| Serge E. Hallyn | 93c06cb | 2008-08-26 14:47:57 -0500 | [diff] [blame] | 1 | #!/bin/sh |
| Greg Kroah-Hartman | b244131 | 2017-11-01 15:07:57 +0100 | [diff] [blame] | 2 | # SPDX-License-Identifier: GPL-2.0 |
| Stephen Smalley | e37c187 | 2019-02-21 16:31:47 -0500 | [diff] [blame] | 3 | set -e |
| Serge E. Hallyn | 93c06cb | 2008-08-26 14:47:57 -0500 | [diff] [blame] | 4 | if [ `id -u` -ne 0 ]; then |
| 5 | echo "$0: must be root to install the selinux policy" |
| 6 | exit 1 |
| 7 | fi |
| Stephen Smalley | e37c187 | 2019-02-21 16:31:47 -0500 | [diff] [blame] | 8 | |
| Serge E. Hallyn | 93c06cb | 2008-08-26 14:47:57 -0500 | [diff] [blame] | 9 | SF=`which setfiles` |
| 10 | if [ $? -eq 1 ]; then |
| Stephen Smalley | e37c187 | 2019-02-21 16:31:47 -0500 | [diff] [blame] | 11 | echo "Could not find setfiles" |
| 12 | echo "Do you have policycoreutils installed?" |
| 13 | exit 1 |
| 14 | fi |
| 15 | |
| 16 | CP=`which checkpolicy` |
| 17 | if [ $? -eq 1 ]; then |
| 18 | echo "Could not find checkpolicy" |
| 19 | echo "Do you have checkpolicy installed?" |
| 20 | exit 1 |
| 21 | fi |
| 22 | VERS=`$CP -V | awk '{print $1}'` |
| 23 | |
| 24 | ENABLED=`which selinuxenabled` |
| 25 | if [ $? -eq 1 ]; then |
| 26 | echo "Could not find selinuxenabled" |
| 27 | echo "Do you have libselinux-utils installed?" |
| 28 | exit 1 |
| 29 | fi |
| 30 | |
| 31 | if selinuxenabled; then |
| 32 | echo "SELinux is already enabled" |
| 33 | echo "This prevents safely relabeling all files." |
| 34 | echo "Boot with selinux=0 on the kernel command-line or" |
| 35 | echo "SELINUX=disabled in /etc/selinux/config." |
| 36 | exit 1 |
| Serge E. Hallyn | 93c06cb | 2008-08-26 14:47:57 -0500 | [diff] [blame] | 37 | fi |
| 38 | |
| 39 | cd mdp |
| Stephen Smalley | e37c187 | 2019-02-21 16:31:47 -0500 | [diff] [blame] | 40 | ./mdp -m policy.conf file_contexts |
| 41 | $CP -U allow -M -o policy.$VERS policy.conf |
| Serge E. Hallyn | 93c06cb | 2008-08-26 14:47:57 -0500 | [diff] [blame] | 42 | |
| 43 | mkdir -p /etc/selinux/dummy/policy |
| 44 | mkdir -p /etc/selinux/dummy/contexts/files |
| 45 | |
| Stephen Smalley | e37c187 | 2019-02-21 16:31:47 -0500 | [diff] [blame] | 46 | echo "__default__:user_u:s0" > /etc/selinux/dummy/seusers |
| 47 | echo "base_r:base_t:s0" > /etc/selinux/dummy/contexts/failsafe_context |
| 48 | echo "base_r:base_t:s0 base_r:base_t:s0" > /etc/selinux/dummy/default_contexts |
| 49 | cat > /etc/selinux/dummy/contexts/x_contexts <<EOF |
| 50 | client * user_u:base_r:base_t:s0 |
| 51 | property * user_u:object_r:base_t:s0 |
| 52 | extension * user_u:object_r:base_t:s0 |
| 53 | selection * user_u:object_r:base_t:s0 |
| 54 | event * user_u:object_r:base_t:s0 |
| 55 | EOF |
| 56 | touch /etc/selinux/dummy/contexts/virtual_domain_context |
| 57 | touch /etc/selinux/dummy/contexts/virtual_image_context |
| 58 | |
| Serge E. Hallyn | 93c06cb | 2008-08-26 14:47:57 -0500 | [diff] [blame] | 59 | cp file_contexts /etc/selinux/dummy/contexts/files |
| 60 | cp dbus_contexts /etc/selinux/dummy/contexts |
| 61 | cp policy.$VERS /etc/selinux/dummy/policy |
| 62 | FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts |
| 63 | |
| 64 | if [ ! -d /etc/selinux ]; then |
| 65 | mkdir -p /etc/selinux |
| 66 | fi |
| Stephen Smalley | e37c187 | 2019-02-21 16:31:47 -0500 | [diff] [blame] | 67 | if [ -f /etc/selinux/config ]; then |
| 68 | echo "/etc/selinux/config exists, moving to /etc/selinux/config.bak." |
| 69 | mv /etc/selinux/config /etc/selinux/config.bak |
| 70 | fi |
| 71 | echo "Creating new /etc/selinux/config for dummy policy." |
| 72 | cat > /etc/selinux/config << EOF |
| 73 | SELINUX=permissive |
| Serge E. Hallyn | 93c06cb | 2008-08-26 14:47:57 -0500 | [diff] [blame] | 74 | SELINUXTYPE=dummy |
| 75 | EOF |
| Serge E. Hallyn | 93c06cb | 2008-08-26 14:47:57 -0500 | [diff] [blame] | 76 | |
| 77 | cd /etc/selinux/dummy/contexts/files |
| Stephen Smalley | e37c187 | 2019-02-21 16:31:47 -0500 | [diff] [blame] | 78 | $SF -F file_contexts / |
| Serge E. Hallyn | 93c06cb | 2008-08-26 14:47:57 -0500 | [diff] [blame] | 79 | |
| Stephen Smalley | e37c187 | 2019-02-21 16:31:47 -0500 | [diff] [blame] | 80 | mounts=`cat /proc/$$/mounts | \ |
| 81 | egrep "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \ |
| 82 | awk '{ print $2 '}` |
| 83 | $SF -F file_contexts $mounts |
| Serge E. Hallyn | 93c06cb | 2008-08-26 14:47:57 -0500 | [diff] [blame] | 84 | |
| Stephen Smalley | e37c187 | 2019-02-21 16:31:47 -0500 | [diff] [blame] | 85 | echo "-F" > /.autorelabel |