~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,29 +1,60 @@
1	1	#!/bin/sh
2	2	# SPDX-License-Identifier: GPL-2.0
	3	+set -e
3	4	if [ `id -u` -ne 0 ]; then
4	5	echo "$0: must be root to install the selinux policy"
5	6	exit 1
6	7	fi
	8	+
7	9	SF=`which setfiles`
8	10	if [ $? -eq 1 ]; then
9		- if [ -f /sbin/setfiles ]; then
10		- SF="/usr/setfiles"
11		- else
12		- echo "no selinux tools installed: setfiles"
13		- exit 1
14		- fi
	11	+ echo "Could not find setfiles"
	12	+ echo "Do you have policycoreutils installed?"
	13	+ exit 1
	14	+fi
	15	+
	16	+CP=`which checkpolicy`
	17	+if [ $? -eq 1 ]; then
	18	+ echo "Could not find checkpolicy"
	19	+ echo "Do you have checkpolicy installed?"
	20	+ exit 1
	21	+fi
	22	+VERS=`$CP -V \| awk '{print $1}'`
	23	+
	24	+ENABLED=`which selinuxenabled`
	25	+if [ $? -eq 1 ]; then
	26	+ echo "Could not find selinuxenabled"
	27	+ echo "Do you have libselinux-utils installed?"
	28	+ exit 1
	29	+fi
	30	+
	31	+if selinuxenabled; then
	32	+ echo "SELinux is already enabled"
	33	+ echo "This prevents safely relabeling all files."
	34	+ echo "Boot with selinux=0 on the kernel command-line or"
	35	+ echo "SELINUX=disabled in /etc/selinux/config."
	36	+ exit 1
15	37	fi
16	38
17	39	cd mdp
18		-
19		-CP=`which checkpolicy`
20		-VERS=`$CP -V \| awk '{print $1}'`
21		-
22		-./mdp policy.conf file_contexts
23		-$CP -o policy.$VERS policy.conf
	40	+./mdp -m policy.conf file_contexts
	41	+$CP -U allow -M -o policy.$VERS policy.conf
24	42
25	43	mkdir -p /etc/selinux/dummy/policy
26	44	mkdir -p /etc/selinux/dummy/contexts/files
	45	+
	46	+echo "__default__:user_u:s0" > /etc/selinux/dummy/seusers
	47	+echo "base_r:base_t:s0" > /etc/selinux/dummy/contexts/failsafe_context
	48	+echo "base_r:base_t:s0 base_r:base_t:s0" > /etc/selinux/dummy/default_contexts
	49	+cat > /etc/selinux/dummy/contexts/x_contexts <<EOF
	50	+client * user_u:base_r:base_t:s0
	51	+property * user_u:object_r:base_t:s0
	52	+extension * user_u:object_r:base_t:s0
	53	+selection * user_u:object_r:base_t:s0
	54	+event * user_u:object_r:base_t:s0
	55	+EOF
	56	+touch /etc/selinux/dummy/contexts/virtual_domain_context
	57	+touch /etc/selinux/dummy/contexts/virtual_image_context
27	58
28	59	cp file_contexts /etc/selinux/dummy/contexts/files
29	60	cp dbus_contexts /etc/selinux/dummy/contexts
..	..	@@ -33,37 +64,22 @@
33	64	if [ ! -d /etc/selinux ]; then
34	65	mkdir -p /etc/selinux
35	66	fi
36		-if [ ! -f /etc/selinux/config ]; then
37		- cat > /etc/selinux/config << EOF
38		-SELINUX=enforcing
	67	+if [ -f /etc/selinux/config ]; then
	68	+ echo "/etc/selinux/config exists, moving to /etc/selinux/config.bak."
	69	+ mv /etc/selinux/config /etc/selinux/config.bak
	70	+fi
	71	+echo "Creating new /etc/selinux/config for dummy policy."
	72	+cat > /etc/selinux/config << EOF
	73	+SELINUX=permissive
39	74	SELINUXTYPE=dummy
40	75	EOF
41		-else
42		- TYPE=`cat /etc/selinux/config \| grep "^SELINUXTYPE" \| tail -1 \| awk -F= '{ print $2 '}`
43		- if [ "eq$TYPE" != "eqdummy" ]; then
44		- selinuxenabled
45		- if [ $? -eq 0 ]; then
46		- echo "SELinux already enabled with a non-dummy policy."
47		- echo "Exiting. Please install policy by hand if that"
48		- echo "is what you REALLY want."
49		- exit 1
50		- fi
51		- mv /etc/selinux/config /etc/selinux/config.mdpbak
52		- grep -v "^SELINUXTYPE" /etc/selinux/config.mdpbak >> /etc/selinux/config
53		- echo "SELINUXTYPE=dummy" >> /etc/selinux/config
54		- fi
55		-fi
56	76
57	77	cd /etc/selinux/dummy/contexts/files
58		-$SF file_contexts /
	78	+$SF -F file_contexts /
59	79
60		-mounts=`cat /proc/$$/mounts \| egrep "ext2\|ext3\|xfs\|jfs\|ext4\|ext4dev\|gfs2" \| awk '{ print $2 '}`
61		-$SF file_contexts $mounts
	80	+mounts=`cat /proc/$$/mounts \| \
	81	+ grep -E "ext[234]\|jfs\|xfs\|reiserfs\|jffs2\|gfs2\|btrfs\|f2fs\|ocfs2" \| \
	82	+ awk '{ print $2 '}`
	83	+$SF -F file_contexts $mounts
62	84
63		-
64		-dodev=`cat /proc/$$/mounts \| grep "/dev "`
65		-if [ "eq$dodev" != "eq" ]; then
66		- mount --move /dev /mnt
67		- $SF file_contexts /dev
68		- mount --move /mnt /dev
69		-fi
	85	+echo "-F" > /.autorelabel