[OpenWrt-Devel] [PATCH packages 09/11] admin/refpolicy: new package
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Fri Nov 22 04:55:54 EST 2019
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
---
admin/refpolicy/Makefile | 78 ++++++++++++++++++++++++++++
admin/refpolicy/files/selinux-config | 7 +++
2 files changed, 85 insertions(+)
create mode 100644 admin/refpolicy/Makefile
create mode 100644 admin/refpolicy/files/selinux-config
diff --git a/admin/refpolicy/Makefile b/admin/refpolicy/Makefile
new file mode 100644
index 000000000..fcf13cedf
--- /dev/null
+++ b/admin/refpolicy/Makefile
@@ -0,0 +1,78 @@
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=refpolicy
+PKG_VERSION:=2.20190201
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20190201
+PKG_HASH:=ed620dc91c4e09eee6271b373f7c61a364a82ea57bd2dc86ca1f7075304e2843
+PKG_INSTALL:=1
+PKG_BUILD_DEPENDS:=checkpolicy/host policycoreutils/host
+
+PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni at bootlin.com>
+
+TAR_OPTIONS:=--transform='s%^refpolicy%$(PKG_NAME)-$(PKG_VERSION)%' -xf -
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/refpolicy
+ SECTION:=admin
+ CATEGORY:=Administration
+ TITLE:=SELinux reference policy
+ URL:=http://selinuxproject.org/page/Main_Page
+ DEPENDS:=+ at TARGET_ROOTFS_NEEDS_XATTR
+endef
+
+define Package/refpolicy/description
+ The SELinux Reference Policy project (refpolicy) is a
+ complete SELinux policy that can be used as the system
+ policy for a variety of systems and used as the basis for
+ creating other policies. Reference Policy was originally
+ based on the NSA example policy, but aims to accomplish many
+ additional goals.
+
+ The current refpolicy does not fully support OpenWRT and
+ needs modifications to work with the default system file
+ layout. These changes should be added as patches to the
+ refpolicy that modify a single SELinux policy.
+
+ The refpolicy works for the most part in permissive
+ mode. Only the basic set of utilities are enabled in the
+ example policy config and some of the pathing in the
+ policies is not correct. Individual policies would need to
+ be tweaked to get everything functioning properly.
+endef
+
+# Yes, we want CC=$(HOSTCC) because the only code that checkpolicy
+# builds is a small host tool that gets run as part of the build
+# process.
+MAKE_FLAGS += \
+ TEST_TOOLCHAIN=$(STAGING_DIR_HOSTPKG) \
+ BINDIR=/bin \
+ SBINDIR=/sbin \
+ CC=$(HOSTCC) \
+ CFLAGS=$(HOST_CFLAGS)
+
+define Build/Configure
+ $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf
+ $(SED) "/NAME/c\NAME = targeted" $(PKG_BUILD_DIR)/build.conf
+ $(call Build/Compile/Default,conf)
+endef
+
+define Package/refpolicy/conffiles
+/etc/selinux/config
+endef
+
+define Package/refpolicy/install
+ $(INSTALL_DIR) $(1)/etc/selinux
+ $(CP) $(PKG_INSTALL_DIR)/etc/selinux/* $(1)/etc/selinux/
+ $(CP) ./files/selinux-config $(1)/etc/selinux/config
+endef
+
+$(eval $(call BuildPackage,refpolicy))
diff --git a/admin/refpolicy/files/selinux-config b/admin/refpolicy/files/selinux-config
new file mode 100644
index 000000000..2ae174d29
--- /dev/null
+++ b/admin/refpolicy/files/selinux-config
@@ -0,0 +1,7 @@
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+# enforcing - SELinux security policy is enforced.
+# permissive - SELinux prints warnings instead of enforcing.
+# disabled - No SELinux policy is loaded.
+SELINUX=permissive
+SELINUXTYPE=targeted
--
2.23.0
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list