blob: 263277145f2b5de0d296e8c55229386517b8e696 [file] [log] [blame]
lh758261d2023-07-13 05:52:04 -07001SUMMARY = "SELinux SELinux policy"
2DESCRIPTION = "\
3This is the targeted variant of the SELinux reference policy. Most service \
4domains are locked down. Users and admins will login in with unconfined_t \
5domain, so they have the same access to the system as if SELinux was not \
6enabled. \
7"
8
9DEPENDS += " secilc secilc-native policycoreutils-native checkpolicy-native "
10RDEPENDS_${PN}-dev =+ " \
11 python3-core \
12"
13inherit python3native
14
15# DEFAULT_ENFORCING ??= "permissive"
16DEFAULT_ENFORCING ??= "enforcing"
17
18PROVIDES += "virtual/refpolicy"
19RPROVIDES_${PN} += "refpolicy"
20
21POLICY_NAME = "selinux-policy"
22POLICY_TYPE = "selinux-policy"
23
24#SRC_URI = "git://git.defensec.nl/selinux-policy.git"
25#SRC_URI[md5sum] = "babb0d5ca2ae333631d25392b2b3ce8d"
26#SRC_URI[sha256sum] = "3b58f751a21394e3aef47fd6c9fe9430fadde6427deb5c79f08478904837ec91"
27SRC_URI = "file://selinux-policy-0.8 \
28 "
29LICENSE = "GPLv2"
30LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/zte;md5=c075689d1d1e06d4ab5bbe53623a6808"
31
32S = "${WORKDIR}/selinux-policy-0.8"
33PARALLEL_MAKE = ""
34B = "${S}"
35EXTRA_OEMAKE += "tc_usrbindir=${STAGING_BINDIR_NATIVE}"
36
37do_compile() {
38 echo "tc_usrbindir=${STAGING_BINDIR_NATIVE}"
39 oe_runmake 'tc_usrbindir=${STAGING_BINDIR_NATIVE}'
40}
41
42install_config () {
43 echo "\
44# This file controls the state of SELinux on the system.
45# SELINUX= can take one of these three values:
46# enforcing - SELinux security policy is enforced.
47# permissive - SELinux prints warnings instead of enforcing.
48# disabled - No SELinux policy is loaded.
49SELINUX=${DEFAULT_ENFORCING}
50# SELINUXTYPE= can take one of these values:
51# targeted - Targeted processes are protected.
52# selinux-policy - Basic SELinux Security Policy designed specifically for OpenWrt.
53SELINUXTYPE=${POLICY_NAME}
54" > ${WORKDIR}/config
55 install -d ${D}/${sysconfdir}/selinux
56 install -m 0644 ${WORKDIR}/config ${D}/${sysconfdir}/selinux/
57}
58
59do_install () {
60 mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/
61 mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/policy/
62 install -m 0644 ${B}/customizable_types ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts
63 install -m 0644 ${B}/file_contexts.subs_dist ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/
64 install -m 0644 ${B}/file_contexts ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/
65 install -m 0644 ${B}/policy.* ${D}${sysconfdir}/selinux/${POLICY_NAME}/policy/
66 install_config
67}
68
69FILES_${PN} += " \
70 ${sysconfdir}/selinux/ \
71 "