refpolicy*: SELinux policy init version.

author: Xin Ouyang <Xin.Ouyang@windriver.com> 2012-04-10 14:36:44 +0800
committer: Xin Ouyang <Xin.Ouyang@windriver.com> 2012-04-10 14:40:08 +0800
commit: 1139c40cb687deefddc31c5fbc8ab61f3d50402f (patch)
tree: 0661608c046b8eb2c74ac1dd8f4e90df413af4f2
parent: e0704aaff6d4d6e239c2ffc5f5f1d062f03d674e (diff)
download: meta-selinux-1139c40cb687deefddc31c5fbc8ab61f3d50402f.tar.gz
4 files changed, 107 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy-mls_2.20120215.bb b/recipes-security/refpolicy/refpolicy-mls_2.20120215.bb
new file mode 100644
index 0000000..61577a9
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy-mls_2.20120215.bb
@@ -0,0 +1,23 @@
+SUMMARY = "MLS (Multi Level Security) variant of the SELinux policy"
+DESCRIPTION = "\
+This is the reference policy for SE Linux built with MLS support. \
+It allows giving data labels such as \"Top Secret\" and preventing \
+such data from leaking to processes or files with lower classification. \
+"
+PR = "r0"
+POLICY_NAME = "mls"
+POLICY_TYPE = "mls"
+POLICY_DISTRO = "redhat"
+POLICY_UNK_PERMS = "allow"
+POLICY_DIRECT_INITRC = "n"
+POLICY_MONOLITHIC = "n"
+POLICY_CUSTOM_BUILDOPT = ""
+POLICY_QUIET = "y"
+POLICY_MLS_SENS = "16"
+POLICY_MLS_CATS = "1024"
+POLICY_MCS_CATS = "1024"
+include refpolicy_${PV}.inc
diff --git a/recipes-security/refpolicy/refpolicy_2.20120215.bb b/recipes-security/refpolicy/refpolicy_2.20120215.bb
new file mode 100644
index 0000000..b64a461
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy_2.20120215.bb
@@ -0,0 +1,17 @@
+SUMMARY = "Standard variants of the SELinux policy"
+DESCRIPTION = "\
+This is the reference policy for SELinux built with type enforcement \
+only."
+PR = "r0"
+POLICY_NAME = "standard"
+POLICY_TYPE = "standard"
+POLICY_DISTRO = "redhat"
+POLICY_UNK_PERMS = "allow"
+POLICY_DIRECT_INITRC = "n"
+POLICY_MONOLITHIC = "n"
+POLICY_CUSTOM_BUILDOPT = ""
+POLICY_QUIET = "y"
+include refpolicy_${PV}.inc
diff --git a/recipes-security/refpolicy/refpolicy_2.20120215.inc b/recipes-security/refpolicy/refpolicy_2.20120215.inc
new file mode 100644
index 0000000..e31db64
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy_2.20120215.inc
@@ -0,0 +1,5 @@
+SRC_URI = "http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2;"
+SRC_URI[md5sum] = "618a24cfed3b3ee09084fb2c179de92e"
+SRC_URI[sha256sum] = "6df77faf62f73bd1f6e3bfca3fa2f77cdfd2cada94a7dcc4816ed9bbcf3545dc"
+include refpolicy_common.inc
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
new file mode 100644
index 0000000..cdb3eb0
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -0,0 +1,62 @@
+SECTION = "base"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
+S = "${WORKDIR}/refpolicy"
+DEPENDS += "checkpolicy-native policycoreutils-native python-native m4-native"
+inherit autotools
+PARALLEL_MAKE = ""
+EXTRA_OEMAKE += "NAME=${POLICY_NAME} \
+        TYPE=${POLICY_TYPE} \
+        DISTRO=${POLICY_DISTRO} \
+        UNK_PERMS=${POLICY_UNK_PERMS} \
+        DIRECT_INITRC=${POLICY_DIRECT_INITRC} \
+        MONOLITHIC=${POLICY_MONOLITHIC} \
+        CUSTOM_BUILDOPT=${POLICY_CUSTOM_BUILDOPT} \
+        QUIET=${POLICY_QUIET} \
+        MLS_SENS=${POLICY_MLS_SENS} \
+        MLS_CATS=${POLICY_MLS_CATS} \
+        MCS_CATS=${POLICY_MCS_CATS}"
+EXTRA_OEMAKE += "tc_usrbindir=${STAGING_BINDIR_NATIVE}"
+EXTRA_OEMAKE += "OUTPUT_POLICY=`${STAGING_BINDIR_NATIVE}/checkpolicy -V | cut -d' ' -f1`"
+EXTRA_OEMAKE += "CC='${BUILD_CC}' CFLAGS='${BUILD_CFLAGS}'"
+do_compile() {
+        oe_runmake conf
+        oe_runmake policy
+}
+do_install() {
+        oe_runmake install \
+                DESTDIR=${D}
+        # Prepare to create policy store
+        mkdir -p ${D}/etc/selinux/
+        cat <<-EOF > ${D}/etc/selinux/semanage.conf
+module-store = direct
+[setfiles]
+path = ${STAGING_DIR_NATIVE}${base_sbindir_native}/setfiles
+args = -q -c \$@ \$<
+[end]
+EOF
+        mkdir -p ${D}/etc/selinux/${POLICY_NAME}/policy
+        mkdir -p ${D}/etc/selinux/${POLICY_NAME}/modules/active/modules
+        mkdir -p ${D}/etc/selinux/${POLICY_NAME}/contexts/files
+        bzip2 -c ${D}/usr/share/selinux/${POLICY_NAME}/base.pp  > \
+                ${D}/etc/selinux/${POLICY_NAME}/modules/active/base.pp
+        for i in ${D}/usr/share/selinux/${POLICY_NAME}/*.pp; do
+                if [ "`basename $i`" != "base.pp" ]; then
+                        bzip2 -c $i > ${D}/etc/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`;
+                fi
+        done
+        # Create policy store and build the policy
+        semodule -p ${D} -s ${POLICY_NAME} -n -B
+        rm -f ${D}/etc/selinux/semanage.conf
+}
author	Xin Ouyang <Xin.Ouyang@windriver.com>	2012-04-10 14:36:44 +0800
committer	Xin Ouyang <Xin.Ouyang@windriver.com>	2012-04-10 14:40:08 +0800
commit	1139c40cb687deefddc31c5fbc8ab61f3d50402f (patch)
tree	0661608c046b8eb2c74ac1dd8f4e90df413af4f2
parent	e0704aaff6d4d6e239c2ffc5f5f1d062f03d674e (diff)
download	meta-selinux-1139c40cb687deefddc31c5fbc8ab61f3d50402f.tar.gz

