[openwrt/openwrt] refpolicy: new package
LEDE Commits
lede-commits at lists.infradead.org
Sun Aug 30 20:16:34 EDT 2020
dangole pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/e5e54e52f751c15f0c04442070329f0f8a59afe5
commit e5e54e52f751c15f0c04442070329f0f8a59afe5
Author: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
AuthorDate: Sun Aug 23 22:03:44 2020 -0500
refpolicy: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
[update to 2.20200229, adjust Makefile, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike at flyn.org>
---
package/system/refpolicy/Makefile | 80 +++++++++++++++++++++++++++
package/system/refpolicy/files/selinux-config | 7 +++
2 files changed, 87 insertions(+)
diff --git a/package/system/refpolicy/Makefile b/package/system/refpolicy/Makefile
new file mode 100644
index 0000000000..f1a33c8e79
--- /dev/null
+++ b/package/system/refpolicy/Makefile
@@ -0,0 +1,80 @@
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=refpolicy
+PKG_VERSION:=2.20200229
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20200229
+PKG_HASH:=dec854512ed00cd057408f330c2cea4de7a4405f7a147458f59c994bf578e4b0
+PKG_INSTALL:=1
+PKG_BUILD_DEPENDS:=checkpolicy/host policycoreutils/host
+
+PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni at bootlin.com>
+PKG_CPE_ID:=cpe:/a:tresys:refpolicy
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=COPYING
+
+TAR_OPTIONS:=--transform='s%^refpolicy%$(PKG_NAME)-$(PKG_VERSION)%' -xf -
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/refpolicy
+ SECTION:=system
+ CATEGORY:=Base system
+ TITLE:=SELinux reference policy
+ URL:=http://selinuxproject.org/page/Main_Page
+endef
+
+define Package/refpolicy/description
+ The SELinux Reference Policy project (refpolicy) is a
+ complete SELinux policy that can be used as the system
+ policy for a variety of systems and used as the basis for
+ creating other policies. Reference Policy was originally
+ based on the NSA example policy, but aims to accomplish many
+ additional goals.
+
+ The current refpolicy does not fully support OpenWRT and
+ needs modifications to work with the default system file
+ layout. These changes should be added as patches to the
+ refpolicy that modify a single SELinux policy.
+
+ The refpolicy works for the most part in permissive
+ mode. Only the basic set of utilities are enabled in the
+ example policy config and some of the pathing in the
+ policies is not correct. Individual policies would need to
+ be tweaked to get everything functioning properly.
+endef
+
+# Yes, we want CC=$(HOSTCC) because the only code that checkpolicy
+# builds is a small host tool that gets run as part of the build
+# process.
+MAKE_FLAGS += \
+ TEST_TOOLCHAIN="$(STAGING_DIR_HOSTPKG)" \
+ BINDIR=/bin \
+ SBINDIR=/sbin \
+ CC="$(HOSTCC)" \
+ CFLAGS="$(HOST_CFLAGS)"
+
+define Build/Configure
+ $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf
+ $(SED) "/NAME/c\NAME = targeted" $(PKG_BUILD_DIR)/build.conf
+ $(call Build/Compile/Default,conf)
+endef
+
+define Package/refpolicy/conffiles
+/etc/selinux/config
+endef
+
+define Package/refpolicy/install
+ $(INSTALL_DIR) $(1)/etc/selinux
+ $(CP) $(PKG_INSTALL_DIR)/etc/selinux/* $(1)/etc/selinux/
+ $(CP) ./files/selinux-config $(1)/etc/selinux/config
+endef
+
+$(eval $(call BuildPackage,refpolicy))
diff --git a/package/system/refpolicy/files/selinux-config b/package/system/refpolicy/files/selinux-config
new file mode 100644
index 0000000000..2ae174d297
--- /dev/null
+++ b/package/system/refpolicy/files/selinux-config
@@ -0,0 +1,7 @@
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+# enforcing - SELinux security policy is enforced.
+# permissive - SELinux prints warnings instead of enforcing.
+# disabled - No SELinux policy is loaded.
+SELINUX=permissive
+SELINUXTYPE=targeted
More information about the lede-commits
mailing list