[Buildroot] [PATCH 1/4] sepolgen: bump version to 2.6

[Buildroot] [PATCH 1/4] sepolgen: bump version to 2.6

[Adam Duskett]

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
---
 package/sepolgen/sepolgen.hash | 2 +-
 package/sepolgen/sepolgen.mk   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/sepolgen/sepolgen.hash b/package/sepolgen/sepolgen.hash
index a377c66..b338a70 100644
--- a/package/sepolgen/sepolgen.hash
+++ b/package/sepolgen/sepolgen.hash
@@ -1,2 +1,2 @@
 # https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 8a1c6d3a78c9b6ad3555c74def555f65a62950bf21c111c585bfc382fec3a645  sepolgen-1.1.9.tar.gz
+sha256 6a327b1576d914e57ad796a541a7a9bcceefb14c445355559993de0fdb8e7a60  sepolgen-2.6.tar.gz
diff --git a/package/sepolgen/sepolgen.mk b/package/sepolgen/sepolgen.mk
index efecee7..137eaed 100644
--- a/package/sepolgen/sepolgen.mk
+++ b/package/sepolgen/sepolgen.mk
@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-SEPOLGEN_VERSION = 1.1.9
-SEPOLGEN_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20130423
+SEPOLGEN_VERSION = 2.6
+SEPOLGEN_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014
 SEPOLGEN_LICENSE = GPLv2
 SEPOLGEN_LICENSE_FILES = COPYING
 
-- 
2.9.3

[Buildroot] [PATCH 2/4] sepolgen: Add target compile option.

[Adam Duskett]

If a user wants to use the tool audit2allow provided by
policycoreutils, they will need the python bindings from
sepolgen on the target file system.


Signed-off-by: Adam Duskett <aduskett@codeblue.com>
---
 package/sepolgen/Config.in   |  8 ++++++++
 package/sepolgen/sepolgen.mk | 22 ++++++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 package/sepolgen/Config.in

diff --git a/package/sepolgen/Config.in b/package/sepolgen/Config.in
new file mode 100644
index 0000000..f43a1bc
--- /dev/null
+++ b/package/sepolgen/Config.in
@@ -0,0 +1,8 @@
+config BR2_PACKAGE_SEPOLGEN
+	bool "sepolgen"
+	help
+	  This package contains a Python module that forms the core of the 
+	  modern audit2allow (which is a part of the package policycoreutils). 
+	  It contains infrastructure for parsing SELinux related messages as 
+	  produced by the audit system. 
+	  It has facilities for generating policy based on required access.
diff --git a/package/sepolgen/sepolgen.mk b/package/sepolgen/sepolgen.mk
index 137eaed..c40bbb3 100644
--- a/package/sepolgen/sepolgen.mk
+++ b/package/sepolgen/sepolgen.mk
@@ -9,6 +9,27 @@ SEPOLGEN_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/fi
 SEPOLGEN_LICENSE = GPLv2
 SEPOLGEN_LICENSE_FILES = COPYING
 
+
+
+ifeq ($(BR2_PACKAGE_PYTHON3),y)
+SEPOLGEN_DEPENDENCIES = python3
+SEPOLGEN_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS) \
+	PYTHONLIBDIR=/usr/lib/python$(PYTHON3_VERSION_MAJOR)/site-packages
+else
+SEPOLGEN_DEPENDENCIES = python
+SEPOLGEN_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS) \
+	PYTHONLIBDIR=/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages
+endif
+
+define SEPOLGEN_BUILD_CMDS
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) $(TARGET_SEPOLGEN_MAKE_CMDS) DESTDIR=$(TARGET_DIR)
+endef
+
+define SEPOLGEN_INSTALL_TARGET_CMDS
+	$(MAKE_ENV) $(MAKE) -C $(@D) $(SEPOLGEN_MAKE_CMDS) DESTDIR=$(TARGET_DIR) install
+endef
+
+
 ifeq ($(BR2_PACKAGE_PYTHON3),y)
 HOST_SEPOLGEN_DEPENDENCIES = host-python3
 HOST_SEPOLGEN_MAKE_CMDS = $(HOST_CONFIGURE_OPTS) \
@@ -28,3 +49,4 @@ define HOST_SEPOLGEN_INSTALL_CMDS
 endef
 
 $(eval $(host-generic-package))
+$(eval $(generic-package))
-- 
2.9.3

[Buildroot] [PATCH 3/4] libselinux: allow python bindings on the target filing system.

[Adam Duskett]

If a user wants to use the tool audit2allow provided by
policycoreutils, they will need the python bindings from
libselinux on the target file system.

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
---
 package/libselinux/libselinux.mk | 49 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/package/libselinux/libselinux.mk b/package/libselinux/libselinux.mk
index 165ac4c..5a03602 100644
--- a/package/libselinux/libselinux.mk
+++ b/package/libselinux/libselinux.mk
@@ -20,6 +20,53 @@ LIBSELINUX_MAKE_OPTS = \
 	LDFLAGS="$(TARGET_LDFLAGS) -lpcre -lpthread" \
 	ARCH=$(KERNEL_ARCH)
 
+ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_AUDIT2ALLOW),y)
+
+ifeq ($(BR2_PACKAGE_PYTHON3),y)
+LIBSELINUX_DEPENDENCIES += python3
+LIBSELINUX_PYTHONLIBDIR = -L$(STAGING_DIR)/usr/lib/python$(PYTHON3_VERSION_MAJOR)/
+LIBSELINUX_PYINC = -I$(STAGING_DIR)/usr/include/python$(PYTHON3_VERSION_MAJOR)m/
+LIBSELINUX_PYLIBVER = python$(PYTHON3_VERSION_MAJOR)
+else
+LIBSELINUX_DEPENDENCIES += python
+LIBSELINUX_PYTHONLIBDIR = -L$(STAGING_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/
+LIBSELINUX_PYINC = -I$(STAGING_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/
+LIBSELINUX_PYLIBVER = python$(PYTHON_VERSION_MAJOR)
+endif
+
+define LIBSELINUX_BUILD_CMDS
+	# DESTDIR is needed during the compile to compute library and
+	# header paths.
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) \
+		$(LIBSELINUX_MAKE_OPTS) \
+		PYSITEDIR=$(STAGING_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages \
+		DESTDIR=$(STAGING_DIR) all pywrap
+		
+endef
+
+define LIBSELINUX_INSTALL_STAGING_CMDS
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) \
+		$(LIBSELINUX_MAKE_OPTS) \
+		PYSITEDIR=$(STAGING_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages \
+		DESTDIR=$(STAGING_DIR) install install-pywrap
+
+endef
+
+define LIBSELINUX_INSTALL_TARGET_CMDS
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) \
+		$(LIBSELINUX_MAKE_OPTS) \
+		PYSITEDIR=$(TARGET_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages \
+		DESTDIR=$(TARGET_DIR) install install-pywrap
+			
+	# Create the selinuxfs mount point
+	if [ ! -d "$(TARGET_DIR)/selinux" ]; then mkdir $(TARGET_DIR)/selinux; fi
+	if ! grep -q "selinuxfs" $(TARGET_DIR)/etc/fstab; then \
+		echo "none /selinux selinuxfs noauto 0 0" >> $(TARGET_DIR)/etc/fstab ; fi
+endef
+
+
+else
+
 define LIBSELINUX_BUILD_CMDS
 	# DESTDIR is needed during the compile to compute library and
 	# header paths.
@@ -41,6 +88,8 @@ define LIBSELINUX_INSTALL_TARGET_CMDS
 		echo "none /selinux selinuxfs noauto 0 0" >> $(TARGET_DIR)/etc/fstab ; fi
 endef
 
+endif
+
 HOST_LIBSELINUX_DEPENDENCIES = \
 	host-libsepol host-pcre host-swig
 
-- 
2.9.3

[Buildroot] [PATCH 4/4] policycoreutils: Add audit2allow support.

[Adam Duskett]

Policycoreutils is currently built without audit2allow support enabled.
This patch adds the ability to build policycoreutils with audit2allow
support.

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
---
 package/policycoreutils/Config.in          | 14 ++++++++++++++
 package/policycoreutils/policycoreutils.mk | 16 ++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/package/policycoreutils/Config.in b/package/policycoreutils/Config.in
index 53238b4..d2ebb2f 100644
--- a/package/policycoreutils/Config.in
+++ b/package/policycoreutils/Config.in
@@ -45,6 +45,20 @@ config BR2_PACKAGE_POLICYCOREUTILS
 
 if BR2_PACKAGE_POLICYCOREUTILS
 
+config BR2_PACKAGE_POLICYCOREUTILS_AUDIT2ALLOW
+	bool "audit2allow utility"
+	select BR2_PACKAGE_SEPOLGEN
+	depends on BR2_PACKAGE_PYTHON || BR2_PACKAGE_PYTHON3
+	depends on BR2_USE_WCHAR # glib2
+	depends on BR2_TOOLCHAIN_HAS_THREADS # glib2
+	depends on BR2_USE_MMU # glib2
+	help
+	  Enable audit2allow to be built
+
+comment "audit2allow requires python"
+	depends on !BR2_PACKAGE_PYTHON
+	depends on !BR2_PACKAGE_PYTHON3	  
+	  
 config BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND
 	bool "restorecond"
 	select BR2_PACKAGE_LIBGLIB2
diff --git a/package/policycoreutils/policycoreutils.mk b/package/policycoreutils/policycoreutils.mk
index 86639cc..5e1d536 100644
--- a/package/policycoreutils/policycoreutils.mk
+++ b/package/policycoreutils/policycoreutils.mk
@@ -39,6 +39,16 @@ POLICYCOREUTILS_MAKE_OPTS += \
 	CPPFLAGS="$(TARGET_CPPFLAGS) -U_FILE_OFFSET_BITS" \
 	ARCH="$(BR2_ARCH)"
 
+ifeq ($(BR2_PACKAGE_PYTHON3),y)
+POLICYCOREUTILS_DEPENDENCIES += python3
+POLICYCOREUTILS_MAKE_OPTS += \
+	PYLIBVER="python$(PYTHON3_VERSION_MAJOR)"
+else
+POLICYCOREUTILS_DEPENDENCIES += python
+POLICYCOREUTILS_MAKE_OPTS += \
+	PYLIBVER="python$(PYTHON_VERSION_MAJOR)"
+endif
+
 POLICYCOREUTILS_MAKE_DIRS = \
 	load_policy newrole run_init \
 	secon semodule semodule_deps \
@@ -50,6 +60,12 @@ ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND),y)
 POLICYCOREUTILS_MAKE_DIRS += restorecond
 POLICYCOREUTILS_DEPENDENCIES += libglib2
 endif
+
+ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_AUDIT2ALLOW),y)
+POLICYCOREUTILS_DEPENDENCIES += sepolgen
+POLICYCOREUTILS_MAKE_DIRS += audit2allow
+endif
+
 # We need to pass DESTDIR at build time because it's used by
 # policycoreutils build system to find headers and libraries.
 define POLICYCOREUTILS_BUILD_CMDS
-- 
2.9.3