refpolicy-minimum: update prepare_policy_store

* update prepare_policy_store() for supporting SELinux 2.4 & CIL, the logic is from refpolicy_common.inc but with minimum set of policy modules; * add extra policy modules that required by sysnetwork, without those modules the install process will fail with error: | Failed to resolve roletype statement at 62 of \ .../image/var/lib/selinux/minimum/tmp/modules/100/sysnetwork/cil | Failed to resolve ast | semodule: Failed! Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
author: Wenzong Fan <wenzong.fan@windriver.com> 2015-10-27 06:25:04 -0400
committer: Joe MacDonald <joe_macdonald@mentor.com> 2015-11-27 09:18:13 -0500
commit: bfaf278116e6c3a04bb82c9f8a4f8629a0a85df8 (patch)
tree: fbab0a7f9980c3c8d04d8435e139325e433fa1d2
parent: 4f5fea9bce28f676933ee7b8d00e9b4c65935667 (diff)
download: meta-selinux-bfaf278116e6c3a04bb82c9f8a4f8629a0a85df8.tar.gz
1 files changed, 30 insertions, 11 deletions
diff --git a/recipes-security/refpolicy/refpolicy-minimum_git.bb b/recipes-security/refpolicy/refpolicy-minimum_git.bb
index b275821..47ed558 100644
--- a/recipes-security/refpolicy/refpolicy-minimum_git.bb
+++ b/recipes-security/refpolicy/refpolicy-minimum_git.bb
@@ -26,23 +26,42 @@ EXTRA_POLICY_MODULES += "nscd"
 # "login", so "login" process will access to /var/spool/mail.
 EXTRA_POLICY_MODULES += "mta"
+# sysnetwork requires type definitions (insmod_t, consoletype_t,
+# hostname_t, ping_t, netutils_t) from modules:
+EXTRA_POLICY_MODULES += "modutils consoletype hostname netutils"
 POLICY_MODULES_MIN = "${CORE_POLICY_MODULES} ${EXTRA_POLICY_MODULES}"
 # re-write the same func from refpolicy_common.inc
 prepare_policy_store () {
        oe_runmake 'DESTDIR=${D}' 'prefix=${D}${prefix}' install
+        POL_PRIORITY=100
+        POL_SRC=${D}${datadir}/selinux/${POLICY_NAME}
+        POL_STORE=${D}${localstatedir}/lib/selinux/${POLICY_NAME}
+        POL_ACTIVE_MODS=${POL_STORE}/active/modules/${POL_PRIORITY}
        # Prepare to create policy store
-        mkdir -p ${D}${sysconfdir}/selinux/
+        mkdir -p ${POL_STORE}
-        mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/policy
+        mkdir -p ${POL_ACTIVE_MODS}
-        mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules
-        mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files
+        # get hll type from suffix on base policy module
-        touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local
+        HLL_TYPE=$(echo ${POL_SRC}/base.* | awk -F . '{if (NF>1) {print $NF}}')
-        for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
+        HLL_BIN=${STAGING_DIR_NATIVE}${prefix}/libexec/selinux/hll/${HLL_TYPE}
-                bzip2 -f $i && mv -f $i.bz2 $i
-        done
+        for i in base ${POLICY_MODULES_MIN}; do
-        cp base.pp ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
+                MOD_FILE=${POL_SRC}/${i}.${HLL_TYPE}
-        for i in ${POLICY_MODULES_MIN}; do
+                MOD_DIR=${POL_ACTIVE_MODS}/${i}
-                cp ${i}.pp ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i.pp`
+                mkdir -p ${MOD_DIR}
+                echo -n "${HLL_TYPE}" > ${MOD_DIR}/lang_ext
+                if ! bzip2 -t ${MOD_FILE} >/dev/null 2>&1; then
+                        ${HLL_BIN} ${MOD_FILE} | bzip2 --stdout > ${MOD_DIR}/cil
+                        bzip2 -f ${MOD_FILE} && mv -f ${MOD_FILE}.bz2 ${MOD_FILE}
+                else
+                        bunzip2 --stdout ${MOD_FILE} | \
+                                ${HLL_BIN} | \
+                                bzip2 --stdout > ${MOD_DIR}/cil
+                fi
+                cp ${MOD_FILE} ${MOD_DIR}/hll
        done
 }
author	Wenzong Fan <wenzong.fan@windriver.com>	2015-10-27 06:25:04 -0400
committer	Joe MacDonald <joe_macdonald@mentor.com>	2015-11-27 09:18:13 -0500
commit	bfaf278116e6c3a04bb82c9f8a4f8629a0a85df8 (patch)
tree	fbab0a7f9980c3c8d04d8435e139325e433fa1d2
parent	4f5fea9bce28f676933ee7b8d00e9b4c65935667 (diff)
download	meta-selinux-bfaf278116e6c3a04bb82c9f8a4f8629a0a85df8.tar.gz

diff --git a/recipes-security/refpolicy/refpolicy-minimum_git.bb b/recipes-security/refpolicy/refpolicy-minimum_git.bb index b275821..47ed558 100644 --- a/recipes-security/refpolicy/refpolicy-minimum_git.bb +++ b/recipes-security/refpolicy/refpolicy-minimum_git.bb
@@ -26,23 +26,42 @@ EXTRA_POLICY_MODULES += "nscd"
26	# "login", so "login" process will access to /var/spool/mail.	26	# "login", so "login" process will access to /var/spool/mail.
