[selinux-policy: 1090/3172] fix expansion of interfaces from disabled modules.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:39:03 UTC 2010 

commit e0a9001b86807d7285fb59117fd10d4c65c76063
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Jan 12 16:07:59 2006 +0000

    fix expansion of interfaces from disabled modules.

 refpolicy/Changelog     |    2 ++
 refpolicy/Makefile      |    6 +++++-
 refpolicy/Rules.modular |    6 +++---
 3 files changed, 10 insertions(+), 4 deletions(-)
---
diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 42024c6..54a9b76 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,3 +1,5 @@
+- Fix expansion of interfaces from disabled
+  modules.
 - Rsync can be long running from init,
   added rules to allow this.
 - Add polyinstantiation build option.
diff --git a/refpolicy/Makefile b/refpolicy/Makefile
index 1148f13..f311336 100644
--- a/refpolicy/Makefile
+++ b/refpolicy/Makefile
@@ -159,12 +159,16 @@ DETECTED_MODS := $(sort $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.te)) $(G
 # modules.conf setting for base module
 MODBASE := base
 
-# modules.conf setting for module
+# modules.conf setting for loadable module
 MODMOD := module
 
+# modules.conf setting for unused module
+MODUNUSED := off
+
 # extract settings from modules.conf
 BASE_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODBASE)") print $$1 }' $(MOD_CONF) 2> /dev/null))
 MOD_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODMOD)") print $$1 }' $(MOD_CONF) 2> /dev/null))
+OFF_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODUNUSED)") print $$1 }' $(MOD_CONF) 2> /dev/null))
 
 ########################################
 #
diff --git a/refpolicy/Rules.modular b/refpolicy/Rules.modular
index da58eac..0552a39 100644
--- a/refpolicy/Rules.modular
+++ b/refpolicy/Rules.modular
@@ -3,7 +3,7 @@
 # Rules and Targets for building modular policies
 #
 
-ALL_MODULES := $(BASE_MODS) $(MOD_MODS)
+ALL_MODULES := $(BASE_MODS) $(MOD_MODS) $(OFF_MODS)
 ALL_INTERFACES := $(ALL_MODULES:.te=.if)
 
 BASE_PKG := base.pp
@@ -17,7 +17,7 @@ BASE_POST_TE_FILES := $(USER_FILES) $(POLDIR)/constraints
 BASE_FC_FILES := $(BASE_MODS:.te=.fc)
 
 MOD_MODULES := $(MOD_MODS:.te=.mod)
-MOD_PKGS := $(notdir $(MOD_MODS:.te=.pp))
+MOD_PKGS := $(MOD_MODS:.te=.pp)
 
 # policy packages to install
 INSTPKG := $(addprefix $(MODPKGDIR)/,$(BASE_PKG) $(MOD_PKGS))
@@ -110,7 +110,7 @@ tmp/generated_definitions.conf: $(ALL_LAYERS) $(BASE_TE_FILES)
 	$(QUIET) $(GENPERM) $(AVS) $(SECCLASS) > $@
 # per-userdomain templates
 	$(QUIET) echo "define(\`per_userdomain_templates',\`" >> $@
-	$(QUIET) for i in $(patsubst %.te,%,$(notdir $(ALL_MODULES))); do \
+	$(QUIET) for i in $(patsubst %.te,%,$(BASE_MODS) $(MOD_MODS)); do \
 		echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$*'")')" \
 			>> $@ ;\
 	done

More information about the scm-commits mailing list