summaryrefslogtreecommitdiff
blob: 39ad67ac622b7ec26b3036f69df90f701f80f133 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/eclass/selinux-policy.eclass,v 1.17 2009/08/02 02:58:25 pebenito Exp $

# Eclass for installing SELinux policy, and optionally
# reloading the policy

inherit eutils

HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
SRC_URI="mirror://gentoo/${P}.tar.bz2"

LICENSE="GPL-2"
SLOT="0"
S="${WORKDIR}/${PN/selinux-}"

IUSE=""

RDEPEND=">=sec-policy/selinux-base-policy-20030729"

selinux-policy_src_compile() {
	cd "${S}"

	[ -z "${POLICYDIR}" ] && POLICYDIR="/etc/security/selinux/src/policy"
	SAVENAME="`date +%Y%m%d%H%M`-${PN}.tar.bz2"
	SAVEDIR="`echo "${POLICYDIR}" | cut -d/ -f6`"

	einfo "Backup of policy source is \"${SAVENAME}\"."
	debug-print "POLICYDIR is \"${POLICYDIR}\""
	debug-print "SAVEDIR is \"${SAVEDIR}\""

	# create a backup of the current policy
	tar -C /etc/security/selinux/src --exclude tmp \
		--exclude policy.conf -jcf ${SAVENAME} ${SAVEDIR}/
}

selinux-policy_src_install() {
	cd "${S}"

	insinto /etc/security/selinux/src/policy-backup
	doins *-${PN}.tar.bz2

	if [ -n "${TEFILES}" ]; then
		debug-print "TEFILES is \"${TEFILES}\""
		insinto ${POLICYDIR}/domains/program
		doins ${TEFILES} || die
	fi

	if [ -n "${TEMISC}" ]; then
		debug-print "TEMISC is \"${TEMISC}\""
		insinto ${POLICYDIR}/domains/misc
		doins ${TEMISC} || die
	fi

	if [ -n "${FCFILES}" ]; then
		debug-print "FCFILES is \"${FCFILES}\""
		insinto ${POLICYDIR}/file_contexts/program
		doins ${FCFILES} || die
	fi

	if [ -n "${FCMISC}" ]; then
		debug-print "FCMISC is \"${FCMISC}\""
		insinto ${POLICYDIR}/file_contexts/misc
		doins ${FCMISC} || die
	fi

	if [ -n "${MACROS}" ]; then
		debug-print "MACROS is \"${MACROS}\""
		insinto ${POLICYDIR}/macros/program
		doins ${MACROS} || die
	fi
}

selinux-policy_pkg_postinst() {
	if has "loadpolicy" $FEATURES ; then
		if [ -x /usr/bin/checkpolicy -a -x /usr/sbin/load_policy -a -x /usr/sbin/setfiles ]; then
			# only do this if all tools are installed

			ebegin "Automatically loading policy"
			make -C ${POLICYDIR} load
			eend $?

			ebegin "Regenerating file contexts"
			[ -f ${POLICYDIR}/file_contexts/file_contexts ] && \
				rm -f ${POLICYDIR}/file_contexts/file_contexts
			make -C ${POLICYDIR} file_contexts/file_contexts &> /dev/null

			# do a test relabel to make sure file
			# contexts work (doesnt change any labels)
			echo "/etc/passwd" | /usr/sbin/setfiles \
				${POLICYDIR}/file_contexts/file_contexts -sqn
			eend $?
		fi
	else
		echo
		echo
		eerror "Policy has not been loaded.  It is strongly suggested"
		eerror "that the policy be loaded before continuing!!"
		echo
		einfo "Automatic policy loading can be enabled by adding"
		einfo "\"loadpolicy\" to the FEATURES in make.conf."
		echo
		echo
		ebeep 4
		epause 4
	fi
}

EXPORT_FUNCTIONS src_compile src_install pkg_postinst