Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/scripts/selinux/install_policy.sh 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  1) #!/bin/sh
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  2) # SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  3) set -e
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  4) if [ `id -u` -ne 0 ]; then
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  5) 	echo "$0: must be root to install the selinux policy"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  6) 	exit 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  7) fi
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  8) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  9) SF=`which setfiles`
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) if [ $? -eq 1 ]; then
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) 	echo "Could not find setfiles"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) 	echo "Do you have policycoreutils installed?"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) 	exit 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) fi
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) CP=`which checkpolicy`
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) if [ $? -eq 1 ]; then
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) 	echo "Could not find checkpolicy"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) 	echo "Do you have checkpolicy installed?"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) 	exit 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) fi
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) VERS=`$CP -V | awk '{print $1}'`
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) ENABLED=`which selinuxenabled`
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) if [ $? -eq 1 ]; then
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) 	echo "Could not find selinuxenabled"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) 	echo "Do you have libselinux-utils installed?"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) 	exit 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) fi
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) if selinuxenabled; then
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32)     echo "SELinux is already enabled"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33)     echo "This prevents safely relabeling all files."
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34)     echo "Boot with selinux=0 on the kernel command-line or"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35)     echo "SELINUX=disabled in /etc/selinux/config."
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36)     exit 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) fi
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) cd mdp
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) ./mdp -m policy.conf file_contexts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) $CP -U allow -M -o policy.$VERS policy.conf
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) mkdir -p /etc/selinux/dummy/policy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) mkdir -p /etc/selinux/dummy/contexts/files
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) echo "__default__:user_u:s0" > /etc/selinux/dummy/seusers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) echo "base_r:base_t:s0" > /etc/selinux/dummy/contexts/failsafe_context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) echo "base_r:base_t:s0 base_r:base_t:s0" > /etc/selinux/dummy/default_contexts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) cat > /etc/selinux/dummy/contexts/x_contexts <<EOF
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) client * user_u:base_r:base_t:s0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) property * user_u:object_r:base_t:s0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) extension * user_u:object_r:base_t:s0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) selection * user_u:object_r:base_t:s0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) event * user_u:object_r:base_t:s0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) EOF
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) touch /etc/selinux/dummy/contexts/virtual_domain_context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) touch /etc/selinux/dummy/contexts/virtual_image_context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) cp file_contexts /etc/selinux/dummy/contexts/files
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) cp dbus_contexts /etc/selinux/dummy/contexts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) cp policy.$VERS /etc/selinux/dummy/policy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) if [ ! -d /etc/selinux ]; then
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) 	mkdir -p /etc/selinux
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) fi
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) if [ -f /etc/selinux/config ]; then
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68)     echo "/etc/selinux/config exists, moving to /etc/selinux/config.bak."
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69)     mv /etc/selinux/config /etc/selinux/config.bak
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) fi
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) echo "Creating new /etc/selinux/config for dummy policy."
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) cat > /etc/selinux/config << EOF
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) SELINUX=permissive
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) SELINUXTYPE=dummy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) EOF
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) cd /etc/selinux/dummy/contexts/files
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) $SF -F file_contexts /
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) mounts=`cat /proc/$$/mounts | \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) 	egrep "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) 	awk '{ print $2 '}`
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) $SF -F file_contexts $mounts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) echo "-F" > /.autorelabel
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.