mirror of
https://git.openwrt.org/openwrt/openwrt.git
synced 2026-05-04 09:31:26 +02:00
a6cd7ace35
Changelog: This release consists mainly of small fixes in the policy. New Modules: - ofono - pd_mapper - tee_supplicant - xdsprpcd - wayland Signed-off-by: Alexandru Ardelean <alex@shruggie.ro> Link: https://github.com/openwrt/openwrt/pull/23082 Signed-off-by: Robert Marko <robimarko@gmail.com>
81 lines
2.5 KiB
Makefile
81 lines
2.5 KiB
Makefile
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
#
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=refpolicy
|
|
PKG_VERSION:=2.20260312
|
|
PKG_RELEASE:=1
|
|
|
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
|
PKG_SOURCE_URL:=https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20260312
|
|
PKG_HASH:=f4366cde9bf3d3498e7621be88a2ae9932a0b336696bab66ad2e8548124f50c7
|
|
PKG_INSTALL:=1
|
|
PKG_BUILD_DEPENDS:=checkpolicy/host policycoreutils/host
|
|
|
|
PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
|
PKG_CPE_ID:=cpe:/a:tresys:refpolicy
|
|
PKG_LICENSE:=GPL-2.0-or-later
|
|
PKG_LICENSE_FILES:=COPYING
|
|
|
|
TAR_OPTIONS:=--transform='s%^refpolicy%$(PKG_NAME)-$(PKG_VERSION)%' -xf -
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
define Package/refpolicy
|
|
SECTION:=system
|
|
CATEGORY:=Base system
|
|
TITLE:=SELinux reference policy
|
|
URL:=https://github.com/selinuxproject
|
|
PKGARCH:=all
|
|
endef
|
|
|
|
define Package/refpolicy/description
|
|
The SELinux Reference Policy project (refpolicy) is a
|
|
complete SELinux policy that can be used as the system
|
|
policy for a variety of systems and used as the basis for
|
|
creating other policies. Reference Policy was originally
|
|
based on the NSA example policy, but aims to accomplish many
|
|
additional goals.
|
|
|
|
The current refpolicy does not fully support OpenWRT and
|
|
needs modifications to work with the default system file
|
|
layout. These changes should be added as patches to the
|
|
refpolicy that modify a single SELinux policy.
|
|
|
|
The refpolicy works for the most part in permissive
|
|
mode. Only the basic set of utilities are enabled in the
|
|
example policy config and some of the pathing in the
|
|
policies is not correct. Individual policies would need to
|
|
be tweaked to get everything functioning properly.
|
|
endef
|
|
|
|
# Yes, we want CC=$(HOSTCC) because the only code that checkpolicy
|
|
# builds is a small host tool that gets run as part of the build
|
|
# process.
|
|
MAKE_FLAGS += \
|
|
SETFILES="$(STAGING_DIR_HOST)/bin/setfiles" \
|
|
CHECKPOLICY="$(STAGING_DIR_HOSTPKG)/bin/checkpolicy" \
|
|
CC="$(HOSTCC)" \
|
|
CFLAGS="$(HOST_CFLAGS)"
|
|
|
|
define Build/Configure
|
|
$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf
|
|
$(SED) "/NAME/c\NAME = targeted" $(PKG_BUILD_DIR)/build.conf
|
|
$(call Build/Compile/Default,conf)
|
|
endef
|
|
|
|
define Package/refpolicy/conffiles
|
|
/etc/selinux/config
|
|
endef
|
|
|
|
define Package/refpolicy/install
|
|
$(INSTALL_DIR) $(1)/etc/selinux
|
|
$(CP) $(PKG_INSTALL_DIR)/etc/selinux/* $(1)/etc/selinux/
|
|
$(CP) ./files/selinux-config $(1)/etc/selinux/config
|
|
endef
|
|
|
|
$(eval $(call BuildPackage,refpolicy))
|