Re: [patch] policy regression tester and various fixes

[Colin Walters <walters@verbum.org>]

[-- Attachment #1: Type: text/plain, Size: 462 bytes --]

One thing I didn't realize about the regression tester is that it
requires GNU Make 3.80 or better, because it uses $(eval ...).  Sorry
about that.  eval is really great for this kind of thing though.

I've attached an updated patch which fixes the recursive dependency
handling, and also bombs out a little more gracefully if the version of
GNU Make in use is < 3.80.

Oh, and you can also say e.g.:

make checkunused/postfix.te
 
to check an individual file.


[-- Attachment #2: Makefile.patch --]
[-- Type: text/x-makefile, Size: 3310 bytes --]

--- policy-1.0/Makefile	2003-07-01 09:38:11.000000000 -0400
+++ selinux-policy-1.0/Makefile	2003-07-18 16:33:55.000000000 -0400
@@ -37,6 +37,8 @@
 POLICYFILES += users 
 POLICYFILES += tmp/constraints-contexts.m4
 
+UNUSED_TE_FILES := $(wildcard domains/program/unused/*.te)
+
 FC = file_contexts/file_contexts
 FCFILES=file_contexts/types.fc $(patsubst domains/program/%.te,file_contexts/program/%.fc, $(wildcard domains/program/*.te))
 
@@ -128,3 +130,74 @@
 	rm -f policy.conf
 	rm -f tmp/*
 	rm -f $(FC)
+# for the policy regression tester
+	find "domains/program/" -maxdepth 1 -type l -exec rm {} \; ; \
+
+# Policy regression tester.
+# Written by Colin Walters <walters@debian.org>
+cur_te = $(filter-out %/,$(subst /,/ ,$@))
+
+TESTED_TE_FILES := $(notdir $(UNUSED_TE_FILES))
+
+define compute_depends
+  export TE_DEPENDS_$(1) := $(shell egrep '^#[[:space:]]*Depends: ' domains/program/unused/$(1) | head -1 | sed -e 's/^.*Depends: //')
+endef
+
+
+ifeq ($(TE_DEPENDS_DEFINED),)
+ifeq ($(MAKECMDGOALS),check-all)
+  GENRULES := $(TESTED_TE_FILES)
+  export TE_DEPENDS_DEFINED := yes
+else
+  # Handle the case where checkunused/blah.te is run directly.
+  ifneq ($(findstring checkunused/,$(MAKECMDGOALS)),)
+    GENRULES := $(TESTED_TE_FILES)
+    export TE_DEPENDS_DEFINED := yes
+  endif
+endif
+endif
+
+# Test for a new enough version of GNU Make.
+$(eval have_eval := yes)
+ifneq ($(GENRULES),)
+  ifeq ($(have_eval),)
+$(error Need GNU Make 3.80 or better!)
+Need GNU Make 3.80 or better
+  endif
+endif
+$(foreach f,$(GENRULES),$(eval $(call compute_depends,$(f))))
+
+PHONIES :=
+
+define compute_presymlinks
+PHONIES += presymlink/$(1)
+presymlink/$(1):: $(patsubst %,presymlink/%,$(TE_DEPENDS_$(1)))
+	@if ! test -L domains/program/$(1); then \
+	  cd domains/program && ln -s unused/$(1) .; \
+	fi
+endef
+
+# Compute dependencies.
+$(foreach f,$(TESTED_TE_FILES),$(eval $(call compute_presymlinks,$(f))))
+
+PHONIES += $(patsubst %,checkunused/%,$(TESTED_TE_FILES))
+$(patsubst %,checkunused/%,$(TESTED_TE_FILES)) :: checkunused/% : 
+	@$(MAKE) -s clean
+
+$(patsubst %,checkunused/%,$(TESTED_TE_FILES)) :: checkunused/% : presymlink/%
+	@if test -n "$(TE_DEPENDS_$(cur_te))"; then \
+	  echo "Dependencies for $(cur_te): $(TE_DEPENDS_$(cur_te))"; \
+	fi
+	@echo "Testing $(cur_te)...";
+	@if ! make -s policy 1>/dev/null; then \
+	  echo "Testing $(cur_te)...FAILED"; \
+	  exit 1; \
+	fi;
+	@echo "Testing $(cur_te)...success."; \
+
+check-all:
+	@for goal in  $(patsubst %,checkunused/%,$(TESTED_TE_FILES)); do \
+	  $(MAKE) --no-print-directory $$goal; \
+	done
+
+.PHONY: clean $(PHONIES)
--- policy-1.0/README	2003-05-30 10:26:28.000000000 -0400
+++ selinux-policy-1.0/README	2003-07-18 16:35:21.000000000 -0400
@@ -3,6 +3,8 @@
 install - compile and install the policy configuration.
 load    - compile, install, and load the policy configuration.
 relabel - relabel the filesystem.
+check-all - check individual additional policy files in domains/program/unused.
+checkunused/FILE.te - check individual file FILE from domains/program/unused.
 
 If you have configured MLS into your module, then set MLS=y in the
 Makefile prior to building the policy.  Of course, you must have also