#!/bin/sh
if test $[id -u] -ne 0 {
	echo "$0: must be root to install the selinux policy"
	exit 1
}
setglobal SF = $[which setfiles]
if test $Status -eq 1 {
	if test -f /sbin/setfiles {
		setglobal SF = '"/usr/setfiles'"
	} else {
		echo "no selinux tools installed: setfiles"
		exit 1
	}
}

cd mdp

setglobal CP = $[which checkpolicy]
setglobal VERS = $[$CP -V | awk '{print $1}]

./mdp policy.conf file_contexts
$CP -o policy.$VERS policy.conf

mkdir -p /etc/selinux/dummy/policy
mkdir -p /etc/selinux/dummy/contexts/files

cp file_contexts /etc/selinux/dummy/contexts/files
cp dbus_contexts /etc/selinux/dummy/contexts
cp policy.$VERS /etc/selinux/dummy/policy
setglobal FC_FILE = '/etc/selinux/dummy/contexts/files/file_contexts'

if test ! -d /etc/selinux {
	mkdir -p /etc/selinux
}
if test ! -f /etc/selinux/config {
	cat > /etc/selinux/config << """
SELINUX=enforcing
SELINUXTYPE=dummy
"""
} else {
	setglobal TYPE = $[cat /etc/selinux/config | grep "^SELINUXTYPE" | tail -1 | awk -F= '{ print $2 '}]
	if test "eq$TYPE" != "eqdummy" {
		selinuxenabled
		if test $Status -eq 0 {
			echo "SELinux already enabled with a non-dummy policy."
			echo "Exiting.  Please install policy by hand if that"
			echo "is what you REALLY want."
			exit 1
		}
		mv /etc/selinux/config /etc/selinux/config.mdpbak
		grep -v "^SELINUXTYPE" /etc/selinux/config.mdpbak >> /etc/selinux/config
		echo "SELINUXTYPE=dummy" >> /etc/selinux/config
	}
}

cd /etc/selinux/dummy/contexts/files
$SF file_contexts /

setglobal mounts = $[cat /proc/$Pid/mounts | egrep "ext2|ext3|xfs|jfs|ext4|ext4dev|gfs2" | awk '{ print $2 '}]
$SF file_contexts $mounts


setglobal dodev = $[cat /proc/$Pid/mounts | grep "/dev ]
if test "eq$dodev" != "eq" {
	mount --move /dev /mnt
	$SF file_contexts /dev
	mount --move /mnt /dev
}