162306a36Sopenharmony_ci#!/bin/sh 262306a36Sopenharmony_ci# SPDX-License-Identifier: GPL-2.0 362306a36Sopenharmony_ciset -e 462306a36Sopenharmony_ciif [ `id -u` -ne 0 ]; then 562306a36Sopenharmony_ci echo "$0: must be root to install the selinux policy" 662306a36Sopenharmony_ci exit 1 762306a36Sopenharmony_cifi 862306a36Sopenharmony_ci 962306a36Sopenharmony_ciSF=`which setfiles` 1062306a36Sopenharmony_ciif [ $? -eq 1 ]; then 1162306a36Sopenharmony_ci echo "Could not find setfiles" 1262306a36Sopenharmony_ci echo "Do you have policycoreutils installed?" 1362306a36Sopenharmony_ci exit 1 1462306a36Sopenharmony_cifi 1562306a36Sopenharmony_ci 1662306a36Sopenharmony_ciCP=`which checkpolicy` 1762306a36Sopenharmony_ciif [ $? -eq 1 ]; then 1862306a36Sopenharmony_ci echo "Could not find checkpolicy" 1962306a36Sopenharmony_ci echo "Do you have checkpolicy installed?" 2062306a36Sopenharmony_ci exit 1 2162306a36Sopenharmony_cifi 2262306a36Sopenharmony_ciVERS=`$CP -V | awk '{print $1}'` 2362306a36Sopenharmony_ci 2462306a36Sopenharmony_ciENABLED=`which selinuxenabled` 2562306a36Sopenharmony_ciif [ $? -eq 1 ]; then 2662306a36Sopenharmony_ci echo "Could not find selinuxenabled" 2762306a36Sopenharmony_ci echo "Do you have libselinux-utils installed?" 2862306a36Sopenharmony_ci exit 1 2962306a36Sopenharmony_cifi 3062306a36Sopenharmony_ci 3162306a36Sopenharmony_ciif selinuxenabled; then 3262306a36Sopenharmony_ci echo "SELinux is already enabled" 3362306a36Sopenharmony_ci echo "This prevents safely relabeling all files." 3462306a36Sopenharmony_ci echo "Boot with selinux=0 on the kernel command-line." 3562306a36Sopenharmony_ci exit 1 3662306a36Sopenharmony_cifi 3762306a36Sopenharmony_ci 3862306a36Sopenharmony_cicd mdp 3962306a36Sopenharmony_ci./mdp -m policy.conf file_contexts 4062306a36Sopenharmony_ci$CP -U allow -M -o policy.$VERS policy.conf 4162306a36Sopenharmony_ci 4262306a36Sopenharmony_cimkdir -p /etc/selinux/dummy/policy 4362306a36Sopenharmony_cimkdir -p /etc/selinux/dummy/contexts/files 4462306a36Sopenharmony_ci 4562306a36Sopenharmony_ciecho "__default__:user_u:s0" > /etc/selinux/dummy/seusers 4662306a36Sopenharmony_ciecho "base_r:base_t:s0" > /etc/selinux/dummy/contexts/failsafe_context 4762306a36Sopenharmony_ciecho "base_r:base_t:s0 base_r:base_t:s0" > /etc/selinux/dummy/default_contexts 4862306a36Sopenharmony_cicat > /etc/selinux/dummy/contexts/x_contexts <<EOF 4962306a36Sopenharmony_ciclient * user_u:base_r:base_t:s0 5062306a36Sopenharmony_ciproperty * user_u:object_r:base_t:s0 5162306a36Sopenharmony_ciextension * user_u:object_r:base_t:s0 5262306a36Sopenharmony_ciselection * user_u:object_r:base_t:s0 5362306a36Sopenharmony_cievent * user_u:object_r:base_t:s0 5462306a36Sopenharmony_ciEOF 5562306a36Sopenharmony_citouch /etc/selinux/dummy/contexts/virtual_domain_context 5662306a36Sopenharmony_citouch /etc/selinux/dummy/contexts/virtual_image_context 5762306a36Sopenharmony_ci 5862306a36Sopenharmony_cicp file_contexts /etc/selinux/dummy/contexts/files 5962306a36Sopenharmony_cicp dbus_contexts /etc/selinux/dummy/contexts 6062306a36Sopenharmony_cicp policy.$VERS /etc/selinux/dummy/policy 6162306a36Sopenharmony_ciFC_FILE=/etc/selinux/dummy/contexts/files/file_contexts 6262306a36Sopenharmony_ci 6362306a36Sopenharmony_ciif [ ! -d /etc/selinux ]; then 6462306a36Sopenharmony_ci mkdir -p /etc/selinux 6562306a36Sopenharmony_cifi 6662306a36Sopenharmony_ciif [ -f /etc/selinux/config ]; then 6762306a36Sopenharmony_ci echo "/etc/selinux/config exists, moving to /etc/selinux/config.bak." 6862306a36Sopenharmony_ci mv /etc/selinux/config /etc/selinux/config.bak 6962306a36Sopenharmony_cifi 7062306a36Sopenharmony_ciecho "Creating new /etc/selinux/config for dummy policy." 7162306a36Sopenharmony_cicat > /etc/selinux/config << EOF 7262306a36Sopenharmony_ciSELINUX=permissive 7362306a36Sopenharmony_ciSELINUXTYPE=dummy 7462306a36Sopenharmony_ciEOF 7562306a36Sopenharmony_ci 7662306a36Sopenharmony_cicd /etc/selinux/dummy/contexts/files 7762306a36Sopenharmony_ci$SF -F file_contexts / 7862306a36Sopenharmony_ci 7962306a36Sopenharmony_cimounts=`cat /proc/$$/mounts | \ 8062306a36Sopenharmony_ci grep -E "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \ 8162306a36Sopenharmony_ci awk '{ print $2 '}` 8262306a36Sopenharmony_ci$SF -F file_contexts $mounts 8362306a36Sopenharmony_ci 8462306a36Sopenharmony_ciecho "-F" > /.autorelabel 85