Integrate selinux-config into refpolicy_common.

With the virutal package there's no need for a separate recipe to build
the config. This can be generated and included as part of the policy
package.

Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>

4 files changed, 28 insertions, 44 deletions

diff --git a/recipes-security/packagegroups/packagegroup-core-selinux.bb b/recipes-security/packagegroups/packagegroup-core-selinux.bb
index 62c5a76..c6d22b7 100644
--- a/recipes-security/packagegroups/packagegroup-core-selinux.bb
+++ b/recipes-security/packagegroups/packagegroup-core-selinux.bb
@@ -22,7 +22,6 @@ RDEPENDS_${PN} = " \
         packagegroup-selinux-policycoreutils \
         setools \
         setools-console \
-        selinux-config \
         selinux-autorelabel \
         selinux-init \
         selinux-labeldev \
diff --git a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
index 87ae686..451ae8b 100644
--- a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
+++ b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
@@ -21,7 +21,6 @@ RDEPENDS_${PN} = "\
         policycoreutils-semodule \
         policycoreutils-sestatus \
         policycoreutils-setfiles \
-        selinux-config \
         selinux-labeldev \
         virtual/refpolicy \
 "
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index ba887e4..305675f 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -1,3 +1,5 @@
+DEFAULT_ENFORCING ??= "enforcing"
+
 SECTION = "base"
 LICENSE = "GPLv2"
 
@@ -14,7 +16,8 @@ SRC_URI += "file://customizable_types \
 
 S = "${WORKDIR}/refpolicy"
 
-FILES_${PN} = " \
+CONFFILES_${PN} += "${sysconfdir}/selinux/config"
+FILES_${PN} += " \
         ${sysconfdir}/selinux/${POLICY_NAME}/ \
         ${datadir}/selinux/${POLICY_NAME}/*.pp \
         ${localstatedir}/lib/selinux/${POLICY_NAME}/ \
@@ -25,7 +28,6 @@ FILES_${PN}-dev =+ " \
 "
 
 DEPENDS += "checkpolicy-native policycoreutils-native m4-native"
-RDEPENDS_${PN} += "selinux-config"
 
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
@@ -137,13 +139,37 @@ install_misc_files () {
         oe_runmake 'DESTDIR=${D}' 'prefix=${D}${prefix}' install-headers
 }
 
+install_config () {
+        echo "\
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+#     enforcing - SELinux security policy is enforced.
+#     permissive - SELinux prints warnings instead of enforcing.
+#     disabled - No SELinux policy is loaded.
+SELINUX=${DEFAULT_ENFORCING}
+# SELINUXTYPE= can take one of these values:
+#     standard - Standard Security protection.
+#     mls - Multi Level Security protection.
+#     targeted - Targeted processes are protected.
+#     mcs - Multi Category Security protection.
+SELINUXTYPE=${POLICY_TYPE}
+" > ${WORKDIR}/config
+        install -d ${D}/${sysconfdir}/selinux
+        install -m 0644 ${WORKDIR}/config ${D}/${sysconfdir}/selinux/
+}
+
 do_install () {
         prepare_policy_store
         rebuild_policy
         install_misc_files
+        install_config
 }
 
 do_install_append(){
         # While building policies on target, Makefile will be searched from SELINUX_DEVEL_PATH
         echo "SELINUX_DEVEL_PATH=${datadir}/selinux/${POLICY_NAME}/include" > ${D}${sysconfdir}/selinux/sepolgen.conf
 }
+
+sysroot_stage_all_append () {
+        sysroot_stage_dir ${D}${sysconfdir} ${SYSROOT_DESTDIR}${sysconfdir}
+}
diff --git a/recipes-security/selinux/selinux-config_0.1.bb b/recipes-security/selinux/selinux-config_0.1.bb
deleted file mode 100644
index e902e98..0000000
--- a/recipes-security/selinux/selinux-config_0.1.bb
+++ /dev/null
@@ -1,40 +0,0 @@
-DEFAULT_ENFORCING ??= "enforcing"
-
-SUMMARY = "SELinux configuration"
-DESCRIPTION = "\
-SELinux configuration files for Yocto. \
-"
-
-SECTION = "base"
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
-PR = "r4"
-
-S = "${WORKDIR}"
-
-CONFFILES_${PN} += "${sysconfdir}/selinux/config"
-
-PACKAGE_ARCH = "${MACHINE_ARCH}"
-
-do_install () {
-        echo "\
-# This file controls the state of SELinux on the system.
-# SELINUX= can take one of these three values:
-#     enforcing - SELinux security policy is enforced.
-#     permissive - SELinux prints warnings instead of enforcing.
-#     disabled - No SELinux policy is loaded.
-SELINUX=${DEFAULT_ENFORCING}
-# SELINUXTYPE= can take one of these values:
-#     standard - Standard Security protection.
-#     mls - Multi Level Security protection.
-#     targeted - Targeted processes are protected.
-#     mcs - Multi Category Security protection.
-SELINUXTYPE=${@d.getVar("PREFERRED_PROVIDER_virtual/refpolicy", False)[len("refpolicy-"):]}
-" > ${WORKDIR}/config
-        install -d ${D}/${sysconfdir}/selinux
-        install -m 0644 ${WORKDIR}/config ${D}/${sysconfdir}/selinux/
-}
-
-sysroot_stage_all_append () {
-        sysroot_stage_dir ${D}${sysconfdir} ${SYSROOT_DESTDIR}${sysconfdir}
-}