cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

install_policy.sh (2351B)

      1#!/bin/sh
      2# SPDX-License-Identifier: GPL-2.0
      3set -e
      4if [ `id -u` -ne 0 ]; then
      5	echo "$0: must be root to install the selinux policy"
      6	exit 1
      7fi
      8
      9SF=`which setfiles`
     10if [ $? -eq 1 ]; then
     11	echo "Could not find setfiles"
     12	echo "Do you have policycoreutils installed?"
     13	exit 1
     14fi
     15
     16CP=`which checkpolicy`
     17if [ $? -eq 1 ]; then
     18	echo "Could not find checkpolicy"
     19	echo "Do you have checkpolicy installed?"
     20	exit 1
     21fi
     22VERS=`$CP -V | awk '{print $1}'`
     23
     24ENABLED=`which selinuxenabled`
     25if [ $? -eq 1 ]; then
     26	echo "Could not find selinuxenabled"
     27	echo "Do you have libselinux-utils installed?"
     28	exit 1
     29fi
     30
     31if selinuxenabled; then
     32    echo "SELinux is already enabled"
     33    echo "This prevents safely relabeling all files."
     34    echo "Boot with selinux=0 on the kernel command-line or"
     35    echo "SELINUX=disabled in /etc/selinux/config."
     36    exit 1
     37fi
     38
     39cd mdp
     40./mdp -m policy.conf file_contexts
     41$CP -U allow -M -o policy.$VERS policy.conf
     42
     43mkdir -p /etc/selinux/dummy/policy
     44mkdir -p /etc/selinux/dummy/contexts/files
     45
     46echo "__default__:user_u:s0" > /etc/selinux/dummy/seusers
     47echo "base_r:base_t:s0" > /etc/selinux/dummy/contexts/failsafe_context
     48echo "base_r:base_t:s0 base_r:base_t:s0" > /etc/selinux/dummy/default_contexts
     49cat > /etc/selinux/dummy/contexts/x_contexts <<EOF
     50client * user_u:base_r:base_t:s0
     51property * user_u:object_r:base_t:s0
     52extension * user_u:object_r:base_t:s0
     53selection * user_u:object_r:base_t:s0
     54event * user_u:object_r:base_t:s0
     55EOF
     56touch /etc/selinux/dummy/contexts/virtual_domain_context
     57touch /etc/selinux/dummy/contexts/virtual_image_context
     58
     59cp file_contexts /etc/selinux/dummy/contexts/files
     60cp dbus_contexts /etc/selinux/dummy/contexts
     61cp policy.$VERS /etc/selinux/dummy/policy
     62FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts
     63
     64if [ ! -d /etc/selinux ]; then
     65	mkdir -p /etc/selinux
     66fi
     67if [ -f /etc/selinux/config ]; then
     68    echo "/etc/selinux/config exists, moving to /etc/selinux/config.bak."
     69    mv /etc/selinux/config /etc/selinux/config.bak
     70fi
     71echo "Creating new /etc/selinux/config for dummy policy."
     72cat > /etc/selinux/config << EOF
     73SELINUX=permissive
     74SELINUXTYPE=dummy
     75EOF
     76
     77cd /etc/selinux/dummy/contexts/files
     78$SF -F file_contexts /
     79
     80mounts=`cat /proc/$$/mounts | \
     81	egrep "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \
     82	awk '{ print $2 '}`
     83$SF -F file_contexts $mounts
     84
     85echo "-F" > /.autorelabel