diff options
author | W. Michael Petullo <mike@flyn.org> | 2020-11-01 07:44:56 -0600 |
---|---|---|
committer | Daniel Golle <daniel@makrotopia.org> | 2020-11-09 13:06:19 +0000 |
commit | 9eb9943f82e0b2d5e32ffe1c63f5a82caca5094d (patch) | |
tree | a1f201de88e55926d10ad5ebcfc9d5943ea8bbd0 /package/system/refpolicy | |
parent | 2e282537d00267774526ea5b4386ea3167b69c6a (diff) | |
download | upstream-9eb9943f82e0b2d5e32ffe1c63f5a82caca5094d.tar.gz upstream-9eb9943f82e0b2d5e32ffe1c63f5a82caca5094d.tar.bz2 upstream-9eb9943f82e0b2d5e32ffe1c63f5a82caca5094d.zip |
refpolicy: add variant that builds modular policy
This adds a variant of refpolicy that builds the modular form of the
policy. While this requires more memory on the target device, along with
some tricks to deal with OpenWrt's volatile /var directory, it is useful
for experiementing with SELinux policy.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Diffstat (limited to 'package/system/refpolicy')
-rw-r--r-- | package/system/refpolicy/Makefile | 35 |
1 files changed, 33 insertions, 2 deletions
diff --git a/package/system/refpolicy/Makefile b/package/system/refpolicy/Makefile index a431770955..d9c8c90208 100644 --- a/package/system/refpolicy/Makefile +++ b/package/system/refpolicy/Makefile @@ -24,7 +24,7 @@ TAR_OPTIONS:=--transform='s%^refpolicy%$(PKG_NAME)-$(PKG_VERSION)%' -xf - include $(INCLUDE_DIR)/package.mk -define Package/refpolicy +define Package/refpolicy/Default SECTION:=system CATEGORY:=Base system TITLE:=SELinux reference policy @@ -32,6 +32,19 @@ define Package/refpolicy PKGARCH:=all endef +define Package/refpolicy + $(call Package/refpolicy/Default) + CONFLICTS:=refpolicy-modular + VARIANT:=default +endef + +define Package/refpolicy-modular + $(call Package/refpolicy/Default) + TITLE += (modular) + VARIANT:=modular + PROVIDES:=refpolicy +endef + define Package/refpolicy/description The SELinux Reference Policy project (refpolicy) is a complete SELinux policy that can be used as the system @@ -56,25 +69,43 @@ endef # builds is a small host tool that gets run as part of the build # process. MAKE_FLAGS += \ + DESTDIR="$(PKG_INSTALL_DIR)" SETFILES="$(STAGING_DIR_HOST)/bin/setfiles" \ CHECKPOLICY="$(STAGING_DIR_HOSTPKG)/bin/checkpolicy" \ CC="$(HOSTCC)" \ CFLAGS="$(HOST_CFLAGS)" define Build/Configure - $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf $(SED) "/NAME/c\NAME = targeted" $(PKG_BUILD_DIR)/build.conf +ifneq ($(BUILD_VARIANT),modular) + $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf +endif $(call Build/Compile/Default,conf) endef +ifeq ($(BUILD_VARIANT),modular) +define Build/Install + $(call Build/Compile/Default,install install-headers) +endef +endif + define Package/refpolicy/conffiles /etc/selinux/config endef +Package/refpolicy-modular/conffiles = $(Package/refpolicy/conffiles) + define Package/refpolicy/install $(INSTALL_DIR) $(1)/etc/selinux $(CP) $(PKG_INSTALL_DIR)/etc/selinux/* $(1)/etc/selinux/ $(CP) ./files/selinux-config $(1)/etc/selinux/config +ifeq ($(BUILD_VARIANT),modular) + $(INSTALL_DIR) $(1)/usr/share/selinux + $(CP) $(PKG_INSTALL_DIR)/usr/share/selinux/* $(1)/usr/share/selinux/ +endif endef +Package/refpolicy-modular/install = $(Package/refpolicy/install) + $(eval $(call BuildPackage,refpolicy)) +$(eval $(call BuildPackage,refpolicy-modular)) |