Linux/scripts/selinux/install

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 #!/bin/sh 2 # SPDX-License-Identifier: GPL-2.0 3 set -e 4 if [ `id -u` -ne 0 ]; then 5 echo "$0: must be root to install the selinux policy" 6 exit 1 7 fi 8 9 SF=`which setfiles` 10 if [ $? -eq 1 ]; then 11 echo "Could not find setfiles" 12 echo "Do you have policycoreutils installed?" 13 exit 1 14 fi 15 16 CP=`which checkpolicy` 17 if [ $? -eq 1 ]; then 18 echo "Could not find checkpolicy" 19 echo "Do you have checkpolicy installed?" 20 exit 1 21 fi 22 VERS=`$CP -V | awk '{print $1}'` 23 24 ENABLED=`which selinuxenabled` 25 if [ $? -eq 1 ]; then 26 echo "Could not find selinuxenabled" 27 echo "Do you have libselinux-utils installed?" 28 exit 1 29 fi 30 31 if selinuxenabled; then 32 echo "SELinux is already enabled" 33 echo "This prevents safely relabeling all files." 34 echo "Boot with selinux=0 on the kernel command-line." 35 exit 1 36 fi 37 38 cd mdp 39 ./mdp -m policy.conf file_contexts 40 $CP -U allow -M -o policy.$VERS policy.conf 41 42 mkdir -p /etc/selinux/dummy/policy 43 mkdir -p /etc/selinux/dummy/contexts/files 44 45 echo "__default__:user_u:s0" > /etc/selinux/dummy/seusers 46 echo "base_r:base_t:s0" > /etc/selinux/dummy/contexts/failsafe_context 47 echo "base_r:base_t:s0 base_r:base_t:s0" > /etc/selinux/dummy/default_contexts 48 cat > /etc/selinux/dummy/contexts/x_contexts <<EOF 49 client * user_u:base_r:base_t:s0 50 property * user_u:object_r:base_t:s0 51 extension * user_u:object_r:base_t:s0 52 selection * user_u:object_r:base_t:s0 53 event * user_u:object_r:base_t:s0 54 EOF 55 touch /etc/selinux/dummy/contexts/virtual_domain_context 56 touch /etc/selinux/dummy/contexts/virtual_image_context 57 58 cp file_contexts /etc/selinux/dummy/contexts/files 59 cp dbus_contexts /etc/selinux/dummy/contexts 60 cp policy.$VERS /etc/selinux/dummy/policy 61 FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts 62 63 if [ ! -d /etc/selinux ]; then 64 mkdir -p /etc/selinux 65 fi 66 if [ -f /etc/selinux/config ]; then 67 echo "/etc/selinux/config exists, moving to /etc/selinux/config.bak." 68 mv /etc/selinux/config /etc/selinux/config.bak 69 fi 70 echo "Creating new /etc/selinux/config for dummy policy." 71 cat > /etc/selinux/config << EOF 72 SELINUX=permissive 73 SELINUXTYPE=dummy 74 EOF 75 76 cd /etc/selinux/dummy/contexts/files 77 $SF -F file_contexts / 78 79 mounts=`cat /proc/$$/mounts | \ 80 grep -E "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \ 81 awk '{ print $2 '}` 82 $SF -F file_contexts $mounts 83 84 echo "-F" > /.autorelabel

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/scripts/selinux/install_policy.sh

TOMOYO Linux Cross Reference
Linux/scripts/selinux/install_policy.sh