sec-policy: Release of SELinux policies 2.20170805-r1

Package-Manager: Portage-2.3.6, Repoman-2.3.1

2 files changed, 123 insertions, 0 deletions

diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest
index 73d408c7c6d2..c976a5ad4f40 100644
--- a/sec-policy/selinux-base-policy/Manifest
+++ b/sec-policy/selinux-base-policy/Manifest
@@ -7,6 +7,8 @@ DIST patchbundle-selinux-base-policy-2.20170204-r1.tar.bz2 327838 SHA256 66ca7d9
 DIST patchbundle-selinux-base-policy-2.20170204-r2.tar.bz2 354083 SHA256 95a77b781be01ed29fe02df2b72fa1fe90e993c1a9513ccd94ad3f39d6170367 SHA512 ac907590cefdc69638fce25de481d3dce625f0f1511e0fa3d0bcc78b2a18c57c0bea392c225d314645b1aec5abbcedf67bfc50b66be8580447bbcac7223ea66d WHIRLPOOL d447bb2afb33d66c11db77b1b3401b9151394f3cc306a660efd4e858648a4f8d2c9b6281bc1c41f820103bd352bc47e933e2d84e0d351c4b6be038877b7f167e
 DIST patchbundle-selinux-base-policy-2.20170204-r3.tar.bz2 342266 SHA256 c5d99de3af1a6aec5aced5c4776ee47e15dbf467e116daa9d2df6f69653cf1c9 SHA512 df46b785a17c633d6fcd063b48258a362a0df13fcb71fb699b6c19281f4d647db43639e08e083157fcd49405c5c38c8408534decff99536d28ada64e9192d130 WHIRLPOOL 703c227d4490d9ba291089ac425c1e2924ad28644e5e7fbacbdc43c77eb7df6eaf776bef52b4019316f104ba29f06f90fc6222eb43106f7a9d678cf369eaf807
 DIST patchbundle-selinux-base-policy-2.20170204-r4.tar.bz2 373731 SHA256 eaeefe826522eab8d11318ff319e43ed89baa26a1ea21a89555d38119a2e77c9 SHA512 93a0644440064d85db32c56a381478f8ef94824a04531e6fbad26dd79be02dacd939b804759db35d0627908ff653f8107e18c48858df458c80ae785d80374667 WHIRLPOOL f319cf44526cee2ffc9f920da03cd4d2679f0ab979c45160084dd1aa2df16e9a2f8541ab49fd50588c4dd76675feb73dab1b13d5de809c39ba92867567530ddc
+DIST patchbundle-selinux-base-policy-2.20170805-r1.tar.bz2 304187 SHA256 628330cd11d4f6a44c44b0d591da21c6bffc071fe6c764497b2e60b0df4c31c1 SHA512 40afb78832c0c701af2a633aada851d6611cb5d463d70278c58f13176a2427f496e36791f1b49ba8737dc5cc574486eaeb49c4b65b0decb5b81ef851e9bc60e7 WHIRLPOOL a5562dc8fa956a5e3b049803b37d65811631cce03c2a1df888ffd0cd74fb333cf081c02238c89a6355dacccfb3a07886187b7413ffe43dd558efc194e2713e20
 DIST refpolicy-2.20151208.tar.bz2 698182 SHA256 2dd2f45a7132137afe8302805c3b7839739759b9ab73dd1815c01afe34ac99de SHA512 cbefe117f143adea834065949e24e9fe86336c049e9e0518026597d5b0a18c482a9717422bd39b7fb0012d19df00365c969d87e1f13a7bb9dcb9996313ed6cf8 WHIRLPOOL cb843a602dde4234a62e6f92001bff689a457796215b015bcccce79e7aa73bfe875a82bdbdbf59236f218eb41aaf665fcc5753c42d86eb3ed1caa1b69ddc2efa
 DIST refpolicy-2.20161023.tar.bz2 1768667 SHA256 14c9576e2cdf0ecf656134bc59cba99589dbba2895344d2fc226bdb5d8e541c7 SHA512 3201ca3c6cada1053343d3763d36072cf40afa46bf5343087a8254320879cb61fef539dc7742e04e5645d0c886b8f4bf552bf502e9716f7a3282efc0b0ed970d WHIRLPOOL 3f44955c3b13f5a6152d8ca8b75b3c8d52becc1c47b3b0126f5c86fbdad8bf6a1ae72c42e0b130352e139f987340b3c0d3d37aac5b80c5e3d731fcd666b88504
 DIST refpolicy-2.20170204.tar.bz2 709965 SHA256 5e4daee61d89dfdc8c7bf369f81c99845931e337916dc6401e301c5de57ea336 SHA512 30deabb02a5bde51c463e3e89988d850cff51596c2e72733a064245dec152ea46317eea79550dbe82a7a0d327ec0bcfbd9474ff8a902507392df0da00df6397f WHIRLPOOL a6b6aa1265f3e7e78c6e8012f0cb8098e0727e77bfcf8165866e876b41c18648711c82d87750c081cc49e89b85be03ef3b420a2df25269e2ce070181af308ec6
+DIST refpolicy-2.20170805.tar.bz2 740430 SHA256 045709f5e44199f402149b31c6aab9666bdb1540a5c5ed0312a46c90dedfa52d SHA512 dbb6809b028ae75296ad26d5997cc21d835c49555a0e37957cb39b36b144af6e817320073a29247448eba1876ab9e29d3956ff4456f1542b66ba38af459ec586 WHIRLPOOL 94320a34f0ae6a7a2c67ef335b9fc2007b55fdac282d6b602979571b8f47049535a8d0d1d1310e420f94aefaf95da065c398d4f724a73c74df52e8ef95209219
