[gentoo-commits] proj/hardened-dev:master commit in: eclass/ - gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-dev:master commit in: eclass/
Date:	Wed, 03 Aug 2011 08:29:18
Message-Id:	`6c782ad7479b4e661a8c0616f7f3bff17d04b1b0.SwifT@gentoo`

1

commit:     6c782ad7479b4e661a8c0616f7f3bff17d04b1b0

2

Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

3

AuthorDate: Wed Aug  3 08:28:32 2011 +0000

4

Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

5

CommitDate: Wed Aug  3 08:28:32 2011 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=6c782ad7

7

8

Adding updated selinux-policy-2 eclass

9

10

---

11

 eclass/selinux-policy-2.eclass |  195 ++++++++++++++++++++++++++++++++++++++++

12

 1 files changed, 195 insertions(+), 0 deletions(-)

13

14

diff --git a/eclass/selinux-policy-2.eclass b/eclass/selinux-policy-2.eclass

15

new file mode 100644

16

index 0000000..3c42633

17

--- /dev/null

18

+++ b/eclass/selinux-policy-2.eclass

19

@@ -0,0 +1,195 @@

20

+# Copyright 1999-2011 Gentoo Foundation

21

+# Distributed under the terms of the GNU General Public License v2

22

+# $Header: /var/cvsroot/gentoo-x86/eclass/selinux-policy-2.eclass,v 1.6 2011/05/20 19:06:07 blueness Exp $

23

+

24

+# Eclass for installing SELinux policy, and optionally

25

+# reloading the reference-policy based modules.

26

+

27

+# @ECLASS: selinux-policy-2.eclass

28

+# @MAINTAINER: 

29

+# selinux@g.o

30

+# @BLURB: This eclass supports the deployment of the various SELinux modules in sec-policy

31

+# @DESCRIPTION:

32

+# The selinux-policy-2.eclass supports deployment of the various SELinux modules

33

+# defined in the sec-policy category. It is responsible for extracting the

34

+# specific bits necessary for single-module deployment (instead of full-blown

35

+# policy rebuilds) and applying the necessary patches.

36

+#

37

+# Also, it supports for bundling patches to make the whole thing just a bit more

38

+# manageable.

39

+

40

+# @ECLASS-VARIABLE: MODS

41

+# @DESCRIPTION: 

42

+# This variable contains the (upstream) module name for the SELinux module.

43

+# This name is only the module name, not the category!

44

+: ${MODS:="_illegal"}

45

+

46

+# @ECLASS-VARIABLE: BASEPOL

47

+# @DESCRIPTION:

48

+# This variable contains the version string of the selinux-base-policy package

49

+# that this module build depends on. It is used to patch with the appropriate

50

+# patch bundle(s) that are part of selinux-base-policy. 

51

+: ${BASEPOL:="0"}

52

+

53

+# @ECLASS-VARIABLE: POLICY_PATCH

54

+# @DESCRIPTION:

55

+# This variable contains the additional patch(es) that need to be applied on top

56

+# of the patchset already contained within the BASEPOL variable. 

57

+: ${POLICY_PATCH:=""}

58

+

59

+# @ECLASS-VARIABLE: POLICY_TYPES

60

+# @DESCRIPTION:

61

+# This variable informs the eclass for which SELinux policies the module should

62

+# be built. Currently, Gentoo supports targeted, strict, mcs and mls.

63

+# This variable is the same POLICY_TYPES variable that we tell SELinux

64

+# users to set in /etc/make.conf. Therefor, it is not the module that should

65

+# override it, but the user.

66

+: ${POLICY_TYPES:="targeted strict mcs mls"}

67

+

68

+inherit eutils

69

+

70

+IUSE=""

71

+

72

+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"

73

+if [[ "${BASEPOL}" == "0" ]];

74

+then

75

+	SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"

76

+else

77

+	SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2

78

+		http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2"

79

+fi

80

+

81

+LICENSE="GPL-2"

82

+SLOT="0"

83

+S="${WORKDIR}/"

84

+PATCHBUNDLE="${DISTDIR}/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2"

85

+

86

+# Modules should always depend on at least the first release of the

87

+# selinux-base-policy for which they are generated.

88

+if [[ "${BASEPOL}" == "0" ]];

89

+then

90

+	RDEPEND=">=sys-apps/policycoreutils-2.0.82

91

+		>=sec-policy/selinux-base-policy-${PV}"

92

+else

93

+	RDEPEND=">=sys-apps/policycoreutils-2.0.82

94

+		>=sec-policy/selinux-base-policy-${BASEPOL}"

95

+fi

96

+DEPEND="${RDEPEND}

97

+	sys-devel/m4

98

+	>=sys-apps/checkpolicy-2.0.21"

99

+

100

+SELINUX_EXPF="src_unpack src_compile src_install pkg_postinst"

101

+case "${EAPI:-0}" in

102

+	2|3|4) SELINUX_EXPF+=" src_prepare" ;;

103

+	*) ;;

104

+esac

105

+

106

+EXPORT_FUNCTIONS ${SELINUX_EXPF}

107

+

108

+# @FUNCTION: selinux-policy-2_src_unpack

109

+# @DESCRIPTION:

110

+# Unpack the policy sources as offered by upstream (refpolicy). In case of EAPI

111

+# older than 2, call src_prepare too.

