mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-01 11:36:49 +00:00
5cc1af92b2
142826a3 libselinux: fix segfault in add_xattr_entry()
398d2cee libselinux: rename gettid() to something which never conflicts with the libc
8f0f0a28 selinux(8,5): Describe fcontext regular expressions
9cc6b5cf libselinux/getconlist: report failures
156dd0de libselinux: update getseuser
e2dca5df libselinux: accept const fromcon in get_context API
da4829d0 libselinux: Always close status page fd
45b15c22 selinux(8): explain that runtime disable is deprecated
3c16aaef selinux(8): mark up SELINUX values
c2a58cc5 libselinux: LABEL_BACKEND_ANDROID add option to enable
db0f2f38 libselinux: Add build option to disable X11 backend
4a142ac4 libsepol: Bump libsepol.so version
d23342a9 libselinux: convert matchpathcon to selabel_lookup()
7ef5b185 libselinux: Change userspace AVC setenforce and policy load messages to audit format.
f5d644c7 libselinux: Add additional log callback details in man page for auditing.
075f9cfe libselinux: Fix selabel_lookup() for the root dir.
a4149e0e libselinux: Add new log callback levels for enforcing and policy load notices.
a63f93d8 libselinux: initialize last_policyload in selinux_status_open()
ef902db9 libselinux: safely access shared memory in selinux_status_updated()
9e4480b9 libselinux: Remove trailing slash on selabel_file lookups.
21fb5f20 libselinux: use full argument specifiers for security_check_context in man page
e7abd802 libselinux: fix build order
05bdc031 libselinux: use kernel status page by default
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit b1fc2b5b0b
)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
156 lines
4.0 KiB
Makefile
156 lines
4.0 KiB
Makefile
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
#
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=libselinux
|
|
PKG_VERSION:=3.2
|
|
PKG_RELEASE:=1
|
|
|
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
|
PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/3.2
|
|
PKG_HASH:=df758ef1d9d4811051dd901ea6b029ae334ffd7c671c128beb16bce1e25ac161
|
|
HOST_BUILD_DEPENDS:=libsepol/host pcre/host
|
|
|
|
PKG_LICENSE:=libselinux-1.0
|
|
PKG_LICENSE_FILES:=LICENSE
|
|
PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
include $(INCLUDE_DIR)/host-build.mk
|
|
|
|
LIBSELINUX_UTILS := \
|
|
avcstat \
|
|
compute_av \
|
|
compute_create \
|
|
compute_member \
|
|
compute_relabel \
|
|
getconlist \
|
|
getdefaultcon \
|
|
getenforce \
|
|
getfilecon \
|
|
getpidcon \
|
|
getsebool \
|
|
getseuser \
|
|
matchpathcon \
|
|
policyvers \
|
|
sefcontext_compile \
|
|
selabel_digest \
|
|
selabel_get_digests_all_partial_matches \
|
|
selabel_lookup \
|
|
selabel_lookup_best_match \
|
|
selabel_partial_match \
|
|
selinux_check_access \
|
|
selinux_check_securetty_context \
|
|
selinuxenabled \
|
|
selinuxexeccon \
|
|
setenforce \
|
|
setfilecon \
|
|
togglesebool \
|
|
validatetrans
|
|
|
|
LIBSELINUX_ALTS := \
|
|
getenforce \
|
|
getsebool \
|
|
matchpathcon \
|
|
selinuxenabled \
|
|
setenforce
|
|
|
|
$(eval $(foreach a,$(LIBSELINUX_ALTS),ALTS_$(a):=300:/usr/sbin/$(a):/usr/sbin/libselinux-$(a)$(newline)))
|
|
|
|
define Package/libselinux/Default
|
|
TITLE:=Runtime SELinux library
|
|
URL:=http://selinuxproject.org/page/Main_Page
|
|
endef
|
|
|
|
define Package/libselinux
|
|
$(call Package/libselinux/Default)
|
|
SECTION:=libs
|
|
CATEGORY:=Libraries
|
|
DEPENDS:=+libsepol +libpcre +USE_MUSL:musl-fts
|
|
endef
|
|
|
|
define Package/libselinux/description
|
|
libselinux is the runtime SELinux library that provides
|
|
interfaces (e.g. library functions for the SELinux kernel
|
|
APIs like getcon(), other support functions like
|
|
getseuserbyname()) to SELinux-aware applications. libselinux
|
|
may use the shared libsepol to manipulate the binary policy
|
|
if necessary (e.g. to downgrade the policy format to an
|
|
older version supported by the kernel) when loading policy.
