remove extra level of directory

1 files changed, 231 insertions, 0 deletions

diff --git a/Rules.modular b/Rules.modular
new file mode 100644
index 00000000..99624980
--- /dev/null
+++ b/Rules.modular
@@ -0,0 +1,231 @@
+########################################
+#
+# Rules and Targets for building modular policies
+#
+
+ALL_MODULES := $(BASE_MODS) $(MOD_MODS) $(OFF_MODS)
+ALL_INTERFACES := $(ALL_MODULES:.te=.if)
+
+BASE_PKG := $(BUILDDIR)base.pp
+BASE_FC := $(BUILDDIR)base.fc
+BASE_CONF := $(BUILDDIR)base.conf
+BASE_MOD := $(TMPDIR)/base.mod
+
+USERS_EXTRA := $(TMPDIR)/users_extra
+
+BASE_SECTIONS := $(TMPDIR)/pre_te_files.conf $(TMPDIR)/all_attrs_types.conf $(TMPDIR)/global_bools.conf $(TMPDIR)/only_te_rules.conf $(TMPDIR)/all_post.conf
+
+BASE_PRE_TE_FILES := $(SECCLASS) $(ISIDS) $(AVS) $(M4SUPPORT) $(POLDIR)/mls $(POLDIR)/mcs
+BASE_TE_FILES := $(BASE_MODS)
+BASE_POST_TE_FILES := $(USER_FILES) $(POLDIR)/constraints
+BASE_FC_FILES := $(BASE_MODS:.te=.fc)
+
+MOD_MODULES := $(MOD_MODS:.te=.mod)
+MOD_PKGS := $(addprefix $(BUILDDIR),$(notdir $(MOD_MODS:.te=.pp)))
+
+# policy packages to install
+INSTPKG := $(addprefix $(MODPKGDIR)/,$(notdir $(BASE_PKG)) $(MOD_PKGS))
+
+# search layer dirs for source files
+vpath %.te $(ALL_LAYERS)
+vpath %.if $(ALL_LAYERS)
+vpath %.fc $(ALL_LAYERS)
+
+# broken in make 3.81:
+#.SECONDARY:
+
+########################################
+#
+# default action: create all module packages
+#
+default: policy
+
+all policy: base modules
+
+base: $(BASE_PKG)
+
+modules: $(MOD_PKGS)
+
+install: $(INSTPKG) $(APPFILES)
+
+########################################
+#
+# Load all configured modules
+#
+load: $(INSTPKG) $(APPFILES)
+	@echo "Loading configured modules."
+	$(verbose) $(SEMODULE) -s $(NAME) -b $(MODPKGDIR)/$(notdir $(BASE_PKG)) $(foreach mod,$(MOD_PKGS),-i $(MODPKGDIR)/$(mod))
+
+########################################
+#
+# Install policy packages
+#
+$(MODPKGDIR)/%.pp: $(BUILDDIR)%.pp
+	@mkdir -p $(MODPKGDIR)
+	@echo "Installing $(NAME) $(@F) policy package."
