From 2f694ba868ff83c801c74e457334311a76e2ae0e Mon Sep 17 00:00:00 2001 From: Dan Buch Date: Wed, 31 Dec 2014 19:46:10 -0500 Subject: [PATCH] Setting up dev env for selinux bits --- .gitmodules | 3 + selinux/.vagrant-provision-as-vagrant.sh | 5 +- selinux/.vagrant-skel/.bashrc | 5 ++ selinux/bin/functions.sh | 81 ++++++++++++++++++++++++ selinux/centralized/hardened-refpolicy | 1 + 5 files changed, 93 insertions(+), 2 deletions(-) create mode 100644 .gitmodules create mode 100644 selinux/.vagrant-skel/.bashrc create mode 100644 selinux/bin/functions.sh create mode 160000 selinux/centralized/hardened-refpolicy diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..fe8f222 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "selinux/centralized/hardened-refpolicy"] + path = selinux/centralized/hardened-refpolicy + url = git://git.overlays.gentoo.org/proj/hardened-refpolicy.git diff --git a/selinux/.vagrant-provision-as-vagrant.sh b/selinux/.vagrant-provision-as-vagrant.sh index a6d8326..28a9e33 100644 --- a/selinux/.vagrant-provision-as-vagrant.sh +++ b/selinux/.vagrant-provision-as-vagrant.sh @@ -1,4 +1,5 @@ #!/bin/bash -whoami -echo woop +for f in $(find /vagrant/.vagrant-skel -type f) ; do + ln -svf $f /home/vagrant/${f##/vagrant/.vagrant-skel/} +done diff --git a/selinux/.vagrant-skel/.bashrc b/selinux/.vagrant-skel/.bashrc new file mode 100644 index 0000000..1379a4d --- /dev/null +++ b/selinux/.vagrant-skel/.bashrc @@ -0,0 +1,5 @@ +export DEVROOT=/vagrant +export POLICY_LOCATION=${DEVROOT}/centralized/hardened-refpolicy + +[[ $PS1 ]] && cd $DEVROOT +[[ -e $DEVROOT/bin/functions.sh ]] && source $DEVROOT/bin/functions.sh diff --git a/selinux/bin/functions.sh b/selinux/bin/functions.sh new file mode 100644 index 0000000..1c38b52 --- /dev/null +++ b/selinux/bin/functions.sh @@ -0,0 +1,81 @@ +# sefindif - Find interface definitions that have a string that matches the +# given regular expression +sefindif() { + REGEXP="$1"; + if [ -d ${POLICY_LOCATION}/policy/modules ]; + then + pushd ${POLICY_LOCATION}/policy/modules > /dev/null 2>&1; + elif [ -d ${POLICY_LOCATION}/include ]; + then + pushd ${POLICY_LOCATION}/include > /dev/null 2>&1; + else + echo "Variable POLICY_LOCATION is not properly defined."; + return 1; + fi + for FILE in */*.if; + do + awk "BEGIN { P=1 } /(interface\(|template\()/ { NAME=\$0; P=0 }; /${REGEXP}/ { if (P==0) {P=1; print NAME}; if (NAME!=\$0) print };" ${FILE} | sed -e "s:^:${FILE}\: :g"; + done + popd > /dev/null 2>&1; +} + +# seshowif - Show the interface definition +seshowif() { + INTERFACE="$1"; + if [ -d ${POLICY_LOCATION}/policy/modules ]; + then + pushd ${POLICY_LOCATION}/policy/modules > /dev/null 2>&1; + elif [ -d ${POLICY_LOCATION}/include ]; + then + pushd ${POLICY_LOCATION}/include > /dev/null 2>&1; + else + echo "Variable POLICY_LOCATION is not properly defined."; + return 1; + fi + for FILE in */*.if; + do + grep -A 9999 "\(interface(\`${INTERFACE}'\|template(\`${INTERFACE}'\)" ${FILE} | grep -B 9999 -m 1 "^')"; + done + popd > /dev/null 2>&1; +} + +# sefinddef - Find macro definitions that have a string that matches the given +# regular expression +sefinddef() { + REGEXP="$1"; + if [ -d ${POLICY_LOCATION}/policy/support ]; + then + pushd ${POLICY_LOCATION}/policy/support > /dev/null 2>&1; + elif [ -d ${POLICY_LOCATION}/include/support ]; + then + pushd ${POLICY_LOCATION}/include/support > /dev/null 2>&1; + else + echo "Variable POLICY_LOCATION is not properly defined."; + return 1; + fi + for FILE in *; + do + awk "BEGIN { P=1; } /(define\(\`[^\`]*\`$)/ { NAME=\$0; P=0 }; /${REGEXP}/ { if (P==0) {P=1; print NAME}; if (NAME!=\$0) print };" ${FILE}; + done + popd > /dev/null 2>&1; +} + +# seshowdef - Show the macro definition +seshowdef() { + MACRONAME="$1"; + if [ -d ${POLICY_LOCATION}/policy/support ]; + then + pushd ${POLICY_LOCATION}/policy/support > /dev/null 2>&1; + elif [ -d ${POLICY_LOCATION}/include/support ]; + then + pushd ${POLICY_LOCATION}/include/support > /dev/null 2>&1; + else + echo "Variable POLICY_LOCATION is not properly defined."; + return 1; + fi + for FILE in *.spt; + do + grep -A 9999 "define(\`${MACRONAME}'" ${FILE} | grep -B 999 -m 1 "')"; + done + popd > /dev/null 2>&1; +} diff --git a/selinux/centralized/hardened-refpolicy b/selinux/centralized/hardened-refpolicy new file mode 160000 index 0000000..a112724 --- /dev/null +++ b/selinux/centralized/hardened-refpolicy @@ -0,0 +1 @@ +Subproject commit a112724e4000453bd4b71d357b7eab790a44ac07