refpolicy: Setup virtual/refpolicy provider.

This allows us to provide a default policy through the
PREFERRED_PROVIDER mechanism for each of the example distro configs.
Consumers of meta-selinux will be able to override this at the config
level instead of having to depend on a specific policy package. We do
lose the ability install more than one policy package but this falls
in line with the embedded nature of the project.

Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>

5 files changed, 7 insertions, 5 deletions

diff --git a/conf/distro/oe-selinux.conf b/conf/distro/oe-selinux.conf
index 6e55a32..0011d45 100644
--- a/conf/distro/oe-selinux.conf
+++ b/conf/distro/oe-selinux.conf
@@ -2,3 +2,4 @@ DISTRO = "oe-selinux"
 DISTROOVERRIDES .= ":selinux"
 
 DISTRO_FEATURES_append = " acl xattr pam selinux"
+PREFERRED_PROVIDER_virtual/refpolicy ?= "refpolicy-mls"
diff --git a/recipes-security/packagegroups/packagegroup-core-selinux.bb b/recipes-security/packagegroups/packagegroup-core-selinux.bb
index a2480a3..62c5a76 100644
--- a/recipes-security/packagegroups/packagegroup-core-selinux.bb
+++ b/recipes-security/packagegroups/packagegroup-core-selinux.bb
@@ -26,7 +26,6 @@ RDEPENDS_${PN} = " \
         selinux-autorelabel \
         selinux-init \
         selinux-labeldev \
-        refpolicy-standard \
-        refpolicy-mls \
+        virtual/refpolicy \
         coreutils \
         "
diff --git a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
index 34c5f7c..87ae686 100644
--- a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
+++ b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
@@ -23,5 +23,5 @@ RDEPENDS_${PN} = "\
         policycoreutils-setfiles \
         selinux-config \
         selinux-labeldev \
-        refpolicy-mls \
+        virtual/refpolicy \
 "
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 67d0426..ba887e4 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -3,6 +3,9 @@ LICENSE = "GPLv2"
 
 LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
+PROVIDES += "virtual/refpolicy"
+RPROVIDES_${PN} += "virtual/refpolicy"
+
 # Specific config files for Poky
 SRC_URI += "file://customizable_types \
             file://setrans-mls.conf \
diff --git a/recipes-security/selinux/selinux-config_0.1.bb b/recipes-security/selinux/selinux-config_0.1.bb
index 37fe4b7..e902e98 100644
--- a/recipes-security/selinux/selinux-config_0.1.bb
+++ b/recipes-security/selinux/selinux-config_0.1.bb
@@ -1,4 +1,3 @@
-DEFAULT_POLICY ??= "mls"
 DEFAULT_ENFORCING ??= "enforcing"
 
 SUMMARY = "SELinux configuration"
@@ -30,7 +29,7 @@ SELINUX=${DEFAULT_ENFORCING}
 #     mls - Multi Level Security protection.
 #     targeted - Targeted processes are protected.
 #     mcs - Multi Category Security protection.
-SELINUXTYPE=${DEFAULT_POLICY}
+SELINUXTYPE=${@d.getVar("PREFERRED_PROVIDER_virtual/refpolicy", False)[len("refpolicy-"):]}
 " > ${WORKDIR}/config
         install -d ${D}/${sysconfdir}/selinux
         install -m 0644 ${WORKDIR}/config ${D}/${sysconfdir}/selinux/