diff options
author | Adam Duskett <Aduskett@gmail.com> | 2017-02-02 17:45:05 -0500 |
---|---|---|
committer | Thomas Petazzoni <thomas.petazzoni@free-electrons.com> | 2017-04-09 15:33:54 +0200 |
commit | 005a5f33f25821af1edae15c7811c4ad305d3f0d (patch) | |
tree | f81e29b0909ee73443a019bbfa48ebbb63b6148c | |
parent | eb77bd3dabe1fc2d0fa9ef0f8967e25eb550c9fb (diff) | |
download | buildroot-005a5f33f25821af1edae15c7811c4ad305d3f0d.tar.gz buildroot-005a5f33f25821af1edae15c7811c4ad305d3f0d.zip |
policycoreutils: add option to build audit2allow
This python utility scans the logs for messages logged when the system
denied permission for operations, and generates a snippet of policy
rules which, if loaded into policy, might have allowed those operations
to succeed. However, this utility only generates Type Enforcement (TE)
allow rules.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas: adjust Config.in to propagate the dependencies of sepolgen,
checkpolicy and python3.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-rw-r--r-- | package/policycoreutils/Config.in | 20 | ||||
-rw-r--r-- | package/policycoreutils/policycoreutils.mk | 14 |
2 files changed, 34 insertions, 0 deletions
diff --git a/package/policycoreutils/Config.in b/package/policycoreutils/Config.in index 53238b4eac..4b8a9dca13 100644 --- a/package/policycoreutils/Config.in +++ b/package/policycoreutils/Config.in @@ -45,6 +45,26 @@ config BR2_PACKAGE_POLICYCOREUTILS if BR2_PACKAGE_POLICYCOREUTILS +config BR2_PACKAGE_POLICYCOREUTILS_AUDIT2ALLOW + bool "audit2allow" + depends on BR2_USE_WCHAR # python3, sepolgen + depends on BR2_USE_MMU # python3, sepolgen + depends on BR2_TOOLCHAIN_HAS_THREADS # python3, sepolgen, checkpolicy + depends on !BR2_STATIC_LIBS # python3, sepolgen + depends on BR2_TOOLCHAIN_USES_GLIBC # checkpolicy + depends on !BR2_arc # checkpolicy + select BR2_PACKAGE_SEPOLGEN + select BR2_PACKAGE_CHECKPOLICY + select BR2_PACKAGE_PYTHON3 if !BR2_PACKAGE_PYTHON + help + Enable audit2allow to be built + +comment "audit2allow needs a glibc toolchain w/ wchar, threads, dynamic library" + depends on BR2_USE_MMU + depends on !BR2_arc + depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \ + BR2_STATIC_LIBS + config BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND bool "restorecond" select BR2_PACKAGE_LIBGLIB2 diff --git a/package/policycoreutils/policycoreutils.mk b/package/policycoreutils/policycoreutils.mk index 911d40d633..c9dca4ca9b 100644 --- a/package/policycoreutils/policycoreutils.mk +++ b/package/policycoreutils/policycoreutils.mk @@ -50,6 +50,20 @@ ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND),y) POLICYCOREUTILS_MAKE_DIRS += restorecond POLICYCOREUTILS_DEPENDENCIES += libglib2 endif + +ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_AUDIT2ALLOW),y) +ifeq ($(BR2_PACKAGE_PYTHON3),y) +POLICYCOREUTILS_DEPENDENCIES += python3 +POLICYCOREUTILS_MAKE_OPTS += PYLIBVER="python$(PYTHON3_VERSION_MAJOR)" +else +POLICYCOREUTILS_DEPENDENCIES += python +POLICYCOREUTILS_MAKE_OPTS += PYLIBVER="python$(PYTHON_VERSION_MAJOR)" +endif + +POLICYCOREUTILS_DEPENDENCIES += sepolgen checkpolicy +POLICYCOREUTILS_MAKE_DIRS += audit2allow +endif + # We need to pass DESTDIR at build time because it's used by # policycoreutils build system to find headers and libraries. define POLICYCOREUTILS_BUILD_CMDS |