diff options
Diffstat (limited to 'tools/flask/policy/Makefile')
| -rw-r--r-- | tools/flask/policy/Makefile | 61 |
1 files changed, 8 insertions, 53 deletions
diff --git a/tools/flask/policy/Makefile b/tools/flask/policy/Makefile index a27c813fb0..5c25cbe952 100644 --- a/tools/flask/policy/Makefile +++ b/tools/flask/policy/Makefile @@ -102,9 +102,8 @@ else POLVER +=$(NAME).$(PV) endif - -# determine the policy version and current kernel version if possible -M4PARAM += -D mls_num_sens=$(MLS_SENS) -D mls_num_cats=$(MLS_CATS) -D hide_broken_symptoms +# Always define these because they are referenced even in non-MLS policy +M4PARAM += -D mls_num_sens=$(MLS_SENS) -D mls_num_cats=$(MLS_CATS) M4SUPPORT = $(wildcard $(POLDIR)/support/*.spt) @@ -126,9 +125,9 @@ ALL_INTERFACES := $(ALL_MODULES:.te=.if) ALL_TE_FILES := $(ALL_MODULES) PRE_TE_FILES := $(SECCLASS) $(ISIDS) $(AVS) $(M4SUPPORT) $(POLDIR)/mls -POST_TE_FILES := $(POLDIR)/users $(POLDIR)/constraints +POST_TE_FILES := $(POLDIR)/users $(POLDIR)/constraints $(POLDIR)/initial_sids -POLICY_SECTIONS := tmp/pre_te_files.conf tmp/all_interfaces.conf tmp/all_attrs_types.conf $(GLOBALBOOL) $(GLOBALTUN) tmp/only_te_rules.conf tmp/all_post.conf +POLICY_SECTIONS := $(PRE_TE_FILES) $(ALL_INTERFACES) $(GLOBALBOOL) $(GLOBALTUN) $(ALL_TE_FILES) $(POST_TE_FILES) ######################################## # @@ -140,7 +139,7 @@ policy: $(POLVER) install: $(LOADPATH) -load: tmp/load +load: .load_stamp ######################################## # @@ -166,11 +165,11 @@ $(LOADPATH): policy.conf # # Load the binary policy # -tmp/load: reload -reload: $(LOADPATH) $(FCPATH) +.load_stamp: reload +reload: $(LOADPATH) @echo "Loading $(NAME) $(LOADPATH)" $(QUIET) $(LOADPOLICY) $(LOADPATH) - @touch tmp/load + @touch .load_stamp ######################################## # @@ -181,50 +180,6 @@ policy.conf: $(POLICY_SECTIONS) # checkpolicy can use the #line directives provided by -s for error reporting: $(QUIET) m4 -D self_contained_policy $(M4PARAM) -s $^ > $@ -tmp/pre_te_files.conf: $(PRE_TE_FILES) - @test -d tmp || mkdir -p tmp - $(QUIET) cat $^ > $@ - -tmp/all_interfaces.conf: $(M4SUPPORT) $(ALL_INTERFACES) -ifeq ($(ALL_INTERFACES),) - $(error No enabled modules! $(notdir $(MOD_CONF)) please create a modules.conf file) -endif - @test -d tmp || mkdir -p tmp - $(QUIET) cat $^ | sed -e s/dollarsstar/\$$\*/g > $@ - -tmp/all_te_files.conf: $(ALL_TE_FILES) -ifeq ($(ALL_TE_FILES),) - $(error No enabled modules! $(notdir $(MOD_CONF)) please create a modules.conf file) -endif - @test -d tmp || mkdir -p tmp - $(QUIET) cat $^ > $@ - -tmp/post_te_files.conf: $(POST_TE_FILES) - @test -d tmp || mkdir -p tmp - $(QUIET) cat $^ > $@ - -# extract attributes and put them first. extract post te stuff -# like genfscon and put last. portcon, nodecon, and netifcon -# is delayed since they are generated by m4 -tmp/all_attrs_types.conf tmp/all_post.conf: tmp/only_te_rules.conf -tmp/only_te_rules.conf: tmp/all_te_files.conf tmp/post_te_files.conf - $(QUIET) grep ^attribute tmp/all_te_files.conf > tmp/all_attrs_types.conf || true - $(QUIET) grep '^type ' tmp/all_te_files.conf >> tmp/all_attrs_types.conf - $(QUIET) cat tmp/post_te_files.conf > tmp/all_post.conf - $(QUIET) grep '^sid ' tmp/all_te_files.conf >> tmp/all_post.conf || true - $(QUIET) grep ^pirqcon tmp/all_te_files.conf >> \ - tmp/all_post.conf || true - $(QUIET) grep ^ioportcon tmp/all_te_files.conf >> \ - tmp/all_post.conf || true - $(QUIET) grep ^iomemcon tmp/all_te_files.conf >> \ - tmp/all_post.conf || true - $(QUIET) grep ^pcidevicecon tmp/all_te_files.conf >> \ - tmp/all_post.conf || true - $(QUIET) sed -r -e /^attribute/d -e '/^type /d' -e '/^sid /d' \ - -e "/^pirqcon/d" -e "/^pcidevicecon/d" -e "/^ioportcon/d" \ - -e "/^iomemcon/d" < tmp/all_te_files.conf \ - > tmp/only_te_rules.conf - ######################################## # # Remove the dontaudit rules from the policy.conf |