112

+selinux-policy-2_src_unpack() {

113

+	unpack ${A}

114

+

115

+	if [[ ${EAPI:-0} -le 1 ]];

116

+	then

117

+		# Call src_prepare explicitly for EAPI 0 or 1

118

+		selinux-policy-2_src_prepare

119

+	fi

120

+}

121

+

122

+# @FUNCTION: selinux-policy-2_src_prepare

123

+# @DESCRIPTION:

124

+# Patch the reference policy sources with our set of enhancements. Start with

125

+# the base patchbundle referred to by the ebuilds through the BASEPOL variable,

126

+# then apply the additional patches as offered by the ebuild.

127

+#

128

+# Next, extract only those files needed for this particular module (i.e. the .te

129

+# and .fc files for the given module in the MODS variable).

130

+#

131

+# Finally, prepare the build environments for each of the supported SELinux

132

+# types (such as targeted or strict), depending on the POLICY_TYPES variable

133

+# content.

134

+selinux-policy-2_src_prepare() {

135

+	local modfiles

136

+

137

+	# Patch the sources with the base patchbundle

138

+	if [[ "${BASEPOL}" != "0" ]];

139

+	then

140

+		cd "${S}"

141

+		epatch "${PATCHBUNDLE}"

142

+	fi

143

+

144

+	# Apply the additional patches refered to by the module ebuild

145

+	if [ -n "${POLICY_PATCH}" ];

146

+	then

147

+		for POLPATCH in "${POLICY_PATCH}";

148

+		do

149

+			cd "${S}/refpolicy/policy/modules"

150

+			# Although epatch dies in EAPI=4 by itself, we support other EAPIs

151

+			# too for the time being, so we explicitly die on it.

152

+			epatch "${POLPATCH}" || die "Failed to apply patch ${POLPATCH}"

153

+		done

154

+	fi

155

+

156

+	# Collect only those files needed for this particular module

157

+	for i in ${MODS}; do

158

+		modfiles="`find ${S}/refpolicy/policy/modules -iname $i.te` $modfiles"

159

+		modfiles="`find ${S}/refpolicy/policy/modules -iname $i.fc` $modfiles"

160

+	done

161

+

162

+	for i in ${POLICY_TYPES}; do

163

+		mkdir "${S}"/${i}

164

+		cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile

165

+

166

+		cp ${modfiles} "${S}"/${i}

167

+	done

168

+}

169

+

170

+# @FUNCTION: selinux-policy-2_src_compile

171

+# @DESCRIPTION: 

172

+# Build the SELinux policy module (.pp file) for just the selected module, and

173

+# this for each SELinux policy mentioned in POLICY_TYPES

174

+selinux-policy-2_src_compile() {

175

+	for i in ${POLICY_TYPES}; do

176

+		make NAME=$i -C "${S}"/${i} || die "${i} compile failed"

177

+	done

178

+}

179

+

180

+# @FUNCTION: selinux-policy-2_src_install

181

+# @DESCRIPTION:

182

+# Install the built .pp files in the correct subdirectory within

183

+# /usr/share/selinux.

184

+selinux-policy-2_src_install() {

185

+	local BASEDIR="/usr/share/selinux"

186

+

187

+	for i in ${POLICY_TYPES}; do

188

+		for j in ${MODS}; do

189

+			echo "Installing ${i} ${j} policy package"

190

+			insinto ${BASEDIR}/${i}

191

+			doins "${S}"/${i}/${j}.pp

192

+		done

193

+	done

194

+}

195

+

196

+# @FUNCTION: selinux-policy-2_pkg_postinst

197

+# @DESCRIPTION:

198

+# Install the built .pp files in the SELinux policy stores, effectively

199

+# activating the policy on the system.

