aboutsummaryrefslogtreecommitdiffstats
path: root/package/system/refpolicy/Makefile
blob: d9c8c90208dcb5f8e27ddcf28ac2c69d2e2a077a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#

include $(TOPDIR)/rules.mk

PKG_NAME:=refpolicy
PKG_VERSION:=2.20200229
PKG_RELEASE:=3

PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20200229
PKG_HASH:=dec854512ed00cd057408f330c2cea4de7a4405f7a147458f59c994bf578e4b0
PKG_INSTALL:=1
PKG_BUILD_DEPENDS:=checkpolicy/host policycoreutils/host

PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni@bootlin.com>
PKG_CPE_ID:=cpe:/a:tresys:refpolicy
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING

TAR_OPTIONS:=--transform='s%^refpolicy%$(PKG_NAME)-$(PKG_VERSION)%' -xf -

include $(INCLUDE_DIR)/package.mk

define Package/refpolicy/Default
  SECTION:=system
  CATEGORY:=Base system
  TITLE:=SELinux reference policy
  URL:=http://selinuxproject.org/page/Main_Page
  PKGARCH:=all
endef

define Package/refpolicy
  $(call Package/refpolicy/Default)
  CONFLICTS:=refpolicy-modular
  VARIANT:=default
endef

define Package/refpolicy-modular
  $(call Package/refpolicy/Default)
  TITLE += (modular)
  VARIANT:=modular
  PROVIDES:=refpolicy
endef

define Package/refpolicy/description
	The SELinux Reference Policy project (refpolicy) is a
	complete SELinux policy that can be used as the system
	policy for a variety of systems and used as the basis for
	creating other policies. Reference Policy was originally
	based on the NSA example policy, but aims to accomplish many
	additional goals.

	The current refpolicy does not fully support OpenWRT and
	needs modifications to work with the default system file
	layout. These changes should be added as patches to the
	refpolicy that modify a single SELinux policy.

	The refpolicy works for the most part in permissive
	mode. Only the basic set of utilities are enabled in the
	example policy config and some of the pathing in the
	policies is not correct.  Individual policies would need to
	be tweaked to get everything functioning properly.
endef

# Yes, we want CC=$(HOSTCC) because the only code that checkpolicy
# builds is a small host tool that gets run as part of the build
# process.
MAKE_FLAGS += \
	DESTDIR="$(PKG_INSTALL_DIR)"
	SETFILES="$(STAGING_DIR_HOST)/bin/setfiles" \
	CHECKPOLICY="$(STAGING_DIR_HOSTPKG)/bin/checkpolicy" \
	CC="$(HOSTCC)" \
	CFLAGS="$(HOST_CFLAGS)"

define Build/Configure
	$(SED) "/NAME/c\NAME = targeted" $(PKG_BUILD_DIR)/build.conf
ifneq ($(BUILD_VARIANT),modular)
	$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf
endif
	$(call Build/Compile/Default,conf)
endef

ifeq ($(BUILD_VARIANT),modular)
define Build/Install
	$(call Build/Compile/Default,install install-headers)
endef
endif

define Package/refpolicy/conffiles
/etc/selinux/config
endef

Package/refpolicy-modular/conffiles = $(Package/refpolicy/conffiles)

define Package/refpolicy/install
	$(INSTALL_DIR) $(1)/etc/selinux
	$(CP) $(PKG_INSTALL_DIR)/etc/selinux/* $(1)/etc/selinux/
	$(CP) ./files/selinux-config $(1)/etc/selinux/config
ifeq ($(BUILD_VARIANT),modular)
	$(INSTALL_DIR) $(1)/usr/share/selinux
	$(CP) $(PKG_INSTALL_DIR)/usr/share/selinux/* $(1)/usr/share/selinux/
endif
endef

Package/refpolicy-modular/install = $(Package/refpolicy/install)

$(eval $(call BuildPackage,refpolicy))
$(eval $(call BuildPackage,refpolicy-modular))