+	$(verbose) install -m 0644 $^ $(MODPKGDIR)
+
+########################################
+#
+# Build module packages
+#
+$(TMPDIR)/%.mod: $(M4SUPPORT) $(TMPDIR)/generated_definitions.conf $(TMPDIR)/all_interfaces.conf %.te
+	@echo "Compliling $(NAME) $(@F) module"
+	@test -d $(TMPDIR) || mkdir -p $(TMPDIR)
+	$(call peruser-expansion,$(basename $(@F)),$@.role)
+	$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
+	$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
+
+$(TMPDIR)/%.mod.fc: $(M4SUPPORT) %.fc
+	@test -d $(TMPDIR) || mkdir -p $(TMPDIR)
+	$(verbose) $(M4) $(M4PARAM) $(M4SUPPORT) $^ > $@
+
+$(BUILDDIR)%.pp: $(TMPDIR)/%.mod $(TMPDIR)/%.mod.fc
+	@echo "Creating $(NAME) $(@F) policy package"
+	@test -d $(BUILDDIR) || mkdir -p $(BUILDDIR)
+	$(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
+
+########################################
+#
+# Create a base module package
+#
+$(BASE_PKG): $(BASE_MOD) $(BASE_FC) $(USERS_EXTRA) $(SEUSERS)
+	@echo "Creating $(NAME) base module package"
+	@test -d $(BUILDDIR) || mkdir -p $(BUILDDIR)
+	$(verbose) $(SEMOD_PKG) -o $@ -m $(BASE_MOD) -f $(BASE_FC) -u $(USERS_EXTRA) -s $(SEUSERS)
+
+$(BASE_MOD): $(BASE_CONF)
+	@echo "Compiling $(NAME) base module"
+	$(verbose) $(CHECKMODULE) $^ -o $@
+
+$(USERS_EXTRA): $(M4SUPPORT) $(USER_FILES)
+	@test -d $(TMPDIR) || mkdir -p $(TMPDIR)
+	$(verbose) $(M4) $(M4PARAM) -D users_extra $^ | \
+		$(SED) -r -n -e 's/^[[:blank:]]*//g' -e '/^user/p' > $@
+
+########################################
+#
+# Construct a base.conf
+#
+$(BASE_CONF): $(BASE_SECTIONS)
+	@echo "Creating $(NAME) base module $(@F)"
+	@test -d $(@D) || mkdir -p $(@D)
+	$(verbose) cat $^ > $@
+
+$(TMPDIR)/pre_te_files.conf: M4PARAM += -D self_contained_policy
+$(TMPDIR)/pre_te_files.conf: $(BASE_PRE_TE_FILES)
+	@test -d $(TMPDIR) || mkdir -p $(TMPDIR)
+	$(verbose) $(M4) $(M4PARAM) $^ > $@
+
+$(TMPDIR)/generated_definitions.conf: $(BASE_TE_FILES)
+	@test -d $(TMPDIR) || mkdir -p $(TMPDIR)
+# define all available object classes
+	$(verbose) $(GENPERM) $(AVS) $(SECCLASS) > $@
+# per-userdomain templates
+	$(verbose) echo "define(\`base_per_userdomain_template',\`" >> $@
+	$(verbose) for i in $(patsubst %.te,%,$(BASE_MODS)); do \
+		echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$*'")')" \
+			>> $@ ;\
+	done
+	$(verbose) echo "')" >> $@
+	$(verbose) test -f $(BOOLEANS) && $(SETBOOLS) $(BOOLEANS) >> $@ || true
+
+$(TMPDIR)/global_bools.conf: M4PARAM += -D self_contained_policy
+$(TMPDIR)/global_bools.conf: $(M4SUPPORT) $(TMPDIR)/generated_definitions.conf $(GLOBALBOOL) $(GLOBALTUN)
+	$(verbose) $(M4) $(M4PARAM) $^ > $@
+
+$(TMPDIR)/all_interfaces.conf: $(M4SUPPORT) $(ALL_INTERFACES)
+	@test -d $(TMPDIR) || mkdir -p $(TMPDIR)
+	@echo "ifdef(\`__if_error',\`m4exit(1)')" > $(TMPDIR)/iferror.m4
+	@echo "divert(-1)" > $@
+	$(verbose) $(M4) $^ $(TMPDIR)/iferror.m4 >> $(TMPDIR)/$(@F).tmp
+	$(verbose) $(SED) -e s/dollarsstar/\$$\*/g $(TMPDIR)/$(@F).tmp >> $@
+	@echo "divert" >> $@
+
+$(TMPDIR)/rolemap.conf: M4PARAM += -D self_contained_policy
+$(TMPDIR)/rolemap.conf: $(ROLEMAP)
+	$(call parse-rolemap,base,$@)
+
+$(TMPDIR)/all_te_files.conf: M4PARAM += -D self_contained_policy
+$(TMPDIR)/all_te_files.conf: $(M4SUPPORT) $(TMPDIR)/generated_definitions.conf $(TMPDIR)/all_interfaces.conf $(BASE_TE_FILES) $(TMPDIR)/rolemap.conf
+ifeq "$(strip $(BASE_TE_FILES))" ""
+	$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
+endif
+	@test -d $(TMPDIR) || mkdir -p $(TMPDIR)
+	$(verbose) $(M4) $(M4PARAM) -s $^ > $@
+
+$(TMPDIR)/post_te_files.conf: M4PARAM += -D self_contained_policy
+$(TMPDIR)/post_te_files.conf: $(M4SUPPORT) $(BASE_POST_TE_FILES)
+	@test -d $(TMPDIR) || mkdir -p $(TMPDIR)
+	$(verbose) $(M4) $(M4PARAM) $^ > $@
+
+# extract attributes and put them first. extract post te stuff
+# like genfscon and put last.
