# SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl>
# SPDX-License-Identifier: Unlicense

.PHONY: all clean policy check config_install monolithic_install

all: clean policy check

MODULES = $(shell find src -type f -name '*.cil' -print0 | sort -z | xargs -r0)
POLVERS = 33
SELINUXTYPE = selinux-policy
VERBOSE = false

clean: clean.$(POLVERS)
clean.%:
	rm -f policy.$* file_contexts

policy: policy.$(POLVERS)
policy.%: $(MODULES)
ifeq ($(VERBOSE),false)
	secilc -O --policyvers=$* $^
else
	secilc -vvv -O --policyvers=$* $^
endif

check: check.$(POLVERS)
check.%:
	setfiles -c policy.$* file_contexts

config_install:
	install -d $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/files
	install -d -m 700 $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/policy
	install -m 644 customizable_types $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/
	install -m 644 default_contexts $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/
	install -m 644 default_type $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/
	install -m 644 failsafe_context $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/
	install -m 644 file_contexts.subs_dist $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/files/
	install -m 644 seusers $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/

monolithic_install: config_install monolithic_install.$(POLVERS)
monolithic_install.%:
	install -m 644 file_contexts $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/contexts/files/
	install -m 600 policy.$* $(DESTDIR)/etc/selinux/$(SELINUXTYPE)/policy/