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20170805-r1.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20170805-r1.ebuild
new file mode 100644
index 000000000000..7aa38de444d9
--- /dev/null
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20170805-r1.ebuild
@@ -0,0 +1,121 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+EAPI="6"
+
+if [[ ${PV} == 9999* ]]; then
+	EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
+	EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
+	EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
+
+	inherit git-r3
+else
+	SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2
+			https://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
+	KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
+fi
+
+HOMEPAGE="https://www.gentoo.org/proj/en/hardened/selinux/"
+DESCRIPTION="SELinux policy for core modules"
+
+IUSE="systemd +unconfined"
+
+PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
+DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]"
+
+MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg"
+LICENSE="GPL-2"
+SLOT="0"
+S="${WORKDIR}/"
+
+# Code entirely copied from selinux-eclass (cannot inherit due to dependency on
+# itself), when reworked reinclude it. Only postinstall (where -b base.pp is
+# added) needs to remain then.
+
+pkg_setup() {
+	if use systemd; then
+		MODS="${MODS} systemd"
+	fi
+}
+
+pkg_pretend() {
+	for i in ${POLICY_TYPES}; do
+		if [[ "${i}" == "targeted" ]] && ! use unconfined; then
+			die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory."
+		fi
+	done
+}
+
+src_prepare() {
+	local modfiles
+
+	if [[ ${PV} != 9999* ]]; then
+		einfo "Applying SELinux policy updates ... "
+		eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
+	fi
+
+	eapply_user
+
+	# Collect only those files needed for this particular module
+	for i in ${MODS}; do
+		modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
+		modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
+	done
+
+	for i in ${POLICY_TYPES}; do
+		mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
+		cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
+			|| die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
+
+		cp ${modfiles} "${S}"/${i} \
+			|| die "Failed to copy the module files to ${S}/${i}"
+	done
+}
+
+src_compile() {
+	for i in ${POLICY_TYPES}; do
+		emake NAME=$i -C "${S}"/${i} || die "${i} compile failed"
+	done
+}
+
+src_install() {
+	local BASEDIR="/usr/share/selinux"
+
+	for i in ${POLICY_TYPES}; do
+		for j in ${MODS}; do
+			einfo "Installing ${i} ${j} policy package"
+			insinto ${BASEDIR}/${i}
+			doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
+		done
+	done
+}
+
+pkg_postinst() {
+	# Override the command from the eclass, we need to load in base as well here
+	local COMMAND="-i base.pp"
+	if has_version "<sys-apps/policycoreutils-2.5"; then
+		COMMAND="-b base.pp"
+	fi
+
+	for i in ${MODS}; do
+		COMMAND="${COMMAND} -i ${i}.pp"
+	done
+
+	for i in ${POLICY_TYPES}; do
+		einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
+
+		cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}"
+
+		semodule -s ${i} ${COMMAND} || die "Failed to load in base and modules ${MODS} in the $i policy store"
+	done
+
+	# Relabel depending packages
+	local PKGSET="";
+	if [[ -x /usr/bin/qdepends ]] ; then
+		PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
+	elif [[ -x /usr/bin/equery ]] ; then
+		PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
+	fi
+	if [[ -n "${PKGSET}" ]] ; then
+		rlpkg ${PKGSET};
+	fi
+}