projects / openwrt / staging / dedeckeh.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
refpolicy: add variant that builds modular policy
[openwrt/staging/dedeckeh.git] / package / system / refpolicy / Makefile
1 #
2 # This is free software, licensed under the GNU General Public License v2.
3 # See /LICENSE for more information.
4 #
5
6 include $(TOPDIR)/rules.mk
7
8 PKG_NAME:=refpolicy
9 PKG_VERSION:=2.20200229
10 PKG_RELEASE:=3
11
12 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
13 PKG_SOURCE_URL:=https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20200229
14 PKG_HASH:=dec854512ed00cd057408f330c2cea4de7a4405f7a147458f59c994bf578e4b0
15 PKG_INSTALL:=1
16 PKG_BUILD_DEPENDS:=checkpolicy/host policycoreutils/host
17
18 PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni@bootlin.com>
19 PKG_CPE_ID:=cpe:/a:tresys:refpolicy
20 PKG_LICENSE:=GPL-2.0-or-later
21 PKG_LICENSE_FILES:=COPYING
22
23 TAR_OPTIONS:=--transform='s%^refpolicy%$(PKG_NAME)-$(PKG_VERSION)%' -xf -
24
25 include $(INCLUDE_DIR)/package.mk
26
27 define Package/refpolicy/Default
28 SECTION:=system
29 CATEGORY:=Base system
30 TITLE:=SELinux reference policy
31 URL:=http://selinuxproject.org/page/Main_Page
32 PKGARCH:=all
33 endef
34
35 define Package/refpolicy
36 $(call Package/refpolicy/Default)
37 CONFLICTS:=refpolicy-modular
38 VARIANT:=default
39 endef
40
41 define Package/refpolicy-modular
42 $(call Package/refpolicy/Default)
43 TITLE += (modular)
44 VARIANT:=modular
45 PROVIDES:=refpolicy
46 endef
47
48 define Package/refpolicy/description
49 The SELinux Reference Policy project (refpolicy) is a
50 complete SELinux policy that can be used as the system
51 policy for a variety of systems and used as the basis for
52 creating other policies. Reference Policy was originally
53 based on the NSA example policy, but aims to accomplish many
54 additional goals.
55
56 The current refpolicy does not fully support OpenWRT and
57 needs modifications to work with the default system file
58 layout. These changes should be added as patches to the
59 refpolicy that modify a single SELinux policy.
60
61 The refpolicy works for the most part in permissive
62 mode. Only the basic set of utilities are enabled in the
63 example policy config and some of the pathing in the
64 policies is not correct. Individual policies would need to
65 be tweaked to get everything functioning properly.
66 endef
67
68 # Yes, we want CC=$(HOSTCC) because the only code that checkpolicy
69 # builds is a small host tool that gets run as part of the build
70 # process.
71 MAKE_FLAGS += \
72 DESTDIR="$(PKG_INSTALL_DIR)"
73 SETFILES="$(STAGING_DIR_HOST)/bin/setfiles" \
74 CHECKPOLICY="$(STAGING_DIR_HOSTPKG)/bin/checkpolicy" \
75 CC="$(HOSTCC)" \
76 CFLAGS="$(HOST_CFLAGS)"
77
78 define Build/Configure
79 $(SED) "/NAME/c\NAME = targeted" $(PKG_BUILD_DIR)/build.conf
80 ifneq ($(BUILD_VARIANT),modular)
81 $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf
82 endif
83 $(call Build/Compile/Default,conf)
84 endef
85
86 ifeq ($(BUILD_VARIANT),modular)
87 define Build/Install
88 $(call Build/Compile/Default,install install-headers)
89 endef
90 endif
91
92 define Package/refpolicy/conffiles
93 /etc/selinux/config
94 endef
95
96 Package/refpolicy-modular/conffiles = $(Package/refpolicy/conffiles)
97
98 define Package/refpolicy/install
99 $(INSTALL_DIR) $(1)/etc/selinux
100 $(CP) $(PKG_INSTALL_DIR)/etc/selinux/* $(1)/etc/selinux/
101 $(CP) ./files/selinux-config $(1)/etc/selinux/config
102 ifeq ($(BUILD_VARIANT),modular)
103 $(INSTALL_DIR) $(1)/usr/share/selinux
104 $(CP) $(PKG_INSTALL_DIR)/usr/share/selinux/* $(1)/usr/share/selinux/
105 endif
106 endef
107
108 Package/refpolicy-modular/install = $(Package/refpolicy/install)
109
110 $(eval $(call BuildPackage,refpolicy))
111 $(eval $(call BuildPackage,refpolicy-modular))
Staging tree of dedeckeh