200

+selinux-policy-2_pkg_postinst() {

201

+	# build up the command in the case of multiple modules

202

+	local COMMAND

203

+	for i in ${MODS}; do

204

+		COMMAND="-i ${i}.pp ${COMMAND}"

205

+	done

206

+

207

+	for i in ${POLICY_TYPES}; do

208

+		einfo "Inserting the following modules into the $i module store: ${MODS}"

209

+

210

+		cd /usr/share/selinux/${i}

211

+		semodule -s ${i} ${COMMAND} || die "Failed to load in modules ${MODS} in the $i policy store"

212

+	done

213

+}

214

+

1	commit: 6c782ad7479b4e661a8c0616f7f3bff17d04b1b0
2	Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3	AuthorDate: Wed Aug 3 08:28:32 2011 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Wed Aug 3 08:28:32 2011 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=6c782ad7
7
8	Adding updated selinux-policy-2 eclass
9
10	---
11	eclass/selinux-policy-2.eclass \| 195 ++++++++++++++++++++++++++++++++++++++++
12	1 files changed, 195 insertions(+), 0 deletions(-)
13
14	diff --git a/eclass/selinux-policy-2.eclass b/eclass/selinux-policy-2.eclass
15	new file mode 100644
16	index 0000000..3c42633
17	--- /dev/null
18	+++ b/eclass/selinux-policy-2.eclass
19	@@ -0,0 +1,195 @@
20	+# Copyright 1999-2011 Gentoo Foundation
21	+# Distributed under the terms of the GNU General Public License v2
22	+# $Header: /var/cvsroot/gentoo-x86/eclass/selinux-policy-2.eclass,v 1.6 2011/05/20 19:06:07 blueness Exp $
23	+
24	+# Eclass for installing SELinux policy, and optionally
25	+# reloading the reference-policy based modules.
26	+
27	+# @ECLASS: selinux-policy-2.eclass
28	+# @MAINTAINER:
29	+# selinux@g.o
30	+# @BLURB: This eclass supports the deployment of the various SELinux modules in sec-policy
31	+# @DESCRIPTION:
32	+# The selinux-policy-2.eclass supports deployment of the various SELinux modules
33	+# defined in the sec-policy category. It is responsible for extracting the
34	+# specific bits necessary for single-module deployment (instead of full-blown
35	+# policy rebuilds) and applying the necessary patches.
36	+#
37	+# Also, it supports for bundling patches to make the whole thing just a bit more
38	+# manageable.
39	+
40	+# @ECLASS-VARIABLE: MODS
41	+# @DESCRIPTION:
42	+# This variable contains the (upstream) module name for the SELinux module.
43	+# This name is only the module name, not the category!
44	+: ${MODS:="_illegal"}
45	+
46	+# @ECLASS-VARIABLE: BASEPOL
47	+# @DESCRIPTION:
48	+# This variable contains the version string of the selinux-base-policy package
49	+# that this module build depends on. It is used to patch with the appropriate
50	+# patch bundle(s) that are part of selinux-base-policy.
51	+: ${BASEPOL:="0"}
52	+
53	+# @ECLASS-VARIABLE: POLICY_PATCH
54	+# @DESCRIPTION:
55	+# This variable contains the additional patch(es) that need to be applied on top
56	+# of the patchset already contained within the BASEPOL variable.
57	+: ${POLICY_PATCH:=""}
58	+
59	+# @ECLASS-VARIABLE: POLICY_TYPES
60	+# @DESCRIPTION:
61	+# This variable informs the eclass for which SELinux policies the module should
62	+# be built. Currently, Gentoo supports targeted, strict, mcs and mls.
63	+# This variable is the same POLICY_TYPES variable that we tell SELinux
64	+# users to set in /etc/make.conf. Therefor, it is not the module that should
65	+# override it, but the user.
66	+: ${POLICY_TYPES:="targeted strict mcs mls"}
67	+
68	+inherit eutils
69	+
70	+IUSE=""
71	+
72	+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
73	+if [[ "${BASEPOL}" == "0" ]];
74	+then
75	+ SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
76	+else
77	+ SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
78	+ http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2"
79	+fi
80	+
81	+LICENSE="GPL-2"
82	+SLOT="0"
83	+S="${WORKDIR}/"
84	+PATCHBUNDLE="${DISTDIR}/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2"
85	+
86	+# Modules should always depend on at least the first release of the
87	+# selinux-base-policy for which they are generated.
88	+if [[ "${BASEPOL}" == "0" ]];
89	+then
90	+ RDEPEND=">=sys-apps/policycoreutils-2.0.82
91	+ >=sec-policy/selinux-base-policy-${PV}"
