policy: Create compressed_policy distro feature

There is a small cost to having compressed policy files on the final
image both in terms of memory requirements and load times.  In nearly all
circumstances this is negligible, but this adds a DISTRO_FEATURE that
can be used to enable it, if desired.

The default selinux distros will enable the feature by default.

(From meta-selinux master rev: 2209cb5fc21c1ad5a7471897528ed64170f70219)

Signed-off-by: Joe MacDonald <joe@deserted.net>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>

2 files changed, 23 insertions, 11 deletions

diff --git a/conf/distro/oe-selinux.conf b/conf/distro/oe-selinux.conf
index 6e55a32..5f4af87 100644
--- a/conf/distro/oe-selinux.conf
+++ b/conf/distro/oe-selinux.conf
@@ -1,4 +1,4 @@
 DISTRO = "oe-selinux"
 DISTROOVERRIDES .= ":selinux"
 
-DISTRO_FEATURES_append = " acl xattr pam selinux"
+DISTRO_FEATURES_append = " acl xattr pam selinux compressed_policy"
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index b46903f..a71c5dd 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -11,8 +11,10 @@ SRC_URI += "file://customizable_types \
 
 S = "${WORKDIR}/refpolicy"
 
-FILES_${PN} = "${sysconfdir}/selinux/${POLICY_NAME}/ \
-        ${datadir}/selinux/${POLICY_NAME}/*.pp.bz2"
+FILES_${PN} = " \
+        ${sysconfdir}/selinux/${POLICY_NAME}/ \
+        ${@base_contains('DISTRO_FEATURES', 'compressed_policy', '${datadir}/selinux/${POLICY_NAME}/*.pp.bz2', '${datadir}/selinux/${POLICY_NAME}/*.pp', d)} \
+        "
 FILES_${PN}-dev =+ "${datadir}/selinux/${POLICY_NAME}/include/"
 
 DEPENDS += "checkpolicy-native policycoreutils-native m4-native"
@@ -79,14 +81,24 @@ EOF
         mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules
         mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files
         touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local
-        for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
-                bzip2 $i
-                if [ "`basename $i`" != "base.pp" ]; then
-                        cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`
-                else
-                        cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i`
-                fi
-        done
+        if  ${@base_contains('DISTRO_FEATURES','compressed_policy','true','false',d)}; then
+                for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
+                        bzip2 $i
+                        if [ "`basename $i`" != "base.pp" ]; then
+                                cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`
+                        else
+                                cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i`
+                        fi
+                done
+        else
+                bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/base.pp  >\
+                        ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
+                for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
+                        if [ "`basename $i`" != "base.pp" ]; then
+                                bzip2 -c $i > ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`;
+                        fi
+                done
+        fi
 
         # Create policy store and build the policy
         semodule -p ${D} -s ${POLICY_NAME} -n -B