diff --git a/recipes-security/refpolicy/refpolicy-mls_2.20120215.bb b/recipes-security/refpolicy/refpolicy-mls_2.20120215.bb new file mode 100644 index 0000000..61577a9 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-mls_2.20120215.bb
@@ -0,0 +1,23 @@
	1	SUMMARY = "MLS (Multi Level Security) variant of the SELinux policy"
	2	DESCRIPTION = "\
	3	This is the reference policy for SE Linux built with MLS support. \
	4	It allows giving data labels such as \"Top Secret\" and preventing \
	5	such data from leaking to processes or files with lower classification. \
	6	"
	7
	8	PR = "r0"
	9
	10	POLICY_NAME = "mls"
	11	POLICY_TYPE = "mls"
	12	POLICY_DISTRO = "redhat"
	13	POLICY_UNK_PERMS = "allow"
	14	POLICY_DIRECT_INITRC = "n"
	15	POLICY_MONOLITHIC = "n"
	16	POLICY_CUSTOM_BUILDOPT = ""
	17	POLICY_QUIET = "y"
	18
	19	POLICY_MLS_SENS = "16"
	20	POLICY_MLS_CATS = "1024"
	21	POLICY_MCS_CATS = "1024"
	22
	23	include refpolicy_${PV}.inc


diff --git a/recipes-security/refpolicy/refpolicy_2.20120215.bb b/recipes-security/refpolicy/refpolicy_2.20120215.bb new file mode 100644 index 0000000..b64a461 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy_2.20120215.bb
@@ -0,0 +1,17 @@
	1	SUMMARY = "Standard variants of the SELinux policy"
	2	DESCRIPTION = "\
	3	This is the reference policy for SELinux built with type enforcement \
	4	only."
	5
	6	PR = "r0"
	7
	8	POLICY_NAME = "standard"
	9	POLICY_TYPE = "standard"
	10	POLICY_DISTRO = "redhat"
	11	POLICY_UNK_PERMS = "allow"
	12	POLICY_DIRECT_INITRC = "n"
	13	POLICY_MONOLITHIC = "n"
	14	POLICY_CUSTOM_BUILDOPT = ""
	15	POLICY_QUIET = "y"
	16
	17	include refpolicy_${PV}.inc


