refpolicy: Add support for the SYSTEMD build.conf option.

refpolicy has introduced a new build.conf option, SYSTEMD=y,
to enable rules specific to using systemd as the init system.
In particular, without setting this option, rules for direct
domain transitions from init_t to daemon domains are not included
in the policy.  Define a POLICY_SYSTEMD variable in the refpolicy
common include file that can be set elsewhere to enable this support.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>

1 files changed, 2 insertions, 0 deletions

diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 0b0b2fd..67d0426 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -35,6 +35,7 @@ POLICY_DISTRO ?= "redhat"
 POLICY_UBAC ?= "n"
 POLICY_UNK_PERMS ?= "allow"
 POLICY_DIRECT_INITRC ?= "n"
+POLICY_SYSTEMD ?= "n"
 POLICY_MONOLITHIC ?= "n"
 POLICY_CUSTOM_BUILDOPT ?= ""
 POLICY_QUIET ?= "y"
@@ -48,6 +49,7 @@ EXTRA_OEMAKE += "NAME=${POLICY_NAME} \
         UBAC=${POLICY_UBAC} \
         UNK_PERMS=${POLICY_UNK_PERMS} \
         DIRECT_INITRC=${POLICY_DIRECT_INITRC} \
+        SYSTEMD=${POLICY_SYSTEMD} \
         MONOLITHIC=${POLICY_MONOLITHIC} \
         CUSTOM_BUILDOPT=${POLICY_CUSTOM_BUILDOPT} \
         QUIET=${POLICY_QUIET} \