summaryrefslogtreecommitdiff
blob: ae4d411a8658cf69ccc3b4d3033be3e813b34557 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# Copyright 1999-2006 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/eclass/selinux-policy-2.eclass,v 1.3 2007/07/07 16:21:07 kaiowas Exp $

# Eclass for installing SELinux policy, and optionally
# reloading the reference-policy based modules

inherit eutils

IUSE=""

HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"

LICENSE="GPL-2"
SLOT="0"
S="${WORKDIR}/"

RDEPEND=">=sys-apps/policycoreutils-1.30.30
	>=sec-policy/selinux-base-policy-${PV}"

DEPEND="${RDEPEND}
	sys-devel/m4
	>=sys-apps/checkpolicy-1.30.12"

selinux-policy-2_src_unpack() {
	local modfiles
	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"

	unpack ${A}

	for i in ${MODS}; do
		modfiles="`find ${S}/refpolicy/policy/modules -iname $i.te` $modfiles"
		modfiles="`find ${S}/refpolicy/policy/modules -iname $i.fc` $modfiles"
		# use .if from headers
	done

	for i in ${POLICY_TYPES}; do
		mkdir ${S}/${i}
		cp ${S}/refpolicy/doc/Makefile.example ${S}/${i}/Makefile

		cp ${modfiles} ${S}/${i}

		if [ -n "${POLICY_PATCH}" ]; then
			cd ${S}/${i}
			epatch "${POLICY_PATCH}" || die "failed patch ${i}"
		fi

	done
}

selinux-policy-2_src_compile() {
	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"

	for i in ${POLICY_TYPES}; do
		make NAME=$i -C ${S}/${i} || die "${i} compile failed"
	done
}

selinux-policy-2_src_install() {
	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
	local BASEDIR="/usr/share/selinux"

	for i in ${POLICY_TYPES}; do
		for j in ${MODS}; do
			echo "Installing ${i} ${j} policy package"
			insinto ${BASEDIR}/${i}
			doins ${S}/${i}/${j}.pp
		done
	done
}

selinux-policy-2_pkg_postinst() {
	# build up the command in the case of multiple modules
	local COMMAND
	for i in ${MODS}; do
		COMMAND="-i ${i}.pp ${COMMAND}"
	done
	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"

	if has "loadpolicy" $FEATURES ; then
		for i in ${POLICY_TYPES}; do
			einfo "Inserting the following modules into the $i module store: ${MODS}"

			cd /usr/share/selinux/${i}
			semodule -s ${i} ${COMMAND}
		done
	else
		echo
		echo
		eerror "Policy has not been loaded.  It is strongly suggested"
		eerror "that the policy be loaded before continuing!!"
		echo
		einfo "Automatic policy loading can be enabled by adding"
		einfo "\"loadpolicy\" to the FEATURES in make.conf."
		echo
		echo
		ebeep 4
		epause 4
	fi
}

EXPORT_FUNCTIONS src_unpack src_compile src_install pkg_postinst