Initial commit
Some checks failed
Build Kernel / Build all affected Kernels (push) Has been cancelled
Build all core packages / Build all core packages for selected target (push) Has been cancelled
Build and Push prebuilt tools container / Build and Push all prebuilt containers (push) Has been cancelled
Build Toolchains / Build Toolchains for each target (push) Has been cancelled
Build host tools / Build host tools for linux and macos based systems (push) Has been cancelled
Coverity scan build / Coverity x86/64 build (push) Has been cancelled

This commit is contained in:
domenico
2025-06-24 12:51:15 +02:00
commit 27c9d80f51
10493 changed files with 1885777 additions and 0 deletions

View File

@@ -0,0 +1,80 @@
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=refpolicy
PKG_VERSION:=2.20200229
PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20200229
PKG_HASH:=dec854512ed00cd057408f330c2cea4de7a4405f7a147458f59c994bf578e4b0
PKG_INSTALL:=1
PKG_BUILD_DEPENDS:=checkpolicy/host policycoreutils/host
PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni@bootlin.com>
PKG_CPE_ID:=cpe:/a:tresys:refpolicy
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING
TAR_OPTIONS:=--transform='s%^refpolicy%$(PKG_NAME)-$(PKG_VERSION)%' -xf -
include $(INCLUDE_DIR)/package.mk
define Package/refpolicy
SECTION:=system
CATEGORY:=Base system
TITLE:=SELinux reference policy
URL:=http://selinuxproject.org/page/Main_Page
PKGARCH:=all
endef
define Package/refpolicy/description
The SELinux Reference Policy project (refpolicy) is a
complete SELinux policy that can be used as the system
policy for a variety of systems and used as the basis for
creating other policies. Reference Policy was originally
based on the NSA example policy, but aims to accomplish many
additional goals.
The current refpolicy does not fully support OpenWRT and
needs modifications to work with the default system file
layout. These changes should be added as patches to the
refpolicy that modify a single SELinux policy.
The refpolicy works for the most part in permissive
mode. Only the basic set of utilities are enabled in the
example policy config and some of the pathing in the
policies is not correct. Individual policies would need to
be tweaked to get everything functioning properly.
endef
# Yes, we want CC=$(HOSTCC) because the only code that checkpolicy
# builds is a small host tool that gets run as part of the build
# process.
MAKE_FLAGS += \
SETFILES="$(STAGING_DIR_HOST)/bin/setfiles" \
CHECKPOLICY="$(STAGING_DIR_HOSTPKG)/bin/checkpolicy" \
CC="$(HOSTCC)" \
CFLAGS="$(HOST_CFLAGS)"
define Build/Configure
$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(PKG_BUILD_DIR)/build.conf
$(SED) "/NAME/c\NAME = targeted" $(PKG_BUILD_DIR)/build.conf
$(call Build/Compile/Default,conf)
endef
define Package/refpolicy/conffiles
/etc/selinux/config
endef
define Package/refpolicy/install
$(INSTALL_DIR) $(1)/etc/selinux
$(CP) $(PKG_INSTALL_DIR)/etc/selinux/* $(1)/etc/selinux/
$(CP) ./files/selinux-config $(1)/etc/selinux/config
endef
$(eval $(call BuildPackage,refpolicy))

View File

@@ -0,0 +1,7 @@
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
SELINUXTYPE=targeted

View File

@@ -0,0 +1,10 @@
--- a/Makefile
+++ b/Makefile
@@ -648,6 +648,6 @@ ifneq ($(generated_fc),)
endif
endif
-.PHONY: install-src install-appconfig install-headers generate xml conf html bare tags
+.PHONY: install-src install-appconfig install-headers generate conf bare tags
.SUFFIXES:
.SUFFIXES: .c