aboutsummaryrefslogtreecommitdiffstats
path: root/package/system/refpolicy
diff options
context:
space:
mode:
authorThomas Petazzoni <thomas.petazzoni@bootlin.com>2020-08-23 22:03:44 -0500
committerDaniel Golle <daniel@makrotopia.org>2020-08-31 01:15:41 +0100
commite5e54e52f751c15f0c04442070329f0f8a59afe5 (patch)
tree5dd332f055d5f1354227af17e9260a11bca7ba68 /package/system/refpolicy
parent21992303fa29115f8e3b91eb440e5eb0a51fd57b (diff)
downloadupstream-e5e54e52f751c15f0c04442070329f0f8a59afe5.tar.gz
upstream-e5e54e52f751c15f0c04442070329f0f8a59afe5.tar.bz2
upstream-e5e54e52f751c15f0c04442070329f0f8a59afe5.zip
refpolicy: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [update to 2.20200229, adjust Makefile, and move to openwrt.git] Signed-off-by: W. Michael Petullo <mike@flyn.org>
Diffstat (limited to 'package/system/refpolicy')
-rw-r--r--package/system/refpolicy/Makefile80
-rw-r--r--package/system/refpolicy/files/selinux-config7
2 files changed, 87 insertions, 0 deletions
diff --git a/package/system/refpolicy/Makefile b/package/system/refpolicy/Makefile
new file mode 100644
index 0000000000..f1a33c8e79
--- /dev/null
+++ b/package/system/refpolicy/Makefile
@@ -0,0 +1,80 @@
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=refpolicy
+PKG_VERSION:=2.20200229
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20200229
+PKG_HASH:=dec854512ed00cd057408f330c2cea4de7a4405f7a147458f59c994bf578e4b0
+PKG_INSTALL:=1
+PKG_BUILD_DEPENDS:=checkpolicy/host policycoreutils/host
+
+PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+PKG_CPE_ID:=cpe:/a:tresys:refpolicy
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=COPYING
+
+TAR_OPTIONS:=--transform='s%^refpolicy%$(PKG_NAME)-$(PKG_VERSION)%' -xf -
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/refpolicy
+ SECTION:=system
+ CATEGORY:=Base system
+ TITLE:=SELinux reference policy
+ URL:=http://selinuxproject.org/page/Main_Page
+endef
+
+define Package/refpolicy/description
+ The SELinux Reference Policy project (refpolicy) is a
+ complete SELinux policy that can be used as the system
+ policy for a variety of systems and used as the basis for
+ creating other policies. Reference Policy was originally
+ based on the NSA example policy, but aims to accomplish many
+ additional goals.
+
+ The current refpolicy does not fully support OpenWRT and
+ needs modifications to work with the default system file
+ layout. These changes should be added as patches to the
+ refpolicy that modify a single SELinux policy.
+
+ The refpolicy works for the most part in permissive
+ mode. Only the basic set of utilities are enabled in the
+ example policy config and some of the pathing in the
+ policies is not correct. Individual policies would need to
+ be tweaked to get everything functioning properly.
+endef
+
+# Yes, we want CC=$(HOSTCC) because the only code that checkpolicy
+# builds is a small host tool that gets run as part of the build
+# process.
+MAKE_FLAGS += \
+ TEST_TOOLCHAIN="$(STAGING_DIR_HOSTPKG)" \
+ BINDIR=/bin \
+ SBINDIR=/sbin \
+ CC="$(HOSTCC)" \
+ CFLAGS="$(HOST_CFLAGS)"
+
+define Build/Configure
+ $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf
+ $(SED) "/NAME/c\NAME = targeted" $(PKG_BUILD_DIR)/build.conf
+ $(call Build/Compile/Default,conf)
+endef
+
+define Package/refpolicy/conffiles
+/etc/selinux/config
+endef
+
+define Package/refpolicy/install
+ $(INSTALL_DIR) $(1)/etc/selinux
+ $(CP) $(PKG_INSTALL_DIR)/etc/selinux/* $(1)/etc/selinux/
+ $(CP) ./files/selinux-config $(1)/etc/selinux/config
+endef
+
+$(eval $(call BuildPackage,refpolicy))
diff --git a/package/system/refpolicy/files/selinux-config b/package/system/refpolicy/files/selinux-config
new file mode 100644
index 0000000000..2ae174d297
--- /dev/null
+++ b/package/system/refpolicy/files/selinux-config
@@ -0,0 +1,7 @@
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+# enforcing - SELinux security policy is enforced.
+# permissive - SELinux prints warnings instead of enforcing.
+# disabled - No SELinux policy is loaded.
+SELINUX=permissive
+SELINUXTYPE=targeted