|
|
endef
|
|
|
|
define GenUtilPkg
|
|
define Package/$(1)
|
|
$(call Package/libselinux/Default)
|
|
TITLE+= $(2) utility
|
|
SECTION:=utils
|
|
DEPENDS:=+libselinux
|
|
CATEGORY:=Utilities
|
|
SUBMENU:=libselinux tools
|
|
ALTERNATIVES:=$(ALTS_$(2))
|
|
endef
|
|
|
|
define Package/$(1)/description
|
|
libselinux version of the $(2) utility.
|
|
endef
|
|
endef
|
|
|
|
$(foreach a,$(LIBSELINUX_UTILS),$(eval $(call GenUtilPkg,libselinux-$(a),$(a))))
|
|
|
|
# Needed to link libselinux utilities, which link against
|
|
# libselinux.so, which indirectly depends on libpcre.so, installed in
|
|
# $(STAGING_DIR_HOSTPKG).
|
|
HOST_LDFLAGS += -Wl,-rpath="$(STAGING_DIR_HOSTPKG)/lib"
|
|
|
|
HOST_MAKE_FLAGS += \
|
|
PREFIX=$(STAGING_DIR_HOSTPKG) \
|
|
SHLIBDIR=$(STAGING_DIR_HOSTPKG)/lib
|
|
|
|
ifeq ($(CONFIG_USE_MUSL),y)
|
|
MAKE_FLAGS += FTS_LDLIBS=-lfts
|
|
endif
|
|
|
|
MAKE_FLAGS += \
|
|
SHLIBDIR=/usr/lib \
|
|
OS=Linux
|
|
|
|
define Build/Compile
|
|
$(call Build/Compile/Default,all)
|
|
endef
|
|
|
|
define Build/Install
|
|
$(call Build/Install/Default,install)
|
|
endef
|
|
|
|
define Build/InstallDev
|
|
$(INSTALL_DIR) $(1)/usr/include
|
|
$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
|
|
$(INSTALL_DIR) $(1)/usr/lib
|
|
$(CP) $(PKG_INSTALL_DIR)/usr/lib/* $(1)/usr/lib/
|
|
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
|
|
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libselinux.pc $(1)/usr/lib/pkgconfig/
|
|
$(SED) 's,/usr/include,$$$${prefix}/include,g' $(1)/usr/lib/pkgconfig/libselinux.pc
|
|
$(SED) 's,/usr/lib,$$$${exec_prefix}/lib,g' $(1)/usr/lib/pkgconfig/libselinux.pc
|
|
endef
|
|
|
|
define Package/libselinux/install
|
|
$(INSTALL_DIR) $(1)/usr/lib
|
|
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libselinux.so.* $(1)/usr/lib/
|
|
endef
|
|
|
|
define BuildUtil
|
|
define Package/$(1)/install
|
|
$(INSTALL_DIR) $$(1)/usr/sbin
|
|
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/$(2) $$(1)/usr/sbin/$(if $(ALTS_$(2)),libselinux-$(2),$(2))
|
|
endef
|
|
|
|
$$(eval $$(call BuildPackage,$(1)))
|
|
endef
|
|
|
|
$(eval $(call HostBuild))
|
|
$(eval $(call BuildPackage,libselinux))
|
|
$(foreach a,$(LIBSELINUX_UTILS),$(eval $(call BuildUtil,libselinux-$(a),$(a))))
|