1 # Copyright 1999-2019 Gentoo Authors
2 # Distributed under the terms of the GNU General Public License v2
6 if [[ ${PV} == 9999* ]]; then
7 EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
8 EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
9 EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
13 SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
14 https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
15 KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
18 HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
19 DESCRIPTION="SELinux policy for core modules"
21 IUSE="systemd +unconfined"
23 PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
24 DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]"
27 MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg"
32 # Code entirely copied from selinux-eclass (cannot inherit due to dependency on
33 # itself), when reworked reinclude it. Only postinstall (where -b base.pp is
34 # added) needs to remain then.
38 MODS="${MODS} systemd"
43 for i in ${POLICY_TYPES}; do
44 if [[ "${i}" == "targeted" ]] && ! use unconfined; then
45 die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory."
53 if [[ ${PV} != 9999* ]]; then
54 einfo "Applying SELinux policy updates ... "
55 eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
60 # Collect only those files needed for this particular module
62 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
63 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
66 for i in ${POLICY_TYPES}; do
67 mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
68 cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
69 || die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
71 cp ${modfiles} "${S}"/${i} \
72 || die "Failed to copy the module files to ${S}/${i}"
77 for i in ${POLICY_TYPES}; do
78 emake NAME=$i SHAREDIR="${ROOT%/}"/usr/share/selinux -C "${S}"/${i} || die "${i} compile failed"
83 local BASEDIR="/usr/share/selinux"
85 for i in ${POLICY_TYPES}; do
87 einfo "Installing ${i} ${j} policy package"
88 insinto ${BASEDIR}/${i}
89 doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
95 # Set root path and don't load policy into the kernel when cross compiling
97 if [[ "${ROOT%/}" != "" ]]; then
98 root_opts="-p ${ROOT%/} -n"
101 # Override the command from the eclass, we need to load in base as well here
102 local COMMAND="-i base.pp"
103 if has_version "<sys-apps/policycoreutils-2.5"; then
108 COMMAND="${COMMAND} -i ${i}.pp"
111 for i in ${POLICY_TYPES}; do
112 einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
114 cd "${ROOT%/}/usr/share/selinux/${i}"
116 semodule ${root_opts} -s ${i} ${COMMAND}
119 # Don't relabel when cross compiling
120 if [[ "${ROOT%/}" == "" ]]; then
121 # Relabel depending packages
123 if [[ -x /usr/bin/qdepends ]] ; then
124 PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
125 elif [[ -x /usr/bin/equery ]] ; then
126 PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
128 if [[ -n "${PKGSET}" ]] ; then