27	EXTRA_POLICY_MODULES += "mta"	27	EXTRA_POLICY_MODULES += "mta"
28		28
		29	# sysnetwork requires type definitions (insmod_t, consoletype_t,
		30	# hostname_t, ping_t, netutils_t) from modules:
		31	EXTRA_POLICY_MODULES += "modutils consoletype hostname netutils"
		32
29	POLICY_MODULES_MIN = "${CORE_POLICY_MODULES} ${EXTRA_POLICY_MODULES}"	33	POLICY_MODULES_MIN = "${CORE_POLICY_MODULES} ${EXTRA_POLICY_MODULES}"
30		34
31	# re-write the same func from refpolicy_common.inc	35	# re-write the same func from refpolicy_common.inc
32	prepare_policy_store () {	36	prepare_policy_store () {
33	oe_runmake 'DESTDIR=${D}' 'prefix=${D}${prefix}' install	37	oe_runmake 'DESTDIR=${D}' 'prefix=${D}${prefix}' install
		38	POL_PRIORITY=100
		39	POL_SRC=${D}${datadir}/selinux/${POLICY_NAME}
		40	POL_STORE=${D}${localstatedir}/lib/selinux/${POLICY_NAME}
		41	POL_ACTIVE_MODS=${POL_STORE}/active/modules/${POL_PRIORITY}
34		42
35	# Prepare to create policy store	43	# Prepare to create policy store
36	mkdir -p ${D}${sysconfdir}/selinux/	44	mkdir -p ${POL_STORE}
37	mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/policy	45	mkdir -p ${POL_ACTIVE_MODS}
38	mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules	46
39	mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files	47	# get hll type from suffix on base policy module
40	touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local	48	HLL_TYPE=$(echo ${POL_SRC}/base.* \| awk -F . '{if (NF>1) {print $NF}}')
41	for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do	49	HLL_BIN=${STAGING_DIR_NATIVE}${prefix}/libexec/selinux/hll/${HLL_TYPE}
42	bzip2 -f $i && mv -f $i.bz2 $i	50
43	done	51	for i in base ${POLICY_MODULES_MIN}; do
44	cp base.pp ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp	52	MOD_FILE=${POL_SRC}/${i}.${HLL_TYPE}
45	for i in ${POLICY_MODULES_MIN}; do	53	MOD_DIR=${POL_ACTIVE_MODS}/${i}
46	cp ${i}.pp ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i.pp`	54	mkdir -p ${MOD_DIR}
		55	echo -n "${HLL_TYPE}" > ${MOD_DIR}/lang_ext
		56
		57	if ! bzip2 -t ${MOD_FILE} >/dev/null 2>&1; then
		58	${HLL_BIN} ${MOD_FILE} \| bzip2 --stdout > ${MOD_DIR}/cil
		59	bzip2 -f ${MOD_FILE} && mv -f ${MOD_FILE}.bz2 ${MOD_FILE}
		60	else
		61	bunzip2 --stdout ${MOD_FILE} \| \
		62	${HLL_BIN} \| \
		63	bzip2 --stdout > ${MOD_DIR}/cil
		64	fi
		65	cp ${MOD_FILE} ${MOD_DIR}/hll
47	done	66	done
48	}	67	}