diff --git a/recipes-security/refpolicy/refpolicy_2.20120215.inc b/recipes-security/refpolicy/refpolicy_2.20120215.inc new file mode 100644 index 0000000..e31db64 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy_2.20120215.inc
@@ -0,0 +1,5 @@
	1	SRC_URI = "http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2;"
	2	SRC_URI[md5sum] = "618a24cfed3b3ee09084fb2c179de92e"
	3	SRC_URI[sha256sum] = "6df77faf62f73bd1f6e3bfca3fa2f77cdfd2cada94a7dcc4816ed9bbcf3545dc"
	4
	5	include refpolicy_common.inc


diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc new file mode 100644 index 0000000..cdb3eb0 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -0,0 +1,62 @@
	1	SECTION = "base"
	2	LICENSE = "GPLv2"
	3
	4	LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
	5
	6	S = "${WORKDIR}/refpolicy"
	7
	8	DEPENDS += "checkpolicy-native policycoreutils-native python-native m4-native"
	9
	10	inherit autotools
	11
	12	PARALLEL_MAKE = ""
	13
	14	EXTRA_OEMAKE += "NAME=${POLICY_NAME} \
	15	TYPE=${POLICY_TYPE} \
	16	DISTRO=${POLICY_DISTRO} \
	17	UNK_PERMS=${POLICY_UNK_PERMS} \
	18	DIRECT_INITRC=${POLICY_DIRECT_INITRC} \
	19	MONOLITHIC=${POLICY_MONOLITHIC} \
	20	CUSTOM_BUILDOPT=${POLICY_CUSTOM_BUILDOPT} \
	21	QUIET=${POLICY_QUIET} \
	22	MLS_SENS=${POLICY_MLS_SENS} \
	23	MLS_CATS=${POLICY_MLS_CATS} \
	24	MCS_CATS=${POLICY_MCS_CATS}"
	25
	26	EXTRA_OEMAKE += "tc_usrbindir=${STAGING_BINDIR_NATIVE}"
	27	EXTRA_OEMAKE += "OUTPUT_POLICY=`${STAGING_BINDIR_NATIVE}/checkpolicy -V \| cut -d' ' -f1`"
	28	EXTRA_OEMAKE += "CC='${BUILD_CC}' CFLAGS='${BUILD_CFLAGS}'"
	29
	30	do_compile() {
	31	oe_runmake conf
	32	oe_runmake policy
	33	}
	34
	35	do_install() {
	36	oe_runmake install \
	37	DESTDIR=${D}
	38
	39	# Prepare to create policy store
	40	mkdir -p ${D}/etc/selinux/
	41	cat <<-EOF > ${D}/etc/selinux/semanage.conf
	42	module-store = direct
	43	[setfiles]
	44	path = ${STAGING_DIR_NATIVE}${base_sbindir_native}/setfiles
	45	args = -q -c \$@ \$<
	46	[end]
	47	EOF
	48	mkdir -p ${D}/etc/selinux/${POLICY_NAME}/policy
	49	mkdir -p ${D}/etc/selinux/${POLICY_NAME}/modules/active/modules
	50	mkdir -p ${D}/etc/selinux/${POLICY_NAME}/contexts/files
	51	bzip2 -c ${D}/usr/share/selinux/${POLICY_NAME}/base.pp > \
	52	${D}/etc/selinux/${POLICY_NAME}/modules/active/base.pp
	53	for i in ${D}/usr/share/selinux/${POLICY_NAME}/*.pp; do
	54	if [ "`basename $i`" != "base.pp" ]; then
	55	bzip2 -c $i > ${D}/etc/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`;
	56	fi
	57	done
	58
	59	# Create policy store and build the policy
	60	semodule -p ${D} -s ${POLICY_NAME} -n -B
	61	rm -f ${D}/etc/selinux/semanage.conf
	62	}