blob: 2dccf141241d76e1620c68b2c32149f025c9f218 [file] [log] [blame]
Serge E. Hallyn93c06cb2008-08-26 14:47:57 -05001#!/bin/sh
Greg Kroah-Hartmanb2441312017-11-01 15:07:57 +01002# SPDX-License-Identifier: GPL-2.0
Stephen Smalleye37c1872019-02-21 16:31:47 -05003set -e
Serge E. Hallyn93c06cb2008-08-26 14:47:57 -05004if [ `id -u` -ne 0 ]; then
5 echo "$0: must be root to install the selinux policy"
6 exit 1
7fi
Stephen Smalleye37c1872019-02-21 16:31:47 -05008
Serge E. Hallyn93c06cb2008-08-26 14:47:57 -05009SF=`which setfiles`
10if [ $? -eq 1 ]; then
Stephen Smalleye37c1872019-02-21 16:31:47 -050011 echo "Could not find setfiles"
12 echo "Do you have policycoreutils installed?"
13 exit 1
14fi
15
16CP=`which checkpolicy`
17if [ $? -eq 1 ]; then
18 echo "Could not find checkpolicy"
19 echo "Do you have checkpolicy installed?"
20 exit 1
21fi
22VERS=`$CP -V | awk '{print $1}'`
23
24ENABLED=`which selinuxenabled`
25if [ $? -eq 1 ]; then
26 echo "Could not find selinuxenabled"
27 echo "Do you have libselinux-utils installed?"
28 exit 1
29fi
30
31if selinuxenabled; then
32 echo "SELinux is already enabled"
33 echo "This prevents safely relabeling all files."
34 echo "Boot with selinux=0 on the kernel command-line or"
35 echo "SELINUX=disabled in /etc/selinux/config."
36 exit 1
Serge E. Hallyn93c06cb2008-08-26 14:47:57 -050037fi
38
39cd mdp
Stephen Smalleye37c1872019-02-21 16:31:47 -050040./mdp -m policy.conf file_contexts
41$CP -U allow -M -o policy.$VERS policy.conf
Serge E. Hallyn93c06cb2008-08-26 14:47:57 -050042
43mkdir -p /etc/selinux/dummy/policy
44mkdir -p /etc/selinux/dummy/contexts/files
45
Stephen Smalleye37c1872019-02-21 16:31:47 -050046echo "__default__:user_u:s0" > /etc/selinux/dummy/seusers
47echo "base_r:base_t:s0" > /etc/selinux/dummy/contexts/failsafe_context
48echo "base_r:base_t:s0 base_r:base_t:s0" > /etc/selinux/dummy/default_contexts
49cat > /etc/selinux/dummy/contexts/x_contexts <<EOF
50client * user_u:base_r:base_t:s0
51property * user_u:object_r:base_t:s0
52extension * user_u:object_r:base_t:s0
53selection * user_u:object_r:base_t:s0
54event * user_u:object_r:base_t:s0
55EOF
56touch /etc/selinux/dummy/contexts/virtual_domain_context
57touch /etc/selinux/dummy/contexts/virtual_image_context
58
Serge E. Hallyn93c06cb2008-08-26 14:47:57 -050059cp file_contexts /etc/selinux/dummy/contexts/files
60cp dbus_contexts /etc/selinux/dummy/contexts
61cp policy.$VERS /etc/selinux/dummy/policy
62FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts
63
64if [ ! -d /etc/selinux ]; then
65 mkdir -p /etc/selinux
66fi
Stephen Smalleye37c1872019-02-21 16:31:47 -050067if [ -f /etc/selinux/config ]; then
68 echo "/etc/selinux/config exists, moving to /etc/selinux/config.bak."
69 mv /etc/selinux/config /etc/selinux/config.bak
70fi
71echo "Creating new /etc/selinux/config for dummy policy."
72cat > /etc/selinux/config << EOF
73SELINUX=permissive
Serge E. Hallyn93c06cb2008-08-26 14:47:57 -050074SELINUXTYPE=dummy
75EOF
Serge E. Hallyn93c06cb2008-08-26 14:47:57 -050076
77cd /etc/selinux/dummy/contexts/files
Stephen Smalleye37c1872019-02-21 16:31:47 -050078$SF -F file_contexts /
Serge E. Hallyn93c06cb2008-08-26 14:47:57 -050079
Stephen Smalleye37c1872019-02-21 16:31:47 -050080mounts=`cat /proc/$$/mounts | \
81 egrep "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \
82 awk '{ print $2 '}`
83$SF -F file_contexts $mounts
Serge E. Hallyn93c06cb2008-08-26 14:47:57 -050084
Stephen Smalleye37c1872019-02-21 16:31:47 -050085echo "-F" > /.autorelabel