From 3a55e3a69bb33261abcd8104d93e0ee83d5da35a Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Wed, 1 Sep 2021 10:06:44 +0200 Subject: [PATCH] Stop ignoring standalone interface files Interface files without corresponding .te where ignored, unless the module name was specified in modules.conf. Standalone interface files are useful for backwards compatibility in case a policy module removed from this repository. Signed-off-by: Vit Mojzis --- Makefile | 4 ++++ Rules.modular | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index a9dfef1bc1..4a08bba6fa 100644 --- a/Makefile +++ b/Makefile @@ -264,6 +264,7 @@ generated_fc := $(basename $(foreach dir,$(all_layers),$(wildcard $(dir)/*.fc.in # sort here since it removes duplicates, which can happen # when a generated file is already generated detected_mods := $(sort $(foreach dir,$(all_layers),$(wildcard $(dir)/*.te)) $(generated_te)) +detected_ifs := $(sort $(foreach dir,$(all_layers),$(wildcard $(dir)/*.if)) $(generated_if)) modxml := $(addprefix $(tmpdir)/, $(detected_mods:.te=.xml)) layerxml := $(sort $(addprefix $(tmpdir)/, $(notdir $(addsuffix .xml,$(all_layers))))) @@ -307,6 +308,9 @@ off_mods += $(filter-out $(cmdline_off) $(cmdline_base) $(cmdline_mods), $(mod_c # add modules not in modules.conf to the off list off_mods += $(filter-out $(base_mods) $(mod_mods) $(off_mods),$(notdir $(detected_mods))) +# all interface files without corresponding .te - backwards compatibility +standalone_ifs := $(filter-out $(subst .te,.if, $(base_mods) $(mod_mods) $(off_mods)), $(notdir $(detected_ifs))) + # filesystems to be used in labeling targets filesystems = $(shell mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]|btrfs| xfs| jfs).*rw/{print $$3}';) fs_names := "btrfs ext2 ext3 ext4 xfs jfs" diff --git a/Rules.modular b/Rules.modular index ad65733e10..258c8b6560 100644 --- a/Rules.modular +++ b/Rules.modular @@ -4,7 +4,7 @@ # all_modules := $(base_mods) $(mod_mods) $(off_mods) -all_interfaces := $(all_modules:.te=.if) +all_interfaces := $(all_modules:.te=.if) $(standalone_ifs) base_pkg := $(builddir)base.pp base_fc := $(builddir)base.fc