1 # Copyright 1999-2020 Gentoo Authors
2 # Distributed under the terms of the GNU General Public License v2
6 if [[ ${PV} == 9999* ]]; then
7 EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
8 EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
9 EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
13 SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
14 https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
15 KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
18 HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
19 DESCRIPTION="SELinux policy for core modules"
21 IUSE="systemd +unconfined"
23 PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
24 DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]"
27 MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg"
32 # Code entirely copied from selinux-eclass (cannot inherit due to dependency on
33 # itself), when reworked reinclude it. Only postinstall (where -b base.pp is
34 # added) needs to remain then.
37 for i in ${POLICY_TYPES}; do
38 if [[ "${i}" == "targeted" ]] && ! use unconfined; then
39 die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory."
47 if [[ ${PV} != 9999* ]]; then
48 einfo "Applying SELinux policy updates ... "
49 eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
54 # Collect only those files needed for this particular module
56 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
57 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
60 for i in ${POLICY_TYPES}; do
61 mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
62 cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
63 || die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
65 cp ${modfiles} "${S}"/${i} \
66 || die "Failed to copy the module files to ${S}/${i}"
71 for i in ${POLICY_TYPES}; do
72 emake NAME=$i SHAREDIR="${ROOT%/}"/usr/share/selinux -C "${S}"/${i}
77 local BASEDIR="/usr/share/selinux"
79 for i in ${POLICY_TYPES}; do
81 einfo "Installing ${i} ${j} policy package"
82 insinto ${BASEDIR}/${i}
83 doins "${S}"/${i}/${j}.pp
89 # Set root path and don't load policy into the kernel when cross compiling
91 if [[ "${ROOT%/}" != "" ]]; then
92 root_opts="-p ${ROOT%/} -n"
95 # Override the command from the eclass, we need to load in base as well here
96 local COMMAND="-i base.pp"
97 if has_version "<sys-apps/policycoreutils-2.5"; then
102 COMMAND="${COMMAND} -i ${i}.pp"
105 for i in ${POLICY_TYPES}; do
106 einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
108 cd "${ROOT%/}/usr/share/selinux/${i}"
110 semodule ${root_opts} -s ${i} ${COMMAND}
113 # Don't relabel when cross compiling
114 if [[ "${ROOT%/}" == "" ]]; then
115 # Relabel depending packages
117 if [[ -x /usr/bin/qdepends ]] ; then
118 PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
119 elif [[ -x /usr/bin/equery ]] ; then
120 PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
122 if [[ -n "${PKGSET}" ]] ; then