92	+else
93	+ RDEPEND=">=sys-apps/policycoreutils-2.0.82
94	+ >=sec-policy/selinux-base-policy-${BASEPOL}"
95	+fi
96	+DEPEND="${RDEPEND}
97	+ sys-devel/m4
98	+ >=sys-apps/checkpolicy-2.0.21"
99	+
100	+SELINUX_EXPF="src_unpack src_compile src_install pkg_postinst"
101	+case "${EAPI:-0}" in
102	+ 2\|3\|4) SELINUX_EXPF+=" src_prepare" ;;
103	+ *) ;;
104	+esac
105	+
106	+EXPORT_FUNCTIONS ${SELINUX_EXPF}
107	+
108	+# @FUNCTION: selinux-policy-2_src_unpack
109	+# @DESCRIPTION:
110	+# Unpack the policy sources as offered by upstream (refpolicy). In case of EAPI
111	+# older than 2, call src_prepare too.
112	+selinux-policy-2_src_unpack() {
113	+ unpack ${A}
114	+
115	+ if [[ ${EAPI:-0} -le 1 ]];
116	+ then
117	+ # Call src_prepare explicitly for EAPI 0 or 1
118	+ selinux-policy-2_src_prepare
119	+ fi
120	+}
121	+
122	+# @FUNCTION: selinux-policy-2_src_prepare
123	+# @DESCRIPTION:
124	+# Patch the reference policy sources with our set of enhancements. Start with
125	+# the base patchbundle referred to by the ebuilds through the BASEPOL variable,
126	+# then apply the additional patches as offered by the ebuild.
127	+#
128	+# Next, extract only those files needed for this particular module (i.e. the .te
129	+# and .fc files for the given module in the MODS variable).
130	+#
131	+# Finally, prepare the build environments for each of the supported SELinux
132	+# types (such as targeted or strict), depending on the POLICY_TYPES variable
133	+# content.
134	+selinux-policy-2_src_prepare() {
135	+ local modfiles
136	+
137	+ # Patch the sources with the base patchbundle
138	+ if [[ "${BASEPOL}" != "0" ]];
139	+ then
140	+ cd "${S}"
141	+ epatch "${PATCHBUNDLE}"
142	+ fi
143	+
144	+ # Apply the additional patches refered to by the module ebuild
145	+ if [ -n "${POLICY_PATCH}" ];
146	+ then
147	+ for POLPATCH in "${POLICY_PATCH}";
148	+ do
149	+ cd "${S}/refpolicy/policy/modules"
150	+ # Although epatch dies in EAPI=4 by itself, we support other EAPIs
151	+ # too for the time being, so we explicitly die on it.
152	+ epatch "${POLPATCH}" \|\| die "Failed to apply patch ${POLPATCH}"
153	+ done
154	+ fi
155	+
156	+ # Collect only those files needed for this particular module
157	+ for i in ${MODS}; do
158	+ modfiles="`find ${S}/refpolicy/policy/modules -iname $i.te` $modfiles"
159	+ modfiles="`find ${S}/refpolicy/policy/modules -iname $i.fc` $modfiles"
160	+ done
161	+
162	+ for i in ${POLICY_TYPES}; do
163	+ mkdir "${S}"/${i}
164	+ cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile
165	+
166	+ cp ${modfiles} "${S}"/${i}
167	+ done
168	+}
169	+
170	+# @FUNCTION: selinux-policy-2_src_compile
171	+# @DESCRIPTION:
172	+# Build the SELinux policy module (.pp file) for just the selected module, and
173	+# this for each SELinux policy mentioned in POLICY_TYPES
174	+selinux-policy-2_src_compile() {
175	+ for i in ${POLICY_TYPES}; do
176	+ make NAME=$i -C "${S}"/${i} \|\| die "${i} compile failed"
177	+ done
178	+}
179	+
180	+# @FUNCTION: selinux-policy-2_src_install
181	+# @DESCRIPTION:
182	+# Install the built .pp files in the correct subdirectory within
183	+# /usr/share/selinux.
184	+selinux-policy-2_src_install() {
185	+ local BASEDIR="/usr/share/selinux"
186	+
187	+ for i in ${POLICY_TYPES}; do
188	+ for j in ${MODS}; do
189	+ echo "Installing ${i} ${j} policy package"
190	+ insinto ${BASEDIR}/${i}
191	+ doins "${S}"/${i}/${j}.pp
192	+ done
193	+ done
194	+}
195	+
196	+# @FUNCTION: selinux-policy-2_pkg_postinst
197	+# @DESCRIPTION:
198	+# Install the built .pp files in the SELinux policy stores, effectively
199	+# activating the policy on the system.
200	+selinux-policy-2_pkg_postinst() {
201	+ # build up the command in the case of multiple modules
202	+ local COMMAND
203	+ for i in ${MODS}; do
204	+ COMMAND="-i ${i}.pp ${COMMAND}"
205	+ done
206	+
207	+ for i in ${POLICY_TYPES}; do
208	+ einfo "Inserting the following modules into the $i module store: ${MODS}"
209	+
210	+ cd /usr/share/selinux/${i}
211	+ semodule -s ${i} ${COMMAND} \|\| die "Failed to load in modules ${MODS} in the $i policy store"
212	+ done
213	+}
214	+

Gentoo Archives: gentoo-commits