aboutsummaryrefslogtreecommitdiffstats
path: root/package/system/refpolicy
diff options
context:
space:
mode:
authorW. Michael Petullo <mike@flyn.org>2020-11-01 07:44:56 -0600
committerDaniel Golle <daniel@makrotopia.org>2020-11-09 13:06:19 +0000
commit9eb9943f82e0b2d5e32ffe1c63f5a82caca5094d (patch)
treea1f201de88e55926d10ad5ebcfc9d5943ea8bbd0 /package/system/refpolicy
parent2e282537d00267774526ea5b4386ea3167b69c6a (diff)
downloadupstream-9eb9943f82e0b2d5e32ffe1c63f5a82caca5094d.tar.gz
upstream-9eb9943f82e0b2d5e32ffe1c63f5a82caca5094d.tar.bz2
upstream-9eb9943f82e0b2d5e32ffe1c63f5a82caca5094d.zip
refpolicy: add variant that builds modular policy
This adds a variant of refpolicy that builds the modular form of the policy. While this requires more memory on the target device, along with some tricks to deal with OpenWrt's volatile /var directory, it is useful for experiementing with SELinux policy. Signed-off-by: W. Michael Petullo <mike@flyn.org>
Diffstat (limited to 'package/system/refpolicy')
-rw-r--r--package/system/refpolicy/Makefile35
1 files changed, 33 insertions, 2 deletions
diff --git a/package/system/refpolicy/Makefile b/package/system/refpolicy/Makefile
index a431770955..d9c8c90208 100644
--- a/package/system/refpolicy/Makefile
+++ b/package/system/refpolicy/Makefile
@@ -24,7 +24,7 @@ TAR_OPTIONS:=--transform='s%^refpolicy%$(PKG_NAME)-$(PKG_VERSION)%' -xf -
include $(INCLUDE_DIR)/package.mk
-define Package/refpolicy
+define Package/refpolicy/Default
SECTION:=system
CATEGORY:=Base system
TITLE:=SELinux reference policy
@@ -32,6 +32,19 @@ define Package/refpolicy
PKGARCH:=all
endef
+define Package/refpolicy
+ $(call Package/refpolicy/Default)
+ CONFLICTS:=refpolicy-modular
+ VARIANT:=default
+endef
+
+define Package/refpolicy-modular
+ $(call Package/refpolicy/Default)
+ TITLE += (modular)
+ VARIANT:=modular
+ PROVIDES:=refpolicy
+endef
+
define Package/refpolicy/description
The SELinux Reference Policy project (refpolicy) is a
complete SELinux policy that can be used as the system
@@ -56,25 +69,43 @@ endef
# builds is a small host tool that gets run as part of the build
# process.
MAKE_FLAGS += \
+ DESTDIR="$(PKG_INSTALL_DIR)"
SETFILES="$(STAGING_DIR_HOST)/bin/setfiles" \
CHECKPOLICY="$(STAGING_DIR_HOSTPKG)/bin/checkpolicy" \
CC="$(HOSTCC)" \
CFLAGS="$(HOST_CFLAGS)"
define Build/Configure
- $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf
$(SED) "/NAME/c\NAME = targeted" $(PKG_BUILD_DIR)/build.conf
+ifneq ($(BUILD_VARIANT),modular)
+ $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf
+endif
$(call Build/Compile/Default,conf)
endef
+ifeq ($(BUILD_VARIANT),modular)
+define Build/Install
+ $(call Build/Compile/Default,install install-headers)
+endef
+endif
+
define Package/refpolicy/conffiles
/etc/selinux/config
endef
+Package/refpolicy-modular/conffiles = $(Package/refpolicy/conffiles)
+
define Package/refpolicy/install
$(INSTALL_DIR) $(1)/etc/selinux
$(CP) $(PKG_INSTALL_DIR)/etc/selinux/* $(1)/etc/selinux/
$(CP) ./files/selinux-config $(1)/etc/selinux/config
+ifeq ($(BUILD_VARIANT),modular)
+ $(INSTALL_DIR) $(1)/usr/share/selinux
+ $(CP) $(PKG_INSTALL_DIR)/usr/share/selinux/* $(1)/usr/share/selinux/
+endif
endef
+Package/refpolicy-modular/install = $(Package/refpolicy/install)
+
$(eval $(call BuildPackage,refpolicy))
+$(eval $(call BuildPackage,refpolicy-modular))