summaryrefslogtreecommitdiff
path: root/build/rpmspec.h
diff options
context:
space:
mode:
authorSteve Lawrence <slawrence@tresys.com>2010-08-30 16:32:29 -0400
committerPanu Matilainen <pmatilai@redhat.com>2010-09-01 09:04:27 +0300
commit383e27564853fd4c387ca1d4a69f223140a0daca (patch)
tree571b403fff31673d43b75b25f31a43b39291fbe9 /build/rpmspec.h
parent5779fb12e26ca1793df7ee50972de80dbf26992e (diff)
downloadlibrpm-tizen-383e27564853fd4c387ca1d4a69f223140a0daca.tar.gz
librpm-tizen-383e27564853fd4c387ca1d4a69f223140a0daca.tar.bz2
librpm-tizen-383e27564853fd4c387ca1d4a69f223140a0daca.zip
Add new %sepolicy section to the spec file format
The %sepolicy section is used to describe SELinux policy to be included in a package. It's syntax is similar to other sections (%files, %pre, %post, etc.) in that you can provide a string and -n after the declaration to specify policy should be added to a subpackage. For example: %sepolicy # policy in this section will be added to the main package %sepolicy foo # policy in this section will be added to the '<mainpackage>-foo' subpackage %sepolicy -n bar # policy in this section will be added to the 'bar' subpackage The %sepolicy section contains zero or more %semodule directives, with the following format: %semodule [OPTIONS] path/to/module.pp The available options are: -b, --base The module is a base module -n, --name=NAME The name of the module. If not given, assumes the name is the basename of the module file with file extensions removed. -t, --types=TYPES One or more comma-separated strings specifying which policy types the module can work with. To explicitly state that a module can work with any policy type, "default" can be specified as the value. If not specified, assumes the module can work with any policy type, and assigns the types as "default". Below is an example of this new format: %sepolicy %semodule -n foo -t mls policy/foo.pp %semodule -n bar -t strict,targeted,mls -b policy/bar.pp This also adds new header tags to store the new information: RPMTAG_POLICYNAMES (string array) RPMTAG_POLICYTYPES (string array) RPMTAG_POLICYTYPESINDEXES (uint32 array) RPMTAG_POLICYFLAGS (uint32 array) The index of NAMES and FLAGS maps directly to the index of RPMTAG_POLICIES. However, because a single policy can have multiple types, the mapping for TYPES is not direct. For this, the index maps to TYPESINDEXES, which contains the index of the policy that the type maps to. This is similar to how DIRINDEXES is used to map DIRNAMES and BASENAMES. As an example, the previous %sepolicy section would have the following header tags: RPMTAG_POLICIES: 0: <foo.pp data, base64 encoded> 1: <bar.pp data, base64 encoded> RPMTAG_POLICYNAMES: 0: foo 1: bar RPMTAG_POLICYFLAGS: 0: 0 1: 1 # assumes flag 1 == BASE RPMTAG_POILCYTYPES: RPMTAG_POLICYTYPESINDEXES: 0: mls 0: 0 1: strict 1: 1 2: targeted 2: 1 3: mls 3: 1
Diffstat (limited to 'build/rpmspec.h')
-rw-r--r--build/rpmspec.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/build/rpmspec.h b/build/rpmspec.h
index cd57d0ad2..8b677a277 100644
--- a/build/rpmspec.h
+++ b/build/rpmspec.h
@@ -119,6 +119,7 @@ struct Package_s {
StringBuf fileFile;
StringBuf fileList; /* If NULL, package will not be written */
+ StringBuf policyList;
Package next;
};