refpolicy: add variant that builds modular policy

This adds a variant of refpolicy that builds the modular form of the
policy. While this requires more memory on the target device, along with
some tricks to deal with OpenWrt's volatile /var directory, it is useful
for experiementing with SELinux policy.

Signed-off-by: W. Michael Petullo <mike@flyn.org>

diff --git a/config/Config-build.in b/config/Config-build.in
index 8e12199cbd118825cbfecf067242b2695af02f52..178afbdb94de489e629bd451a92b3d9b3dec75ba 100644 (file)
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -362,6 +362,12 @@ menu "Global build settings"
                        help
                          SELinux Reference Policy (refpolicy)
 
+               config SELINUXTYPE_targeted-modular
+                       bool "targeted-modular"
+                       select PACKAGE_refpolicy-modular
+                       help
+                         Modular SELinux Reference Policy (refpolicy-modular)
+
                config SELINUXTYPE_dssp
                        bool "dssp"
                        select PACKAGE_selinux-policy

diff --git a/package/system/refpolicy/Makefile b/package/system/refpolicy/Makefile
index a43177095517c6023a3f9477e7fb335c4a2f95df..d9c8c90208dcb5f8e27ddcf28ac2c69d2e2a077a 100644 (file)
--- a/package/system/refpolicy/Makefile
+++ b/package/system/refpolicy/Makefile
@@ -24,7 +24,7 @@ TAR_OPTIONS:=--transform='s%^refpolicy%$(PKG_NAME)-$(PKG_VERSION)%' -xf -
 
 include $(INCLUDE_DIR)/package.mk
 
-define Package/refpolicy
+define Package/refpolicy/Default
   SECTION:=system
   CATEGORY:=Base system
   TITLE:=SELinux reference policy
@@ -32,6 +32,19 @@ define Package/refpolicy
   PKGARCH:=all
 endef
 
+define Package/refpolicy
+  $(call Package/refpolicy/Default)
+  CONFLICTS:=refpolicy-modular
+  VARIANT:=default
+endef
+
+define Package/refpolicy-modular
+  $(call Package/refpolicy/Default)
+  TITLE += (modular)
+  VARIANT:=modular
+  PROVIDES:=refpolicy
+endef
+
 define Package/refpolicy/description
        The SELinux Reference Policy project (refpolicy) is a
        complete SELinux policy that can be used as the system
@@ -56,25 +69,43 @@ endef
 # builds is a small host tool that gets run as part of the build
 # process.
 MAKE_FLAGS += \
+       DESTDIR="$(PKG_INSTALL_DIR)"
        SETFILES="$(STAGING_DIR_HOST)/bin/setfiles" \
        CHECKPOLICY="$(STAGING_DIR_HOSTPKG)/bin/checkpolicy" \
        CC="$(HOSTCC)" \
        CFLAGS="$(HOST_CFLAGS)"
 
 define Build/Configure
-       $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf
        $(SED) "/NAME/c\NAME = targeted" $(PKG_BUILD_DIR)/build.conf
+ifneq ($(BUILD_VARIANT),modular)
+       $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf
+endif
        $(call Build/Compile/Default,conf)
 endef
 
+ifeq ($(BUILD_VARIANT),modular)
+define Build/Install
+       $(call Build/Compile/Default,install install-headers)
+endef
+endif
+
 define Package/refpolicy/conffiles
 /etc/selinux/config
 endef
 
+Package/refpolicy-modular/conffiles = $(Package/refpolicy/conffiles)
+
 define Package/refpolicy/install
        $(INSTALL_DIR) $(1)/etc/selinux
        $(CP) $(PKG_INSTALL_DIR)/etc/selinux/* $(1)/etc/selinux/
        $(CP) ./files/selinux-config $(1)/etc/selinux/config
+ifeq ($(BUILD_VARIANT),modular)
+       $(INSTALL_DIR) $(1)/usr/share/selinux
+       $(CP) $(PKG_INSTALL_DIR)/usr/share/selinux/* $(1)/usr/share/selinux/
+endif
 endef
 
+Package/refpolicy-modular/install = $(Package/refpolicy/install)
+
 $(eval $(call BuildPackage,refpolicy))
+$(eval $(call BuildPackage,refpolicy-modular))