refpolicy*: SELinux policy init version.

2026-01-01 13:58:04 +00:00 · 2012-04-10 14:36:44 +08:00 · 2012-04-10 14:36:44 +08:00 · 1139c40cb6
commit 1139c40cb6
parent e0704aaff6
4 changed files with 107 additions and 0 deletions
--- a/recipes-security/refpolicy/refpolicy-mls_2.20120215.bb
+++ b/recipes-security/refpolicy/refpolicy-mls_2.20120215.bb
@ -0,0 +1,23 @@
+SUMMARY = "MLS (Multi Level Security) variant of the SELinux policy"
+DESCRIPTION = "\
+This is the reference policy for SE Linux built with MLS support. \
+It allows giving data labels such as \"Top Secret\" and preventing \
+such data from leaking to processes or files with lower classification. \
+"
+
+PR = "r0"
+
+POLICY_NAME = "mls"
+POLICY_TYPE = "mls"
+POLICY_DISTRO = "redhat"
+POLICY_UNK_PERMS = "allow"
+POLICY_DIRECT_INITRC = "n"
+POLICY_MONOLITHIC = "n"
+POLICY_CUSTOM_BUILDOPT = ""
+POLICY_QUIET = "y"
+
+POLICY_MLS_SENS = "16"
+POLICY_MLS_CATS = "1024"
+POLICY_MCS_CATS = "1024"
+
+include refpolicy_${PV}.inc
--- a/recipes-security/refpolicy/refpolicy_2.20120215.bb
+++ b/recipes-security/refpolicy/refpolicy_2.20120215.bb
@ -0,0 +1,17 @@
+SUMMARY = "Standard variants of the SELinux policy"
+DESCRIPTION = "\
+This is the reference policy for SELinux built with type enforcement \
+only."
+
+PR = "r0"
+
+POLICY_NAME = "standard"
+POLICY_TYPE = "standard"
+POLICY_DISTRO = "redhat"
+POLICY_UNK_PERMS = "allow"
+POLICY_DIRECT_INITRC = "n"
+POLICY_MONOLITHIC = "n"
+POLICY_CUSTOM_BUILDOPT = ""
+POLICY_QUIET = "y"
+
+include refpolicy_${PV}.inc
--- a/recipes-security/refpolicy/refpolicy_2.20120215.inc
+++ b/recipes-security/refpolicy/refpolicy_2.20120215.inc
@ -0,0 +1,5 @@
+SRC_URI = "http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2;"
+SRC_URI[md5sum] = "618a24cfed3b3ee09084fb2c179de92e"
+SRC_URI[sha256sum] = "6df77faf62f73bd1f6e3bfca3fa2f77cdfd2cada94a7dcc4816ed9bbcf3545dc"
+
+include refpolicy_common.inc
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@ -0,0 +1,62 @@
+SECTION = "base"
+LICENSE = "GPLv2"
+
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+S = "${WORKDIR}/refpolicy"
+
+DEPENDS += "checkpolicy-native policycoreutils-native python-native m4-native"
+
+inherit autotools
+
+PARALLEL_MAKE = ""
+
+EXTRA_OEMAKE += "NAME=${POLICY_NAME} \
+	TYPE=${POLICY_TYPE} \
+	DISTRO=${POLICY_DISTRO} \
+	UNK_PERMS=${POLICY_UNK_PERMS} \
+	DIRECT_INITRC=${POLICY_DIRECT_INITRC} \
+	MONOLITHIC=${POLICY_MONOLITHIC} \
+	CUSTOM_BUILDOPT=${POLICY_CUSTOM_BUILDOPT} \
+	QUIET=${POLICY_QUIET} \
+	MLS_SENS=${POLICY_MLS_SENS} \
+	MLS_CATS=${POLICY_MLS_CATS} \
+	MCS_CATS=${POLICY_MCS_CATS}"
+
+EXTRA_OEMAKE += "tc_usrbindir=${STAGING_BINDIR_NATIVE}"
+EXTRA_OEMAKE += "OUTPUT_POLICY=`${STAGING_BINDIR_NATIVE}/checkpolicy -V | cut -d' ' -f1`"
+EXTRA_OEMAKE += "CC='${BUILD_CC}' CFLAGS='${BUILD_CFLAGS}'"
+
+do_compile() {
+	oe_runmake conf
+	oe_runmake policy
+}
+
+do_install() {
+	oe_runmake install \
+		DESTDIR=${D}
+
+	# Prepare to create policy store
+	mkdir -p ${D}/etc/selinux/
+	cat <<-EOF > ${D}/etc/selinux/semanage.conf
+module-store = direct
+[setfiles]
+path = ${STAGING_DIR_NATIVE}${base_sbindir_native}/setfiles
+args = -q -c \$@ \$<
+[end]
+EOF
+	mkdir -p ${D}/etc/selinux/${POLICY_NAME}/policy
+	mkdir -p ${D}/etc/selinux/${POLICY_NAME}/modules/active/modules
+	mkdir -p ${D}/etc/selinux/${POLICY_NAME}/contexts/files
+	bzip2 -c ${D}/usr/share/selinux/${POLICY_NAME}/base.pp  > \
+		${D}/etc/selinux/${POLICY_NAME}/modules/active/base.pp
+	for i in ${D}/usr/share/selinux/${POLICY_NAME}/*.pp; do
+		if [ "`basename $i`" != "base.pp" ]; then
+			bzip2 -c $i > ${D}/etc/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`;
+		fi
+	done
+
+	# Create policy store and build the policy
+	semodule -p ${D} -s ${POLICY_NAME} -n -B
+	rm -f ${D}/etc/selinux/semanage.conf
+}