From 14c84b182b1a5c8f2be057c9066ea809db9f9ba6 Mon Sep 17 00:00:00 2001 From: Philip Tricca Date: Mon, 4 Apr 2016 00:21:33 +0000 Subject: refpolicy: Setup virtual/refpolicy provider. This allows us to provide a default policy through the PREFERRED_PROVIDER mechanism for each of the example distro configs. Consumers of meta-selinux will be able to override this at the config level instead of having to depend on a specific policy package. We do lose the ability install more than one policy package but this falls in line with the embedded nature of the project. Signed-off-by: Philip Tricca Signed-off-by: Joe MacDonald --- conf/distro/oe-selinux.conf | 1 + recipes-security/packagegroups/packagegroup-core-selinux.bb | 3 +-- recipes-security/packagegroups/packagegroup-selinux-minimal.bb | 2 +- recipes-security/refpolicy/refpolicy_common.inc | 3 +++ recipes-security/selinux/selinux-config_0.1.bb | 3 +-- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/conf/distro/oe-selinux.conf b/conf/distro/oe-selinux.conf index 6e55a32..0011d45 100644 --- a/conf/distro/oe-selinux.conf +++ b/conf/distro/oe-selinux.conf @@ -2,3 +2,4 @@ DISTRO = "oe-selinux" DISTROOVERRIDES .= ":selinux" DISTRO_FEATURES_append = " acl xattr pam selinux" +PREFERRED_PROVIDER_virtual/refpolicy ?= "refpolicy-mls" diff --git a/recipes-security/packagegroups/packagegroup-core-selinux.bb b/recipes-security/packagegroups/packagegroup-core-selinux.bb index a2480a3..62c5a76 100644 --- a/recipes-security/packagegroups/packagegroup-core-selinux.bb +++ b/recipes-security/packagegroups/packagegroup-core-selinux.bb @@ -26,7 +26,6 @@ RDEPENDS_${PN} = " \ selinux-autorelabel \ selinux-init \ selinux-labeldev \ - refpolicy-standard \ - refpolicy-mls \ + virtual/refpolicy \ coreutils \ " diff --git a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb index 34c5f7c..87ae686 100644 --- a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb +++ b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb @@ -23,5 +23,5 @@ RDEPENDS_${PN} = "\ policycoreutils-setfiles \ selinux-config \ selinux-labeldev \ - refpolicy-mls \ + virtual/refpolicy \ " diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index 67d0426..ba887e4 100644 --- a/recipes-security/refpolicy/refpolicy_common.inc +++ b/recipes-security/refpolicy/refpolicy_common.inc @@ -3,6 +3,9 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833" +PROVIDES += "virtual/refpolicy" +RPROVIDES_${PN} += "virtual/refpolicy" + # Specific config files for Poky SRC_URI += "file://customizable_types \ file://setrans-mls.conf \ diff --git a/recipes-security/selinux/selinux-config_0.1.bb b/recipes-security/selinux/selinux-config_0.1.bb index 37fe4b7..e902e98 100644 --- a/recipes-security/selinux/selinux-config_0.1.bb +++ b/recipes-security/selinux/selinux-config_0.1.bb @@ -1,4 +1,3 @@ -DEFAULT_POLICY ??= "mls" DEFAULT_ENFORCING ??= "enforcing" SUMMARY = "SELinux configuration" @@ -30,7 +29,7 @@ SELINUX=${DEFAULT_ENFORCING} # mls - Multi Level Security protection. # targeted - Targeted processes are protected. # mcs - Multi Category Security protection. -SELINUXTYPE=${DEFAULT_POLICY} +SELINUXTYPE=${@d.getVar("PREFERRED_PROVIDER_virtual/refpolicy", False)[len("refpolicy-"):]} " > ${WORKDIR}/config install -d ${D}/${sysconfdir}/selinux install -m 0644 ${WORKDIR}/config ${D}/${sysconfdir}/selinux/ -- cgit v1.2.3-54-g00ecf