Adding build-time policy decisions

The last enhancement we might want to look at is build-time policy decisions. Unlike SELinux Booleans, these are policy blocks that are enabled (or disabled) based on build parameters. We have encountered a few of these in the past already, namely enable_mcs, enable_mls as well as distribution selection parameters, such as distro_gentoo or distro_redhat.

In this recipe, we will enable the xdg_manage_downloads_home call but only when the policy is built for a Gentoo system.

How to do it…

Build-time decisions are added to the policy using the ifdef statements, as can be seen through the next set of steps:

  1. Open myskype.te and add in the following block of code:
    ifdef(`distro_gentoo',` xdg_manage_downloads_home(skype_t) ...

Get SELinux Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.