From 1139c40cb687deefddc31c5fbc8ab61f3d50402f Mon Sep 17 00:00:00 2001
From: Xin Ouyang <Xin.Ouyang@windriver.com>
Date: Tue, 10 Apr 2012 14:36:44 +0800
Subject: refpolicy*: SELinux policy init version.

---
 .../refpolicy/refpolicy-mls_2.20120215.bb          | 23 ++++++++
 recipes-security/refpolicy/refpolicy_2.20120215.bb | 17 ++++++
 .../refpolicy/refpolicy_2.20120215.inc             |  5 ++
 recipes-security/refpolicy/refpolicy_common.inc    | 62 ++++++++++++++++++++++
 4 files changed, 107 insertions(+)
 create mode 100644 recipes-security/refpolicy/refpolicy-mls_2.20120215.bb
 create mode 100644 recipes-security/refpolicy/refpolicy_2.20120215.bb
 create mode 100644 recipes-security/refpolicy/refpolicy_2.20120215.inc
 create mode 100644 recipes-security/refpolicy/refpolicy_common.inc

diff --git a/recipes-security/refpolicy/refpolicy-mls_2.20120215.bb b/recipes-security/refpolicy/refpolicy-mls_2.20120215.bb
new file mode 100644
index 0000000..61577a9
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy-mls_2.20120215.bb
@@ -0,0 +1,23 @@
+SUMMARY = "MLS (Multi Level Security) variant of the SELinux policy"
+DESCRIPTION = "\
+This is the reference policy for SE Linux built with MLS support. \
+It allows giving data labels such as \"Top Secret\" and preventing \
+such data from leaking to processes or files with lower classification. \
+"
+
+PR = "r0"
+
+POLICY_NAME = "mls"
+POLICY_TYPE = "mls"
+POLICY_DISTRO = "redhat"
+POLICY_UNK_PERMS = "allow"
+POLICY_DIRECT_INITRC = "n"
+POLICY_MONOLITHIC = "n"
+POLICY_CUSTOM_BUILDOPT = ""
+POLICY_QUIET = "y"
+
+POLICY_MLS_SENS = "16"
+POLICY_MLS_CATS = "1024"
+POLICY_MCS_CATS = "1024"
+
+include refpolicy_${PV}.inc
diff --git a/recipes-security/refpolicy/refpolicy_2.20120215.bb b/recipes-security/refpolicy/refpolicy_2.20120215.bb
new file mode 100644
index 0000000..b64a461
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy_2.20120215.bb
@@ -0,0 +1,17 @@
+SUMMARY = "Standard variants of the SELinux policy"
+DESCRIPTION = "\
+This is the reference policy for SELinux built with type enforcement \
+only."
+
+PR = "r0"
+
+POLICY_NAME = "standard"
+POLICY_TYPE = "standard"
+POLICY_DISTRO = "redhat"
+POLICY_UNK_PERMS = "allow"
+POLICY_DIRECT_INITRC = "n"
+POLICY_MONOLITHIC = "n"
+POLICY_CUSTOM_BUILDOPT = ""
+POLICY_QUIET = "y"
+
+include refpolicy_${PV}.inc
diff --git a/recipes-security/refpolicy/refpolicy_2.20120215.inc b/recipes-security/refpolicy/refpolicy_2.20120215.inc
new file mode 100644
index 0000000..e31db64
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy_2.20120215.inc
@@ -0,0 +1,5 @@
+SRC_URI = "http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2;"
+SRC_URI[md5sum] = "618a24cfed3b3ee09084fb2c179de92e"
+SRC_URI[sha256sum] = "6df77faf62f73bd1f6e3bfca3fa2f77cdfd2cada94a7dcc4816ed9bbcf3545dc"
+
+include refpolicy_common.inc
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
new file mode 100644
index 0000000..cdb3eb0
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -0,0 +1,62 @@
+SECTION = "base"
+LICENSE = "GPLv2"
+
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+S = "${WORKDIR}/refpolicy"
+
+DEPENDS += "checkpolicy-native policycoreutils-native python-native m4-native"
+
+inherit autotools
+
+PARALLEL_MAKE = ""
+
+EXTRA_OEMAKE += "NAME=${POLICY_NAME} \
+	TYPE=${POLICY_TYPE} \
+	DISTRO=${POLICY_DISTRO} \
+	UNK_PERMS=${POLICY_UNK_PERMS} \
+	DIRECT_INITRC=${POLICY_DIRECT_INITRC} \
+	MONOLITHIC=${POLICY_MONOLITHIC} \
+	CUSTOM_BUILDOPT=${POLICY_CUSTOM_BUILDOPT} \
+	QUIET=${POLICY_QUIET} \
+	MLS_SENS=${POLICY_MLS_SENS} \
+	MLS_CATS=${POLICY_MLS_CATS} \
+	MCS_CATS=${POLICY_MCS_CATS}"
+
+EXTRA_OEMAKE += "tc_usrbindir=${STAGING_BINDIR_NATIVE}"
+EXTRA_OEMAKE += "OUTPUT_POLICY=`${STAGING_BINDIR_NATIVE}/checkpolicy -V | cut -d' ' -f1`"
+EXTRA_OEMAKE += "CC='${BUILD_CC}' CFLAGS='${BUILD_CFLAGS}'"
+
+do_compile() {
+	oe_runmake conf
+	oe_runmake policy
+}
+
+do_install() {
+	oe_runmake install \
+		DESTDIR=${D}
+
+	# Prepare to create policy store
+	mkdir -p ${D}/etc/selinux/
+	cat <<-EOF > ${D}/etc/selinux/semanage.conf
+module-store = direct
+[setfiles]
+path = ${STAGING_DIR_NATIVE}${base_sbindir_native}/setfiles
+args = -q -c \$@ \$<
+[end]
+EOF
+	mkdir -p ${D}/etc/selinux/${POLICY_NAME}/policy
+	mkdir -p ${D}/etc/selinux/${POLICY_NAME}/modules/active/modules
+	mkdir -p ${D}/etc/selinux/${POLICY_NAME}/contexts/files
+	bzip2 -c ${D}/usr/share/selinux/${POLICY_NAME}/base.pp  > \
+		${D}/etc/selinux/${POLICY_NAME}/modules/active/base.pp
+	for i in ${D}/usr/share/selinux/${POLICY_NAME}/*.pp; do
+		if [ "`basename $i`" != "base.pp" ]; then
+			bzip2 -c $i > ${D}/etc/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`;
+		fi
+	done
+
+	# Create policy store and build the policy
+	semodule -p ${D} -s ${POLICY_NAME} -n -B
+	rm -f ${D}/etc/selinux/semanage.conf
+}
-- 
cgit v1.2.3-54-g00ecf