+$(TMPDIR)/all_attrs_types.conf $(TMPDIR)/only_te_rules.conf $(TMPDIR)/all_post.conf: $(TMPDIR)/all_te_files.conf $(TMPDIR)/post_te_files.conf
+	$(verbose) $(get_type_attr_decl) $(TMPDIR)/all_te_files.conf | $(SORT) > $(TMPDIR)/all_attrs_types.conf
+	$(verbose) cat $(TMPDIR)/post_te_files.conf > $(TMPDIR)/all_post.conf
+# these have to run individually because order matters:
+	$(verbose) $(GREP) '^sid ' $(TMPDIR)/all_te_files.conf >> $(TMPDIR)/all_post.conf || true
+	$(verbose) $(GREP) '^fs_use_(xattr|task|trans)' $(TMPDIR)/all_te_files.conf >> $(TMPDIR)/all_post.conf || true
+	$(verbose) $(GREP) ^genfscon $(TMPDIR)/all_te_files.conf >> $(TMPDIR)/all_post.conf || true
+	$(verbose) $(GREP) ^portcon $(TMPDIR)/all_te_files.conf >> $(TMPDIR)/all_post.conf || true
+	$(verbose) $(GREP) ^netifcon $(TMPDIR)/all_te_files.conf >> $(TMPDIR)/all_post.conf || true
+	$(verbose) $(GREP) ^nodecon $(TMPDIR)/all_te_files.conf >> $(TMPDIR)/all_post.conf || true
+	$(verbose) $(comment_move_decl) $(TMPDIR)/all_te_files.conf > $(TMPDIR)/only_te_rules.conf
+
+########################################
+#
+# Construct a base.fc
+#
+$(BASE_FC): $(TMPDIR)/$(notdir $(BASE_FC)).tmp $(FCSORT)
+	$(verbose) $(FCSORT) $< $@
+
+$(TMPDIR)/$(notdir $(BASE_FC)).tmp: $(M4SUPPORT) $(TMPDIR)/generated_definitions.conf $(BASE_FC_FILES)
+ifeq ($(BASE_FC_FILES),)
+	$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
+endif
+	@echo "Creating $(NAME) base module file contexts."
+	@test -d $(TMPDIR) || mkdir -p $(TMPDIR)
+	$(verbose) $(M4) $(M4PARAM) $^ > $@
+
+########################################
+#
+# Remove the dontaudit rules from the base.conf
+#
+enableaudit: $(BASE_CONF)
+	@test -d $(TMPDIR) || mkdir -p $(TMPDIR)
+	@echo "Removing dontaudit rules from $(^F)"
+	$(verbose) $(GREP) -v dontaudit $(BASE_CONF) > $(TMPDIR)/base.audit
+	$(verbose) mv $(TMPDIR)/base.audit $(BASE_CONF)
+
+########################################
+#
+# Appconfig files
+#
+$(APPDIR)/customizable_types: $(BASE_CONF)
+	@mkdir -p $(APPDIR)
+	$(verbose) $(GREP) '^[[:blank:]]*type .*customizable' $< | cut -d';' -f1 | cut -d',' -f1 | cut -d' ' -f2 | $(SORT) -u > $(TMPDIR)/customizable_types
+	$(verbose) install -m 644 $(TMPDIR)/customizable_types $@ 
+
+########################################
+#
+# Validate linking and expanding of modules
+#
+validate: $(BASE_PKG) $(MOD_PKGS)
+	@echo "Validating policy linking."
+	$(verbose) $(SEMOD_LNK) -o $(TMPDIR)/test.lnk $^
+	$(verbose) $(SEMOD_EXP) $(TMPDIR)/test.lnk $(TMPDIR)/policy.bin
+	@echo "Success."
+
+########################################
+#
+# Clean the sources
+#
+clean:
+	rm -f $(BASE_CONF)
+	rm -f $(BASE_FC)
+	rm -f $(BUILDDIR)*.pp
+	rm -f $(net_contexts)
+	rm -fR $(TMPDIR)
+
+.PHONY: default all policy base modules install load clean validate