eclass/selinux-policy.eclass


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

# Copyright 1999-2003 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/eclass/selinux-policy.eclass,v 1.9 2004/05/11 13:02:05 vapier Exp $

# Eclass for installing SELinux policy, and optionally
# reloading the policy

ECLASS="selinux-policy"
INHERITED="$INHERITED $ECLASS"

HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
SRC_URI="mirror://gentoo/${P}.tar.bz2"

LICENSE="GPL-2"
SLOT="0"
S="${WORKDIR}/${PN/selinux-}"

IUSE=""

RDEPEND=">=sec-policy/selinux-base-policy-20030729"

[ -z "${POLICYDIR}" ] && POLICYDIR="/etc/security/selinux/src/policy"

SAVENAME="`date +%Y%m%d%H%M`-${PN}.tar.bz2"
SAVEDIR="`echo "${POLICYDIR}" | cut -d/ -f6`"

selinux-policy_src_compile() {
	cd ${S}

	einfo "Backup of policy source is \"${SAVENAME}\"."
	debug-print "POLICYDIR is \"${POLICYDIR}\""
	debug-print "SAVEDIR is \"${SAVEDIR}\""

	# create a backup of the current policy
	tar -C /etc/security/selinux/src  --exclude policy.12 --exclude tmp \
		--exclude policy.conf -jcf ${SAVENAME} ${SAVEDIR}/
}

selinux-policy_src_install() {
	cd ${S}

	insinto /etc/security/selinux/src/policy-backup
	doins ${SAVENAME}

	if [ -n "${TEFILES}" ]; then
		debug-print "TEFILES is \"${TEFILES}\""
		insinto ${POLICYDIR}/domains/program
		doins ${TEFILES} || die
	fi

	if [ -n "${FCFILES}" ]; then
		debug-print "FCFILES is \"${FCFILES}\""
		insinto ${POLICYDIR}/file_contexts/program
		doins ${FCFILES} || die
	fi

	if [ -n "${MACROS}" ]; then
		debug-print "MACROS is \"${MACROS}\""
		insinto ${POLICYDIR}/macros/program
		doins ${MACROS} || die
	fi
}

selinux-policy_pkg_postinst() {
	if has "loadpolicy" $FEATURES ; then
		ebegin "Automatically loading policy"
		make -C ${POLICYDIR} load
		eend $?

		ebegin "Regenerating file contexts"
		[ -f ${POLICYDIR}/file_contexts/file_contexts ] && \
			rm -f ${POLICYDIR}/file_contexts/file_contexts
		make -C ${POLICYDIR} file_contexts/file_contexts &> /dev/null

		# do a test relabel to make sure file
		# contexts work (doesnt change any labels)
		echo "/etc/passwd" | /usr/sbin/setfiles \
			${POLICYDIR}/file_contexts/file_contexts -sqn
		eend $?
	else
		echo
		echo
		eerror "Policy has not been loaded.  It is strongly suggested"
		eerror "that the policy be loaded before continuing!!"
		echo
		einfo "Automatic policy loading can be enabled by adding"
		einfo "\"loadpolicy\" to the FEATURES in make.conf."
		echo
		echo
		echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
		echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
		echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
		echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
		echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
		echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
		echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
		echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
		sleep 4
	fi
}

EXPORT_FUNCTIONS src_compile src_install pkg_postinst