1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
XEN_ROOT = ../..
include $(XEN_ROOT)/tools/Rules.mk
CFLAGS += -Werror
CFLAGS += -fno-strict-aliasing
CFLAGS += -I.
CPPFLAGS += -MMD -MF .$*.d
PROG_DEPS = .*.d
XML2VERSION = $(shell xml2-config --version )
CFLAGS += $(shell xml2-config --cflags )
CFLAGS += $(shell if [[ $(XML2VERSION) < 2.6.20 ]]; then echo ""; else echo "-DVALIDATE_SCHEMA"; fi )
LDFLAGS += $(shell xml2-config --libs ) # if this does not work, try -L/usr/lib -lxml2 -lz -lpthread -lm
ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_NULL_POLICY)
POLICY=null
endif
ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_CHINESE_WALL_POLICY)
POLICY=chwall
endif
ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
POLICY=ste
endif
ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)
POLICY=chwall_ste
endif
SRCS_TOOL = secpol_tool.c
OBJS_TOOL := $(patsubst %.c,%.o,$(filter %.c,$(SRCS_TOOL)))
SRCS_XML2BIN = secpol_xml2bin.c secpol_xml2bin.h
OBJS_XML2BIN := $(patsubst %.c,%.o,$(filter %.c,$(SRCS_XML2BIN)))
SRCS_GETD = get_decision.c
OBJS_GETD := $(patsubst %.c,%.o,$(filter %.c,$(SRCS_GETD)))
ACM_INST_TOOLS = xensec_tool xensec_xml2bin xensec_gen
ACM_NOINST_TOOLS = get_decision
ACM_OBJS = $(OBJS_TOOL) $(OBJS_XML2BIN) $(OBJS_GETD)
ACM_SCRIPTS = getlabel.sh setlabel.sh updategrub.sh labelfuncs.sh
ACM_CONFIG_DIR = /etc/xen/acm-security
ACM_POLICY_DIR = $(ACM_CONFIG_DIR)/policies
ACM_SCRIPT_DIR = $(ACM_CONFIG_DIR)/scripts
ACM_INST_HTML = python/xensec_gen/index.html
ACM_INST_CGI = python/xensec_gen/cgi-bin/policy.cgi \
python/xensec_gen/cgi-bin/policylabel.cgi
ACM_SECGEN_HTMLDIR= /var/lib/xensec_gen
ACM_SECGEN_CGIDIR = $(ACM_SECGEN_HTMLDIR)/cgi-bin
ACM_SCHEMA = security_policy.xsd
ACM_EXAMPLES = null chwall ste chwall_ste
ACM_POLICY_SUFFIX = security_policy.xml
ACM_LABEL_SUFFIX = security_label_template.xml
ifeq ($(ACM_SECURITY),y)
all: build
install: all $(ACM_CONFIG_FILE)
$(INSTALL_DIR) -p $(DESTDIR)/usr/sbin
$(INSTALL_PROG) -p $(ACM_INST_TOOLS) $(DESTDIR)/usr/sbin
$(INSTALL_DIR) -p $(DESTDIR)$(ACM_CONFIG_DIR)
$(INSTALL_DIR) -p $(DESTDIR)$(ACM_POLICY_DIR)
$(INSTALL_DATA) -p policies/$(ACM_SCHEMA) $(DESTDIR)$(ACM_POLICY_DIR)
for i in $(ACM_EXAMPLES); do \
$(INSTALL_DIR) -p $(DESTDIR)$(ACM_POLICY_DIR)/$$i; \
$(INSTALL_DATA) -p policies/$$i/$$i-$(ACM_POLICY_SUFFIX) $(DESTDIR)$(ACM_POLICY_DIR)/$$i; \
$(INSTALL_DATA) -p policies/$$i/$$i-$(ACM_LABEL_SUFFIX) $(DESTDIR)$(ACM_POLICY_DIR)/$$i; \
done
$(INSTALL_DIR) -p $(DESTDIR)$(ACM_SCRIPT_DIR)
$(INSTALL_PROG) -p $(ACM_SCRIPTS) $(DESTDIR)$(ACM_SCRIPT_DIR)
$(INSTALL_DIR) -p $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
$(INSTALL_DATA) -p $(ACM_INST_HTML) $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
$(INSTALL_DIR) -p $(DESTDIR)$(ACM_SECGEN_CGIDIR)
$(INSTALL_PROG) -p $(ACM_INST_CGI) $(DESTDIR)$(ACM_SECGEN_CGIDIR)
ifndef XEN_PYTHON_NATIVE_INSTALL
python python/setup.py install --home="$(DESTDIR)/usr"
else
python python/setup.py install --root="$(DESTDIR)"
endif
else
all:
install:
endif
build: mk-symlinks $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
python python/setup.py build
chmod 700 $(ACM_SCRIPTS)
xensec_tool: $(OBJS_TOOL)
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
xensec_xml2bin: $(OBJS_XML2BIN)
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
get_decision: $(OBJS_GETD)
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
xensec_gen: xensec_gen.py
cp -f $^ $@
clean:
$(RM) $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
$(RM) $(ACM_OBJS)
$(RM) $(PROG_DEPS)
$(RM) -r xen
$(RM) -r build
mrproper: clean
boot_install: install
$(ACM_SCRIPT_DIR)/updategrub.sh $(POLICY) $(KERNEL_VERSION)
-include $(PROG_DEPS)
|
