refpolicy_common: Sanity test DEFAULT_ENFORCING value and set default.

Use the anonymous python function to be sure the value set for 'SELINUX' in the config file is something useful. In the event that DEFAULT_ENFORCING isn't set to one of the 3 permissible values we set it to 'permissive'. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
author: Philip Tricca <flihp@twobit.us> 2016-04-04 00:21:35 +0000
committer: Joe MacDonald <joe_macdonald@mentor.com> 2016-04-04 12:55:56 -0400
commit: a9e8f834d7a7bd94c649af89205c354ffbe1d3a6 (patch)
tree: 89f502a8f4dca31a97fd566562860d3f35cad669
parent: 8094407fd77e9df1993be6ac266b159eca58df5e (diff)
download: meta-selinux-a9e8f834d7a7bd94c649af89205c354ffbe1d3a6.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 305675f..10e972d 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -66,6 +66,16 @@ EXTRA_OEMAKE += "tc_usrbindir=${STAGING_BINDIR_NATIVE}"
 EXTRA_OEMAKE += "OUTPUT_POLICY=`${STAGING_BINDIR_NATIVE}/checkpolicy -V | cut -d' ' -f1`"
 EXTRA_OEMAKE += "CC='${BUILD_CC}' CFLAGS='${BUILD_CFLAGS}' PYTHON='${PYTHON}'"
+python __anonymous () {
+    import re
+    # make sure DEFAULT_ENFORCING is something sane
+    if not re.match('^(enforcing|permissive|disabled)$',
+                    d.getVar('DEFAULT_ENFORCING', True),
+                    flags=0):
+        d.setVar('DEFAULT_ENFORCING', 'permissive')
+}
 do_compile() {
        oe_runmake conf
        oe_runmake policy
author	Philip Tricca <flihp@twobit.us>	2016-04-04 00:21:35 +0000
committer	Joe MacDonald <joe_macdonald@mentor.com>	2016-04-04 12:55:56 -0400
commit	a9e8f834d7a7bd94c649af89205c354ffbe1d3a6 (patch)
tree	89f502a8f4dca31a97fd566562860d3f35cad669
parent	8094407fd77e9df1993be6ac266b159eca58df5e (diff)
download	meta-selinux-a9e8f834d7a7bd94c649af89205c354ffbe1d3a6.tar.gz

diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index 305675f..10e972d 100644 --- a/recipes-security/refpolicy/refpolicy_common.inc +++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -66,6 +66,16 @@ EXTRA_OEMAKE += "tc_usrbindir=${STAGING_BINDIR_NATIVE}"
66	EXTRA_OEMAKE += "OUTPUT_POLICY=`${STAGING_BINDIR_NATIVE}/checkpolicy -V \| cut -d' ' -f1`"	66	EXTRA_OEMAKE += "OUTPUT_POLICY=`${STAGING_BINDIR_NATIVE}/checkpolicy -V \| cut -d' ' -f1`"
67	EXTRA_OEMAKE += "CC='${BUILD_CC}' CFLAGS='${BUILD_CFLAGS}' PYTHON='${PYTHON}'"	67	EXTRA_OEMAKE += "CC='${BUILD_CC}' CFLAGS='${BUILD_CFLAGS}' PYTHON='${PYTHON}'"
68		68
		69	python __anonymous () {
		70	import re
		71
		72	# make sure DEFAULT_ENFORCING is something sane
		73	if not re.match('^(enforcing\|permissive\|disabled)$',
		74	d.getVar('DEFAULT_ENFORCING', True),
		75	flags=0):
		76	d.setVar('DEFAULT_ENFORCING', 'permissive')
		77	}
		78
69	do_compile() {	79	do_compile() {
70	oe_runmake conf	80	oe_runmake conf
71	oe_runmake policy	81	oe_runmake policy