From: Adam Duskett Date: Thu, 2 Feb 2017 22:45:05 +0000 (-0500) Subject: policycoreutils: add option to build audit2allow X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=005a5f33f25821af1edae15c7811c4ad305d3f0d;p=buildroot.git policycoreutils: add option to build audit2allow This python utility scans the logs for messages logged when the system denied permission for operations, and generates a snippet of policy rules which, if loaded into policy, might have allowed those operations to succeed. However, this utility only generates Type Enforcement (TE) allow rules. Signed-off-by: Adam Duskett Reviewed-by: Matt Weber [Thomas: adjust Config.in to propagate the dependencies of sepolgen, checkpolicy and python3.] Signed-off-by: Thomas Petazzoni --- diff --git a/package/policycoreutils/Config.in b/package/policycoreutils/Config.in index 53238b4eac..4b8a9dca13 100644 --- a/package/policycoreutils/Config.in +++ b/package/policycoreutils/Config.in @@ -45,6 +45,26 @@ config BR2_PACKAGE_POLICYCOREUTILS if BR2_PACKAGE_POLICYCOREUTILS +config BR2_PACKAGE_POLICYCOREUTILS_AUDIT2ALLOW + bool "audit2allow" + depends on BR2_USE_WCHAR # python3, sepolgen + depends on BR2_USE_MMU # python3, sepolgen + depends on BR2_TOOLCHAIN_HAS_THREADS # python3, sepolgen, checkpolicy + depends on !BR2_STATIC_LIBS # python3, sepolgen + depends on BR2_TOOLCHAIN_USES_GLIBC # checkpolicy + depends on !BR2_arc # checkpolicy + select BR2_PACKAGE_SEPOLGEN + select BR2_PACKAGE_CHECKPOLICY + select BR2_PACKAGE_PYTHON3 if !BR2_PACKAGE_PYTHON + help + Enable audit2allow to be built + +comment "audit2allow needs a glibc toolchain w/ wchar, threads, dynamic library" + depends on BR2_USE_MMU + depends on !BR2_arc + depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \ + BR2_STATIC_LIBS + config BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND bool "restorecond" select BR2_PACKAGE_LIBGLIB2 diff --git a/package/policycoreutils/policycoreutils.mk b/package/policycoreutils/policycoreutils.mk index 911d40d633..c9dca4ca9b 100644 --- a/package/policycoreutils/policycoreutils.mk +++ b/package/policycoreutils/policycoreutils.mk @@ -50,6 +50,20 @@ ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND),y) POLICYCOREUTILS_MAKE_DIRS += restorecond POLICYCOREUTILS_DEPENDENCIES += libglib2 endif + +ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_AUDIT2ALLOW),y) +ifeq ($(BR2_PACKAGE_PYTHON3),y) +POLICYCOREUTILS_DEPENDENCIES += python3 +POLICYCOREUTILS_MAKE_OPTS += PYLIBVER="python$(PYTHON3_VERSION_MAJOR)" +else +POLICYCOREUTILS_DEPENDENCIES += python +POLICYCOREUTILS_MAKE_OPTS += PYLIBVER="python$(PYTHON_VERSION_MAJOR)" +endif + +POLICYCOREUTILS_DEPENDENCIES += sepolgen checkpolicy +POLICYCOREUTILS_MAKE_DIRS += audit2allow +endif + # We need to pass DESTDIR at build time because it's used by # policycoreutils build system to find headers and libraries. define POLICYCOREUTILS_BUILD_CMDS