Ensure correct monolithic binary policy is loaded

When building a monolithic policy with 'make load', the
selinux_config(5) file 'SELINUXTYPE' entry determines what policy
is loaded as load_policy(8) does not take a path value (it always loads
the active system policy as defined by /etc/selinux/config).

Currently it is possible to load the wrong binary policy, for example if
the Reference Policy source is located at:
/etc/selinux/refpolicy
and the /etc/selinux/config file has the following entry:
SELINUXTYPE=targeted
Then the /etc/selinux/targeted/policy/policy.<ver> is loaded when
'make load' is executed.
Resolve this by using selinux_binary_policy_path(3) to determine the
current configured policy name and its location.

Another example is that if the Reference Policy source is located at:
/tmp/custom-rootfs/etc/selinux/refpolicy
and the /etc/selinux/config file has the following entry:
SELINUXTYPE=refpolicy
Then the /etc/selinux/refpolicy/policy/policy.<ver> is loaded when
'make DESTDIR=/tmp/custom-rootfs load' is executed (not the
/tmp/custom-rootfs/etc/selinux/refpolicy/policy/policy.<ver> that the
developer thought would be loaded).
Resolve this by checking if DESTDIR has been set.

Remove the '@touch $(tmpdir)/load' line as the file is never referenced.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>

1 files changed, 1 insertions, 0 deletions

diff --git a/Makefile b/Makefile
index eae365e53..ba346a272 100644
--- a/Makefile
+++ b/Makefile
@@ -97,6 +97,7 @@ genxml := $(PYTHON) $(support)/segenxml.py
 gendoc := $(PYTHON) $(support)/sedoctool.py
 genperm := $(PYTHON) $(support)/genclassperms.py
 policyvers := $(PYTHON) $(support)/policyvers.py
+binary_policy_path := $(PYTHON) $(support)/selinux_binary_policy_path.py
 fcsort := $(PYTHON) $(support)/fc_sort.py
 setbools := $(AWK) -f $(support)/set_bools_tuns.awk
 get_type_attr_decl := $(SED) -r -f $(support)/get_type_attr_decl.sed