ia64/xen-unstable

view tools/flask/policy/Makefile @ 19648:f0e2df69a8eb

x86 hvm: Allow cross-vendor migration

Intercept #UD and emulate SYSCALL/SYSENTER/SYSEXIT as necessary.

Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Tue May 26 15:01:36 2009 +0100 (2009-05-26)
parents 887337323bd8
children
line source
1 #
2 # Makefile for the security policy.
3 #
4 # Targets:
5 #
6 # install - compile and install the policy configuration, and context files.
7 # load - compile, install, and load the policy configuration.
8 # reload - compile, install, and load/reload the policy configuration.
9 # policy - compile the policy configuration locally for testing/development.
10 #
11 # The default target is 'policy'.
12 #
14 ########################################
15 #
16 # Configurable portions of the Makefile
17 #
19 # Policy version
20 # By default, checkpolicy will create the highest
21 # version policy it supports. Setting this will
22 # override the version.
23 OUTPUT_POLICY = 20
25 # Policy Type
26 # strict, targeted,
27 # strict-mls, targeted-mls,
28 # strict-mcs, targeted-mcs
29 TYPE = strict
31 # Policy Name
32 # If set, this will be used as the policy
33 # name. Otherwise the policy type will be
34 # used for the name.
35 NAME = xenrefpolicy
37 # Distribution
38 # Some distributions have portions of policy
39 # for programs or configurations specific to the
40 # distribution. Setting this will enable options
41 # for the distribution.
42 # redhat, gentoo, debian, and suse are current options.
43 # Fedora users should enable redhat.
44 #DISTRO =
46 # Build monolithic policy. Putting n here
47 # will build a loadable module policy.
48 MONOLITHIC=y
50 # Uncomment this to disable command echoing
51 #QUIET:=@
53 ########################################
54 #
55 # NO OPTIONS BELOW HERE
56 #
58 # executable paths
59 PREFIX := /usr
60 BINDIR := $(PREFIX)/bin
61 SBINDIR := $(PREFIX)/sbin
62 CHECKPOLICY := $(BINDIR)/checkpolicy
63 CHECKMODULE := $(BINDIR)/checkmodule
64 SEMOD_PKG := $(BINDIR)/semodule_package
65 LOADPOLICY := $(SBINDIR)/flask-loadpolicy
67 CFLAGS := -Wall
69 # policy source layout
70 POLDIR := policy
71 MODDIR := $(POLDIR)/modules
72 FLASKDIR := $(POLDIR)/flask
73 SECCLASS := $(FLASKDIR)/security_classes
74 ISIDS := $(FLASKDIR)/initial_sids
75 AVS := $(FLASKDIR)/access_vectors
77 #policy building support tools
78 SUPPORT := support
79 FCSORT := tmp/fc_sort
81 # config file paths
82 GLOBALTUN := $(POLDIR)/global_tunables
83 GLOBALBOOL := $(POLDIR)/global_booleans
84 MOD_CONF := $(POLDIR)/modules.conf
85 TUNABLES := $(POLDIR)/tunables.conf
86 BOOLEANS := $(POLDIR)/booleans.conf
88 # install paths
89 TOPDIR = $(DESTDIR)$(XEN_CONFIG_DIR)
90 INSTALLDIR = $(TOPDIR)/$(NAME)
91 SRCPATH = $(INSTALLDIR)/src
92 USERPATH = $(INSTALLDIR)/users
93 CONTEXTPATH = $(INSTALLDIR)/contexts
95 # enable MLS if requested.
96 ifneq ($(findstring -mls,$(TYPE)),)
97 override M4PARAM += -D enable_mls
98 CHECKPOLICY += -M
99 CHECKMODULE += -M
100 endif
102 # enable MLS if MCS requested.
103 ifneq ($(findstring -mcs,$(TYPE)),)
104 override M4PARAM += -D enable_mcs
105 CHECKPOLICY += -M
106 CHECKMODULE += -M
107 endif
109 # compile targeted policy if requested.
110 ifneq ($(findstring targeted,$(TYPE)),)
111 override M4PARAM += -D targeted_policy
112 endif
114 # enable distribution-specific policy
115 ifneq ($(DISTRO),)
116 override M4PARAM += -D distro_$(DISTRO)
117 endif
119 ifneq ($(OUTPUT_POLICY),)
120 CHECKPOLICY += -c $(OUTPUT_POLICY)
121 endif
