Stop ignoring standalone interface files

Interface files without corresponding .te where ignored, unless the module name was specified in modules.conf. Standalone interface files are useful for backwards compatibility in case a policy module removed from this repository. Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
fedora-selinux · Sep 1, 2021 · ad7e2a2 · ad7e2a2
1 parent f1e7647
commit ad7e2a2
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/Makefile b/Makefile
@@ -264,6 +264,7 @@ generated_fc := $(basename $(foreach dir,$(all_layers),$(wildcard $(dir)/*.fc.in
 # sort here since it removes duplicates, which can happen
 # when a generated file is already generated
 detected_mods := $(sort $(foreach dir,$(all_layers),$(wildcard $(dir)/*.te)) $(generated_te))
+detected_ifs := $(sort $(foreach dir,$(all_layers),$(wildcard $(dir)/*.if)) $(generated_if))
 
 modxml := $(addprefix $(tmpdir)/, $(detected_mods:.te=.xml))
 layerxml := $(sort $(addprefix $(tmpdir)/, $(notdir $(addsuffix .xml,$(all_layers)))))
@@ -307,6 +308,9 @@ off_mods += $(filter-out $(cmdline_off) $(cmdline_base) $(cmdline_mods), $(mod_c
 # add modules not in modules.conf to the off list
 off_mods += $(filter-out $(base_mods) $(mod_mods) $(off_mods),$(notdir $(detected_mods)))
 
+# all interface files without corresponding .te - backwards compatibility
+standalone_ifs := $(filter-out $(subst .te,.if, $(base_mods) $(mod_mods) $(off_mods)), $(notdir $(detected_ifs)))
+
 # filesystems to be used in labeling targets
 filesystems = $(shell mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]|btrfs| xfs| jfs).*rw/{print $$3}';)
 fs_names := "btrfs ext2 ext3 ext4 xfs jfs"

diff --git a/Rules.modular b/Rules.modular
@@ -4,7 +4,7 @@
 #
 
 all_modules := $(base_mods) $(mod_mods) $(off_mods)
-all_interfaces := $(all_modules:.te=.if)
+all_interfaces := $(all_modules:.te=.if) $(standalone_ifs)
 
 base_pkg := $(builddir)base.pp
 base_fc := $(builddir)base.fc