--- policy-1.0/Makefile 2003-07-01 09:38:11.000000000 -0400 +++ selinux-policy-1.0/Makefile 2003-07-18 16:33:55.000000000 -0400 @@ -37,6 +37,8 @@ POLICYFILES += users POLICYFILES += tmp/constraints-contexts.m4 +UNUSED_TE_FILES := $(wildcard domains/program/unused/*.te) + FC = file_contexts/file_contexts FCFILES=file_contexts/types.fc $(patsubst domains/program/%.te,file_contexts/program/%.fc, $(wildcard domains/program/*.te)) @@ -128,3 +130,74 @@ rm -f policy.conf rm -f tmp/* rm -f $(FC) +# for the policy regression tester + find "domains/program/" -maxdepth 1 -type l -exec rm {} \; ; \ + +# Policy regression tester. +# Written by Colin Walters +cur_te = $(filter-out %/,$(subst /,/ ,$@)) + +TESTED_TE_FILES := $(notdir $(UNUSED_TE_FILES)) + +define compute_depends + export TE_DEPENDS_$(1) := $(shell egrep '^#[[:space:]]*Depends: ' domains/program/unused/$(1) | head -1 | sed -e 's/^.*Depends: //') +endef + + +ifeq ($(TE_DEPENDS_DEFINED),) +ifeq ($(MAKECMDGOALS),check-all) + GENRULES := $(TESTED_TE_FILES) + export TE_DEPENDS_DEFINED := yes +else + # Handle the case where checkunused/blah.te is run directly. + ifneq ($(findstring checkunused/,$(MAKECMDGOALS)),) + GENRULES := $(TESTED_TE_FILES) + export TE_DEPENDS_DEFINED := yes + endif +endif +endif + +# Test for a new enough version of GNU Make. +$(eval have_eval := yes) +ifneq ($(GENRULES),) + ifeq ($(have_eval),) +$(error Need GNU Make 3.80 or better!) +Need GNU Make 3.80 or better + endif +endif +$(foreach f,$(GENRULES),$(eval $(call compute_depends,$(f)))) + +PHONIES := + +define compute_presymlinks +PHONIES += presymlink/$(1) +presymlink/$(1):: $(patsubst %,presymlink/%,$(TE_DEPENDS_$(1))) + @if ! test -L domains/program/$(1); then \ + cd domains/program && ln -s unused/$(1) .; \ + fi +endef + +# Compute dependencies. +$(foreach f,$(TESTED_TE_FILES),$(eval $(call compute_presymlinks,$(f)))) + +PHONIES += $(patsubst %,checkunused/%,$(TESTED_TE_FILES)) +$(patsubst %,checkunused/%,$(TESTED_TE_FILES)) :: checkunused/% : + @$(MAKE) -s clean + +$(patsubst %,checkunused/%,$(TESTED_TE_FILES)) :: checkunused/% : presymlink/% + @if test -n "$(TE_DEPENDS_$(cur_te))"; then \ + echo "Dependencies for $(cur_te): $(TE_DEPENDS_$(cur_te))"; \ + fi + @echo "Testing $(cur_te)..."; + @if ! make -s policy 1>/dev/null; then \ + echo "Testing $(cur_te)...FAILED"; \ + exit 1; \ + fi; + @echo "Testing $(cur_te)...success."; \ + +check-all: + @for goal in $(patsubst %,checkunused/%,$(TESTED_TE_FILES)); do \ + $(MAKE) --no-print-directory $$goal; \ + done + +.PHONY: clean $(PHONIES) --- policy-1.0/README 2003-05-30 10:26:28.000000000 -0400 +++ selinux-policy-1.0/README 2003-07-18 16:35:21.000000000 -0400 @@ -3,6 +3,8 @@ install - compile and install the policy configuration. load - compile, install, and load the policy configuration. relabel - relabel the filesystem. +check-all - check individual additional policy files in domains/program/unused. +checkunused/FILE.te - check individual file FILE from domains/program/unused. If you have configured MLS into your module, then set MLS=y in the Makefile prior to building the policy. Of course, you must have also