#
# Makefile for the security policy.
#
# Targets:
# 
# policy - compile the policy configuration.
# install - compile and install the policy configuration.
# load    - compile, install, and load the policy configuration.
# relabel - relabel the file system based on file_contexts.
# initpolicy - compile the initial policy configuration.
# initinstall - compile and install the initial policy configuration.
#
# The default target is 'policy'.
#

# Set to y if MLS is enabled in the security server.
CONFIG_FLASK_MLS=n

CHECKPOLICY = ../kernel/security/checkpolicy

CFLAGS += -Wall -g -I../include -I../kernel/include 
ifeq ($(CONFIG_FLASK_MLS),y)
CFLAGS += -DCONFIG_FLASK_MLS=1
endif
LDFLAGS += -L../libsecure

POLICYFILES = security_classes initial_sids access_vectors 
ifeq ($(CONFIG_FLASK_MLS),y)
POLICYFILES += mls
endif
POLICYFILES += all.te rbac
ifeq ($(CONFIG_FLASK_MLS),y)
POLICYFILES += users.mls
else
POLICYFILES += users
endif
POLICYFILES += constraints 
ifeq ($(CONFIG_FLASK_MLS),y)
POLICYFILES += initial_sid_contexts.mls fs_contexts.mls net_contexts.mls
else
POLICYFILES += initial_sid_contexts fs_contexts net_contexts
endif

ifeq ($(CONFIG_FLASK_MLS),y)
FILECONTEXTS = file_contexts.mls
POLICYCONTEXT=system_u:object_r:policy_config_t:u
else
FILECONTEXTS = file_contexts
POLICYCONTEXT=system_u:object_r:policy_config_t
endif

INITPOLICYFILES = $(subst all.te,init.te,$(POLICYFILES))

policy:  policy.conf 
	$(CHECKPOLICY) -o $@ policy.conf
	$(CHECKPOLICY) -b $@

policy.conf: $(POLICYFILES)
	m4 -s $^ > policy.conf

fs_contexts.mls: fs_contexts
	sed 's/_t/_t:u/g' $^ > $@

net_contexts.mls: net_contexts
	sed 's/_t/_t:u/g' $^ > $@

initial_sid_contexts.mls: initial_sid_contexts
	sed 's/_t/_t:u/g' $^ > $@

users.mls: users
	sed 's/;/ ranges u;/' $^ > $@

install: policy
	/usr/flask/bin/install --context=$(POLICYCONTEXT) -m 644 -o root -g root policy /ss_policy

load: install
	/usr/flask/bin/load_policy /ss_policy

file_contexts.mls: file_contexts
	sed 's/_t$$/_t:u/g' $^ > $@

relabel:  $(FILECONTEXTS) setfiles
	./setfiles $(FILECONTEXTS) `mount | awk '/ext2/{print $$3}'`
	touch relabel

setfiles:  setfiles.o
	$(CC) $(LDFLAGS) -o $@ $< -lsecure

initpolicy: initpolicy.conf $(CHECKPOLICY)
	$(CHECKPOLICY) -o $@ initpolicy.conf
	$(CHECKPOLICY) -b $@

initpolicy.conf: $(INITPOLICYFILES) all.te
	m4 -s $(INITPOLICYFILES) > initpolicy.conf

initinstall:  initpolicy
	install -m 644 -o root -g root initpolicy /ss_policy

all.te: macros.te all_types.te all_domains.te assert.te
	cat $^ > $@
	rm -f all_types.te all_domains.te

all_types.te: $(wildcard types/*.te)
	cat $^ > $@

all_domains.te: domains/every.te system_domains.te program_domains.te user_domains.te admin_domains.te
	cat $^ > $@
	rm -f system_domains.te program_domains.te user_domains.te admin_domains.te

system_domains.te: $(wildcard domains/system/*.te)
	cat $^ > $@

program_domains.te: $(wildcard domains/program/*.te)
	cat $^ > $@

user_domains.te: $(wildcard domains/user/*.te)
	cat $^ > $@

admin_domains.te: $(wildcard domains/admin/*.te)
	cat $^ > $@

clean:
	rm -f policy policy.conf relabel setfiles setfiles.o initpolicy initpolicy.conf 
	rm -f all.te all_types.te all_domains.te system_domains.te program_domains.te user_domains.te admin_domains.te
	rm -f file_contexts.mls initial_sid_contexts.mls net_contexts.mls fs_contexts.mls users.mls

