGS += \ + DESTDIR="$(PKG_INSTALL_DIR)" SETFILES="$(STAGING_DIR_HOST)/bin/setfiles" \ CHECKPOLICY="$(STAGING_DIR_HOSTPKG)/bin/checkpolicy" \ CC="$(HOSTCC)" \ CFLAGS="$(HOST_CFLAGS)" define Build/Configure - $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf $(SED) "/NAME/c\NAME = targeted" $(PKG_BUILD_DIR)/build.conf +ifneq ($(BUILD_VARIANT),modular) + $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf +endif $(call Build/Compile/Default,conf) endef +ifeq ($(BUILD_VARIANT),modular) +define Build/Install + $(call Build/Compile/Default,install install-headers) +endef +endif + define Package/refpolicy/conffiles /etc/selinux/config endef +Package/refpolicy-modular/conffiles = $(Package/refpolicy/conffiles) + define Package/refpolicy/install $(INSTALL_DIR) $(1)/etc/selinux $(CP) $(PKG_INSTALL_DIR)/etc/selinux/* $(1)/etc/selinux/ $(CP) ./files/selinux-config $(1)/etc/selinux/config +ifeq ($(BUILD_VARIANT),modular) + $(INSTALL_DIR) $(1)/usr/share/selinux + $(CP) $(PKG_INSTALL_DIR)/usr/share/selinux/* $(1)/usr/share/selinux/ +endif endef +Package/refpolicy-modular/install = $(Package/refpolicy/install) + $(eval $(call BuildPackage,refpolicy)) +$(eval $(call BuildPackage,refpolicy-modular)) |