123 ifeq ($(NAME),)
124 NAME := $(TYPE)
125 endif
127 # determine the policy version and current kernel version if possible
128 PV := $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
129 KV := $(shell cat /selinux/policyvers)
131 # dont print version warnings if we are unable to determine
132 # the currently running kernel's policy version
133 ifeq ($(KV),)
134 KV := $(PV)
135 endif
137 FC := file_contexts
138 POLVER := policy.$(PV)
140 M4SUPPORT = $(wildcard $(POLDIR)/support/*.spt)
142 APPCONF := config/appconfig-$(TYPE)
143 APPDIR := $(CONTEXTPATH)
144 APPFILES := $(INSTALLDIR)/booleans
145 CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media
146 USER_FILES := $(POLDIR)/systemuser $(POLDIR)/users
148 ALL_LAYERS := $(filter-out $(MODDIR)/CVS,$(shell find $(wildcard $(MODDIR)/*) -maxdepth 0 -type d))
150 GENERATED_TE := $(basename $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.te.in)))
151 GENERATED_IF := $(basename $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.if.in)))
152 GENERATED_FC := $(basename $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.fc.in)))
154 # sort here since it removes duplicates, which can happen
155 # when a generated file is already generated
156 DETECTED_MODS := $(sort $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.te)) $(GENERATED_TE))
158 # modules.conf setting for base module
159 MODBASE := base
161 # modules.conf setting for module
162 MODMOD := module
164 # extract settings from modules.conf
165 BASE_MODS := $(foreach mod,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODBASE)") print $$1 }' $(MOD_CONF) 2> /dev/null),$(subst ./,,$(shell find -iname $(mod).te)))
166 MOD_MODS := $(foreach mod,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODMOD)") print $$1 }' $(MOD_CONF) 2> /dev/null),$(subst ./,,$(shell find -iname $(mod).te)))
168 HOMEDIR_TEMPLATE = tmp/homedir_template
170 ########################################
171 #
172 # Load appropriate rules
173 #
175 ifeq ($(MONOLITHIC),y)
176 include Rules.monolithic
177 else
178 include Rules.modular
179 endif
181 ########################################
182 #
183 # Create config files
184 #
185 conf: $(MOD_CONF) $(BOOLEANS) $(GENERATED_TE) $(GENERATED_IF) $(GENERATED_FC)
187 $(MOD_CONF) $(BOOLEANS): $(POLXML)
188 @echo "Updating $(MOD_CONF) and $(BOOLEANS)"
189 $(QUIET) cd $(DOCS) && ../$(GENDOC) -t ../$(BOOLEANS) -m ../$(MOD_CONF) -x ../$(POLXML)
191 ########################################
192 #
193 # Appconfig files
194 #
195 install-appconfig: $(APPFILES)
197 $(INSTALLDIR)/booleans: $(BOOLEANS)
198 @mkdir -p $(INSTALLDIR)
199 $(QUIET) egrep '^[[:blank:]]*[[:alpha:]]' $(BOOLEANS) \
200 | sed -e 's/false/0/g' -e 's/true/1/g' > tmp/booleans
201 $(QUIET) install -m 644 tmp/booleans $@
203 ########################################
204 #
205 # Install policy sources
206 #
207 install-src:
208 rm -rf $(SRCPATH)/policy.old
209 -mv $(SRCPATH)/policy $(SRCPATH)/policy.old
210 mkdir -p $(SRCPATH)/policy
211 cp -R . $(SRCPATH)/policy
213 ########################################
214 #
215 # Clean everything
216 #
217 bare: clean
218 rm -f $(POLXML)
219 rm -f $(SUPPORT)/*.pyc
220 rm -f $(FCSORT)
221 rm -f $(MOD_CONF)
222 rm -f $(BOOLEANS)
223 rm -fR $(HTMLDIR)
224 ifneq ($(GENERATED_TE),)
225 rm -f $(GENERATED_TE)
226 endif
227 ifneq ($(GENERATED_IF),)
228 rm -f $(GENERATED_IF)
229 endif
230 ifneq ($(GENERATED_FC),)
231 rm -f $(GENERATED_FC)
232 endif
234 .PHONY: install-src install-appconfig conf html bare